This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/conf/nginx/server-base.conf

162 lines
3.6 KiB
Text
Raw Normal View History

2015-01-13 20:19:42 +00:00
# vim: ft=nginx
server_name _;
keepalive_timeout 5;
2015-10-07 15:17:07 +00:00
if ($host = "www.quay.io") {
return 301 $proper_scheme://quay.io$request_uri;
2015-10-07 15:17:07 +00:00
}
# Disable the ability to be embedded into iframes
add_header X-Frame-Options DENY;
# Proxy Headers
2015-02-19 21:24:05 +00:00
proxy_set_header X-Forwarded-For $proper_forwarded_for;
proxy_set_header X-Forwarded-Proto $proper_scheme;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header Transfer-Encoding $http_transfer_encoding;
location / {
proxy_pass http://web_app_server;
}
location /realtime {
proxy_pass http://web_app_server;
proxy_buffering off;
2014-11-24 21:07:38 +00:00
proxy_request_buffering off;
}
location ~ ^/_storage_proxy/([^/]+)/([^/]+)/([^/]+)/(.+) {
include resolver.conf;
auth_request /_storage_proxy_auth;
proxy_pass $2://$3/$4$is_args$args;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $3;
add_header Host $3;
proxy_buffering off;
proxy_request_buffering off;
proxy_read_timeout 60s;
}
location = /_storage_proxy_auth {
proxy_pass http://web_app_server;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_read_timeout 10;
}
2015-08-25 18:18:34 +00:00
# At the begining and end of a push/pull, (/v1/repositories|/v2/auth/) is hit by the Docker
# client. By rate-limiting just this endpoint, we can avoid accidentally
# blocking pulls/pushes for images with many layers.
2015-08-25 18:18:34 +00:00
location ~ ^/(v1/repositories|v2/auth)/ {
2015-02-19 21:24:05 +00:00
proxy_buffering off;
proxy_request_buffering off;
proxy_pass http://registry_app_server;
proxy_read_timeout 2000;
proxy_temp_path /tmp 1 2;
2015-02-19 21:24:05 +00:00
limit_req zone=repositories burst=10;
2015-02-19 21:24:05 +00:00
}
2016-04-18 17:56:03 +00:00
location /secscan/ {
proxy_pass http://jwtproxy_secscan;
}
location ~ ^/v2 {
# If we're being accessed via v1.quay.io, pretend we don't support v2.
if ($host = "v1.quay.io") {
return 404;
}
# Setting ANY header clears all inherited proxy_set_header directives
proxy_set_header X-Forwarded-For $proper_forwarded_for;
proxy_set_header X-Forwarded-Proto $proper_scheme;
proxy_set_header Host $host;
proxy_buffering off;
proxy_request_buffering off;
proxy_read_timeout 2000;
proxy_http_version 1.1;
proxy_pass http://registry_app_server;
proxy_temp_path /tmp 1 2;
client_max_body_size 20G;
}
location ~ ^/v1 {
# Setting ANY header clears all inherited proxy_set_header directives
proxy_set_header X-Forwarded-For $proper_forwarded_for;
proxy_set_header X-Forwarded-Proto $proper_scheme;
proxy_set_header Host $host;
proxy_buffering off;
proxy_request_buffering off;
proxy_http_version 1.1;
proxy_pass http://registry_app_server;
proxy_temp_path /tmp 1 2;
client_max_body_size 20G;
}
location /v1/_ping {
add_header Content-Type text/plain;
add_header X-Docker-Registry-Version 0.6.0;
add_header X-Docker-Registry-Standalone 0;
return 200 'true';
}
location /c1/ {
proxy_buffering off;
proxy_request_buffering off;
proxy_pass http://verbs_app_server;
proxy_temp_path /tmp 1 2;
2015-02-19 21:24:05 +00:00
limit_req zone=verbs burst=10;
}
location /static/ {
# checks for static file, if not found proxy to app
2015-10-21 19:28:45 +00:00
alias /static/;
error_page 404 /404;
2014-11-24 21:07:38 +00:00
}
2016-02-01 13:07:50 +00:00
error_page 502 /static/502.html;
location ~ ^/b1/controller(/?)(.*) {
proxy_pass http://build_manager_controller_server/$2;
}
location ~ ^/b1/socket(/?)(.*) {
proxy_pass http://build_manager_websocket_server/$2;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 2000;
2014-12-01 17:48:59 +00:00
}