Commit graph

53 commits

Author SHA1 Message Date
Jake Moshenko
746728ba24 Remove escaped_fragment snapshot rendering. 2016-06-14 12:53:10 -04:00
Evan Cordell
da0a988650 Configure jwtproxy from stack/conf yaml 2016-04-29 14:10:33 -04:00
Evan Cordell
adc86456b5 Secure the correct endpoint 2016-04-29 14:10:33 -04:00
Evan Cordell
8c8ee9c2be Add jwtproxy and configure verifier for /secscan/notify 2016-04-29 14:10:33 -04:00
Joseph Schorr
1264c6330e Increase read timeout on V2 to match V1
Fixes #1377
2016-04-19 17:52:54 -04:00
Jake Moshenko
0fdbf8a210 Trust upstream proxies to specify https scheme 2016-02-03 13:08:43 -05:00
Joseph Schorr
e7842a2a49 Add 502 page 2016-02-01 15:07:50 +02:00
Silas Sewell
8781cf6e11 Increase nginx proxy timeout and close db before storage operation 2015-12-03 11:19:39 -05:00
Jimmy Zelinskie
87a4e1f417 404 on v2 routes for the hostname v1.quay.io
This also copies v2 into its own separate location directive because you
cannot have nested location directives. Also, the `if` directive can be
very tricky and should only be used to return response codes.
2015-11-24 17:02:09 -05:00
Jake Moshenko
30bb97a04d Remove the Transfer Encoding directive from v2 headers 2015-11-18 17:23:30 -05:00
Jake Moshenko
d6c5fc5d1b Stop clobbering our proxy_set_header directives 2015-11-18 16:00:23 -05:00
Jake Moshenko
c2fcf8bead Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2 2015-11-06 18:18:29 -05:00
Quentin Machu
c1fa22d9b0 Define nginx v2 vhost & properly set 404 status code
Fixes #777
2015-11-04 14:56:18 -05:00
Quentin Machu
3f35265858 Merge pull request #683 from Quentin-M/whoops-404
Add 404 page
2015-10-30 14:30:20 -04:00
Jake Moshenko
e7a6176594 Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2 2015-10-22 16:59:28 -04:00
Quentin Machu
adb744089e Add 404 page
Fixes coreos-inc/quay#677
2015-10-21 18:40:15 -04:00
Silas Sewell
9c866eac4b nginx: add www redirect
Fixes #452
2015-10-07 11:17:07 -04:00
Joseph Schorr
31fdb94436 Enable rate limiting of V2 requests 2015-08-25 14:18:34 -04:00
Joseph Schorr
0c7839203e Send the original host along to the registry code 2015-08-24 16:09:17 -04:00
Jimmy Zelinskie
f7c81e2a34 binarydeps: tengine 2.1.0 -> nginx 1.8.0
nginx stable now has unbuffered uploading support, thus we are no longer
required to use tengine.
2015-06-08 15:35:56 -04:00
Jimmy Zelinskie
581d2fa4fc nginx: move ssl config out of server-base 2015-05-22 16:25:28 -04:00
Jimmy Zelinskie
4323eb58da nginx: SSL config into server-base.conf 2015-05-22 13:54:43 -04:00
Jake Moshenko
24cf27bd12 Route all of the logging through syslog-ng. Add the ability to specify extra syslog-ng config. Simplify the Dockerfile. 2015-03-26 09:22:47 -04:00
Jimmy Zelinskie
b4b06ec8c8 nginx: add comment explaining repo rate limiting 2015-02-25 12:32:48 -05:00
Jimmy Zelinskie
2a826f52d4 nginx: rename api rate limit bucket to verbs 2015-02-25 12:32:30 -05:00
Jimmy Zelinskie
ebff374408 nginx: tweak rate limiting; remove webapp limiting 2015-02-25 12:22:41 -05:00
Jimmy Zelinskie
7554c47a30 nginx: burst=5 for API calls
This means that requests are delayed until the client reaches the burst
rate and then they will receive the 429.
2015-02-23 20:53:21 -05:00
Jake Moshenko
291c1c810b Merge remote-tracking branch 'origin/hotfix'
Conflicts:
	conf/proxy-server-base.conf
2015-02-19 17:37:44 -05:00
Jimmy Zelinskie
4a2b25200a nginx: make rate limiting awesome 2015-02-19 16:24:05 -05:00
Jake Moshenko
04b06547b8 Remove all of the timeouts since they were not doing the right thing anyway. 2015-02-18 17:04:25 -05:00
Joseph Schorr
42db221576 Disable proxy server buffer changes 2015-02-11 16:25:09 -05:00
Jimmy Zelinskie
3abb5bf0a3 nginx: set proxy_buffer_size to 6MB
Because tags are included in our sessions, pushes containing many tags
will make our headers larger than the buffer nginx uses to send to the
client and then nginx is unable to validate the headers.
2015-02-10 15:48:27 -05:00
Jimmy Zelinskie
b5f7777fd7 nginx: create proxy-server-base.conf w/ rate limit 2015-01-23 16:50:16 -05:00
Jimmy Zelinskie
64bea5387b nginx: rate limiting only on proxy protocol 2015-01-23 16:04:06 -05:00
Jimmy Zelinskie
e93d0b83ec reset nginx config to master 2015-01-21 17:00:43 -05:00
Jimmy Zelinskie
0f8aad9ef1 Break out a new server{} config for port 444>
This also restores docker proxy stuff with recursive enabled
2015-01-21 15:59:29 -05:00
Jimmy Zelinskie
b7d6d42317 comment out docker reverse proxy stuff 2015-01-21 15:05:35 -05:00
Jimmy Zelinskie
a68bad1c3a Undo nginx rate-limiting. 2015-01-15 17:27:06 -05:00
Jimmy Zelinskie
6cbd4ee4fe Add rate limiting to nginx.
The only caveat is that "One megabyte zone can keep about 16 thousand
64-byte states. If the zone storage is exhausted, the server will return
the 503 (Service Temporarily Unavailable) error to all further
requests."
  -- nginx documentation
2015-01-13 15:59:04 -05:00
Jimmy Zelinskie
53e9e514d5 Add vim nginx ft to nginx config files 2015-01-13 15:19:42 -05:00
Joseph Schorr
72d613614d Merge branch 'bagger' 2014-12-01 12:48:59 -05:00
Joseph Schorr
9d675b51ed - Change SSL to only be enabled via an environment variable. Nginx will be terminating SSL for the ER.
- Add the missing dependencies to the requirements.txt
- Change the builder ports to non-standard locations
- Add the /b1/socket and /b1/controller endpoints in nginx, to map to the build manager
- Have the build manager start automatically.
2014-11-25 18:08:18 -05:00
Jimmy Zelinskie
716d7a737b Strip whitespace from ALL the things. 2014-11-24 16:07:38 -05:00
Joseph Schorr
8548538516 Fix _ping endpoint to match the new spec 2014-11-07 10:05:05 -05:00
Joseph Schorr
b3292f8549 Fix the /realtime endpoint by making sure buffering is off 2014-10-17 15:50:40 -04:00
Jake Moshenko
328db8b660 Split the app into separate backends, which can use different worker types and different timeouts. 2014-10-14 13:58:08 -04:00
Jake Moshenko
dd6f31cba4 Fix the docker registry headers for _ping. 2014-10-03 16:41:16 -04:00
Joseph Schorr
a1470460a7 Move the /static handler into the base and have nginx serve the Docker ping endpoint 2014-10-02 16:04:23 -04:00
Jake Moshenko
551539dbc5 Update the nginx config to allow for request bodies up to 20gb. 2014-08-27 16:41:30 -04:00
Jake Moshenko
9d92c1cb0f Switch to nginx compiled with the real ip module. 2014-05-19 13:24:07 -04:00