Jake Moshenko
746728ba24
Remove escaped_fragment snapshot rendering.
2016-06-14 12:53:10 -04:00
Evan Cordell
da0a988650
Configure jwtproxy from stack/conf yaml
2016-04-29 14:10:33 -04:00
Evan Cordell
adc86456b5
Secure the correct endpoint
2016-04-29 14:10:33 -04:00
Evan Cordell
8c8ee9c2be
Add jwtproxy and configure verifier for /secscan/notify
2016-04-29 14:10:33 -04:00
Joseph Schorr
1264c6330e
Increase read timeout on V2 to match V1
...
Fixes #1377
2016-04-19 17:52:54 -04:00
Jake Moshenko
0fdbf8a210
Trust upstream proxies to specify https scheme
2016-02-03 13:08:43 -05:00
Joseph Schorr
e7842a2a49
Add 502 page
2016-02-01 15:07:50 +02:00
Silas Sewell
8781cf6e11
Increase nginx proxy timeout and close db before storage operation
2015-12-03 11:19:39 -05:00
Jimmy Zelinskie
87a4e1f417
404 on v2 routes for the hostname v1.quay.io
...
This also copies v2 into its own separate location directive because you
cannot have nested location directives. Also, the `if` directive can be
very tricky and should only be used to return response codes.
2015-11-24 17:02:09 -05:00
Jake Moshenko
30bb97a04d
Remove the Transfer Encoding directive from v2 headers
2015-11-18 17:23:30 -05:00
Jake Moshenko
d6c5fc5d1b
Stop clobbering our proxy_set_header directives
2015-11-18 16:00:23 -05:00
Jake Moshenko
c2fcf8bead
Merge remote-tracking branch 'upstream/phase4-11-07-2015' into python-registry-v2
2015-11-06 18:18:29 -05:00
Quentin Machu
c1fa22d9b0
Define nginx v2 vhost & properly set 404 status code
...
Fixes #777
2015-11-04 14:56:18 -05:00
Quentin Machu
3f35265858
Merge pull request #683 from Quentin-M/whoops-404
...
Add 404 page
2015-10-30 14:30:20 -04:00
Jake Moshenko
e7a6176594
Merge remote-tracking branch 'upstream/v2-phase4' into python-registry-v2
2015-10-22 16:59:28 -04:00
Quentin Machu
adb744089e
Add 404 page
...
Fixes coreos-inc/quay#677
2015-10-21 18:40:15 -04:00
Silas Sewell
9c866eac4b
nginx: add www redirect
...
Fixes #452
2015-10-07 11:17:07 -04:00
Joseph Schorr
31fdb94436
Enable rate limiting of V2 requests
2015-08-25 14:18:34 -04:00
Joseph Schorr
0c7839203e
Send the original host along to the registry code
2015-08-24 16:09:17 -04:00
Jimmy Zelinskie
f7c81e2a34
binarydeps: tengine 2.1.0 -> nginx 1.8.0
...
nginx stable now has unbuffered uploading support, thus we are no longer
required to use tengine.
2015-06-08 15:35:56 -04:00
Jimmy Zelinskie
581d2fa4fc
nginx: move ssl config out of server-base
2015-05-22 16:25:28 -04:00
Jimmy Zelinskie
4323eb58da
nginx: SSL config into server-base.conf
2015-05-22 13:54:43 -04:00
Jake Moshenko
24cf27bd12
Route all of the logging through syslog-ng. Add the ability to specify extra syslog-ng config. Simplify the Dockerfile.
2015-03-26 09:22:47 -04:00
Jimmy Zelinskie
b4b06ec8c8
nginx: add comment explaining repo rate limiting
2015-02-25 12:32:48 -05:00
Jimmy Zelinskie
2a826f52d4
nginx: rename api rate limit bucket to verbs
2015-02-25 12:32:30 -05:00
Jimmy Zelinskie
ebff374408
nginx: tweak rate limiting; remove webapp limiting
2015-02-25 12:22:41 -05:00
Jimmy Zelinskie
7554c47a30
nginx: burst=5 for API calls
...
This means that requests are delayed until the client reaches the burst
rate and then they will receive the 429.
2015-02-23 20:53:21 -05:00
Jake Moshenko
291c1c810b
Merge remote-tracking branch 'origin/hotfix'
...
Conflicts:
conf/proxy-server-base.conf
2015-02-19 17:37:44 -05:00
Jimmy Zelinskie
4a2b25200a
nginx: make rate limiting awesome
2015-02-19 16:24:05 -05:00
Jake Moshenko
04b06547b8
Remove all of the timeouts since they were not doing the right thing anyway.
2015-02-18 17:04:25 -05:00
Joseph Schorr
42db221576
Disable proxy server buffer changes
2015-02-11 16:25:09 -05:00
Jimmy Zelinskie
3abb5bf0a3
nginx: set proxy_buffer_size to 6MB
...
Because tags are included in our sessions, pushes containing many tags
will make our headers larger than the buffer nginx uses to send to the
client and then nginx is unable to validate the headers.
2015-02-10 15:48:27 -05:00
Jimmy Zelinskie
b5f7777fd7
nginx: create proxy-server-base.conf w/ rate limit
2015-01-23 16:50:16 -05:00
Jimmy Zelinskie
64bea5387b
nginx: rate limiting only on proxy protocol
2015-01-23 16:04:06 -05:00
Jimmy Zelinskie
e93d0b83ec
reset nginx config to master
2015-01-21 17:00:43 -05:00
Jimmy Zelinskie
0f8aad9ef1
Break out a new server{} config for port 444>
...
This also restores docker proxy stuff with recursive enabled
2015-01-21 15:59:29 -05:00
Jimmy Zelinskie
b7d6d42317
comment out docker reverse proxy stuff
2015-01-21 15:05:35 -05:00
Jimmy Zelinskie
a68bad1c3a
Undo nginx rate-limiting.
2015-01-15 17:27:06 -05:00
Jimmy Zelinskie
6cbd4ee4fe
Add rate limiting to nginx.
...
The only caveat is that "One megabyte zone can keep about 16 thousand
64-byte states. If the zone storage is exhausted, the server will return
the 503 (Service Temporarily Unavailable) error to all further
requests."
-- nginx documentation
2015-01-13 15:59:04 -05:00
Jimmy Zelinskie
53e9e514d5
Add vim nginx ft to nginx config files
2015-01-13 15:19:42 -05:00
Joseph Schorr
72d613614d
Merge branch 'bagger'
2014-12-01 12:48:59 -05:00
Joseph Schorr
9d675b51ed
- Change SSL to only be enabled via an environment variable. Nginx will be terminating SSL for the ER.
...
- Add the missing dependencies to the requirements.txt
- Change the builder ports to non-standard locations
- Add the /b1/socket and /b1/controller endpoints in nginx, to map to the build manager
- Have the build manager start automatically.
2014-11-25 18:08:18 -05:00
Jimmy Zelinskie
716d7a737b
Strip whitespace from ALL the things.
2014-11-24 16:07:38 -05:00
Joseph Schorr
8548538516
Fix _ping endpoint to match the new spec
2014-11-07 10:05:05 -05:00
Joseph Schorr
b3292f8549
Fix the /realtime endpoint by making sure buffering is off
2014-10-17 15:50:40 -04:00
Jake Moshenko
328db8b660
Split the app into separate backends, which can use different worker types and different timeouts.
2014-10-14 13:58:08 -04:00
Jake Moshenko
dd6f31cba4
Fix the docker registry headers for _ping.
2014-10-03 16:41:16 -04:00
Joseph Schorr
a1470460a7
Move the /static handler into the base and have nginx serve the Docker ping endpoint
2014-10-02 16:04:23 -04:00
Jake Moshenko
551539dbc5
Update the nginx config to allow for request bodies up to 20gb.
2014-08-27 16:41:30 -04:00
Jake Moshenko
9d92c1cb0f
Switch to nginx compiled with the real ip module.
2014-05-19 13:24:07 -04:00