# vim: ft=nginx server_name _; keepalive_timeout 5; if ($host = "www.quay.io") { return 301 $scheme://quay.io$request_uri; } if ($args ~ "_escaped_fragment_") { rewrite ^ /snapshot$uri; } # Disable the ability to be embedded into iframes add_header X-Frame-Options DENY; # Proxy Headers proxy_set_header X-Forwarded-For $proper_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header Transfer-Encoding $http_transfer_encoding; location / { proxy_pass http://web_app_server; } location /realtime { proxy_pass http://web_app_server; proxy_buffering off; proxy_request_buffering off; } # At the begining and end of a push/pull, /v1/repositories is hit by the Docker # client. By rate-limiting just this endpoint, we can avoid accidentally # blocking pulls/pushes for images with many layers. location /v1/repositories/ { proxy_buffering off; proxy_request_buffering off; proxy_pass http://registry_app_server; proxy_read_timeout 2000; proxy_temp_path /tmp 1 2; limit_req zone=repositories burst=10; } location /v1/ { proxy_buffering off; proxy_request_buffering off; proxy_http_version 1.1; proxy_set_header Connection ""; proxy_pass http://registry_app_server; proxy_temp_path /tmp 1 2; client_max_body_size 20G; } location /c1/ { proxy_buffering off; proxy_request_buffering off; proxy_pass http://verbs_app_server; proxy_temp_path /tmp 1 2; limit_req zone=verbs burst=10; } location /static/ { # checks for static file, if not found proxy to app alias /static/; error_page 404 /404; } location /v1/_ping { add_header Content-Type text/plain; add_header X-Docker-Registry-Version 0.6.0; add_header X-Docker-Registry-Standalone 0; return 200 'true'; } location ~ ^/b1/controller(/?)(.*) { proxy_pass http://build_manager_controller_server/$2; } location ~ ^/b1/socket(/?)(.*) { proxy_pass http://build_manager_websocket_server/$2; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; }