# vim: ft=nginx

server_name _;

keepalive_timeout 5;

if ($host = "www.quay.io") {
    return 301 $proper_scheme://quay.io$request_uri;
}

if ($args ~ "_escaped_fragment_") {
    rewrite ^ /snapshot$uri;
}

# Disable the ability to be embedded into iframes
add_header X-Frame-Options DENY;


# Proxy Headers
proxy_set_header X-Forwarded-For $proper_forwarded_for;
proxy_set_header X-Forwarded-Proto $proper_scheme;
proxy_set_header Host $host;
proxy_redirect off;

proxy_set_header Transfer-Encoding $http_transfer_encoding;

location / {
    proxy_pass   http://web_app_server;
}

location /realtime {
    proxy_pass   http://web_app_server;
    proxy_buffering off;
    proxy_request_buffering off;
}

# At the begining and end of a push/pull, (/v1/repositories|/v2/auth/) is hit by the Docker
# client. By rate-limiting just this endpoint, we can avoid accidentally
# blocking pulls/pushes for images with many layers.
location ~ ^/(v1/repositories|v2/auth)/ {
    proxy_buffering off;

    proxy_request_buffering off;

    proxy_pass http://registry_app_server;
    proxy_read_timeout 2000;
    proxy_temp_path /tmp 1 2;

    limit_req zone=repositories burst=10;
}

location ~ ^/v2 {
    # If we're being accessed via v1.quay.io, pretend we don't support v2.
    if ($host = "v1.quay.io") {
        return 404;
    }

    # Setting ANY header clears all inherited proxy_set_header directives
    proxy_set_header X-Forwarded-For $proper_forwarded_for;
    proxy_set_header X-Forwarded-Proto $proper_scheme;
    proxy_set_header Host $host;

    proxy_buffering off;

    proxy_request_buffering off;

    proxy_read_timeout 300;

    proxy_http_version 1.1;

    proxy_pass   http://registry_app_server;
    proxy_temp_path /tmp 1 2;

    client_max_body_size 20G;
}

location ~ ^/v1 {
    # Setting ANY header clears all inherited proxy_set_header directives
    proxy_set_header X-Forwarded-For $proper_forwarded_for;
    proxy_set_header X-Forwarded-Proto $proper_scheme;
    proxy_set_header Host $host;

    proxy_buffering off;

    proxy_request_buffering off;

    proxy_http_version 1.1;

    proxy_pass   http://registry_app_server;
    proxy_temp_path /tmp 1 2;

    client_max_body_size 20G;
}

location /v1/_ping {
    add_header Content-Type text/plain;
    add_header X-Docker-Registry-Version 0.6.0;
    add_header X-Docker-Registry-Standalone 0;
    return 200 'true';
}

location /c1/ {
    proxy_buffering off;

    proxy_request_buffering off;

    proxy_pass   http://verbs_app_server;
    proxy_temp_path /tmp 1 2;

    limit_req zone=verbs burst=10;
}

location /static/ {
    # checks for static file, if not found proxy to app
    alias      /static/;
    error_page 404 /404;
}

error_page 502 /static/502.html;

location ~ ^/b1/controller(/?)(.*) {
    proxy_pass http://build_manager_controller_server/$2;
}

location ~ ^/b1/socket(/?)(.*) {
    proxy_pass http://build_manager_websocket_server/$2;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
}