distribution/contrib/docker-integration/nginx/registry.conf
Derek McGowan 0e8cf8cc47 Add multi configuration tests
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-05-22 16:39:45 -07:00

231 lines
6.2 KiB
Text

# Docker registry proxy for api versions 1 and 2
upstream docker-registry {
server registryv1:5000;
}
upstream docker-registry-v2 {
server registryv2:5000;
}
# No client auth or TLS
server {
listen 5000;
server_name localhost;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location /v2/ {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
return 404;
}
include docker-registry-v2.conf;
}
location / {
include docker-registry.conf;
}
}
# No client auth or TLS (V1 Only)
server {
listen 5001;
server_name localhost;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location / {
include docker-registry.conf;
}
}
# No client auth or TLS (V2 Only)
server {
listen 5002;
server_name localhost;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;
location / {
include docker-registry-v2.conf;
}
}
# TLS Configuration chart
# Username/Password: testuser/passpassword
# | ca | client | basic | notes
# 5440 | yes | no | no | Tests CA certificate
# 5441 | yes | no | yes | Tests basic auth over TLS
# 5442 | yes | yes | no | Tests client auth with client CA
# 5443 | yes | yes | no | Tests client auth without client CA
# 5444 | yes | yes | yes | Tests using basic auth + tls auth
# 5445 | no | no | no | Tests insecure using TLS
# 5446 | no | no | yes | Tests sending credentials to server with insecure TLS
# 5447 | no | yes | no | Tests client auth to insecure
# 5448 | yes | no | no | Bad SSL version
server {
listen 5440;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem;
ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
include docker-registry-v2.conf;
}
location / {
include docker-registry.conf;
}
}
server {
listen 5441;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem;
ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
auth_basic "registry.localhost";
auth_basic_user_file test.passwd;
add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
include docker-registry-v2.conf;
}
location / {
auth_basic "registry.localhost";
auth_basic_user_file test.passwd;
include docker-registry.conf;
}
}
server {
listen 5442;
listen 5443;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem;
ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem;
ssl_client_certificate /etc/nginx/ssl/registry-ca+client-ca.pem;
ssl_verify_client on;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
include docker-registry-v2.conf;
}
location / {
include docker-registry.conf;
}
}
server {
listen 5444;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem;
ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem;
ssl_client_certificate /etc/nginx/ssl/registry-ca+client-ca.pem;
ssl_verify_client on;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
auth_basic "registry.localhost";
auth_basic_user_file test.passwd;
add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
include docker-registry-v2.conf;
}
location / {
auth_basic "registry.localhost";
auth_basic_user_file test.passwd;
include docker-registry.conf;
}
}
server {
listen 5445;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/registry-noca-cert.pem;
ssl_certificate_key /etc/nginx/ssl/registry-noca-cert-key.pem;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
include docker-registry-v2.conf;
}
location / {
include docker-registry.conf;
}
}
server {
listen 5446;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/registry-noca-cert.pem;
ssl_certificate_key /etc/nginx/ssl/registry-noca-cert-key.pem;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
auth_basic "registry.localhost";
auth_basic_user_file test.passwd;
add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
include docker-registry-v2.conf;
}
location / {
auth_basic "registry.localhost";
auth_basic_user_file test.passwd;
include docker-registry.conf;
}
}
server {
listen 5447;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/registry-noca-cert.pem;
ssl_certificate_key /etc/nginx/ssl/registry-noca-cert-key.pem;
ssl_client_certificate /etc/nginx/ssl/registry-ca+client-ca.pem;
ssl_verify_client on;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
include docker-registry-v2.conf;
}
location / {
include docker-registry.conf;
}
}
server {
listen 5448;
server_name localhost;
ssl on;
ssl_certificate /etc/nginx/ssl/registry-ca+client-cert.pem;
ssl_certificate_key /etc/nginx/ssl/registry-ca+client-cert-key.pem;
ssl_protocols SSLv3;
client_max_body_size 0;
chunked_transfer_encoding on;
location /v2/ {
include docker-registry-v2.conf;
}
location / {
include docker-registry.conf;
}
}