nginx

CodeJuan · Jan 20, 2016 · 71ccd8b · 71ccd8b
1 parent 81a52a7
commit 71ccd8b
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 7 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+registry/
diff --git a/client.sh b/client.sh
@@ -5,4 +5,4 @@ path=/etc/docker/certs.d/docker-hub.huawei.com
 
 sudo mkdir -p $path
 
-sudo cp -f $path/ca.crt
+sudo cp certs/domain.crt -f $path/ca.crt
diff --git a/deploy.sh b/deploy.sh
@@ -2,7 +2,7 @@
 curpath=$PWD
 echo "$curpath"
 
-path=/registry
+path=./registry
 
 
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -8,9 +8,9 @@ registry:
     REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
     REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
   volumes:
-    - /registry/docker_registry:/var/lib/registry
-    - /registry/certs:/certs:ro
-    - /registry/auth:/auth:ro
+    - ./registry/docker_registry:/var/lib/registry
+    - ./registry/certs:/certs:ro
+    - ./registry/auth:/auth:ro
   ports:
    - 5000:5000
 
@@ -26,8 +26,24 @@ registry-frontend:
     ENV_DOCKER_REGISTRY_USE_SSL: '1'
     ENV_USE_SSL: 'yes'
   volumes:
-    - /registry/certs/domain.crt:/etc/apache2/server.crt:ro
-    - /registry/certs/domain.key:/etc/apache2/server.key:ro
+    - ./registry/certs/domain.crt:/etc/apache2/server.crt:ro
+    - ./registry/certs/domain.key:/etc/apache2/server.key:ro
+  ports:
+   - 8080:80
+   - 8443:443
+
+
+nginx:
+  restart: always
+  image: nginx:1.9.9
+  links:
+   - registry:registry
+   - registry-frontend:registry-frontend
+  volumes:
+    - ./registry/certs/domain.crt:/etc/nginx/ssl/domain.crt:ro
+    - ./registry/certs/domain.key:/etc/nginx/ssl/domain.key:ro
+    - ./registry/auth/htpasswd:/opt/nginx/conf/.htpasswd:ro
+    - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
   ports:
    - 80:80
    - 443:443
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
@@ -0,0 +1,67 @@
+user  nginx;
+worker_processes  auto;
+
+error_log   /var/log/nginx/error.log warn;
+pid         /var/run/nginx.pid; 
+
+worker_rlimit_nofile 51200;
+
+events {
+    use epoll;
+    worker_connections  51200;
+    multi_accept on;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$http_host $remote_user [$time_local] $request '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" $remote_addr $request_time $upstream_response_time';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    server_names_hash_bucket_size 128;
+    client_header_buffer_size 32k;
+    large_client_header_buffers 4 32k;
+
+    sendfile       on;
+    tcp_nopush     on;
+    tcp_nodelay    on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    upstream registry_server {
+        server registry:5000;
+    }    
+
+    server {
+        listen       443;
+        server_name  docker-hub.huawei.com;
+
+        ssl          on;
+        ssl_certificate /etc/nginx/ssl/domain.crt;
+        ssl_certificate_key /etc/nginx/ssl/domain.key;
+
+        client_max_body_size 0;
+
+        chunked_transfer_encoding on;
+
+        location /v2/ {
+          #auth_basic "Registry realm";
+          #auth_basic_user_file /opt/nginx/conf/.htpasswd;
+          #add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
+
+          proxy_pass                          https://registry_server;
+          proxy_set_header  Host              $http_host;   # required for docker client's sake
+          proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+          proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+          proxy_set_header  X-Forwarded-Proto $scheme;
+          proxy_read_timeout                  900;
+        }
+    }
+}