├── Dockerfile
├── README.md
├── docker-registry.conf
└── run.sh


/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM nginx
 2 | 
 3 | WORKDIR /usr/src
 4 | 
 5 | ADD . /usr/src/
 6 | 
 7 | RUN chmod +x run.sh
 8 | 
 9 | CMD ./run.sh
10 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## NOTE
2 | 
3 | This repo is no longer being maintained. Users are welcome to fork it, but we make no warranty of its functionality.
4 | 
5 | nginx-ssl-proxy
6 | ===============
7 | 
8 | A few alterations to the default nginx image to act as an SSL proxy. This is the companian image to go along with the blog post: [How to Secure Your Private Docker Registry](http://www.centurylinklabs.com/tutorials/how-to-secure-your-private-docker-registry/)
9 | 


--------------------------------------------------------------------------------
/docker-registry.conf:
--------------------------------------------------------------------------------
 1 |   upstream docker-registry {
 2 |     server <docker_registry_ip>:5000;
 3 |   }
 4 | 
 5 |   server {
 6 |     listen 8080;
 7 |     server_name <public_ip>;
 8 | 
 9 |     ssl on;
10 |     ssl_certificate /etc/ssl/certs/docker-registry;
11 |     ssl_certificate_key /etc/ssl/private/docker-registry;
12 | 
13 |     proxy_set_header Host       $http_host;   # required for Docker client sake
14 |     proxy_set_header X-Real-IP  $remote_addr; # pass on real client IP
15 | 
16 |     client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
17 | 
18 |     # required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
19 |     chunked_transfer_encoding on;
20 | 
21 |     location / {
22 |       # let Nginx know about our auth file
23 |       auth_basic              "Restricted";
24 |       auth_basic_user_file    docker-registry.htpasswd;
25 | 
26 |       proxy_pass http://docker-registry;
27 |     }
28 |     location /_ping {
29 |       auth_basic off;
30 |       proxy_pass http://docker-registry;
31 |     }
32 |     location /v1/_ping {
33 |       auth_basic off;
34 |       proxy_pass http://docker-registry;
35 |     }
36 |   }
37 | 
38 | 


--------------------------------------------------------------------------------
/run.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | cp /usr/src/docker-registry.conf /tmp/docker-registry.conf
3 | xyz=$(sed "s/<docker_registry_ip>/${REGISTRY_PORT_5000_TCP_ADDR}/g;s/<public_ip>/${PUBLIC_IP_ADDR}/g" /tmp/docker-registry.conf)
4 | echo "$xyz" > /etc/nginx/conf.d/docker-registry.conf
5 | nginx -g 'daemon off;'
6 | 


--------------------------------------------------------------------------------