├── nginx ├── ssl │ └── .keepme └── nginx.conf.tpl ├── .gitignore ├── nexus ├── json │ ├── 01_enableRut.json │ ├── 06_createSandboxUser.json │ ├── 05_createSandboxRole.json │ ├── removeRepo.json │ ├── 02_createHostedDockerRepo.json │ ├── 04_createVirtualDockerRepo.json │ └── 03_createProxyDockerRepo.json └── Dockerfile ├── env.config ├── docker-compose.yaml ├── manage.sh └── README.md /nginx/ssl/.keepme: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | nginx/ssl/ssl* 2 | nginx/nginx.conf 3 | -------------------------------------------------------------------------------- /nexus/json/01_enableRut.json: -------------------------------------------------------------------------------- 1 | { 2 | "action":"capability_Capability", 3 | "method":"create", 4 | "data":[ 5 | { "id":"", 6 | "typeId":"rutauth", 7 | "notes":"", 8 | "enabled":true, 9 | "properties":{"httpHeader":"X-Proxy_REMOTE-USER"} 10 | }], 11 | "type":"rpc", 12 | "tid":1000 13 | } 14 | -------------------------------------------------------------------------------- /nexus/json/06_createSandboxUser.json: -------------------------------------------------------------------------------- 1 | { 2 | "action":"coreui_User", 3 | "method":"create", 4 | "data":[{ 5 | "userId":"sandbox", 6 | "version":"", 7 | "firstName":"sandbox", 8 | "lastName":"sandbox", 9 | "email":"sandbox@example.com", 10 | "password":"sandbox", 11 | "status":"active", 12 | "roles":["nx-anonymous","sandbox"] 13 | }], 14 | "type":"rpc", 15 | "tid":1050 16 | } 17 | -------------------------------------------------------------------------------- /nexus/json/05_createSandboxRole.json: -------------------------------------------------------------------------------- 1 | { 2 | "action":"coreui_Role", 3 | "method":"create", 4 | "data":[{ 5 | "version":"", 6 | "source":"default", 7 | "id":"sandbox", 8 | "name":"sandbox", 9 | "description":"Role for sandbox user operations on docker-dev repo", 10 | "privileges":["nx-repository-view-docker-docker-dev-*"], 11 | "roles":[]} 12 | ], 13 | "type":"rpc", 14 | "tid":1040 15 | } 16 | -------------------------------------------------------------------------------- /nexus/json/removeRepo.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "deleteRepo", 3 | "type": "groovy", 4 | "content": " 5 | repolist=['maven-central', 'maven-public', 'maven-releases', 6 | 'maven-snapshots', 'nuget-group', 'nuget-hosted', 'nuget.org-proxy']; 7 | for (repo in repolist) { 8 | try { 9 | repository.getRepositoryManager().delete(repo) 10 | } 11 | catch (IllegalStateException exception) { 12 | continue; 13 | } 14 | }" 15 | } 16 | -------------------------------------------------------------------------------- /env.config: -------------------------------------------------------------------------------- 1 | # Data volume root dir 2 | export VOLUME_PATH=/srv/nexus-data 3 | 4 | # will be accessable with https://SERVER_NAME 5 | export SERVER_NAME=nexus.sandbox.example.com 6 | 7 | # docker dev repo with anonymous push/pull 8 | export DOCKER_DEV_NAME=docker-dev.sandbox.example.com 9 | 10 | # docker virtual repo with anonymous pull 11 | export DOCKER_VIRTUAL_NAME=docker-virtual.sandbox.example.com 12 | 13 | # will be used in docker-proxy upstream configuration 14 | export UPSTREAM_DOCKER_REPO=https://docker-prod-virtual.docker.example.com 15 | -------------------------------------------------------------------------------- /nexus/json/02_createHostedDockerRepo.json: -------------------------------------------------------------------------------- 1 | { 2 | "action":"coreui_Repository", 3 | "method":"create", 4 | "data":[{ 5 | "attributes":{ 6 | "docker":{ 7 | "httpPort":8082, 8 | "v1Enabled":false 9 | }, 10 | "storage":{ 11 | "blobStoreName":"default", 12 | "strictContentTypeValidation":true, 13 | "writePolicy":"ALLOW"} 14 | }, 15 | "name":"docker-dev", 16 | "format":"","type":"", 17 | "url":"", 18 | "online":true, 19 | "checkbox-1385-inputEl":true, 20 | "checkbox-1388-inputEl":false, 21 | "recipe":"docker-hosted" 22 | }], 23 | "type":"rpc", 24 | "tid":1010 25 | } 26 | -------------------------------------------------------------------------------- /nexus/json/04_createVirtualDockerRepo.json: -------------------------------------------------------------------------------- 1 | { 2 | "action":"coreui_Repository", 3 | "method":"create", 4 | "data":[{ 5 | "attributes":{ 6 | "docker":{ 7 | "httpPort":8083, 8 | "v1Enabled":false 9 | }, 10 | "storage":{ 11 | "blobStoreName":"default", 12 | "strictContentTypeValidation":true 13 | }, 14 | "group":{ 15 | "memberNames":["docker-dev","docker-proxy"] 16 | } 17 | }, 18 | "name":"docker-virtual", 19 | "format":"", 20 | "type":"", 21 | "url":"", 22 | "online":true, 23 | "checkbox-1775-inputEl":true, 24 | "checkbox-1778-inputEl":false, 25 | "recipe":"docker-group" 26 | }], 27 | "type":"rpc", 28 | "tid":1030 29 | } 30 | -------------------------------------------------------------------------------- /nexus/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM jwilder/dockerize 2 | 3 | RUN apk add --update curl && \ 4 | rm -rf /var/cache/apk/* 5 | 6 | COPY json /json 7 | 8 | ENTRYPOINT dockerize -timeout 300s -wait http://nexus:8081 -wait-http-header "Authorization:Basic YWRtaW46YWRtaW4xMjM=" \ 9 | sh -c '\ 10 | echo "Setting DOCKER_UPSTREAM: ${DOCKER_UPSTREAM}"; \ 11 | sed -i "s#{{DOCKER_UPSTREAM}}#${DOCKER_UPSTREAM}#g" /json/03_createProxyDockerRepo.json; \ 12 | for json_file in `ls /json/0*`; do \ 13 | curl -v -X POST -u admin:admin123 \ 14 | --header "Content-Type: application/json" \ 15 | http://nexus:8081/service/extdirect \ 16 | -d @"${json_file}"; \ 17 | done; \ 18 | curl -v -u admin:admin123 -X POST --header "Content-Type: application/json" \ 19 | "http://nexus:8081/service/siesta/rest/v1/script/" -d @/json/removeRepo.json; \ 20 | curl -v -u admin:admin123 -X POST --header "Content-Type: text/plain" \ 21 | "http://nexus:8081/service/siesta/rest/v1/script/deleteRepo/run"; \ 22 | curl -v -X DELETE -u admin:admin123 "http://nexus:8081/service/siesta/rest/v1/script/deleteRepo";' 23 | -------------------------------------------------------------------------------- /nexus/json/03_createProxyDockerRepo.json: -------------------------------------------------------------------------------- 1 | { 2 | "action":"coreui_Repository", 3 | "method":"create", 4 | "data":[{ 5 | "attributes":{ 6 | "docker":{ 7 | "v1Enabled":false 8 | }, 9 | "proxy":{ 10 | "remoteUrl":"{{DOCKER_UPSTREAM}}", 11 | "contentMaxAge":1440, 12 | "metadataMaxAge":1440 13 | }, 14 | "dockerProxy":{ 15 | "indexType":"REGISTRY" 16 | }, 17 | "httpclient":{ 18 | "blocked":false, 19 | "autoBlock":true, 20 | "connection":{ 21 | "useTrustStore":true 22 | } 23 | }, 24 | "storage":{ 25 | "blobStoreName":"default", 26 | "strictContentTypeValidation":true 27 | }, 28 | "negativeCache":{ 29 | "enabled":true, 30 | "timeToLive":1440 31 | } 32 | }, 33 | "name":"docker-proxy", 34 | "format":"", 35 | "type":"", 36 | "url":"", 37 | "online":true, 38 | "checkbox-1554-inputEl":false, 39 | "checkbox-1557-inputEl":false, 40 | "authEnabled":false, 41 | "httpRequestSettings":false, 42 | "recipe":"docker-proxy" 43 | }], 44 | "type":"rpc", 45 | "tid":1020 46 | } 47 | -------------------------------------------------------------------------------- /docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '2.2' 2 | 3 | networks: 4 | nexus-net: 5 | driver: bridge 6 | driver_opts: 7 | "com.docker.network.bridge.name": "nexus-net" 8 | ipam: 9 | driver: default 10 | config: 11 | - subnet: 10.108.0.0/24 12 | gateway: 10.108.0.1 13 | 14 | 15 | services: 16 | nexus: 17 | container_name: nexus 18 | image: sonatype/nexus3 19 | init: true 20 | networks: 21 | - nexus-net 22 | volumes: 23 | - ${VOLUME_PATH}:/nexus-data 24 | 25 | nginx-proxy: 26 | container_name: nexus-nginx-proxy 27 | image: nginx 28 | init: true 29 | networks: 30 | - nexus-net 31 | links: 32 | - nexus:nexus 33 | ports: 34 | - "443:443" 35 | - "80:80" 36 | volumes: 37 | - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro 38 | - ./nginx/ssl:/etc/nginx/ssl:ro 39 | depends_on: 40 | - nexus 41 | 42 | manage-nexus: 43 | container_name: nexus-manage 44 | build: ./nexus/ 45 | init: true 46 | image: nexus/manage 47 | networks: 48 | - nexus-net 49 | depends_on: 50 | - nexus 51 | environment: 52 | DOCKER_UPSTREAM: ${UPSTREAM_DOCKER_REPO} 53 | -------------------------------------------------------------------------------- /manage.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | 4 | IN_OPERATION="${1}" 5 | BASE_DIR=$(dirname $(readlink -f "${0}")) 6 | DOCKER_COMPOSE_CONF="${BASE_DIR}/docker-compose.yaml" 7 | 8 | source "${BASE_DIR}/env.config" 9 | 10 | 11 | function init_env () { 12 | sudo mkdir -p "${VOLUME_PATH}" 13 | sudo chown 200:200 -R "${VOLUME_PATH}" 14 | local TEMPATE_VARS 15 | local ARGS=() 16 | # discover template variables 17 | eval "TEMPLATE_VARS=($(grep -o '{{[^}]\+}}' nginx/nginx.conf.tpl | LC_ALL=C sort -u))" 18 | # dynamically create sed arguments based on discovered template variables and match them to environment variables 19 | for x in "${TEMPLATE_VARS[@]//[{\}]/}"; do 20 | ARGS+=(-e "$(eval "echo \"s#{{$x}}#\${$x}#g\"")") 21 | done 22 | sed "${ARGS[@]}" -- "${BASE_DIR}/nginx/nginx.conf.tpl" > "${BASE_DIR}/nginx/nginx.conf" 23 | 24 | echo "Updating nginx.conf" 25 | } 26 | 27 | 28 | function check_ssl_key () { 29 | if [[ -f "${BASE_DIR}/nginx/ssl/ssl.key" && -f "${BASE_DIR}/nginx/ssl/ssl.crt" ]]; then 30 | echo "SSL keys file found, continue..." 31 | else 32 | echo "No ssl files found. Exiting" 33 | exit 1 34 | fi 35 | } 36 | 37 | 38 | case "${IN_OPERATION}" in 39 | 40 | init) 41 | init_env 42 | check_ssl_key 43 | docker-compose -f "${DOCKER_COMPOSE_CONF}" build 44 | ;; 45 | 46 | status) 47 | docker-compose -f "${DOCKER_COMPOSE_CONF}" ps 48 | ;; 49 | 50 | debug) 51 | init_env 52 | check_ssl_key 53 | docker-compose -f "${DOCKER_COMPOSE_CONF}" up --force-recreate 54 | ;; 55 | 56 | start) 57 | init_env 58 | check_ssl_key 59 | docker-compose -f "${DOCKER_COMPOSE_CONF}" up -d --no-recreate 60 | ;; 61 | 62 | stop) 63 | docker-compose -f "${DOCKER_COMPOSE_CONF}" down 64 | ;; 65 | 66 | *) 67 | cat << EOF 68 | Usage: $0 ACTION 69 | 70 | ACTION: 71 | init [Optional] generate config files, 72 | check ssl keys, build required images 73 | status get containers status 74 | debug run docker-compose in foreground 75 | start start all containers in background 76 | stop stop all containers 77 | EOF 78 | exit 1 79 | ;; 80 | esac 81 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # nexus3-ssl 2 | Docker compose, nexus3 with ssl support, docker-proxy and anonymous pulling 3 | 4 | # Installation 5 | 6 | Install docker-compose in virtualenv 7 | 8 | # Steps to deploy 9 | 10 | * Update **env.config** file to meet your requirements: 11 | 12 | ```bash 13 | # Data volume root dir 14 | export VOLUME_PATH=/srv/nexus-data 15 | 16 | # will be accessable with https://SERVER_NAME 17 | export SERVER_NAME=nexus.sandbox.example.com 18 | 19 | # docker dev repo with anonymous push/pull 20 | export DOCKER_DEV_NAME=docker-dev.sandbox.example.com 21 | 22 | # docker virtual repo with anonymous pull 23 | export DOCKER_VIRTUAL_NAME=docker-virtual.sandbox.example.com 24 | 25 | # will be used in docker-proxy upstream configuration 26 | export UPSTREAM_DOCKER_REPO=https://docker-prod-virtual.docker.example.com 27 | ``` 28 | 29 | * Put `ssl.key` and `ssl.crt` files in in `nginx/ssl/` directory 30 | 31 | # Automatic deployment steps on **Nexus** side 32 | 33 | Implemeted by running `curl` with related `json` files 34 | 35 | * Create [Remote User Token](https://books.sonatype.com/nexus-book/reference3/security.html#remote-user-token) 36 | * Create **docker-dev** repository with listening on **8082** port 37 | * Create **docker-proxy** repository with pointing to Upstream docker repo **UPSTREAM_DOCKER_REPO** defined in `env.config` 38 | * Create **docker-virtual** repository with listening on **8083** port and which includes both: 39 | - docker-dev 40 | - docker-proxy 41 | 42 | # Running 43 | Please check **./manage.sh** for help 44 | ```bash 45 | Usage: ./manage.sh ACTION 46 | 47 | ACTION: 48 | init [Optional] generate config files, 49 | check ssl keys, build required images 50 | status get containers status 51 | debug run docker-compose in foreground 52 | start start all containers in background 53 | stop stop all containers 54 | ``` 55 | 56 | # Usage 57 | * Your nexus web interface will be available - `SERVER_NAME` 58 | * Your dev repository for pushing/pulling - `DOCKER_DEV_NAME` 59 | * Your proxy repository for pulling from upstream + dev - `DOCKER_VIRTUAL_NAME` 60 | For example: 61 | 62 | ```bash 63 | # 1. nexus web interface available https://nexus.sandbox.example.com 64 | # with admin:admin123 (nexus default credentials) 65 | SERVER_NAME=nexus.sandbox.example.com 66 | 67 | # 2. pushing to dev 68 | docker push dev-nexus.sandbox.example.com/my-container:v1.0.0 69 | 70 | # 3. pulling from virtual, which is dev+UPSTREAM_DOCKER_REPO 71 | docker pull virtual-nexus.sandbox.example.com/debian:jessie 72 | ``` 73 | 74 | # Notes and limitations 75 | 76 | * push/pull to docker-dev repo DOESN'T require authorization since we are doing this transparantly on proxy 77 | * pull from docker-virtual (which is docker-dev + docker-proxy) can be done anonymously as well 78 | -------------------------------------------------------------------------------- /nginx/nginx.conf.tpl: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes 1; 3 | 4 | error_log /var/log/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | 13 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 14 | '$status $body_bytes_sent "$http_referer" ' 15 | '"$http_user_agent" "$http_x_forwarded_for"'; 16 | 17 | access_log /var/log/nginx/access.log main; 18 | 19 | proxy_send_timeout 120; 20 | proxy_read_timeout 300; 21 | proxy_buffering off; 22 | keepalive_timeout 5 5; 23 | tcp_nodelay on; 24 | 25 | server_names_hash_bucket_size 64; 26 | 27 | server { 28 | listen 80; 29 | server_name {{SERVER_NAME}}; 30 | 31 | return 301 https://$server_name$request_uri; 32 | } 33 | 34 | 35 | server { 36 | listen *:443 ssl; 37 | server_name {{SERVER_NAME}}; 38 | 39 | ssl on; 40 | 41 | ssl_certificate /etc/nginx/ssl/ssl.crt; 42 | ssl_certificate_key /etc/nginx/ssl/ssl.key; 43 | 44 | ssl_verify_client off; 45 | 46 | ssl_session_cache shared:SSL:10m; 47 | ssl_session_timeout 10m; 48 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 49 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; 50 | ssl_prefer_server_ciphers on; 51 | ssl_stapling on; 52 | ssl_stapling_verify on; 53 | 54 | location / { 55 | proxy_pass http://nexus:8081; 56 | proxy_read_timeout 120; 57 | proxy_connect_timeout 90; 58 | proxy_redirect off; 59 | client_max_body_size 8G; 60 | proxy_set_header X-Forwarded-For $remote_addr; 61 | proxy_set_header X-Forwarded-Proto https; 62 | proxy_set_header X-Real-IP $remote_addr; 63 | proxy_set_header Host $host; 64 | } 65 | 66 | } 67 | 68 | server { 69 | listen *:443 ssl; 70 | server_name {{DOCKER_DEV_NAME}}; 71 | 72 | ssl on; 73 | 74 | ssl_certificate /etc/nginx/ssl/ssl.crt; 75 | ssl_certificate_key /etc/nginx/ssl/ssl.key; 76 | 77 | ssl_verify_client off; 78 | 79 | ssl_session_cache shared:SSL:10m; 80 | ssl_session_timeout 10m; 81 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 82 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; 83 | ssl_prefer_server_ciphers on; 84 | ssl_stapling on; 85 | ssl_stapling_verify on; 86 | 87 | set $authorization $http_authorization; 88 | 89 | if ($authorization = '') { 90 | set $authorization 'Basic c2FuZGJveDpzYW5kYm94'; # sandbox:sandbox 91 | } 92 | 93 | location / { 94 | proxy_set_header Authorization $authorization; 95 | proxy_pass http://nexus:8082; 96 | proxy_read_timeout 120; 97 | proxy_connect_timeout 90; 98 | proxy_redirect off; 99 | client_max_body_size 8G; 100 | proxy_set_header X-Forwarded-For $remote_addr; 101 | proxy_set_header X-Forwarded-Proto https; 102 | proxy_set_header X-Real-IP $remote_addr; 103 | proxy_set_header Host $host; 104 | } 105 | 106 | } 107 | 108 | server { 109 | listen *:443 ssl; 110 | server_name {{DOCKER_VIRTUAL_NAME}}; 111 | 112 | ssl on; 113 | 114 | ssl_certificate /etc/nginx/ssl/ssl.crt; 115 | ssl_certificate_key /etc/nginx/ssl/ssl.key; 116 | 117 | ssl_verify_client off; 118 | 119 | ssl_session_cache shared:SSL:10m; 120 | ssl_session_timeout 10m; 121 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 122 | ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA; 123 | ssl_prefer_server_ciphers on; 124 | ssl_stapling on; 125 | ssl_stapling_verify on; 126 | 127 | 128 | location / { 129 | proxy_set_header X-Proxy_REMOTE-USER anonymous; 130 | proxy_pass http://nexus:8083; 131 | proxy_read_timeout 120; 132 | proxy_connect_timeout 90; 133 | proxy_redirect off; 134 | client_max_body_size 8G; 135 | proxy_set_header X-Forwarded-For $remote_addr; 136 | proxy_set_header X-Forwarded-Proto https; 137 | proxy_set_header X-Real-IP $remote_addr; 138 | proxy_set_header Host $host; 139 | } 140 | 141 | } 142 | 143 | } 144 | --------------------------------------------------------------------------------