mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-05 00:23:33 +01:00
34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
|
server {
|
||
|
listen 4443 ssl;
|
||
|
server_tokens off;
|
||
|
# ssl
|
||
|
ssl_certificate {{ssl_cert}};
|
||
|
ssl_certificate_key {{ssl_cert_key}};
|
||
|
|
||
|
# recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
|
||
|
ssl_protocols tlsv1.1 tlsv1.2;
|
||
|
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
|
||
|
ssl_prefer_server_ciphers on;
|
||
|
ssl_session_cache shared:ssl:10m;
|
||
|
|
||
|
# disable any limits to avoid http 413 for large image uploads
|
||
|
client_max_body_size 0;
|
||
|
|
||
|
# required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486)
|
||
|
chunked_transfer_encoding on;
|
||
|
|
||
|
location /v2/ {
|
||
|
proxy_pass http://notary-server/v2/;
|
||
|
proxy_set_header Host $http_host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
|
||
|
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
|
||
|
proxy_buffering off;
|
||
|
proxy_request_buffering off;
|
||
|
}
|
||
|
}
|
||
|
|