2017-03-24 06:16:48 +01:00
|
|
|
server {
|
|
|
|
|
listen 4443 ssl;
|
2017-10-13 09:25:19 +02:00
|
|
|
server_tokens off;
|
2017-03-24 06:16:48 +01:00
|
|
|
# ssl
|
2017-03-28 04:11:13 +02:00
|
|
|
ssl_certificate $ssl_cert;
|
|
|
|
|
ssl_certificate_key $ssl_cert_key;
|
2017-03-24 06:16:48 +01:00
|
|
|
|
|
|
|
|
# recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
|
|
|
|
|
ssl_protocols tlsv1.1 tlsv1.2;
|
|
|
|
|
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
|
|
|
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
|
ssl_session_cache shared:ssl:10m;
|
|
|
|
|
|
|
|
|
|
# disable any limits to avoid http 413 for large image uploads
|
|
|
|
|
client_max_body_size 0;
|
|
|
|
|
|
|
|
|
|
# required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486)
|
|
|
|
|
chunked_transfer_encoding on;
|
|
|
|
|
|
|
|
|
|
location /v2/ {
|
|
|
|
|
proxy_pass http://notary-server/v2/;
|
2017-03-28 04:11:13 +02:00
|
|
|
proxy_set_header Host $$http_host;
|
|
|
|
|
proxy_set_header X-Real-IP $$remote_addr;
|
|
|
|
|
proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
|
2017-03-24 06:16:48 +01:00
|
|
|
|
|
|
|
|
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
|
2017-03-28 04:11:13 +02:00
|
|
|
proxy_set_header X-Forwarded-Proto $$scheme;
|
2017-03-24 06:16:48 +01:00
|
|
|
|
|
|
|
|
proxy_buffering off;
|
|
|
|
|
proxy_request_buffering off;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
