server { listen 4443 ssl; server_tokens off; # ssl ssl_certificate {{ssl_cert}}; ssl_certificate_key {{ssl_cert_key}}; # recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html ssl_protocols tlsv1.1 tlsv1.2; ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:'; ssl_prefer_server_ciphers on; ssl_session_cache shared:ssl:10m; # disable any limits to avoid http 413 for large image uploads client_max_body_size 0; # required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486) chunked_transfer_encoding on; location /v2/ { proxy_pass http://notary-server/v2/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings. proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; proxy_request_buffering off; } }