Compare commits
No commits in common. "8280426cea12fa9e72a82de0ce61d64055c6209e" and "35c4aa99dabec7473ad9a640480dde51ef5064ee" have entirely different histories.
8280426cea
...
35c4aa99da
@ -1,28 +1,3 @@
|
|||||||
map $remote_addr
|
|
||||||
$krdsh_remote_type
|
|
||||||
{
|
|
||||||
default external;
|
|
||||||
|
|
||||||
## 127.0.0.0/8
|
|
||||||
~^127\..+$ internal;
|
|
||||||
## 10.0.0.0/8
|
|
||||||
# ~^10\..+$ internal;
|
|
||||||
## 172.16.0.0/12
|
|
||||||
# ~^172\.(?:1[6-9]|2[0-9]|3[01])\..+$ internal;
|
|
||||||
## 192.168.0.0/16
|
|
||||||
# ~^192\.168\..+$ internal;
|
|
||||||
## 192.0.2.0/24
|
|
||||||
~^192\.0\.2\..+$ internal;
|
|
||||||
## 198.51.0.0/24
|
|
||||||
# ~^198\.51\.0\..+$ internal;
|
|
||||||
## 198.18.0.0/15
|
|
||||||
# ~^198\.1[89]\..+$ internal;
|
|
||||||
## 203.0.113.0/24
|
|
||||||
# ~^203\.0\.113\..+$ internal;
|
|
||||||
## 240.0.0.0/4
|
|
||||||
~^2(?:4[0-9]|5[0-5])\..+$ internal;
|
|
||||||
}
|
|
||||||
|
|
||||||
map $scheme:$host
|
map $scheme:$host
|
||||||
$krdsh_need_ssl
|
$krdsh_need_ssl
|
||||||
{
|
{
|
||||||
|
@ -6,4 +6,4 @@ function statics(r) {
|
|||||||
r.return(307, s);
|
r.return(307, s);
|
||||||
}
|
}
|
||||||
|
|
||||||
export default { statics };
|
export default {statics};
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
function route_ui(r)
|
|
||||||
{
|
|
||||||
r.internalRedirect("@" + r.variables.krdsh_quay_ui_njs + "_ui");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
export default { route_ui };
|
|
@ -1,112 +0,0 @@
|
|||||||
upstream krdsh_ci {
|
|
||||||
server 127.0.0.1:8000;
|
|
||||||
}
|
|
||||||
upstream krdsh_ci_grpc {
|
|
||||||
server 127.0.0.1:9000;
|
|
||||||
}
|
|
||||||
|
|
||||||
proxy_cache_path
|
|
||||||
/var/cache/angie/proxy/krdsh-ci
|
|
||||||
keys_zone=krdsh_cache_ci:10m
|
|
||||||
levels=1:2 inactive=1h;
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name ci.krd.sh;
|
|
||||||
|
|
||||||
include snip.d/listen-http;
|
|
||||||
|
|
||||||
access_log off;
|
|
||||||
log_not_found off;
|
|
||||||
|
|
||||||
root /var/www/empty;
|
|
||||||
|
|
||||||
include snip.d/https-alt-svc;
|
|
||||||
include snip.d/http-security-headers;
|
|
||||||
|
|
||||||
keepalive_timeout 0;
|
|
||||||
|
|
||||||
include snip.d/empty-favicon;
|
|
||||||
|
|
||||||
location /
|
|
||||||
{
|
|
||||||
return 301 https://$host$uri$is_args$args;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name ci.krd.sh;
|
|
||||||
|
|
||||||
include snip.d/listen-https;
|
|
||||||
include snip.d/ssl-krd.sh;
|
|
||||||
|
|
||||||
access_log off;
|
|
||||||
log_not_found off;
|
|
||||||
|
|
||||||
root /var/www/empty;
|
|
||||||
|
|
||||||
include snip.d/http-security-headers;
|
|
||||||
|
|
||||||
include snip.d/proxy-common-headers;
|
|
||||||
include snip.d/proxy-accept-encoding;
|
|
||||||
include snip.d/proxy-connection-keepalive;
|
|
||||||
include snip.d/proxy-early-data;
|
|
||||||
|
|
||||||
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
|
||||||
|
|
||||||
location /
|
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_ci;
|
|
||||||
|
|
||||||
## quirks
|
|
||||||
client_max_body_size 512M;
|
|
||||||
proxy_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location @precache
|
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_ci;
|
|
||||||
|
|
||||||
proxy_cache krdsh_cache_ci;
|
|
||||||
|
|
||||||
proxy_cache_key $uri;
|
|
||||||
|
|
||||||
expires 2h;
|
|
||||||
proxy_cache_valid 200 4h;
|
|
||||||
proxy_cache_valid 10s;
|
|
||||||
proxy_ignore_client_abort on;
|
|
||||||
|
|
||||||
proxy_ignore_headers Cache-Control Expires;
|
|
||||||
proxy_hide_header Cache-Control;
|
|
||||||
proxy_hide_header Expires;
|
|
||||||
|
|
||||||
## quirks
|
|
||||||
proxy_method GET;
|
|
||||||
proxy_temp_file_write_size 4m;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /assets/
|
|
||||||
{
|
|
||||||
try_files /.non-existent-uri @precache;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name ci.krd.sh;
|
|
||||||
|
|
||||||
include snip.d/listen-grpcs;
|
|
||||||
include snip.d/ssl-krd.sh;
|
|
||||||
|
|
||||||
access_log off;
|
|
||||||
log_not_found off;
|
|
||||||
|
|
||||||
root /var/www/empty;
|
|
||||||
|
|
||||||
include snip.d/http-security-headers;
|
|
||||||
|
|
||||||
include snip.d/grpc-accept-encoding;
|
|
||||||
|
|
||||||
location /
|
|
||||||
{
|
|
||||||
grpc_pass grpc://krdsh_ci_grpc;
|
|
||||||
}
|
|
||||||
}
|
|
@ -12,8 +12,7 @@ server {
|
|||||||
|
|
||||||
include snip.d/empty-favicon;
|
include snip.d/empty-favicon;
|
||||||
|
|
||||||
location /
|
location / {
|
||||||
{
|
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
|
|
||||||
include snip.d/https-alt-svc;
|
include snip.d/https-alt-svc;
|
||||||
@ -25,8 +24,8 @@ server {
|
|||||||
location ~*/(?:InRelease|Release|Packages|Sources)$
|
location ~*/(?:InRelease|Release|Packages|Sources)$
|
||||||
~*/[^/]+/.*[^/]+\.(?:asc|dsc)$
|
~*/[^/]+/.*[^/]+\.(?:asc|dsc)$
|
||||||
{
|
{
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
|
||||||
## /*/dists/*/Release.gpg
|
## /*/dists/*/Release.gpg
|
||||||
@ -39,8 +38,9 @@ server {
|
|||||||
## various tarball file name extensions (sic!)
|
## various tarball file name extensions (sic!)
|
||||||
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
|
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
|
||||||
{
|
{
|
||||||
|
gzip off;
|
||||||
|
brotli off;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
include snip.d/disable-comp;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -58,8 +58,7 @@ server {
|
|||||||
|
|
||||||
include snip.d/empty-favicon;
|
include snip.d/empty-favicon;
|
||||||
|
|
||||||
location /
|
location / {
|
||||||
{
|
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
|
|
||||||
include snip.d/https-alt-svc;
|
include snip.d/https-alt-svc;
|
||||||
@ -69,23 +68,24 @@ server {
|
|||||||
location ~*/(?:InRelease|Release|Packages|Sources)$
|
location ~*/(?:InRelease|Release|Packages|Sources)$
|
||||||
~*\.(?:asc|build|buildinfo|changes|dsc|list|log|sources)$
|
~*\.(?:asc|build|buildinfo|changes|dsc|list|log|sources)$
|
||||||
{
|
{
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$
|
location ~*\.(?:bz2|deb|gz|tar|udeb|xz|Z|zip|zstd?)$
|
||||||
## various tarball file name extensions (sic!)
|
## various tarball file name extensions (sic!)
|
||||||
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
|
~*\.t(?:[agx]z|bz2?|[bz]2|bJ|zo|lz(?:|ma?)|zstd?|a?Z)$
|
||||||
{
|
{
|
||||||
|
gzip off;
|
||||||
|
brotli off;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
include snip.d/disable-comp;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
## "meta" usually doesn't contain sensitive data
|
## "meta" usually doesn't contain sensitive data
|
||||||
# include snip.d/deny-dotfiles;
|
# include snip.d/deny-dotfiles;
|
||||||
location ~*^/[^/]+/\.meta/
|
location ~*^/[^/]+/\.meta/
|
||||||
{
|
{
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,14 +1,25 @@
|
|||||||
upstream krdsh_git {
|
upstream krdsh_git {
|
||||||
server 127.0.0.1:3000;
|
server 127.0.0.1:3000;
|
||||||
}
|
}
|
||||||
|
upstream krdsh_ci {
|
||||||
|
server 127.0.0.1:8000;
|
||||||
|
}
|
||||||
|
upstream krdsh_ci_grpc {
|
||||||
|
server 127.0.0.1:9000;
|
||||||
|
}
|
||||||
|
|
||||||
proxy_cache_path
|
proxy_cache_path
|
||||||
/var/cache/angie/proxy/krdsh-git
|
/var/cache/angie/proxy/krdsh-git
|
||||||
keys_zone=krdsh_cache_git:10m
|
keys_zone=krdsh_cache_git:10m
|
||||||
levels=1:2 inactive=1h;
|
levels=1:2 inactive=1h;
|
||||||
|
|
||||||
|
proxy_cache_path
|
||||||
|
/var/cache/angie/proxy/krdsh-ci
|
||||||
|
keys_zone=krdsh_cache_ci:10m
|
||||||
|
levels=1:2 inactive=1h;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name git.krd.sh;
|
server_name git.krd.sh ci.krd.sh;
|
||||||
|
|
||||||
include snip.d/listen-http;
|
include snip.d/listen-http;
|
||||||
|
|
||||||
@ -24,8 +35,7 @@ server {
|
|||||||
|
|
||||||
include snip.d/empty-favicon;
|
include snip.d/empty-favicon;
|
||||||
|
|
||||||
location /
|
location / {
|
||||||
{
|
|
||||||
return 301 https://$host$uri$is_args$args;
|
return 301 https://$host$uri$is_args$args;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -48,40 +58,111 @@ server {
|
|||||||
include snip.d/proxy-connection-keepalive;
|
include snip.d/proxy-connection-keepalive;
|
||||||
include snip.d/proxy-early-data;
|
include snip.d/proxy-early-data;
|
||||||
|
|
||||||
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
|
||||||
|
|
||||||
location /
|
location / {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_git;
|
proxy_pass http://krdsh_git;
|
||||||
|
|
||||||
## quirks
|
## quirks
|
||||||
client_max_body_size 512M;
|
client_max_body_size 512M;
|
||||||
|
chunked_transfer_encoding off;
|
||||||
}
|
}
|
||||||
|
|
||||||
location @precache
|
location @precache {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_git;
|
proxy_pass http://krdsh_git;
|
||||||
|
|
||||||
proxy_cache krdsh_cache_git;
|
proxy_cache krdsh_cache_git;
|
||||||
|
|
||||||
proxy_cache_key $uri;
|
proxy_cache_key $uri;
|
||||||
|
proxy_cache_valid 200 1h;
|
||||||
expires 2h;
|
proxy_cache_valid 30s;
|
||||||
proxy_cache_valid 200 4h;
|
|
||||||
proxy_cache_valid 10s;
|
|
||||||
proxy_ignore_client_abort on;
|
proxy_ignore_client_abort on;
|
||||||
|
|
||||||
proxy_ignore_headers Cache-Control Expires;
|
proxy_ignore_headers Cache-Control;
|
||||||
proxy_hide_header Cache-Control;
|
proxy_hide_header Cache-Control;
|
||||||
proxy_hide_header Expires;
|
expires 2h;
|
||||||
|
|
||||||
## quirks
|
## quirks
|
||||||
|
chunked_transfer_encoding off;
|
||||||
proxy_method GET;
|
proxy_method GET;
|
||||||
|
proxy_buffering on;
|
||||||
proxy_temp_file_write_size 4m;
|
proxy_temp_file_write_size 4m;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /assets/
|
location /assets/ {
|
||||||
{
|
|
||||||
try_files /.non-existent-uri @precache;
|
try_files /.non-existent-uri @precache;
|
||||||
|
# proxy_pass http://krdsh_git;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name ci.krd.sh;
|
||||||
|
|
||||||
|
include snip.d/listen-https;
|
||||||
|
include snip.d/ssl-krd.sh;
|
||||||
|
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
|
||||||
|
root /var/www/empty;
|
||||||
|
|
||||||
|
include snip.d/http-security-headers;
|
||||||
|
|
||||||
|
include snip.d/proxy-common-headers;
|
||||||
|
include snip.d/proxy-accept-encoding;
|
||||||
|
include snip.d/proxy-connection-keepalive;
|
||||||
|
include snip.d/proxy-early-data;
|
||||||
|
|
||||||
|
proxy_redirect ~*^http://(ci|git)\.krd\.sh(?:|:[0-9]+)/(.*)$ https://$1.krd.sh/$2;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://krdsh_ci;
|
||||||
|
## quirks
|
||||||
|
chunked_transfer_encoding off;
|
||||||
|
client_max_body_size 16M;
|
||||||
|
proxy_buffering off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location @precache {
|
||||||
|
proxy_pass http://krdsh_ci;
|
||||||
|
|
||||||
|
proxy_cache krdsh_cache_ci;
|
||||||
|
proxy_cache_key $uri;
|
||||||
|
proxy_cache_valid 200 1h;
|
||||||
|
proxy_cache_valid 30s;
|
||||||
|
proxy_ignore_client_abort on;
|
||||||
|
|
||||||
|
proxy_ignore_headers Cache-Control;
|
||||||
|
proxy_hide_header Cache-Control;
|
||||||
|
expires 2h;
|
||||||
|
|
||||||
|
## quirks
|
||||||
|
chunked_transfer_encoding off;
|
||||||
|
proxy_method GET;
|
||||||
|
proxy_buffering on;
|
||||||
|
proxy_temp_file_write_size 4m;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /assets/ {
|
||||||
|
try_files /.non-existent-uri @precache;
|
||||||
|
# proxy_pass http://krdsh_ci;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name ci.krd.sh;
|
||||||
|
|
||||||
|
include snip.d/listen-grpcs;
|
||||||
|
include snip.d/ssl-krd.sh;
|
||||||
|
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
|
||||||
|
root /var/www/empty;
|
||||||
|
|
||||||
|
include snip.d/http-security-headers;
|
||||||
|
|
||||||
|
include snip.d/grpc-accept-encoding;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
grpc_pass grpc://krdsh_ci_grpc;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -26,8 +26,7 @@ server {
|
|||||||
|
|
||||||
include snip.d/empty-favicon;
|
include snip.d/empty-favicon;
|
||||||
|
|
||||||
location /
|
location / {
|
||||||
{
|
|
||||||
return 301 https://$host$uri$is_args$args;
|
return 301 https://$host$uri$is_args$args;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -35,11 +34,11 @@ server {
|
|||||||
|
|
||||||
location ~*^/repository/apt_[^/]+/(?:dists|pool)/
|
location ~*^/repository/apt_[^/]+/(?:dists|pool)/
|
||||||
{
|
{
|
||||||
|
gzip off;
|
||||||
|
brotli off;
|
||||||
|
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://krdsh_nexus;
|
||||||
|
|
||||||
proxy_method GET;
|
proxy_method GET;
|
||||||
|
|
||||||
include snip.d/disable-comp;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
## allow proxy repositories only for non-public usage
|
## allow proxy repositories only for non-public usage
|
||||||
@ -52,9 +51,53 @@ server {
|
|||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://krdsh_nexus;
|
||||||
|
|
||||||
proxy_method GET;
|
proxy_method GET;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## quirks
|
||||||
|
chunked_transfer_encoding off;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name nexus-asis.krd.sh;
|
||||||
|
|
||||||
|
include snip.d/listen-https;
|
||||||
|
include snip.d/ssl-krd.sh;
|
||||||
|
|
||||||
|
access_log off;
|
||||||
|
log_not_found off;
|
||||||
|
|
||||||
|
root /var/www/empty;
|
||||||
|
|
||||||
|
include snip.d/http-security-headers;
|
||||||
|
|
||||||
|
include snip.d/proxy-common-headers;
|
||||||
|
include snip.d/proxy-accept-encoding;
|
||||||
|
include snip.d/proxy-connection-keepalive;
|
||||||
|
include snip.d/proxy-early-data;
|
||||||
|
|
||||||
|
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://krdsh_nexus;
|
||||||
|
## quirks
|
||||||
|
client_max_body_size 1024M;
|
||||||
|
}
|
||||||
|
|
||||||
|
## allow proxy repositories only for non-public usage
|
||||||
|
|
||||||
|
location ~*^/repository/proxy_[^/]+/
|
||||||
|
{
|
||||||
|
allow 127.0.0.0/8;
|
||||||
|
allow 192.0.2.0/24;
|
||||||
|
allow 240.0.0.0/4;
|
||||||
|
deny all;
|
||||||
|
|
||||||
|
proxy_pass http://krdsh_nexus;
|
||||||
|
}
|
||||||
|
|
||||||
|
## quirks
|
||||||
|
chunked_transfer_encoding off;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
@ -77,12 +120,10 @@ server {
|
|||||||
|
|
||||||
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://$host/$1;
|
||||||
|
|
||||||
location /
|
location / {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://krdsh_nexus;
|
||||||
|
|
||||||
## quirks
|
## quirks
|
||||||
client_max_body_size 10G;
|
client_max_body_size 1024M;
|
||||||
}
|
}
|
||||||
|
|
||||||
## allow proxy repositories only for non-public usage
|
## allow proxy repositories only for non-public usage
|
||||||
@ -99,10 +140,12 @@ server {
|
|||||||
|
|
||||||
js_import njs/nexus.js;
|
js_import njs/nexus.js;
|
||||||
|
|
||||||
location /static/
|
location /static/ {
|
||||||
{
|
|
||||||
js_content nexus.statics;
|
js_content nexus.statics;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## quirks
|
||||||
|
chunked_transfer_encoding off;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
@ -143,9 +186,8 @@ server {
|
|||||||
include snip.d/proxy-connection-close;
|
include snip.d/proxy-connection-close;
|
||||||
include snip.d/proxy-early-data;
|
include snip.d/proxy-early-data;
|
||||||
|
|
||||||
proxy_ignore_headers Cache-Control Expires;
|
proxy_ignore_headers Cache-Control;
|
||||||
proxy_hide_header Cache-Control;
|
proxy_hide_header Cache-Control;
|
||||||
proxy_hide_header Expires;
|
|
||||||
|
|
||||||
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://nexus.krd.sh/$1;
|
proxy_redirect ~*^http://$host(?:|:[0-9]+)/(.*)$ https://nexus.krd.sh/$1;
|
||||||
|
|
||||||
@ -161,16 +203,18 @@ server {
|
|||||||
proxy_pass http://krdsh_nexus;
|
proxy_pass http://krdsh_nexus;
|
||||||
|
|
||||||
proxy_cache krdsh_cache_nexus;
|
proxy_cache krdsh_cache_nexus;
|
||||||
|
proxy_cache_key $uri$is_args$args;
|
||||||
proxy_cache_key $uri;
|
proxy_cache_valid 200 1h;
|
||||||
|
proxy_cache_valid 30s;
|
||||||
expires 2h;
|
|
||||||
proxy_cache_valid 200 4h;
|
|
||||||
proxy_cache_valid 10s;
|
|
||||||
proxy_ignore_client_abort on;
|
proxy_ignore_client_abort on;
|
||||||
|
expires 2h;
|
||||||
|
|
||||||
## quirks
|
## quirks
|
||||||
proxy_method GET;
|
proxy_method GET;
|
||||||
|
proxy_buffering on;
|
||||||
proxy_temp_file_write_size 4m;
|
proxy_temp_file_write_size 4m;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## quirks
|
||||||
|
chunked_transfer_encoding off;
|
||||||
}
|
}
|
||||||
|
@ -14,8 +14,7 @@ server {
|
|||||||
|
|
||||||
root /var/www/empty;
|
root /var/www/empty;
|
||||||
|
|
||||||
location /
|
location / {
|
||||||
{
|
|
||||||
try_files /.non-existent-uri @redirect;
|
try_files /.non-existent-uri @redirect;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -43,33 +42,29 @@ server {
|
|||||||
include snip.d/proxy-accept-encoding;
|
include snip.d/proxy-accept-encoding;
|
||||||
include snip.d/proxy-connection-close;
|
include snip.d/proxy-connection-close;
|
||||||
|
|
||||||
location @redirect
|
location @redirect {
|
||||||
{
|
|
||||||
return 301 https://nodejs.org$request_uri;
|
return 301 https://nodejs.org$request_uri;
|
||||||
}
|
}
|
||||||
|
|
||||||
location @download
|
location @download {
|
||||||
{
|
|
||||||
proxy_pass https://nodejs.org$uri$is_args$args;
|
proxy_pass https://nodejs.org$uri$is_args$args;
|
||||||
|
|
||||||
proxy_redirect https://nodejs.org $scheme://$server_name;
|
proxy_redirect https://nodejs.org $scheme://$server_name;
|
||||||
|
|
||||||
proxy_cache nodejs_org;
|
proxy_cache nodejs_org;
|
||||||
|
proxy_cache_key $uri$is_args$args;
|
||||||
proxy_cache_key $uri;
|
|
||||||
|
|
||||||
expires 30m;
|
|
||||||
proxy_cache_valid 200 1h;
|
proxy_cache_valid 200 1h;
|
||||||
proxy_cache_valid 30s;
|
proxy_cache_valid 30s;
|
||||||
proxy_ignore_client_abort on;
|
proxy_ignore_client_abort on;
|
||||||
|
|
||||||
proxy_ignore_headers Cache-Control Expires;
|
proxy_ignore_headers Cache-Control;
|
||||||
proxy_hide_header Cache-Control;
|
proxy_hide_header Cache-Control;
|
||||||
proxy_hide_header Expires;
|
expires 30m;
|
||||||
|
|
||||||
## quirks
|
## quirks
|
||||||
chunked_transfer_encoding off;
|
chunked_transfer_encoding off;
|
||||||
proxy_method GET;
|
proxy_method GET;
|
||||||
|
proxy_buffering on;
|
||||||
proxy_temp_file_write_size 4m;
|
proxy_temp_file_write_size 4m;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -8,11 +8,6 @@ upstream krdsh_quay_secscan {
|
|||||||
server unix:/home/user/quay-run/gunicorn_secscan.sock fail_timeout=0;
|
server unix:/home/user/quay-run/gunicorn_secscan.sock fail_timeout=0;
|
||||||
}
|
}
|
||||||
|
|
||||||
proxy_cache_path
|
|
||||||
/var/cache/angie/proxy/krdsh-quay
|
|
||||||
keys_zone=krdsh_cache_quay:10m
|
|
||||||
levels=1:2;
|
|
||||||
|
|
||||||
map $http2:$http3
|
map $http2:$http3
|
||||||
$krdsh_quay_http1_bucket
|
$krdsh_quay_http1_bucket
|
||||||
{
|
{
|
||||||
@ -21,7 +16,6 @@ map $http2:$http3
|
|||||||
## current instanse is not behind LB/ingress,
|
## current instanse is not behind LB/ingress,
|
||||||
## so $proxy_protocol_addr is meaningless
|
## so $proxy_protocol_addr is meaningless
|
||||||
# ":" $proxy_protocol_addr;
|
# ":" $proxy_protocol_addr;
|
||||||
|
|
||||||
":" $remote_addr;
|
":" $remote_addr;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -46,62 +40,41 @@ map $uri
|
|||||||
{
|
{
|
||||||
default "";
|
default "";
|
||||||
|
|
||||||
## ~*^/v2/([^/]+)(?:/[^/]+)+/blobs/ $1;
|
|
||||||
## ~*^/v2/([^/]+)/[^/]+/tags/ $1;
|
|
||||||
## ~*^/v2/([^/]+)/[^/]+/manifests/ $1;
|
|
||||||
~*^/v2/([^/]+)/.+/(?:blobs|manifests|tags)/ $1;
|
~*^/v2/([^/]+)/.+/(?:blobs|manifests|tags)/ $1;
|
||||||
}
|
}
|
||||||
|
|
||||||
## use $request_id to remove (tight) request limit
|
## use $request_id to remove (tight) request limit
|
||||||
map $krdsh_quay_namespace:$krdsh_remote_type
|
map $krdsh_quay_namespace
|
||||||
$krdsh_quay_http1_ns_bucket
|
$krdsh_quay_http1_ns_bucket
|
||||||
{
|
{
|
||||||
default $krdsh_quay_http1_bucket;
|
default $krdsh_quay_http1_bucket;
|
||||||
|
|
||||||
~*^(?:k2|krd): $request_id;
|
~*^(?:k2|krd)$ $request_id;
|
||||||
|
|
||||||
## remove limits for internal usage
|
|
||||||
~^[^:]+:internal$ $request_id;
|
|
||||||
}
|
}
|
||||||
map $krdsh_quay_namespace:$krdsh_remote_type
|
map $krdsh_quay_namespace
|
||||||
$krdsh_quay_http2_ns_bucket
|
$krdsh_quay_http2_ns_bucket
|
||||||
{
|
{
|
||||||
default $krdsh_quay_http2_bucket;
|
default $krdsh_quay_http2_bucket;
|
||||||
|
|
||||||
~*^(?:k2|krd): $request_id;
|
~*^(?:k2|krd)$ $request_id;
|
||||||
|
|
||||||
## remove limits for internal usage
|
|
||||||
~^[^:]+:internal$ $request_id;
|
|
||||||
}
|
}
|
||||||
map $krdsh_quay_namespace:$krdsh_remote_type
|
map $krdsh_quay_namespace
|
||||||
$krdsh_quay_http3_ns_bucket
|
$krdsh_quay_http3_ns_bucket
|
||||||
{
|
{
|
||||||
default $krdsh_quay_http3_bucket;
|
default $krdsh_quay_http3_bucket;
|
||||||
|
|
||||||
~*^(?:k2|krd): $request_id;
|
~*^(?:k2|krd)$ $request_id;
|
||||||
|
|
||||||
## remove limits for internal usage
|
|
||||||
~^[^:]+:internal$ $request_id;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
map $cookie_patternfly
|
map $cookie_patternfly
|
||||||
$krdsh_quay_ui
|
$krdsh_quay_ui
|
||||||
{
|
{
|
||||||
|
volatile;
|
||||||
|
|
||||||
default old;
|
default old;
|
||||||
true new;
|
true new;
|
||||||
}
|
}
|
||||||
|
|
||||||
map $request_method:$uri
|
|
||||||
$krdsh_quay_nocache
|
|
||||||
{
|
|
||||||
default 1;
|
|
||||||
|
|
||||||
## cache requests:
|
|
||||||
## - ^/api/v1/repository/.+/tag/$
|
|
||||||
## - ^/api/v1/repository/.+/manifest/.+$
|
|
||||||
~*^(?:GET|HEAD):/api/v1/repository/(?:krd|k2|library|docker_io|quay_io|gcr_io|ghcr_io|registry_k8s_io)/.+/(?:tag/|manifest/.+)$ "";
|
|
||||||
}
|
|
||||||
|
|
||||||
limit_req_zone $http_authorization zone=krdsh_quay_staticauth:10m rate=30r/s;
|
limit_req_zone $http_authorization zone=krdsh_quay_staticauth:10m rate=30r/s;
|
||||||
|
|
||||||
limit_req_zone $krdsh_quay_http1_bucket zone=krdsh_quay_http1_light:10m rate=60r/s;
|
limit_req_zone $krdsh_quay_http1_bucket zone=krdsh_quay_http1_light:10m rate=60r/s;
|
||||||
@ -142,8 +115,7 @@ server {
|
|||||||
|
|
||||||
include snip.d/empty-favicon;
|
include snip.d/empty-favicon;
|
||||||
|
|
||||||
location /
|
location / {
|
||||||
{
|
|
||||||
return 301 https://$host$uri$is_args$args;
|
return 301 https://$host$uri$is_args$args;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -172,13 +144,7 @@ server {
|
|||||||
|
|
||||||
error_page 502 /home/user/quay-run-static/static/502.html;
|
error_page 502 /home/user/quay-run-static/static/502.html;
|
||||||
|
|
||||||
limit_req_status 429;
|
location /static/ {
|
||||||
limit_req_log_level warn;
|
|
||||||
|
|
||||||
js_import njs/quay.js;
|
|
||||||
|
|
||||||
location /static/
|
|
||||||
{
|
|
||||||
root /home/user/quay-run-static;
|
root /home/user/quay-run-static;
|
||||||
|
|
||||||
expires 1d;
|
expires 1d;
|
||||||
@ -190,12 +156,7 @@ server {
|
|||||||
error_page 404 /404;
|
error_page 404 /404;
|
||||||
}
|
}
|
||||||
|
|
||||||
location @old_ui
|
location / {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_quay_web;
|
|
||||||
}
|
|
||||||
location @new_ui
|
|
||||||
{
|
|
||||||
root /home/user/quay-run-static/static/patternfly;
|
root /home/user/quay-run-static/static/patternfly;
|
||||||
index index.html;
|
index index.html;
|
||||||
|
|
||||||
@ -203,123 +164,86 @@ server {
|
|||||||
brotli_static on;
|
brotli_static on;
|
||||||
zstd_static on;
|
zstd_static on;
|
||||||
|
|
||||||
|
if ($krdsh_quay_ui = "old") {
|
||||||
|
proxy_pass http://krdsh_quay_web;
|
||||||
|
}
|
||||||
|
if ($krdsh_quay_ui = "new") {
|
||||||
rewrite
|
rewrite
|
||||||
^/(?:overview|organization|repository|tag)
|
^/(?:overview|organization|repository|tag)
|
||||||
/index.html
|
/index.html
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
location /
|
|
||||||
{
|
|
||||||
js_content quay.route_ui;
|
|
||||||
|
|
||||||
js_var $krdsh_quay_ui_njs "$krdsh_quay_ui";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location /angular
|
location /angular {
|
||||||
{
|
|
||||||
# Expire cookie and switch to old UI
|
# Expire cookie and switch to old UI
|
||||||
add_header Set-Cookie "patternfly=deleted; path=/; Expires=Thu, Jan 01 1970 00:00:00 UTC";
|
add_header Set-Cookie "patternfly=deleted; path=/; Expires=Thu, Jan 01 1970 00:00:00 UTC";
|
||||||
return 302 /$is_args$args;
|
return 302 /$is_args$args;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /react
|
location /react {
|
||||||
{
|
|
||||||
# Set cookie and witch to new UI
|
# Set cookie and witch to new UI
|
||||||
add_header Set-Cookie "patternfly=true; path=/; SameSite=Lax; HttpOnly;" always;
|
add_header Set-Cookie "patternfly=true; path=/; SameSite=Lax; HttpOnly;" always;
|
||||||
return 302 /$is_args$args;
|
return 302 /$is_args$args;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
limit_req_status 429;
|
||||||
|
limit_req_log_level warn;
|
||||||
|
|
||||||
# Temporarily force signin for old and new UI to route to web app
|
# Temporarily force signin for old and new UI to route to web app
|
||||||
location /signin
|
location /signin {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_quay_web/;
|
proxy_pass http://krdsh_quay_web/;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Capture traffic that needs to go to web_app, see /web.py
|
# Capture traffic that needs to go to web_app, see /web.py
|
||||||
location ~* ^/(?:config|csrf_token|oauth1|oauth2|webhooks|keys|.well-known|customtrigger|userfiles/)
|
location ~* ^/(?:config|csrf_token|oauth1|oauth2|webhooks|keys|.well-known|customtrigger|userfiles/) {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_quay_web;
|
proxy_pass http://krdsh_quay_web;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Capture old UI paths that aren't present in new UI
|
# Capture old UI paths that aren't present in new UI
|
||||||
location ~* ^/(?:user/|search)
|
location ~* ^/(?:user/|search) {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_quay_web;
|
proxy_pass http://krdsh_quay_web;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /push
|
location /push {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_quay_web;
|
proxy_pass http://krdsh_quay_web;
|
||||||
|
|
||||||
client_max_body_size 5M;
|
client_max_body_size 5M;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /realtime
|
location /realtime {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_quay_web;
|
proxy_pass http://krdsh_quay_web;
|
||||||
|
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
proxy_request_buffering off;
|
proxy_request_buffering off;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /secscan/
|
location /secscan/ {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_quay_secscan;
|
proxy_pass http://krdsh_quay_secscan;
|
||||||
}
|
}
|
||||||
|
|
||||||
# location ~ ^/v2/.+/_trust/tuf/ {
|
# location ~ ^/v2/.+/_trust/tuf/ {
|
||||||
# proxy_pass https://tuf.krd.sh$uri;
|
# proxy_pass https://tuf.krd.sh$uri;
|
||||||
|
#
|
||||||
# include snip.d/proxy-common-headers;
|
# include snip.d/proxy-common-headers;
|
||||||
# include snip.d/proxy-accept-encoding;
|
# include snip.d/proxy-accept-encoding;
|
||||||
# include snip.d/proxy-connection-close;
|
# include snip.d/proxy-connection-close;
|
||||||
# include snip.d/proxy-early-data;
|
# include snip.d/proxy-early-data;
|
||||||
|
#
|
||||||
# proxy_set_header Host $host;
|
# proxy_set_header Host tuf.krd.sh;
|
||||||
# }
|
# }
|
||||||
|
|
||||||
location ~* ^/api/v1/repository(?:/.+/tag/|/.+/manifest/.+)$
|
location /api/ {
|
||||||
{
|
|
||||||
limit_req zone=krdsh_quay_http1_medium burst=50 nodelay;
|
|
||||||
limit_req zone=krdsh_quay_http2_medium burst=100 nodelay;
|
|
||||||
limit_req zone=krdsh_quay_http3_medium burst=100 nodelay;
|
|
||||||
|
|
||||||
proxy_pass http://krdsh_quay_web;
|
proxy_pass http://krdsh_quay_web;
|
||||||
|
|
||||||
keepalive_timeout 0;
|
|
||||||
|
|
||||||
proxy_cache krdsh_cache_quay;
|
|
||||||
proxy_cache_key $uri$is_args$args;
|
|
||||||
proxy_cache_bypass $http_pragma $http_authorization $krdsh_quay_nocache;
|
|
||||||
proxy_no_cache $http_pragma $http_authorization $krdsh_quay_nocache;
|
|
||||||
|
|
||||||
expires 30s;
|
|
||||||
proxy_cache_valid 200 1m;
|
|
||||||
proxy_cache_valid 10s;
|
|
||||||
proxy_ignore_client_abort on;
|
|
||||||
|
|
||||||
proxy_ignore_headers Cache-Control Expires Set-Cookie Vary;
|
|
||||||
proxy_hide_header Cache-Control;
|
|
||||||
proxy_hide_header Expires;
|
|
||||||
proxy_hide_header Set-Cookie;
|
|
||||||
proxy_hide_header Vary;
|
|
||||||
|
|
||||||
## quirks
|
|
||||||
proxy_temp_file_write_size 4m;
|
|
||||||
}
|
|
||||||
location /api/
|
|
||||||
{
|
|
||||||
limit_req zone=krdsh_quay_http1_heavy burst=25 nodelay;
|
limit_req zone=krdsh_quay_http1_heavy burst=25 nodelay;
|
||||||
limit_req zone=krdsh_quay_http2_heavy burst=100 nodelay;
|
limit_req zone=krdsh_quay_http2_heavy burst=100 nodelay;
|
||||||
limit_req zone=krdsh_quay_http3_heavy burst=100 nodelay;
|
limit_req zone=krdsh_quay_http3_heavy burst=100 nodelay;
|
||||||
|
|
||||||
proxy_pass http://krdsh_quay_web;
|
|
||||||
|
|
||||||
keepalive_timeout 0;
|
keepalive_timeout 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /api/suconfig
|
location /api/suconfig {
|
||||||
{
|
|
||||||
proxy_pass http://krdsh_quay_web;
|
proxy_pass http://krdsh_quay_web;
|
||||||
|
|
||||||
proxy_read_timeout 2000;
|
proxy_read_timeout 2000;
|
||||||
@ -327,36 +251,33 @@ server {
|
|||||||
|
|
||||||
## Docker Registry V2
|
## Docker Registry V2
|
||||||
|
|
||||||
location = /v2/auth
|
location = /v2/auth {
|
||||||
{
|
|
||||||
limit_req zone=krdsh_quay_staticauth burst=10 nodelay;
|
|
||||||
|
|
||||||
proxy_pass http://krdsh_quay_registry;
|
proxy_pass http://krdsh_quay_registry;
|
||||||
|
|
||||||
|
limit_req zone=krdsh_quay_staticauth burst=10 nodelay;
|
||||||
|
|
||||||
keepalive_timeout 0;
|
keepalive_timeout 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~* ^/v2/_catalog
|
location ~* ^/v2/_catalog {
|
||||||
{
|
proxy_pass http://krdsh_quay_registry;
|
||||||
|
|
||||||
|
proxy_read_timeout 10;
|
||||||
|
keepalive_timeout 0;
|
||||||
|
|
||||||
limit_req zone=krdsh_quay_http1_heavy burst=1 nodelay;
|
limit_req zone=krdsh_quay_http1_heavy burst=1 nodelay;
|
||||||
limit_req zone=krdsh_quay_http2_heavy burst=5 nodelay;
|
limit_req zone=krdsh_quay_http2_heavy burst=5 nodelay;
|
||||||
limit_req zone=krdsh_quay_http3_heavy burst=5 nodelay;
|
limit_req zone=krdsh_quay_http3_heavy burst=5 nodelay;
|
||||||
|
|
||||||
proxy_pass http://krdsh_quay_registry;
|
|
||||||
|
|
||||||
keepalive_timeout 0;
|
|
||||||
proxy_read_timeout 10;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~* ^/v2/.+/blobs/
|
location ~* ^/v2/.+/blobs/ {
|
||||||
{
|
|
||||||
limit_req zone=krdsh_quay_http1_ns_medium burst=50 nodelay;
|
|
||||||
limit_req zone=krdsh_quay_http2_ns_medium burst=100 nodelay;
|
|
||||||
limit_req zone=krdsh_quay_http3_ns_medium burst=100 nodelay;
|
|
||||||
|
|
||||||
proxy_pass http://krdsh_quay_registry;
|
proxy_pass http://krdsh_quay_registry;
|
||||||
|
|
||||||
keepalive_timeout 0;
|
# if ($request_method = HEAD) {
|
||||||
|
# gzip off;
|
||||||
|
# brotli off;
|
||||||
|
# zstd off;
|
||||||
|
# }
|
||||||
|
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
proxy_request_buffering off;
|
proxy_request_buffering off;
|
||||||
@ -364,76 +285,76 @@ server {
|
|||||||
proxy_read_timeout 2000;
|
proxy_read_timeout 2000;
|
||||||
proxy_send_timeout 2000;
|
proxy_send_timeout 2000;
|
||||||
|
|
||||||
client_max_body_size 10G;
|
client_max_body_size 10240M;
|
||||||
http2_chunk_size 32k;
|
http2_chunk_size 32k;
|
||||||
|
|
||||||
include snip.d/disable-comp;
|
limit_req zone=krdsh_quay_http1_ns_medium burst=50 nodelay;
|
||||||
|
limit_req zone=krdsh_quay_http2_ns_medium burst=100 nodelay;
|
||||||
|
limit_req zone=krdsh_quay_http3_ns_medium burst=100 nodelay;
|
||||||
|
|
||||||
|
keepalive_timeout 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~* ^/v2/.+/tags/
|
location ~* ^/v2/.+/tags/ {
|
||||||
{
|
proxy_pass http://krdsh_quay_registry;
|
||||||
|
|
||||||
limit_req zone=krdsh_quay_http1_ns_heavy burst=2 nodelay;
|
limit_req zone=krdsh_quay_http1_ns_heavy burst=2 nodelay;
|
||||||
limit_req zone=krdsh_quay_http2_ns_heavy burst=2 nodelay;
|
limit_req zone=krdsh_quay_http2_ns_heavy burst=2 nodelay;
|
||||||
limit_req zone=krdsh_quay_http3_ns_heavy burst=2 nodelay;
|
limit_req zone=krdsh_quay_http3_ns_heavy burst=2 nodelay;
|
||||||
|
|
||||||
proxy_pass http://krdsh_quay_registry;
|
|
||||||
|
|
||||||
keepalive_timeout 0;
|
keepalive_timeout 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~* ^/v2/.+/manifests/
|
location ~* ^/v2/.+/manifests/ {
|
||||||
{
|
proxy_pass http://krdsh_quay_registry;
|
||||||
|
|
||||||
limit_req zone=krdsh_quay_http1_ns_medium burst=10 nodelay;
|
limit_req zone=krdsh_quay_http1_ns_medium burst=10 nodelay;
|
||||||
limit_req zone=krdsh_quay_http2_ns_medium burst=50 nodelay;
|
limit_req zone=krdsh_quay_http2_ns_medium burst=50 nodelay;
|
||||||
limit_req zone=krdsh_quay_http3_ns_medium burst=50 nodelay;
|
limit_req zone=krdsh_quay_http3_ns_medium burst=50 nodelay;
|
||||||
|
|
||||||
proxy_pass http://krdsh_quay_registry;
|
|
||||||
|
|
||||||
keepalive_timeout 0;
|
keepalive_timeout 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /v2/
|
location /v2/ {
|
||||||
{
|
proxy_pass http://krdsh_quay_registry;
|
||||||
|
|
||||||
|
# if ($request_method = HEAD) {
|
||||||
|
# gzip off;
|
||||||
|
# brotli off;
|
||||||
|
# zstd off;
|
||||||
|
# }
|
||||||
|
|
||||||
limit_req zone=krdsh_quay_http1_light burst=20 nodelay;
|
limit_req zone=krdsh_quay_http1_light burst=20 nodelay;
|
||||||
limit_req zone=krdsh_quay_http2_light burst=80 nodelay;
|
limit_req zone=krdsh_quay_http2_light burst=80 nodelay;
|
||||||
limit_req zone=krdsh_quay_http3_light burst=80 nodelay;
|
limit_req zone=krdsh_quay_http3_light burst=80 nodelay;
|
||||||
|
|
||||||
proxy_pass http://krdsh_quay_registry;
|
|
||||||
|
|
||||||
keepalive_timeout 0;
|
keepalive_timeout 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
## Docker Registry V1
|
## Docker Registry V1
|
||||||
## KrD: seems to be legacy
|
## KrD: seems to be legacy
|
||||||
|
|
||||||
location /v1/
|
location /v1/ {
|
||||||
{
|
proxy_pass http://krdsh_quay_registry;
|
||||||
return 444;
|
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_request_buffering off;
|
||||||
|
|
||||||
|
client_max_body_size 10240M;
|
||||||
|
|
||||||
|
limit_req zone=krdsh_quay_http1_heavy burst=5 nodelay;
|
||||||
|
limit_req zone=krdsh_quay_http2_heavy burst=25 nodelay;
|
||||||
|
limit_req zone=krdsh_quay_http3_heavy burst=25 nodelay;
|
||||||
|
|
||||||
|
keepalive_timeout 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
# location /v1/
|
location = /v1/_ping {
|
||||||
# {
|
default_type text/plain;
|
||||||
# limit_req zone=krdsh_quay_http1_heavy burst=5 nodelay;
|
|
||||||
# limit_req zone=krdsh_quay_http2_heavy burst=25 nodelay;
|
|
||||||
# limit_req zone=krdsh_quay_http3_heavy burst=25 nodelay;
|
|
||||||
|
|
||||||
# proxy_pass http://krdsh_quay_registry;
|
add_header X-Docker-Registry-Version 0.6.0;
|
||||||
|
add_header X-Docker-Registry-Standalone 0;
|
||||||
|
|
||||||
# proxy_buffering off;
|
return 200 "true";
|
||||||
# proxy_request_buffering off;
|
}
|
||||||
|
|
||||||
# client_max_body_size 10G;
|
|
||||||
|
|
||||||
# keepalive_timeout 0;
|
|
||||||
# }
|
|
||||||
|
|
||||||
# location = /v1/_ping
|
|
||||||
# {
|
|
||||||
# default_type text/plain;
|
|
||||||
|
|
||||||
# add_header X-Docker-Registry-Version 0.6.0;
|
|
||||||
# add_header X-Docker-Registry-Standalone 0;
|
|
||||||
|
|
||||||
# return 200 "true";
|
|
||||||
# }
|
|
||||||
}
|
}
|
||||||
|
@ -1 +0,0 @@
|
|||||||
../site.avail/http-ci.krd.sh.conf
|
|
@ -1,3 +0,0 @@
|
|||||||
gzip off;
|
|
||||||
brotli off;
|
|
||||||
zstd off;
|
|
Loading…
Reference in New Issue
Block a user