blob: fb48565f6af04f2fe898f72d7b173c9060f3d879 [file] [log] [blame]
worker_processes 2;
events {
worker_connections 1024;
}
http {
error_log /var/log/nginx/error.log debug;
access_log /var/log/nginx/access.log;
proxy_intercept_errors on;
proxy_send_timeout 120;
proxy_read_timeout 300;
upstream nexus {
server nexus:8081;
}
upstream registry {
server nexus:8082;
}
# http simulations
server {
listen 80;
listen 443 ssl;
server_name _;
ssl_certificate /etc/nginx/certs/nexus_server.crt;
ssl_certificate_key /etc/nginx/certs/nexus_server.key;
keepalive_timeout 5 5;
location / {
root /srv/http/$host;
index index.html;
}
}
# nexus simulations
server {
listen 80;
listen 443 ssl;
server_name {% for host in simulated_hosts.nexus -%}
{{ host + " " }}
{%- endfor %};
ssl_certificate /etc/nginx/certs/nexus_server.crt;
ssl_certificate_key /etc/nginx/certs/nexus_server.key;
keepalive_timeout 5 5;
proxy_buffering off;
# allow large uploads
client_max_body_size 3G;
location / {
# redirect to docker registry
if ($http_user_agent ~ docker ) {
proxy_pass http://registry;
}
proxy_pass http://nexus;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
# git simulations
server {
listen 80;
listen 443 ssl;
server_name {% for host in simulated_hosts.git -%}
{{ host + " " }}
{%- endfor %};
ssl_certificate /etc/nginx/certs/nexus_server.crt;
ssl_certificate_key /etc/nginx/certs/nexus_server.key;
keepalive_timeout 5 5;
proxy_buffering off;
location / {
try_files $uri $uri/ @git;
}
location @git {
# Set chunks to unlimited, as the body's can be huge
client_max_body_size 0;
fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
fastcgi_param QUERY_STRING $args;
fastcgi_param HTTP_HOST $server_name;
fastcgi_param PATH_INFO $uri;
include fastcgi_params;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/;
# Forward REMOTE_USER as we want to know when we are authenticated
fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
}
}