[MediaWiki-commits] [Gerrit] docker: Add nginx frontend for registry - change (operations/puppet)

Yuvipanda (Code Review) Wed, 06 Apr 2016 13:45:17 -0700

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/281998


Change subject: docker: Add nginx frontend for registry
......................................................................

docker: Add nginx frontend for registry

- Limits PUT, POST, etc behind auth
- Allows anonymous GET access

Change-Id: I7b9e3b5ff2e9821a7b1da9f4c981efab515dd8bb
---
M modules/docker/manifests/registry.pp
A modules/docker/templates/registry-nginx.conf.erb
2 files changed, 35 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/98/281998/1

diff --git a/modules/docker/manifests/registry.pp 
b/modules/docker/manifests/registry.pp
index c45d0d4..8891ec7 100644
--- a/modules/docker/manifests/registry.pp
+++ b/modules/docker/manifests/registry.pp
@@ -23,20 +23,9 @@
             },
         },
         'http'     => {
-            'addr' => ':443',
+            'addr' => '127.0.0.1:5000',
             'host' => $::fqdn,
-            'tls'  => {
-                # FIXME: YOU SHOULD FEEL BAD ABOUT HARDCODING
-                'certificate' => '/var/lib/docker-registry/ssl/certs/cert.pem',
-                'key'         => 
'/var/lib/docker-registry/ssl/private_keys/server.key'
-            },
         },
-        'auth'     => {
-            'htpasswd' => {
-                'realm' => 'docker-auth',
-                'path'  => '/etc/docker/registry/htpasswd',
-            }
-        }
     }
 
     file { $datapath:
@@ -86,4 +75,7 @@
             '/etc/docker/registry/config.yml'
         ]
     }
+    nginx::site { 'registry':
+        content => template('docker/registry-nginx.conf.erb'),
+    }
 }
diff --git a/modules/docker/templates/registry-nginx.conf.erb 
b/modules/docker/templates/registry-nginx.conf.erb
new file mode 100644
index 0000000..110f231
--- /dev/null
+++ b/modules/docker/templates/registry-nginx.conf.erb
@@ -0,0 +1,31 @@
+upstream registry {
+  server 127.0.0.1:5000;
+}
+
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+server {
+  listen 80;
+
+  location / {
+    # Require auth for POST, PUT, DELETE, ... requests
+    limit_except GET HEAD OPTIONS {
+      auth_basic "<%= @auth_realm %>";
+      auth_basic_user_file <%= @auth_file %>;
+    }
+
+    proxy_pass http://registry;
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header Proxy-Connection "Keep-Alive";
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Host $host;
+  }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/281998
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I7b9e3b5ff2e9821a7b1da9f4c981efab515dd8bb
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] docker: Add nginx frontend for registry - change (operations/puppet)

Reply via email to