map $upstream_http_docker_distribution_api_version $docker_distribution_api_version { 'registry/2.0' ''; default registry/2.0; } server { listen 80; listen [::]:80; server_name docker.system.is; return 301 https://$server_name$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name docker.system.is; ssl on; ssl_certificate /etc/certificates/is.system.docker/crt; ssl_certificate_key /etc/certificates/is.system.docker/key; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload;" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "DENY" always; client_max_body_size 0; chunked_transfer_encoding on; #location / { # return 200 'This is a Docker registry. Welcome!'; #} location /v2/ { auth_basic 'Authentication Required'; auth_basic_user_file htpasswd; add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always; proxy_max_temp_file_size 0; proxy_pass http://127.0.0.1:5000; proxy_buffering off; proxy_read_timeout 900; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }