Hide

RegistryUI Documentation

Display
Print

Using A Proxy & SSL

RegistryUI is typically set up using a proxy, such as nginx. For a stand-alone installation see Standalone Server.

When using a proxy to host multiple websites on a server, nginx can be used. In this case, using an SSL certificate for RegistryUI is part of setting up nginx.

Example nginx.conf snippet to set up HTTP access for RegistryUI in nginx:

    server {
        listen 80;
        listen [::]:80;
        server_name registry.yourcompany.com ;
        location / {
            client_max_body_size 5000M;
            allow all;
            proxy_pass         http://registryuiweb;
            proxy_redirect     off;
            proxy_set_header   X-Forwarded-Proto http;
            proxy_set_header   X-Forwarded-Host $host;
            proxy_set_header   X-Forwarded-Port 80;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

client_max_body_size is required so large images can be pushed to the registry.

proxy_set_header statements are used to inform the registryui container (website) for which host/port the requests are processed.

Example nginx.conf snipped to set up HTTPS access for RegistryUI in nginx:

    # HTTP
    server {
        listen 80;
        listen [::]:80;
        server_name registry.yourcompany.com ;
        location ~ /.well-known/acme-challenge {
            allow all;
            root /data/letsencrypt;
        }
        location / {
            return 503;
        }
        error_page 503 /index.html;
            location = /index.html {
            root /data/maintroot/;
        }
    }
    # HTTPS
    server {
        listen 443 ssl;
        listen [::]:443 ssl http2;
        server_name registry.yourcompany.com ;
        ssl_certificate /etc/letsencrypt/live/registry.yourcompany.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/registry.yourcompany.com/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
        location / {
            client_max_body_size 5000M;
            allow all;
            proxy_pass         http://registryuiweb;
            proxy_redirect     off;
            proxy_set_header   X-Forwarded-Proto https;
            proxy_set_header   X-Forwarded-Host $host;
            proxy_set_header   X-Forwarded-Port 443;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

It is assumed that you are familiar with certbot and other tools to obtain SSL certificates.

client_max_body_size is required so large images can be pushed to the registry.

proxy_set_header statements are used to inform the registryui container (website) for which host/port the requests are processed and that https is used (X-Forwarded-Proto).