Bonus: Generate the certificate using docker

rosebaby3892 · Post by **rosebaby3892** » Sun Apr 06, 2025 8:34 am

If you are on windows, or just don't wish to install openssl in order to generate one certificate, try using a docker image to create the certificate:

docker run -it centurylink/openssl sh
mkdir certs
openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crtCopy
While the container is running, open a new command line. You can find telegram data the id with  docker ps and copy the certificate out of it using docker cp <containerid>:/certs .

Configure Nginx
We now have finished the preparations and are ready to start configuring Nginx.

Create the file https.conf in the folder reverse , and start adding the following upstreams:

upstream docker-releases {
server nexus:8082;
}
upstream docker-snapshots {
server nexus:8083;
}
upstream docker-public {
server nexus:8084;
}Copy
Each upstream refers to a docker repository we configured in Nexus in the previous posts. An upstream is a destination where Nginx can forward it's requests to. The reference is by hostname and  portnumber . The hostname matches the name of the Nexus container in the docker-compose.yml, while the port number matches the http port we defined for each repository individually during the configuration of Nexus.

Next, we add a header field mapping that is required for the docker repository system.

folder $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
'' 'registry/2.0';
}Copy
Finally, we start adding the listeners for the inbound requests. The first listener will be on port 443 , which is the default https port as well as the default docker registry port. This will allow us to use just  mydocker as a destination, without specifying a port number.

location /v2/ {
# Do not allow connections from docker 1.5 and earlier
# docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
if ($http_user_agent ~ "^(docker/1.(3|4|5(?!.[0-9]-dev))|Go ).*$" ) {
return 404;
}

## If $docker_distribution_api_version is empty, the header will not be added.
## See the map directive above where this variable is defined.
add_header 'Docker-Distribution-Api-Version' $docker_distribution_api_version always;

proxy_pass http://docker-public;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900.