Merge master into breakout_swarm

Signed-off-by: Alex Ellis <alexellis2@gmail.com>

gateway/vendor/github.com/docker/distribution/contrib/docker-integration/nginx/Dockerfile

@@ -0,0 +1,10 @@
+FROM nginx:1.9
+
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY registry.conf /etc/nginx/conf.d/registry.conf
+COPY docker-registry-v2.conf /etc/nginx/docker-registry-v2.conf
+COPY registry-noauth.conf /etc/nginx/registry-noauth.conf
+COPY registry-basic.conf /etc/nginx/registry-basic.conf
+COPY test.passwd /etc/nginx/test.passwd
+COPY ssl /etc/nginx/ssl
+COPY v1 /var/www/html/v1

gateway/vendor/github.com/docker/distribution/contrib/docker-integration/nginx/docker-registry-v2.conf

@@ -0,0 +1,6 @@
+proxy_pass                          http://docker-registry-v2;
+proxy_set_header  Host              $http_host;   # required for docker client's sake
+proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+proxy_set_header  X-Forwarded-Proto $scheme;
+proxy_read_timeout                  900;

gateway/vendor/github.com/docker/distribution/contrib/docker-integration/nginx/nginx.conf

@@ -0,0 +1,61 @@
+user  nginx;
+worker_processes  1;
+
+error_log /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log main;
+
+    sendfile        on;
+
+    keepalive_timeout  65;
+
+    include /etc/nginx/conf.d/*.conf;
+}
+
+# Setup TCP proxies
+stream {
+  # Malevolent proxy
+  server {
+    listen     6666;
+    proxy_pass malevolent:6666;
+  }
+
+  # Registry configured for token server
+  server {
+    listen     5554;
+    listen     5555;
+    proxy_pass registryv2token:5000;
+  }
+
+  # Token server
+  server {
+    listen     5556;
+    proxy_pass tokenserver:5556;
+  }
+
+  # Registry configured for token server with oauth
+  server {
+    listen     5557;
+    listen     5558;
+    proxy_pass registryv2tokenoauth:5000;
+  }
+
+  # Token server with oauth
+  server {
+    listen     5559;
+    proxy_pass tokenserveroauth:5559;
+  }
+}

gateway/vendor/github.com/docker/distribution/contrib/docker-integration/nginx/registry-basic.conf

@@ -0,0 +1,8 @@
+client_max_body_size 0;
+chunked_transfer_encoding on;
+location /v2/ {
+  auth_basic "registry.localhost";
+  auth_basic_user_file test.passwd;
+  add_header 'Docker-Distribution-Api-Version' 'registry/2.0' always;
+  include               docker-registry-v2.conf;
+}

gateway/vendor/github.com/docker/distribution/contrib/docker-integration/nginx/registry-noauth.conf

@@ -0,0 +1,5 @@
+client_max_body_size 0;
+chunked_transfer_encoding on;
+location /v2/ {
+  include               docker-registry-v2.conf;
+}

gateway/vendor/github.com/docker/distribution/contrib/docker-integration/nginx/registry.conf

@@ -0,0 +1,260 @@
+# Docker registry proxy for api version 2
+
+upstream docker-registry-v2 {
+  server registryv2:5000;
+}
+
+# No client auth or TLS
+server {
+  listen 5000;
+  server_name localhost;
+
+  # disable any limits to avoid HTTP 413 for large image uploads
+  client_max_body_size 0;
+
+  # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+  chunked_transfer_encoding on;
+
+  location /v2/ {
+    # Do not allow connections from docker 1.5 and earlier
+    # docker pre-1.6.0 did not properly set the user agent on ping, catch "Go *" user agents
+    if ($http_user_agent ~ "^(docker\/1\.(3|4|5(?!\.[0-9]-dev))|Go ).*$" ) {
+      return 404;
+    }
+    
+    include               docker-registry-v2.conf;
+  }
+}
+
+# No client auth or TLS (V2 Only)
+server {
+  listen 5002;
+  server_name localhost;
+
+  # disable any limits to avoid HTTP 413 for large image uploads
+  client_max_body_size 0;
+
+  # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+  chunked_transfer_encoding on;
+
+  location / {
+    include               docker-registry-v2.conf;
+  }
+}
+
+# TLS Configuration chart
+# Username/Password: testuser/passpassword
+#      | ca  | client | basic | notes
+# 5440 | yes | no     | no    | Tests CA certificate
+# 5441 | yes | no     | yes   | Tests basic auth over TLS
+# 5442 | yes | yes    | no    | Tests client auth with client CA
+# 5443 | yes | yes    | no    | Tests client auth without client CA
+# 5444 | yes | yes    | yes   | Tests using basic auth + tls auth
+# 5445 | no  | no     | no    | Tests insecure using TLS
+# 5446 | no  | no     | yes   | Tests sending credentials to server with insecure TLS
+# 5447 | no  | yes    | no    | Tests client auth to insecure
+# 5448 | yes | no     | no    | Bad SSL version
+
+server {
+  listen 5440;
+  server_name localhost;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
+  include registry-noauth.conf;
+}
+
+server {
+  listen 5441;
+  server_name localhost;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
+  include registry-basic.conf;
+}
+
+server {
+  listen 5442;
+  listen 5443;
+  server_name localhost;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
+  ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
+  ssl_verify_client on;
+  include registry-noauth.conf;
+}
+
+server {
+  listen 5444;
+  server_name localhost;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
+  ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
+  ssl_verify_client on;
+  include registry-basic.conf;
+}
+
+server {
+  listen 5445;
+  server_name localhost;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem;
+  include registry-noauth.conf;
+}
+
+server {
+  listen 5446;
+  server_name localhost;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem;
+  include registry-basic.conf;
+}
+
+server {
+  listen 5447;
+  server_name localhost;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-noca+localhost-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-noca+localhost-key.pem;
+  ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
+  ssl_verify_client on;
+  include registry-noauth.conf;
+}
+
+server {
+  listen 5448;
+  server_name localhost;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localhost-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localhost-key.pem;
+  ssl_protocols       SSLv3;
+  include registry-noauth.conf;
+}
+
+# Add configuration for localregistry server_name
+# Requires configuring /etc/hosts to use
+# Set /etc/hosts entry to external IP, not 127.0.0.1 for testing
+# Docker secure/insecure registry features
+server {
+  listen 5440;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
+  include registry-noauth.conf;
+}
+
+server {
+  listen 5441;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
+  include registry-basic.conf;
+}
+
+server {
+  listen 5442;
+  listen 5443;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
+  ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
+  ssl_verify_client on;
+  include registry-noauth.conf;
+}
+
+server {
+  listen 5444;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
+  ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
+  ssl_verify_client on;
+  include registry-basic.conf;
+}
+
+server {
+  listen 5445;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem;
+  include registry-noauth.conf;
+}
+
+server {
+  listen 5446;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem;
+  include registry-basic.conf;
+}
+
+server {
+  listen 5447;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-noca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-noca+localregistry-key.pem;
+  ssl_client_certificate /etc/nginx/ssl/registry-ca+ca.pem;
+  ssl_verify_client on;
+  include registry-noauth.conf;
+}
+
+server {
+  listen 5448;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
+  ssl_protocols       SSLv3;
+  include registry-noauth.conf;
+}
+
+
+# V1 search test
+# Registry configured with token auth and no tls
+# TLS termination done by nginx, search results
+# served by nginx
+
+upstream docker-registry-v2-oauth {
+  server registryv2tokenoauthnotls:5000;
+}
+
+server {
+  listen 5600;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
+
+  root /var/www/html;
+
+  client_max_body_size 0;
+  chunked_transfer_encoding on;
+  location /v2/ {
+    proxy_buffering off;
+    proxy_pass                          http://docker-registry-v2-oauth;
+    proxy_set_header  Host              $http_host;   # required for docker client's sake
+    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header  X-Forwarded-Proto $scheme;
+    proxy_read_timeout                  900;
+  }
+
+  location /v1/search {
+    if ($http_authorization !~ "Bearer [a-zA-Z0-9\._-]+") {
+	return 401;
+    }
+    try_files /v1/search.json =404;
+    add_header Content-Type application/json;
+  }
+}

gateway/vendor/github.com/docker/distribution/contrib/docker-integration/nginx/test.passwd

@@ -0,0 +1 @@
+testuser:$apr1$YmLhHjm6$AjP4z8J1WgcUNxU8J4ue5.

gateway/vendor/github.com/docker/distribution/contrib/docker-integration/nginx/v1/search.json

@@ -0,0 +1 @@
+{"num_pages":1,"num_results":2,"page":1,"page_size": 25,"query":"testsearch","results":[{"description":"","is_automated":false,"is_official":false,"is_trusted":false, "name":"dmcgowan/testsearch-1","star_count":1000},{"description":"Some automated build","is_automated":true,"is_official":false,"is_trusted":false,"name":"dmcgowan/testsearch-2","star_count":10}]}