diff --git a/volumes/conf.d/registry.zinomedia.de.conf b/volumes/conf.d/registry.zinomedia.de.conf
index cbd8dfd..d82c127 100644
--- a/volumes/conf.d/registry.zinomedia.de.conf
+++ b/volumes/conf.d/registry.zinomedia.de.conf
@@ -7,6 +7,38 @@ map $upstream_http_docker_distribution_api_version $docker_distribution_api_vers
     '' 'registry/2.0';
 }
 
+## Record actual registry push/pull traffic
+map $body_bytes_sent $has_body_bytes_sent {
+    default 0;
+    ~^[1-9][0-9]*$ 1;
+}
+map "$request_method$uri" $is_blob_get {
+    default 0;
+    ~^GET/v2/.+/blobs/sha256:[a-f0-9]+$ 1;
+}
+map "$is_blob_get$has_body_bytes_sent" $is_pull_transfer {
+    default 0;
+    ~^11$ 1;
+}
+
+map $upstream_http_range $has_upstream_range {
+    default 0;
+    ~^[0-9]+-[0-9]+$ 1;
+}
+map "$request_method$uri" $is_upload_patch {
+    default 0;
+    ~^PATCH/v2/.+/blobs/uploads/[a-f0-9-]+$ 1;
+}
+map "$is_upload_patch$has_upstream_range" $is_push_transfer {
+    default 0;
+    ~^11$ 1;
+}
+
+map "$is_pull_transfer$is_push_transfer" $is_transfer_loggable {
+    default 0;
+    ~1 1;
+}
+
 server {
     listen 443 ssl;
     listen [::]:443 ssl;
@@ -15,6 +47,9 @@ server {
     access_log /var/log/nginx/registry.zinomedia.de.access.log;
     error_log /var/log/nginx/error.log;
 
+    # Record actual registry push/pull traffic
+    access_log /var/log/nginx/registry.zinomedia.de.access.json.log registry_json if=$is_transfer_loggable;
+
     ssl_certificate /etc/letsencrypt/live/registry.zinomedia.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/registry.zinomedia.de/privkey.pem;