From 4eaf49ae7b92092c4ee9d7d422a2843da1524890 Mon Sep 17 00:00:00 2001
From: zino <marlon.maschkiwitz@4players.io>
Date: Thu, 14 Aug 2025 10:45:38 +0200
Subject: [PATCH] m

---
 volumes/conf.d/registry.zinomedia.de.conf     | 33 +---------
 .../snippets/registry-transfer-logging.conf   | 65 +++++++++++++++++++
 2 files changed, 67 insertions(+), 31 deletions(-)
 create mode 100644 volumes/snippets/registry-transfer-logging.conf

diff --git a/volumes/conf.d/registry.zinomedia.de.conf b/volumes/conf.d/registry.zinomedia.de.conf
index d82c127..36e436d 100644
--- a/volumes/conf.d/registry.zinomedia.de.conf
+++ b/volumes/conf.d/registry.zinomedia.de.conf
@@ -8,36 +8,7 @@ map $upstream_http_docker_distribution_api_version $docker_distribution_api_vers
 }
 
 ## Record actual registry push/pull traffic
-map $body_bytes_sent $has_body_bytes_sent {
-    default 0;
-    ~^[1-9][0-9]*$ 1;
-}
-map "$request_method$uri" $is_blob_get {
-    default 0;
-    ~^GET/v2/.+/blobs/sha256:[a-f0-9]+$ 1;
-}
-map "$is_blob_get$has_body_bytes_sent" $is_pull_transfer {
-    default 0;
-    ~^11$ 1;
-}
-
-map $upstream_http_range $has_upstream_range {
-    default 0;
-    ~^[0-9]+-[0-9]+$ 1;
-}
-map "$request_method$uri" $is_upload_patch {
-    default 0;
-    ~^PATCH/v2/.+/blobs/uploads/[a-f0-9-]+$ 1;
-}
-map "$is_upload_patch$has_upstream_range" $is_push_transfer {
-    default 0;
-    ~^11$ 1;
-}
-
-map "$is_pull_transfer$is_push_transfer" $is_transfer_loggable {
-    default 0;
-    ~1 1;
-}
+include /etc/nginx/snippets/registry-transfer-logging.conf;
 
 server {
     listen 443 ssl;
@@ -48,7 +19,7 @@ server {
     error_log /var/log/nginx/error.log;
 
     # Record actual registry push/pull traffic
-    access_log /var/log/nginx/registry.zinomedia.de.access.json.log registry_json if=$is_transfer_loggable;
+    access_log access_log /var/log/nginx/registry.zinomedia.de.access.json.log registry_json if=$is_transfer_loggable;
 
     ssl_certificate /etc/letsencrypt/live/registry.zinomedia.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/registry.zinomedia.de/privkey.pem;
diff --git a/volumes/snippets/registry-transfer-logging.conf b/volumes/snippets/registry-transfer-logging.conf
new file mode 100644
index 0000000..9018a9f
--- /dev/null
+++ b/volumes/snippets/registry-transfer-logging.conf
@@ -0,0 +1,65 @@
+# JSON log format for transfer-only lines
+log_format registry_json escape=json
+'{'
+'"timestamp":"$time_iso8601",'
+'"remote_address":"$remote_addr",'
+'"remote_user":"$remote_user",'
+'"request_id":"$request_id",'
+'"method":"$request_method",'
+'"path":"$uri",'
+'"query_string":"$args",'
+'"http_version":"$server_protocol",'
+'"status":$status,'
+'"bytes_sent":$bytes_sent,'
+'"body_bytes_sent":$body_bytes_sent,'
+'"request_length":$request_length,'
+'"request_time":$request_time,'
+'"upstream_status":"$upstream_status",'
+'"upstream_time":"$upstream_response_time",'
+'"referer":"$http_referer",'
+'"user_agent":"$http_user_agent",'
+'"x_forwarded_for":"$http_x_forwarded_for",'
+'"range":"$http_range",'
+'"docker_content_digest":"$sent_http_docker_content_digest",'
+'"upstream_range":"$upstream_http_range",'
+'"docker_upload_uuid":"$upstream_http_docker_upload_uuid"'
+'}';
+
+map $body_bytes_sent $has_body_bytes_sent {
+    default 0;
+    ~^[1-9][0-9]*$ 1;
+}
+
+map "$request_method$uri" $is_blob_get {
+    default 0;
+    ~^GET/v2/.+/blobs/sha256:[a-f0-9]+$ 1;
+}
+
+map "$is_blob_get$has_body_bytes_sent" $is_pull_transfer {
+    default 0;
+    ~^11$ 1;
+}
+
+map $upstream_http_range $has_upstream_range {
+    default 0;
+    ~^[0-9]+-[0-9]+$ 1;
+}
+
+map "$request_method$uri" $is_upload_patch {
+    default 0;
+    ~^PATCH/v2/.+/blobs/uploads/[a-f0-9-]+$ 1;
+}
+
+map "$is_upload_patch$has_upstream_range" $is_push_transfer {
+    default 0;
+    ~^11$ 1;
+}
+
+map "$is_pull_transfer$is_push_transfer" $is_transfer_loggable {
+    default 0;
+    ~1 1;
+}
+
+map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
+    '' 'registry/2.0';
+}