events {
    worker_connections 1024;
}

http {
    upstream registry_ui {
        server registry-ui:80;
    }

    upstream registry_api {
        server registry:5000;
    }

    server {
        listen 443 ssl;
        server_name YOUR_CI_CD_IP;

        ssl_certificate /etc/nginx/ssl/registry.crt;
        ssl_certificate_key /etc/nginx/ssl/registry.key;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers HIGH:!aNULL:!MD5;

        # Proxy registry API requests
        location /v2/ {
            proxy_pass https://registry_api;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_connect_timeout 30s;
            proxy_send_timeout 30s;
            proxy_read_timeout 30s;
            proxy_ssl_verify off;
        }

        # Proxy registry UI requests
        location / {
            proxy_pass http://registry_ui;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_connect_timeout 30s;
            proxy_send_timeout 30s;
            proxy_read_timeout 30s;
        }
    }
}