add nginx reverse proxy to serialize registyr requests for the same path to avoid race conditions [ci skip]

modules/docker-registry/nginx_registry.conf

@@ -0,0 +1,58 @@
+proxy_cache_path /var/cache/nginx/registry
+    levels=1:2
+    keys_zone=registry:500m
+    max_size=50g
+    inactive=24h
+    use_temp_path=off;
+
+upstream docker_registry {
+    server 127.0.0.1:5000;
+    keepalive 32;
+}
+
+server {
+    listen 5002;
+    server_name _;
+
+    # Access log
+    access_log /var/log/nginx/registry.access.log combined;
+
+    # Error log
+    error_log /var/log/nginx/registry.error.log warn;
+
+    # Required for large blobs
+    client_max_body_size 0;
+
+    # Disable buffering to clients, keep it between nginx<->registry
+    proxy_request_buffering off;
+    proxy_buffering on;
+
+    location /v2/ {
+        proxy_pass http://docker_registry;
+
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header Connection "";
+
+        # --- CRITICAL PART ---
+        proxy_cache registry;
+        proxy_cache_lock on;
+        proxy_cache_lock_timeout 15m;
+        proxy_cache_lock_age 15m;
+        proxy_cache_use_stale updating;
+
+        # Cache only successful pulls
+        proxy_cache_valid 200 206 24h;
+
+        # HEAD requests must not poison cache
+        proxy_cache_methods GET;
+
+        # Do not cache pushes
+        proxy_no_cache $http_authorization;
+        proxy_cache_bypass $http_authorization;
+
+        # Prevent partial responses
+        proxy_read_timeout 900;
+        proxy_send_timeout 900;
+    }
+}