mirrors
/
docker-registry-ui
mirror of https://github.com/Joxit/docker-registry-ui.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

feat: Supports custom headers via file `/etc/nginx/.env` 

Remove the print of headers for security
This commit is contained in:
Joxit 2019-07-02 23:04:32 +02:00
parent 7716f8b44a
commit 4fee7b44d3
No known key found for this signature in database
GPG Key ID: F526592B8E012263
4 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bin/entrypoint
View File

@ -9,11 +9,17 @@ if [ -z "${DELETE_IMAGES}" ] || [ "${DELETE_IMAGES}" = false ] ; then
fi
get_nginx_proxy_headers() {
env | while read e; do
(
env &&
if [ -f "/etc/nginx/.env" ]; then
cat /etc/nginx/.env
# Force new line
echo ""
fi
) | while read e; do
if [ -n "$(echo $e | grep -o '^NGINX_PROXY_HEADER_')" ]; then
key=$(echo ${e%%=*} | sed 's/^NGINX_PROXY_HEADER_//' | sed 's/_/-/g')
value=${e#*=}
echo "Add proxy header $key: $value" >&2
echo -n "proxy_set_header ${key} \"${value}\"; "
fi
done

9
examples/proxy-headers/README.md
View File

@ -2,20 +2,17 @@
The interface and the docker registry will be accessible with <http://localhost>.
This example highlight the usage of custom headers when the UI is used as a proxy. When you wants to use a header name with hyphens, replace them by underscores in the variable.
This example highlight the usage of custom headers when the UI is used as a proxy. When you wants to use a header name with hyphens, replace them by underscores in the variable. You can put headers in environment variable or in config file `/etc/nginx/.env`. They have the same writing style.
Headers can be useful in some cases such as avoid sending credentials when you are on the UI. Or give to the registry server other properties such as X-Forward-For header.
I will set these two headers in this example.
I will set these two headers in this example. X-Forward-For by environment variable and Authorization by file.
In order to set your credentials in the header, you need to know how [Authorization](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) header works. Here we use the `Basic` authentication scheme, the credentials are constructed like this:
- The username and the password are combined with a colon (`registry:ui`).
- The resulting string is base64 encoded (`cmVnaXN0cnk6dWk=`). You can simply run `echo -n "registry:ui" | base64`.
- In your header, put this value `Basic cmVnaXN0cnk6dWk=`
- In your docker-compose, the environment will look like `NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=`
Tip: Use [docker-compose .env file](https://docs.docker.com/compose/environment-variables/#the-env-file) for this .
- In your `/etc/nginx/.env`, the file will contains `NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=`
For X-Forward-For, replace all hyphens by underscores, and the value will be a nginx variable which is `$proxy_add_x_forwarded_for`. In your docker compose you will need to duplicate the `$` character. In your docker-compose, your environment will look like `NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for`

3
examples/proxy-headers/docker-compose.yml
View File

@ -16,8 +16,9 @@ services:
environment:
- REGISTRY_TITLE=My Private Docker Registry
- REGISTRY_URL=http://registry:5000
- NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=
- NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for
volumes:
- ./nginx.env:/etc/nginx/.env
depends_on:
- registry
networks:

1
examples/proxy-headers/nginx.env Normal file
View File

@ -0,0 +1 @@
NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=