From 4fee7b44d3ae26b1292a86135937b9c1d82cd069 Mon Sep 17 00:00:00 2001 From: Joxit Date: Tue, 2 Jul 2019 23:04:32 +0200 Subject: [PATCH] feat: Supports custom headers via file `/etc/nginx/.env` Remove the print of headers for security --- bin/entrypoint | 10 ++++++++-- examples/proxy-headers/README.md | 9 +++------ examples/proxy-headers/docker-compose.yml | 3 ++- examples/proxy-headers/nginx.env | 1 + 4 files changed, 14 insertions(+), 9 deletions(-) create mode 100644 examples/proxy-headers/nginx.env diff --git a/bin/entrypoint b/bin/entrypoint index ea8a7b5..279f90b 100755 --- a/bin/entrypoint +++ b/bin/entrypoint @@ -9,11 +9,17 @@ if [ -z "${DELETE_IMAGES}" ] || [ "${DELETE_IMAGES}" = false ] ; then fi get_nginx_proxy_headers() { - env | while read e; do + ( + env && + if [ -f "/etc/nginx/.env" ]; then + cat /etc/nginx/.env + # Force new line + echo "" + fi + ) | while read e; do if [ -n "$(echo $e | grep -o '^NGINX_PROXY_HEADER_')" ]; then key=$(echo ${e%%=*} | sed 's/^NGINX_PROXY_HEADER_//' | sed 's/_/-/g') value=${e#*=} - echo "Add proxy header $key: $value" >&2 echo -n "proxy_set_header ${key} \"${value}\"; " fi done diff --git a/examples/proxy-headers/README.md b/examples/proxy-headers/README.md index 0d54874..93d509f 100644 --- a/examples/proxy-headers/README.md +++ b/examples/proxy-headers/README.md @@ -2,20 +2,17 @@ The interface and the docker registry will be accessible with . -This example highlight the usage of custom headers when the UI is used as a proxy. When you wants to use a header name with hyphens, replace them by underscores in the variable. +This example highlight the usage of custom headers when the UI is used as a proxy. When you wants to use a header name with hyphens, replace them by underscores in the variable. You can put headers in environment variable or in config file `/etc/nginx/.env`. They have the same writing style. Headers can be useful in some cases such as avoid sending credentials when you are on the UI. Or give to the registry server other properties such as X-Forward-For header. -I will set these two headers in this example. +I will set these two headers in this example. X-Forward-For by environment variable and Authorization by file. In order to set your credentials in the header, you need to know how [Authorization](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) header works. Here we use the `Basic` authentication scheme, the credentials are constructed like this: - The username and the password are combined with a colon (`registry:ui`). - The resulting string is base64 encoded (`cmVnaXN0cnk6dWk=`). You can simply run `echo -n "registry:ui" | base64`. - In your header, put this value `Basic cmVnaXN0cnk6dWk=` -- In your docker-compose, the environment will look like `NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=` - -Tip: Use [docker-compose .env file](https://docs.docker.com/compose/environment-variables/#the-env-file) for this . - +- In your `/etc/nginx/.env`, the file will contains `NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=` For X-Forward-For, replace all hyphens by underscores, and the value will be a nginx variable which is `$proxy_add_x_forwarded_for`. In your docker compose you will need to duplicate the `$` character. In your docker-compose, your environment will look like `NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for` diff --git a/examples/proxy-headers/docker-compose.yml b/examples/proxy-headers/docker-compose.yml index 853ca37..190edee 100644 --- a/examples/proxy-headers/docker-compose.yml +++ b/examples/proxy-headers/docker-compose.yml @@ -16,8 +16,9 @@ services: environment: - REGISTRY_TITLE=My Private Docker Registry - REGISTRY_URL=http://registry:5000 - - NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk= - NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for + volumes: + - ./nginx.env:/etc/nginx/.env depends_on: - registry networks: diff --git a/examples/proxy-headers/nginx.env b/examples/proxy-headers/nginx.env new file mode 100644 index 0000000..f308be4 --- /dev/null +++ b/examples/proxy-headers/nginx.env @@ -0,0 +1 @@ +NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk= \ No newline at end of file