mirrors/docker-registry-ui
1
0
Fork 0
mirror of https://github.com/Joxit/docker-registry-ui.git synced 2025-04-27 07:29:54 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: Supports custom headers when the ui is used as proxy

Browse source
This commit is contained in:
Joxit 2019-06-24 23:54:21 +02:00
parent 1321d9b573
commit 7716f8b44a
No known key found for this signature in database
GPG key ID: F526592B8E012263
7 changed files with 92 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

18
bin/entrypoint
View file

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
$@
sed -i "s,\${URL},${URL}," scripts/docker-registry-ui.js sed -i "s,\${URL},${URL}," scripts/docker-registry-ui.js
sed -i "s,\${REGISTRY_TITLE},${REGISTRY_TITLE}," scripts/docker-registry-ui.js sed -i "s,\${REGISTRY_TITLE},${REGISTRY_TITLE}," scripts/docker-registry-ui.js
sed -i "s,\${PULL_URL},${PULL_URL}," scripts/docker-registry-ui.js sed -i "s,\${PULL_URL},${PULL_URL}," scripts/docker-registry-ui.js
@ -8,13 +8,25 @@ if [ -z "${DELETE_IMAGES}" ] || [ "${DELETE_IMAGES}" = false ] ; then
sed -i -r "s/(isImageRemoveActivated[:=])[^,;]*/\1false/" scripts/docker-registry-ui.js sed -i -r "s/(isImageRemoveActivated[:=])[^,;]*/\1false/" scripts/docker-registry-ui.js
fi fi
get_nginx_proxy_headers() {
env | while read e; do
if [ -n "$(echo $e | grep -o '^NGINX_PROXY_HEADER_')" ]; then
key=$(echo ${e%%=*} | sed 's/^NGINX_PROXY_HEADER_//' | sed 's/_/-/g')
value=${e#*=}
echo "Add proxy header $key: $value" >&2
echo -n "proxy_set_header ${key} \"${value}\"; "
fi
done
}
if [ -n "${REGISTRY_URL}" ] ; then if [ -n "${REGISTRY_URL}" ] ; then
sed -i "s,\${REGISTRY_URL},${REGISTRY_URL}," /etc/nginx/conf.d/default.conf sed -i "s,\${REGISTRY_URL},${REGISTRY_URL}," /etc/nginx/conf.d/default.conf
sed -i "s^\${NGINX_PROXY_HEADERS}^$(get_nginx_proxy_headers)^" /etc/nginx/conf.d/default.conf
sed -i "s,#!,," /etc/nginx/conf.d/default.conf sed -i "s,#!,," /etc/nginx/conf.d/default.conf
fi fi
if [ -z "$@" ]; then if [ -z "$@" ]; then
nginx -g "daemon off;" exec nginx -g "daemon off;"
else else
$@ exec $@
fi fi

22
examples/proxy-headers/README.md Normal file
View file

@ -0,0 +1,22 @@
# Set custom headers to the registry example
The interface and the docker registry will be accessible with <http://localhost>.
This example highlight the usage of custom headers when the UI is used as a proxy. When you wants to use a header name with hyphens, replace them by underscores in the variable.
Headers can be useful in some cases such as avoid sending credentials when you are on the UI. Or give to the registry server other properties such as X-Forward-For header.
I will set these two headers in this example.
In order to set your credentials in the header, you need to know how [Authorization](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization) header works. Here we use the `Basic` authentication scheme, the credentials are constructed like this:
- The username and the password are combined with a colon (`registry:ui`).
- The resulting string is base64 encoded (`cmVnaXN0cnk6dWk=`). You can simply run `echo -n "registry:ui" | base64`.
- In your header, put this value `Basic cmVnaXN0cnk6dWk=`
- In your docker-compose, the environment will look like `NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=`
Tip: Use [docker-compose .env file](https://docs.docker.com/compose/environment-variables/#the-env-file) for this .
For X-Forward-For, replace all hyphens by underscores, and the value will be a nginx variable which is `$proxy_add_x_forwarded_for`. In your docker compose you will need to duplicate the `$` character. In your docker-compose, your environment will look like `NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for`
As usual, run the project with `docker-compose up -d` (for background mode)

27
examples/proxy-headers/docker-compose.yml Normal file
View file

@ -0,0 +1,27 @@
version: '2.0'
services:
registry:
image: registry:2.7
volumes:
- ./registry-data:/var/lib/registry
- ./registry-config/credentials.yml:/etc/docker/registry/config.yml
- ./registry-config/htpasswd:/etc/docker/registry/htpasswd
networks:
- registry-ui-net
ui:
image: joxit/docker-registry-ui:static
ports:
- 80:80
environment:
- REGISTRY_TITLE=My Private Docker Registry
- REGISTRY_URL=http://registry:5000
- NGINX_PROXY_HEADER_Authorization=Basic cmVnaXN0cnk6dWk=
- NGINX_PROXY_HEADER_X_Forwarded_For=$$proxy_add_x_forwarded_for
depends_on:
- registry
networks:
- registry-ui-net
networks:
registry-ui-net:

25
examples/proxy-headers/registry-config/credentials.yml Normal file
View file

@ -0,0 +1,25 @@
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['http://localhost']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
auth:
htpasswd:
realm: basic-realm
path: /etc/docker/registry/htpasswd

1
examples/proxy-headers/registry-config/htpasswd Normal file
View file

@ -0,0 +1 @@
registry:$2y$11$1bmuJLK8HrQl5ACS/WeqRuJLUArUZfUcP2R23asmozEpfN76.pCHy

1
nginx/default.conf
View file

@ -25,6 +25,7 @@ server {
#! return 404; #! return 404;
#! } #! }
#! proxy_set_header Host $http_host; #! proxy_set_header Host $http_host;
#! ${NGINX_PROXY_HEADERS}
#! proxy_pass ${REGISTRY_URL}; #! proxy_pass ${REGISTRY_URL};
#! } #! }

2
package.json
View file

@ -14,7 +14,7 @@
"dependencies": {}, "dependencies": {},
"devDependencies": { "devDependencies": {
"del": "^3.0.0", "del": "^3.0.0",
"gulp": "^4.0.1", "gulp": "^4.0.2",
"gulp-clean-css": "^4.2.0", "gulp-clean-css": "^4.2.0",
"gulp-concat": "^2.6.0", "gulp-concat": "^2.6.0",
"gulp-filter": "^5.1.0", "gulp-filter": "^5.1.0",