From ea3b694c4c038de9c95b5dc73e036ba4b3cdfd5c Mon Sep 17 00:00:00 2001 From: Marcus Blake Date: Thu, 13 Jun 2019 13:14:31 -0700 Subject: [PATCH 1/2] Added Docker run option to inlcude credentials for private remote registry to remove necessity to login from browser --- bin/entrypoint | 6 ++++++ nginx/default.conf | 2 ++ static.dockerfile | 2 ++ 3 files changed, 10 insertions(+) diff --git a/bin/entrypoint b/bin/entrypoint index 12417e13..f3f51213 100755 --- a/bin/entrypoint +++ b/bin/entrypoint @@ -11,6 +11,12 @@ fi if [ -n "${REGISTRY_URL}" ] ; then sed -i "s,\${REGISTRY_URL},${REGISTRY_URL}," /etc/nginx/conf.d/default.conf sed -i "s,#!,," /etc/nginx/conf.d/default.conf + + if [ -n "${USERNAME}" ] && [ -n "${PASSWORD}" ] ; then + BASIC_AUTH=$(echo -n "${USERNAME}:${PASSWORD}" | openssl base64) + sed -i "s,\${BASIC_AUTH},${BASIC_AUTH}," /etc/nginx/conf.d/default.conf + sed -i "s,##,," /etc/nginx/conf.d/default.conf + fi fi if [ -z "$@" ]; then diff --git a/nginx/default.conf b/nginx/default.conf index 91b86d31..1bb38994 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -25,6 +25,8 @@ server { #! return 404; #! } #! proxy_pass ${REGISTRY_URL}; +## # Allow for authentication for access to backend registry +## proxy_set_header Authorization "Basic ${BASIC_AUTH}"; #! } #error_page 404 /404.html; diff --git a/static.dockerfile b/static.dockerfile index 5b732486..6dd7014b 100644 --- a/static.dockerfile +++ b/static.dockerfile @@ -35,4 +35,6 @@ COPY --from=builder /usr/app/dist/ /usr/share/nginx/html/ COPY --from=builder /usr/app/dist/scripts/docker-registry-ui-static.js /usr/share/nginx/html/scripts/docker-registry-ui.js COPY bin/entrypoint /bin +RUN apk add openssl + ENTRYPOINT entrypoint From 804a172670eb7783894f55404878663ace56cdb4 Mon Sep 17 00:00:00 2001 From: Marcus Blake Date: Thu, 27 Jun 2019 17:39:49 -0700 Subject: [PATCH 2/2] Removed installation of openssl and added functionality to pass in path to credentials file --- bin/entrypoint | 13 ++++++++----- nginx/default.conf | 3 ++- static.dockerfile | 4 +--- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/bin/entrypoint b/bin/entrypoint index f3f51213..49416218 100755 --- a/bin/entrypoint +++ b/bin/entrypoint @@ -10,12 +10,15 @@ fi if [ -n "${REGISTRY_URL}" ] ; then sed -i "s,\${REGISTRY_URL},${REGISTRY_URL}," /etc/nginx/conf.d/default.conf + HOST=$(echo ${REGISTRY_URL} | sed "s,http[s]*://,,") + sed -i "s,\${HOST},${HOST}," /etc/nginx/conf.d/default.conf sed -i "s,#!,," /etc/nginx/conf.d/default.conf - if [ -n "${USERNAME}" ] && [ -n "${PASSWORD}" ] ; then - BASIC_AUTH=$(echo -n "${USERNAME}:${PASSWORD}" | openssl base64) - sed -i "s,\${BASIC_AUTH},${BASIC_AUTH}," /etc/nginx/conf.d/default.conf - sed -i "s,##,," /etc/nginx/conf.d/default.conf + if [ -f ${CREDS_FILE} ] ; then + CREDENTIALS=$(cat ${CREDS_FILE} | tr -d \\n) + BASIC_AUTH=$(echo -n "${CREDENTIALS}" | base64 | tr -d \\n) + sed -i "s,\${BASIC_AUTH},${BASIC_AUTH}," /etc/nginx/conf.d/default.conf + sed -i "s,##,," /etc/nginx/conf.d/default.conf fi fi @@ -23,4 +26,4 @@ if [ -z "$@" ]; then nginx -g "daemon off;" else $@ -fi +fi \ No newline at end of file diff --git a/nginx/default.conf b/nginx/default.conf index 1bb38994..bcae1dbf 100644 --- a/nginx/default.conf +++ b/nginx/default.conf @@ -25,6 +25,7 @@ server { #! return 404; #! } #! proxy_pass ${REGISTRY_URL}; +#! proxy_set_header Host ${HOST}; ## # Allow for authentication for access to backend registry ## proxy_set_header Authorization "Basic ${BASIC_AUTH}"; #! } @@ -44,4 +45,4 @@ server { #location ~ /\.ht { # deny all; #} -} +} \ No newline at end of file diff --git a/static.dockerfile b/static.dockerfile index 6dd7014b..36b2a15f 100644 --- a/static.dockerfile +++ b/static.dockerfile @@ -35,6 +35,4 @@ COPY --from=builder /usr/app/dist/ /usr/share/nginx/html/ COPY --from=builder /usr/app/dist/scripts/docker-registry-ui-static.js /usr/share/nginx/html/scripts/docker-registry-ui.js COPY bin/entrypoint /bin -RUN apk add openssl - -ENTRYPOINT entrypoint +ENTRYPOINT entrypoint \ No newline at end of file