RPJosh
/
docker-registry-proxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add FORCE_UPSTREAM_HTTP_1_1 capability

pull/128/head
Hisham 2022-02-28 14:49:39 +11:00
parent 1418183659
commit 240a46cf9d
4 changed files with 37 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -102,6 +102,8 @@ ENV ALLOW_PUSH="false"
# Default is true to not change default behavior.
ENV PROXY_REQUEST_BUFFERING="true"
ENV FORCE_UPSTREAM_HTTP_1_1="false"
# Timeouts
# ngx_http_core_module
ENV SEND_TIMEOUT="60s"

1
README.md
View File

@ -91,6 +91,7 @@ for this to work it requires inserting a root CA certificate into system trusted
If you have trouble pushing, set this to `false` first, then fix remainig timeouts.
Default is `true` to not change default behavior.
ENV PROXY_REQUEST_BUFFERING="true"
- Env `FORCE_UPSTREAM_HTTP_1_1`: If set to `true`, injects nginx config that forces upstream to use http 1.1, this allows registries sitting behind an http2 proxy to work eg: harbor registry sitting behind an envoy proxy. Default is `false`.
- Timeouts ENVS - all of them can pe specified to control different timeouts, and if not set, the defaults will be the ones from `Dockerfile`. The directives will be added into `http` block.:
- SEND_TIMEOUT : see [send_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#send_timeout)
- CLIENT_BODY_TIMEOUT : see [client_body_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout)

14
entrypoint.sh
View File

@ -268,6 +268,20 @@ echo -e "\nRequest buffering: ---"
cat /etc/nginx/proxy.request.buffering.conf
echo -e "---\n"
# force upstream to use http 1.1
echo "" > /etc/nginx/http1.1.upstream.conf
if [[ "a${FORCE_UPSTREAM_HTTP_1_1}" == "atrue" ]]; then
cat << EOD > /etc/nginx/http1.1.upstream.conf
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
EOD
fi
echo -e "\nConfigure upstream http version support: ---"
cat /etc/nginx/http1.1.upstream.conf
echo -e "---\n"
# Upstream SSL verification.
echo "" > /etc/nginx/docker.verify.ssl.conf
if [[ "a${VERIFY_SSL}" == "atrue" ]]; then

6
nginx.conf
View File

@ -253,10 +253,8 @@ echo "Docker configured with HTTPS_PROXY=$scheme://$http_host/"
# Use SNI during the TLS handshake with the upstream.
proxy_ssl_server_name on;
# http2 support for upstream
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# force upstream to use http 1.1
include /etc/nginx/http1.1.upstream.conf;
# This comes from a include file generated by the entrypoint.
include /etc/nginx/docker.verify.ssl.conf;