RPJosh
/
docker-registry-proxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade to mitmproxy 5.x; do not store large bodies in memory; use separate config dirs for each mitmweb; better mitmweb logging

cache-manifests-tiers
Ricardo Pardini 2020-10-30 12:02:56 +01:00
parent 973f0d020b
commit a2fd8bb32b
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -16,7 +16,7 @@ ENV DO_DEBUG_BUILD="$DEBUG_BUILD"
# Build mitmproxy via pip. This is heavy, takes minutes do build and creates a 90mb+ layer. Oh well. # Build mitmproxy via pip. This is heavy, takes minutes do build and creates a 90mb+ layer. Oh well.
RUN [[ "a$DO_DEBUG_BUILD" == "a1" ]] && { echo "Debug build ENABLED." \ RUN [[ "a$DO_DEBUG_BUILD" == "a1" ]] && { echo "Debug build ENABLED." \
&& apk add --no-cache --update su-exec git g++ libffi libffi-dev libstdc++ openssl-dev python3 python3-dev py3-pip py3-wheel py3-six py3-idna py3-certifi py3-setuptools \ && apk add --no-cache --update su-exec git g++ libffi libffi-dev libstdc++ openssl-dev python3 python3-dev py3-pip py3-wheel py3-six py3-idna py3-certifi py3-setuptools \
&& LDFLAGS=-L/lib pip install mitmproxy==4.0.4 \ && LDFLAGS=-L/lib pip install mitmproxy==5.2 \
&& apk del --purge git g++ libffi-dev openssl-dev python3-dev py3-pip py3-wheel \ && apk del --purge git g++ libffi-dev openssl-dev python3-dev py3-pip py3-wheel \
&& rm -rf ~/.cache/pip \ && rm -rf ~/.cache/pip \
; } || { echo "Debug build disabled." ; } ; } || { echo "Debug build disabled." ; }

10
entrypoint.sh
View File

@ -92,10 +92,11 @@ if [[ "a${DEBUG}" == "atrue" ]]; then
echo "Starting in DEBUG MODE (mitmproxy)." >&2 echo "Starting in DEBUG MODE (mitmproxy)." >&2
echo "Run mitmproxy with reverse pointing to the same certs..." echo "Run mitmproxy with reverse pointing to the same certs..."
mitmweb --no-web-open-browser --web-iface 0.0.0.0 --web-port 8081 \ mitmweb --no-web-open-browser --set web_host=0.0.0.0 --set confdir=~/.mitmproxy-incoming \
--set termlog_verbosity=error --set stream_large_bodies=128k --web-port 8081 \
--set keep_host_header=true --set ssl_insecure=true \ --set keep_host_header=true --set ssl_insecure=true \
--mode reverse:https://127.0.0.1:444 --listen-host 0.0.0.0 \ --mode reverse:https://127.0.0.1:444 --listen-host 0.0.0.0 \
--listen-port 443 --certs /certs/fullchain_with_key.pem &> /dev/null & --listen-port 443 --certs /certs/fullchain_with_key.pem &
echo "Access mitmweb via http://127.0.0.1:8081/ " echo "Access mitmweb via http://127.0.0.1:8081/ "
fi fi
@ -110,10 +111,11 @@ if [[ "a${DEBUG_HUB}" == "atrue" ]]; then
echo "Debugging outgoing DockerHub connections via mitmproxy on 8082." >&2 echo "Debugging outgoing DockerHub connections via mitmproxy on 8082." >&2
# this one has keep_host_header=false so we don't need to modify nginx config # this one has keep_host_header=false so we don't need to modify nginx config
mitmweb --no-web-open-browser --web-iface 0.0.0.0 --web-port 8082 \ mitmweb --no-web-open-browser --set web_host=0.0.0.0 --set confdir=~/.mitmproxy-outgoing-hub \
--set termlog_verbosity=error --set stream_large_bodies=128k --web-port 8082 \
--set keep_host_header=false --set ssl_insecure=true \ --set keep_host_header=false --set ssl_insecure=true \
--mode reverse:https://registry-1.docker.io --listen-host 0.0.0.0 \ --mode reverse:https://registry-1.docker.io --listen-host 0.0.0.0 \
--listen-port 445 --certs /certs/fullchain_with_key.pem &> /dev/null & --listen-port 445 --certs /certs/fullchain_with_key.pem &
echo "Warning, DockerHub outgoing debugging disables upstream SSL verification for all upstreams." >&2 echo "Warning, DockerHub outgoing debugging disables upstream SSL verification for all upstreams." >&2
VERIFY_SSL=false VERIFY_SSL=false