Cleanup: Fix weird conditional statement syntax
gw0
parent
b335f0e07e
commit
b115f70711
|
|
@ -17,7 +17,7 @@ ARG DEBUG_BUILD="0"
|
|||
ENV DO_DEBUG_BUILD="$DEBUG_BUILD"
|
||||
|
||||
# Build mitmproxy via pip. This is heavy, takes minutes do build and creates a 90mb+ layer. Oh well.
|
||||
RUN [[ "a$DO_DEBUG_BUILD" == "a1" ]] && { echo "Debug build ENABLED." \
|
||||
RUN [ "$DO_DEBUG_BUILD" = "1" ] && { echo "Debug build ENABLED." \
|
||||
&& apk add --no-cache --update su-exec git g++ libffi libffi-dev libstdc++ openssl-dev python3 python3-dev py3-pip py3-wheel py3-six py3-idna py3-certifi py3-setuptools \
|
||||
&& LDFLAGS=-L/lib pip install mitmproxy==5.2 \
|
||||
&& apk del --purge git g++ libffi-dev openssl-dev python3-dev py3-pip py3-wheel \
|
||||
|
|
@ -28,7 +28,7 @@ RUN [[ "a$DO_DEBUG_BUILD" == "a1" ]] && { echo "Debug build ENABLED." \
|
|||
ENV LANG=en_US.UTF-8
|
||||
|
||||
# Check the installed mitmproxy version, if built.
|
||||
RUN [[ "a$DO_DEBUG_BUILD" == "a1" ]] && { mitmproxy --version && mitmweb --version ; } || { echo "Debug build disabled."; }
|
||||
RUN [ "$DO_DEBUG_BUILD" = "1" ] && { mitmproxy --version && mitmweb --version ; } || { echo "Debug build disabled."; }
|
||||
|
||||
# Create the cache directory and CA directory
|
||||
RUN mkdir -p /docker_mirror_cache /ca
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ trap "echo TRAPed signal" HUP INT QUIT TERM
|
|||
|
||||
#configure nginx DNS settings to match host, why must we do that nginx?
|
||||
export RESOLVERS=$(awk '$1 == "nameserver" {print ($2 ~ ":")? "["$2"]": $2}' ORS=' ' /etc/resolv.conf | sed 's/ *$//g')
|
||||
if [ "x$RESOLVERS" = "x" ]; then
|
||||
if [ -z "$RESOLVERS" ]; then
|
||||
echo "Warning: unable to determine DNS resolvers for nginx" >&2
|
||||
exit 66
|
||||
fi
|
||||
|
|
@ -20,7 +20,7 @@ done
|
|||
|
||||
echo "Final chosen resolver: $conf"
|
||||
confpath=/etc/nginx/resolvers.conf
|
||||
if [ ! -e $confpath ] || [ "$conf" != "$(cat $confpath)" ]
|
||||
if [ ! -e "$confpath" ] || [ "$conf" != "$(cat "$confpath")" ]
|
||||
then
|
||||
echo "Using auto-determined resolver '$conf' via '$confpath'"
|
||||
echo "$conf" > $confpath
|
||||
|
|
@ -55,7 +55,7 @@ echo -n "" > /etc/nginx/docker.targetHost.map
|
|||
echo -n "" > /etc/nginx/docker.auth.map
|
||||
|
||||
# Only configure auth registries if the env var contains values
|
||||
if [ "$AUTH_REGISTRIES" ]; then
|
||||
if [ -n "$AUTH_REGISTRIES" ]; then
|
||||
# Ref: https://stackoverflow.com/a/47633817/219530
|
||||
AUTH_REGISTRIES_DELIMITER=${AUTH_REGISTRIES_DELIMITER:-" "}
|
||||
s=$AUTH_REGISTRIES$AUTH_REGISTRIES_DELIMITER
|
||||
|
|
@ -94,58 +94,57 @@ echo "proxy_cache_path /docker_mirror_cache levels=1:2 max_size=$CACHE_MAX_SIZE
|
|||
# Manifest caching configuration. We generate config based on the environment vars.
|
||||
echo -n "" >/etc/nginx/nginx.manifest.caching.config.conf
|
||||
|
||||
[[ "a${ENABLE_MANIFEST_CACHE}" == "atrue" ]] && [[ "a${MANIFEST_CACHE_PRIMARY_REGEX}" != "a" ]] && cat <<EOD >>/etc/nginx/nginx.manifest.caching.config.conf
|
||||
if [ "${ENABLE_MANIFEST_CACHE}" = "true" ]; then
|
||||
[ -n "${MANIFEST_CACHE_PRIMARY_REGEX}" ] && cat <<EOF >>/etc/nginx/nginx.manifest.caching.config.conf
|
||||
# First tier caching of manifests; configure via MANIFEST_CACHE_PRIMARY_REGEX and MANIFEST_CACHE_PRIMARY_TIME
|
||||
location ~ ^/v2/(.*)/manifests/${MANIFEST_CACHE_PRIMARY_REGEX} {
|
||||
set \$docker_proxy_request_type "manifest-primary";
|
||||
proxy_cache_valid ${MANIFEST_CACHE_PRIMARY_TIME};
|
||||
include "/etc/nginx/nginx.manifest.stale.conf";
|
||||
}
|
||||
EOD
|
||||
|
||||
[[ "a${ENABLE_MANIFEST_CACHE}" == "atrue" ]] && [[ "a${MANIFEST_CACHE_SECONDARY_REGEX}" != "a" ]] && cat <<EOD >>/etc/nginx/nginx.manifest.caching.config.conf
|
||||
EOF
|
||||
[ -n "${MANIFEST_CACHE_SECONDARY_REGEX}" ] && cat <<EOF >>/etc/nginx/nginx.manifest.caching.config.conf
|
||||
# Secondary tier caching of manifests; configure via MANIFEST_CACHE_SECONDARY_REGEX and MANIFEST_CACHE_SECONDARY_TIME
|
||||
location ~ ^/v2/(.*)/manifests/${MANIFEST_CACHE_SECONDARY_REGEX} {
|
||||
set \$docker_proxy_request_type "manifest-secondary";
|
||||
proxy_cache_valid ${MANIFEST_CACHE_SECONDARY_TIME};
|
||||
include "/etc/nginx/nginx.manifest.stale.conf";
|
||||
}
|
||||
EOD
|
||||
|
||||
[[ "a${ENABLE_MANIFEST_CACHE}" == "atrue" ]] && cat <<EOD >>/etc/nginx/nginx.manifest.caching.config.conf
|
||||
EOF
|
||||
cat <<EOF >>/etc/nginx/nginx.manifest.caching.config.conf
|
||||
# Default tier caching for manifests. Caches for ${MANIFEST_CACHE_DEFAULT_TIME} (from MANIFEST_CACHE_DEFAULT_TIME)
|
||||
location ~ ^/v2/(.*)/manifests/ {
|
||||
set \$docker_proxy_request_type "manifest-default";
|
||||
proxy_cache_valid ${MANIFEST_CACHE_DEFAULT_TIME};
|
||||
include "/etc/nginx/nginx.manifest.stale.conf";
|
||||
}
|
||||
EOD
|
||||
|
||||
[[ "a${ENABLE_MANIFEST_CACHE}" != "atrue" ]] && cat <<EOD >>/etc/nginx/nginx.manifest.caching.config.conf
|
||||
EOF
|
||||
else
|
||||
cat <<EOF >>/etc/nginx/nginx.manifest.caching.config.conf
|
||||
# Manifest caching is disabled. Enable it with ENABLE_MANIFEST_CACHE=true
|
||||
location ~ ^/v2/(.*)/manifests/ {
|
||||
set \$docker_proxy_request_type "manifest-default-disabled";
|
||||
proxy_cache_valid 0s;
|
||||
include "/etc/nginx/nginx.manifest.stale.conf";
|
||||
}
|
||||
EOD
|
||||
EOF
|
||||
fi
|
||||
|
||||
echo -e "\nManifest caching config: ---\n"
|
||||
cat /etc/nginx/nginx.manifest.caching.config.conf
|
||||
echo "---"
|
||||
|
||||
if [[ "a${ALLOW_OWN_AUTH}" == "atrue" ]]; then
|
||||
cat << 'EOF' > /etc/nginx/conf.d/allowed_override_auth.conf
|
||||
echo -n "" > /etc/nginx/conf.d/allowed_override_auth.conf
|
||||
if [ "${ALLOW_OWN_AUTH}" = "true" ]; then
|
||||
cat <<'EOF' > /etc/nginx/conf.d/allowed_override_auth.conf
|
||||
if ($http_authorization != "") {
|
||||
# override with own authentication if provided
|
||||
set $finalAuth $http_authorization;
|
||||
}
|
||||
EOF
|
||||
else
|
||||
echo '' > /etc/nginx/conf.d/allowed_override_auth.conf
|
||||
fi
|
||||
|
||||
if [[ "a${ALLOW_PUSH}" == "atrue" ]]; then
|
||||
if [ "${ALLOW_PUSH}" = "true" ]; then
|
||||
cat <<EOF > /etc/nginx/conf.d/allowed.methods.conf
|
||||
# allow to upload big layers
|
||||
client_max_body_size 0;
|
||||
|
|
@ -153,8 +152,8 @@ if [[ "a${ALLOW_PUSH}" == "atrue" ]]; then
|
|||
# only cache GET requests
|
||||
proxy_cache_methods GET;
|
||||
EOF
|
||||
elif [[ "a${ALLOW_PUSH_WITH_OWN_AUTH}" == "atrue" ]]; then
|
||||
cat << 'EOF' > /etc/nginx/conf.d/allowed.methods.conf
|
||||
elif [ "${ALLOW_PUSH_WITH_OWN_AUTH}" = "true" ]; then
|
||||
cat <<'EOF' > /etc/nginx/conf.d/allowed.methods.conf
|
||||
# Block POST/PUT/DELETE if own authentication is not provided.
|
||||
set $combined_ha_rm "$http_authorization$request_method";
|
||||
if ($combined_ha_rm = POST) {
|
||||
|
|
@ -196,8 +195,8 @@ fi
|
|||
# normally use non-debug version of nginx
|
||||
NGINX_BIN="/usr/sbin/nginx"
|
||||
|
||||
if [[ "a${DEBUG}" == "atrue" ]]; then
|
||||
if [[ ! -f /usr/bin/mitmweb ]]; then
|
||||
if [ "${DEBUG}" = "true" ]; then
|
||||
if [ ! -f /usr/bin/mitmweb ]; then
|
||||
echo "To debug, you need the -debug version of this image, eg: :latest-debug"
|
||||
exit 3
|
||||
fi
|
||||
|
|
@ -215,8 +214,8 @@ if [[ "a${DEBUG}" == "atrue" ]]; then
|
|||
echo "Access mitmweb via http://127.0.0.1:8081/ "
|
||||
fi
|
||||
|
||||
if [[ "a${DEBUG_HUB}" == "atrue" ]]; then
|
||||
if [[ ! -f /usr/bin/mitmweb ]]; then
|
||||
if [ "${DEBUG_HUB}" = "true" ]; then
|
||||
if [ ! -f /usr/bin/mitmweb ]; then
|
||||
echo "To debug, you need the -debug version of this image, eg: :latest-debug"
|
||||
exit 3
|
||||
fi
|
||||
|
|
@ -238,8 +237,8 @@ if [[ "a${DEBUG_HUB}" == "atrue" ]]; then
|
|||
echo "Access mitmweb for outgoing DockerHub requests via http://127.0.0.1:8082/ "
|
||||
fi
|
||||
|
||||
if [[ "a${DEBUG_NGINX}" == "atrue" ]]; then
|
||||
if [[ ! -f /usr/sbin/nginx-debug ]]; then
|
||||
if [ "${DEBUG_NGINX}" = "true" ]; then
|
||||
if [ ! -f /usr/sbin/nginx-debug ]; then
|
||||
echo "To debug, you need the -debug version of this image, eg: :latest-debug"
|
||||
exit 4
|
||||
fi
|
||||
|
|
@ -252,8 +251,8 @@ fi
|
|||
|
||||
|
||||
# Timeout configurations
|
||||
echo "" > /etc/nginx/nginx.timeouts.config.conf
|
||||
cat <<EOD >>/etc/nginx/nginx.timeouts.config.conf
|
||||
echo -n "" > /etc/nginx/nginx.timeouts.config.conf
|
||||
cat <<EOF >>/etc/nginx/nginx.timeouts.config.conf
|
||||
# Timeouts
|
||||
|
||||
# ngx_http_core_module
|
||||
|
|
@ -271,23 +270,23 @@ cat <<EOD >>/etc/nginx/nginx.timeouts.config.conf
|
|||
proxy_connect_read_timeout ${PROXY_CONNECT_READ_TIMEOUT};
|
||||
proxy_connect_connect_timeout ${PROXY_CONNECT_CONNECT_TIMEOUT};
|
||||
proxy_connect_send_timeout ${PROXY_CONNECT_SEND_TIMEOUT};
|
||||
EOD
|
||||
EOF
|
||||
|
||||
echo -e "\nTimeout configs: ---"
|
||||
cat /etc/nginx/nginx.timeouts.config.conf
|
||||
echo -e "---\n"
|
||||
|
||||
# Upstream SSL verification.
|
||||
echo "" > /etc/nginx/docker.verify.ssl.conf
|
||||
if [[ "a${VERIFY_SSL}" == "atrue" ]]; then
|
||||
cat << EOD > /etc/nginx/docker.verify.ssl.conf
|
||||
echo -n "" > /etc/nginx/docker.verify.ssl.conf
|
||||
if [ "${VERIFY_SSL}" = "true" ]; then
|
||||
cat <<EOF > /etc/nginx/docker.verify.ssl.conf
|
||||
# We actually wanna be secure and avoid mitm attacks.
|
||||
# Fitting, since this whole thing is a mitm...
|
||||
# We'll accept any cert signed by a CA trusted by Mozilla (ca-certificates-bundle in alpine)
|
||||
proxy_ssl_verify on;
|
||||
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
||||
proxy_ssl_verify_depth 2;
|
||||
EOD
|
||||
EOF
|
||||
echo "Upstream SSL certificate verification enabled."
|
||||
else
|
||||
echo "Upstream SSL certificate verification is DISABLED."
|
||||
|
|
|
|||
Loading…
Reference in New Issue