Commit Graph

29 Commits (ce3c77b62a2b7c82c612ef2364f8d488cb9556f8)

Author SHA1 Message Date
Mateusz Kowalski b9e5c932ce
Add support for IPv6 (#76) 2021-02-05 07:46:49 +01:00
Sezer Bülent 51585675e6
DRP-70: add timeoutes as ENVs, update README.md, update nginx config (#73)
Authored-by: Bulent <bt.sezer29@gmail.com>
2021-01-28 12:12:18 +01:00
Federico Gimenez 536f0fc8a0
Allow push (#59)
Introduce ALLOW_PUSH, if set to true, allows non-GET methods through the proxy
2020-12-02 14:58:19 +01:00
Ricardo Pardini a726f88049
3-tier implementation of manifest caching (#57)
* implement manifest caching; refactor config with includes, and generate from ENVs in entrypoint.sh
- disabled by default; enable with -e ENABLE_MANIFEST_CACHE=true
- default times and regexes are a wild guess, make sure to tune for your use case.
-  add manifest caching/anti-ratelimit usage note to README
- add -e ENABLE_MANIFEST_CACHE=true to examples, some wording changes
- add -e ENABLE_MANIFEST_CACHE=true to one the steps in test workflow.
2020-10-30 18:54:10 +01:00
Ricardo Pardini 8524e376c1 add request_type logging and headers; values are blob-by-digest, manifest-by-digest, manifest-mutable, blob-mutable 2020-10-30 12:33:41 +01:00
Ricardo Pardini 411edf4c3f manifest caching: drop from 1s to 0s (expire immediately), so we can hit ratelimit faster (#54)
- mostly for sanity-checking purposes, last release in 0.4.x series.
- next release after this will make those configurable.
2020-10-30 10:57:54 +01:00
Ricardo Pardini 763515267b use_stale for HTTP 429 Too Many Requests (actually used by DockerHub ratelimiting #54) instead of 403
- tested by trying to pull `ratelimitalways/test:latest`
2020-10-30 01:29:13 +01:00
Ricardo Pardini aaf7fa0308 introduce env DEBUG_HUB; to help understand #54
- injects a mitmproxy between the caching layer and DockerHub's registry-1.docker.io
- it also disables VERIFY_SSL so the mitmproxy can be used;
- DEBUG_HUB's mitmweb is exposed on port 8082
- both DEBUG and DEBUG_HUB can be enabled independently
2020-10-30 00:20:18 +01:00
Ricardo Pardini ffc7540f43 add request method and upstream time to logging; add cache status header; helps investigate #54 2020-10-30 00:14:29 +01:00
naftulee 16c3e250b7
access logs log_format to json (#44)
access logs log_format to json
2020-10-08 16:35:25 +02:00
Brian Goff 6444380ea9
Cache immutable URLs and handle outages (#51)
Cache immutable URLs and handle outages
1. Changes the blob cache to only cache by digest
2. Adds caching for manifests requested by digest
3. Cache but invalidate immediately (after 1s) mutable requests
4. Use invalidated cache (from 3) if the backend is down or 403 unauthorized
2020-10-08 16:18:02 +02:00
ricardop 19cbdfedfc 0.3.0-beta2: don't leak Authorization header from the registry to the redirected destination during @handle_redirects 2020-04-03 15:33:46 +02:00
ricardop e72389b690 use explicit include for the proxy cache directive. 2020-04-03 14:05:01 +02:00
ricardop bc0ac351bb Merge branch 'pull/33' 2020-04-03 13:50:54 +02:00
ricardop ad75dce3d5 Merge branch 'pull/22' 2020-04-03 13:49:08 +02:00
Ruud Kamphuis e90d203fc0
Follow redirects and cache them properly 2020-03-23 10:25:41 +01:00
Jonathan Giannuzzi cd028516c6
Use SNI during the TLS handshake with the upstream 2019-11-21 10:23:46 +01:00
Sebastián Ramírez f3d2eefc09 Add support for custom cache sizes 2019-09-27 13:44:07 -05:00
Ricardo Pardini 3e71b6fd57
remove some "$" usage in instructions, theres no good way to escape it in nginx literals
bump to 0.2.4
2019-01-16 21:43:01 +01:00
Stan Yagolnitser d8434a02cf added sanity checks for /setup/systemd route 2018-12-14 12:18:28 -08:00
Stan Yagolnitser 653c4aad54 added route for quicker docker engine setup, just curl /setup | bash 2018-12-12 00:42:40 -08:00
Stan Yagolnitser a89cf362ad set nginx DNS configuration from container resolv.conf to allow proxy to operate behind firewall 2018-12-12 00:18:34 -08:00
Ricardo Pardini 7724f3ba15
completely reworked caching, now cache by exception (/blobs/ only essentially)
- now only /v2/.../blobs/... URIs are actually cached (together with their redirect catchers)
- /manifests/, /token, and /v2/ are not cached anymore, which should solve a lot of problems
- better messages for /v1 attempts
- fix usage of $connect_host:443 (which is hostname:port and causes errors to be logged) to $connect_addr (which returns an IP:port) in the proxy layer
2018-11-04 16:43:53 +01:00
Ricardo Pardini 8ff06e3dec
add mitmproxy/nginx-debug inspection capabilities
- avoid some caching for non-blob urls
2018-11-04 11:23:52 +01:00
ricardop 1486d6920e
err msg, explain the image can simply be missing upstream too 2018-07-04 19:45:33 +02:00
ricardop dab5f4f1df
fix: add higher map_hash_bucket_size, allowing for more mappings 2018-07-03 11:19:29 +02:00
ricardop 0abd4ca51a
completely reworked into an HTTPS_PROXY-based solution
- emit our own certificates
- configurable via ENVs
- generates config dinamically
2018-06-29 01:39:02 +02:00
ricardop af65390a7f
tweaks for caching; ignore caching headers from upstreams; key cache only by host/path (no params) 2018-06-27 15:18:25 +02:00
ricardop 325dd23ae5
initial commit 2018-06-27 13:08:09 +02:00