public/docker-registry-proxy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add mitmproxy/nginx-debug inspection capabilities

Browse Source 
- avoid some caching for non-blob urls
This commit is contained in:
Ricardo Pardini
2018-11-04 11:23:52 +01:00
parent 1486d6920e
commit 8ff06e3dec
4 changed files with 107 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
Dockerfile
View File

@@ -1,10 +1,18 @@
# We start from my nginx fork which includes the proxy-connect module from tEngine
# Source is available at https://github.com/rpardini/nginx-proxy-connect-stable-alpine
# Its equivalent to nginx:stable-alpine 1.14.0, with alpine 3.7
FROM rpardini/nginx-proxy-connect-stable-alpine:latest
FROM rpardini/nginx-proxy-connect-stable-alpine:nginx-1.14.0-alpine-3.8
# Add openssl, bash and ca-certificates, then clean apk cache -- yeah complain all you want.
RUN apk add --update openssl bash ca-certificates && rm -rf /var/cache/apk/*
# Also added deps for mitmproxy.
RUN apk add --update openssl bash ca-certificates su-exec git g++ libffi libffi-dev libstdc++ openssl openssl-dev python3 python3-dev
RUN LDFLAGS=-L/lib pip3 install mitmproxy
RUN apk del --purge git g++ libffi-dev openssl-dev python3-dev && rm -rf /var/cache/apk/* && rm -rf ~/.cache/pip
# Required for mitmproxy
ENV LANG=en_US.UTF-8
# Check the installed mitmproxy version
RUN mitmproxy --version
# Create the cache directory and CA directory
RUN mkdir -p /docker_mirror_cache /ca
@@ -27,6 +35,9 @@ RUN chmod +x /create_ca_cert.sh /entrypoint.sh
# Clients should only use 3128, not anything else.
EXPOSE 3128
# In debug mode, 8081 exposes the mitmweb interface.
EXPOSE 8081
## Default envs.
# A space delimited list of registries we should proxy and cache; this is in addition to the central DockerHub.
ENV REGISTRIES="k8s.gcr.io gcr.io quay.io"
@@ -34,6 +45,8 @@ ENV REGISTRIES="k8s.gcr.io gcr.io quay.io"
ENV AUTH_REGISTRIES="some.authenticated.registry:oneuser:onepassword another.registry:user:password"
# Should we verify upstream's certificates? Default to true.
ENV VERIFY_SSL="true"
# Enable debugging mode; this inserts mitmproxy/mitmweb between the CONNECT proxy and the caching layer
ENV DEBUG="true"
# Did you want a shell? Sorry. This only does one job; use exec /bin/bash if you wanna inspect stuff
ENTRYPOINT ["/entrypoint.sh"]