Skip to content

Commit 536f0fc

Browse files
fgimenezfgimenez
authored
Allow push (#59)
Introduce ALLOW_PUSH, if set to true, allows non-GET methods through the proxy
1 parent dfb6a5d commit 536f0fc

File tree

3 files changed

+28
-10
lines changed

3 files changed

+28
-10
lines changed

Dockerfile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,5 +94,8 @@ ENV MANIFEST_CACHE_SECONDARY_TIME="60d"
9494
# In the default config, :latest and other frequently-used tags will get this value.
9595
ENV MANIFEST_CACHE_DEFAULT_TIME="1h"
9696

97+
# Should we allow actions different than pull, default to false.
98+
ENV ALLOW_PUSH="false"
99+
97100
# Did you want a shell? Sorry, the entrypoint never returns, because it runs nginx itself. Use 'docker exec' if you need to mess around internally.
98101
ENTRYPOINT ["/entrypoint.sh"]

entrypoint.sh

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,29 @@ echo "Manifest caching config: ---"
121121
cat /etc/nginx/nginx.manifest.caching.config.conf
122122
echo "---"
123123

124+
if [[ "a${ALLOW_PUSH}" == "atrue" ]]; then
125+
cat <<EOF > /etc/nginx/conf.d/allowed.methods.conf
126+
# allow to upload big layers
127+
client_max_body_size 0;
128+
129+
# only cache GET requests
130+
proxy_cache_methods GET;
131+
EOF
132+
else
133+
cat << 'EOF' > /etc/nginx/conf.d/allowed.methods.conf
134+
# Block POST/PUT/DELETE. Don't use this proxy for pushing.
135+
if ($request_method = POST) {
136+
return 405 "POST method is not allowed";
137+
}
138+
if ($request_method = PUT) {
139+
return 405 "PUT method is not allowed";
140+
}
141+
if ($request_method = DELETE) {
142+
return 405 "DELETE method is not allowed";
143+
}
144+
EOF
145+
fi
146+
124147
# normally use non-debug version of nginx
125148
NGINX_BIN="/usr/sbin/nginx"
126149

nginx.conf

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -219,16 +219,8 @@ echo "Docker configured with HTTPS_PROXY=$scheme://$http_host/"
219219
# Docker needs this. Don't ask.
220220
chunked_transfer_encoding on;
221221

222-
# Block POST/PUT/DELETE. Don't use this proxy for pushing.
223-
if ($request_method = POST) {
224-
return 405 "POST method is not allowed";
225-
}
226-
if ($request_method = PUT) {
227-
return 405 "PUT method is not allowed";
228-
}
229-
if ($request_method = DELETE) {
230-
return 405 "DELETE method is not allowed";
231-
}
222+
# configuration of the different allowed methods
223+
include "/etc/nginx/conf.d/allowed.methods.conf";
232224

233225
proxy_read_timeout 900;
234226

0 commit comments

Comments
 (0)