Skip to content

Commit 8012477

Browse files
kutzikutzi
authored
Merge pull request #32 from geoffreyme/master
fix: AWS ECR token too long cause nginx emerg error
2 parents 8cfc66d + e41e144 commit 8012477

File tree

3 files changed

+28
-9
lines changed

3 files changed

+28
-9
lines changed

files/nginx.conf

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,21 @@ http {
1818
# this is necessary for us to be able to disable request buffering in all cases
1919
proxy_http_version 1.1;
2020

21+
lua_shared_dict token_dict 1m;
22+
2123
# will run before forking out nginx worker processes
22-
init_by_lua_block { require "cjson" }
24+
init_by_lua_block {
25+
require "cjson"
26+
27+
local token_file = io.open('/usr/local/openresty/nginx/token.txt', 'r')
28+
if token_file then
29+
local data = token_file:read()
30+
ngx.shared.token_dict:set("ecr_token", data)
31+
token_file:close()
32+
else
33+
ngx.log(ngx.ERR, "Failed to open token file: /usr/local/openresty/nginx/token.txt")
34+
end
35+
}
2336

2437
#https://docs.docker.com/registry/recipes/nginx/#setting-things-up
2538
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
@@ -29,6 +42,10 @@ http {
2942
server {
3043
listen PORT SSL_LISTEN default_server;
3144

45+
set_by_lua_block $http_authorization {
46+
return ngx.shared.token_dict:get("ecr_token")
47+
}
48+
3249
SSL_INCLUDE
3350

3451
# Cache

files/renew_token.sh

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,17 +6,17 @@ set -xe
66
CONFIG=/usr/local/openresty/nginx/conf/nginx.conf
77
AUTH=$(grep X-Forwarded-User $CONFIG | awk '{print $4}'| uniq|tr -d "\n\r")
88

9+
910
# retry till new get new token
1011
while true; do
11-
TOKEN=$(aws ecr get-login --no-include-email | awk '{print $6}')
12+
TOKEN=$(aws ecr get-authorization-token --query 'authorizationData[*].authorizationToken' --output text)
1213
[ ! -z "${TOKEN}" ] && break
1314
echo "Warn: Unable to get new token, wait and retry!"
1415
sleep 30
1516
done
1617

17-
18-
AUTH_N=$(echo AWS:${TOKEN} | base64 |tr -d "[:space:]")
19-
20-
sed -i "s|${AUTH%??}|${AUTH_N}|g" $CONFIG
18+
set +x
19+
echo $TOKEN > /usr/local/openresty/nginx/token.txt
20+
set -x
2121

2222
nginx -s reload

files/startup.sh

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -77,12 +77,14 @@ if [ -z "$AWS_USE_EC2_ROLE_FOR_AUTH" ] || [ "$AWS_USE_EC2_ROLE_FOR_AUTH" != "tru
7777
fi
7878
chmod 600 -R ${AWS_FOLDER}
7979

80+
set +x
8081
# add the auth token in default.conf
8182
AUTH=$(grep X-Forwarded-User $CONFIG | awk '{print $4}'| uniq|tr -d "\n\r")
82-
TOKEN=$(aws ecr get-login --no-include-email | awk '{print $6}')
83-
AUTH_N=$(echo AWS:${TOKEN} | base64 |tr -d "[:space:]")
84-
sed -i "s|${AUTH%??}|${AUTH_N}|g" $CONFIG
83+
TOKEN=$(aws ecr get-authorization-token --query 'authorizationData[*].authorizationToken' --output text)
8584

85+
echo $TOKEN > /usr/local/openresty/nginx/token.txt
86+
87+
set -x
8688
# make sure cache directory has correct ownership
8789
chown -R nginx:nginx /cache
8890

0 commit comments

Comments
 (0)