Skip to content

Commit 063405d

Browse files
geoffreymegeoffreyme
committed
fix: AWS ECR token too long cause nginx emerg error
1 parent 8cfc66d commit 063405d

File tree

3 files changed

+22
-3
lines changed

3 files changed

+22
-3
lines changed

files/nginx.conf

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,19 @@ http {
1818
# this is necessary for us to be able to disable request buffering in all cases
1919
proxy_http_version 1.1;
2020

21+
lua_shared_dict token_dict 5m;
22+
2123
# will run before forking out nginx worker processes
22-
init_by_lua_block { require "cjson" }
24+
init_by_lua_block {
25+
require "cjson"
26+
27+
local token_file = io.open('/usr/local/openresty/nginx/token.txt', 'r')
28+
if token_file then
29+
local data = token_file:read()
30+
ngx.shared.token_dict:set("ecr_token", data)
31+
token_file:close()
32+
end
33+
}
2334

2435
#https://docs.docker.com/registry/recipes/nginx/#setting-things-up
2536
map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
@@ -29,6 +40,10 @@ http {
2940
server {
3041
listen PORT SSL_LISTEN default_server;
3142

43+
set_by_lua_block $http_authorization {
44+
return ngx.shared.token_dict:get("ecr_token")
45+
}
46+
3247
SSL_INCLUDE
3348

3449
# Cache

files/renew_token.sh

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ set -xe
66
CONFIG=/usr/local/openresty/nginx/conf/nginx.conf
77
AUTH=$(grep X-Forwarded-User $CONFIG | awk '{print $4}'| uniq|tr -d "\n\r")
88

9+
set +x
910
# retry till new get new token
1011
while true; do
1112
TOKEN=$(aws ecr get-login --no-include-email | awk '{print $6}')
@@ -17,6 +18,7 @@ done
1718

1819
AUTH_N=$(echo AWS:${TOKEN} | base64 |tr -d "[:space:]")
1920

20-
sed -i "s|${AUTH%??}|${AUTH_N}|g" $CONFIG
21+
echo $AUTH_N > /usr/local/openresty/nginx/token.txt
22+
set -x
2123

2224
nginx -s reload

files/startup.sh

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,12 +77,14 @@ if [ -z "$AWS_USE_EC2_ROLE_FOR_AUTH" ] || [ "$AWS_USE_EC2_ROLE_FOR_AUTH" != "tru
7777
fi
7878
chmod 600 -R ${AWS_FOLDER}
7979

80+
set +x
8081
# add the auth token in default.conf
8182
AUTH=$(grep X-Forwarded-User $CONFIG | awk '{print $4}'| uniq|tr -d "\n\r")
8283
TOKEN=$(aws ecr get-login --no-include-email | awk '{print $6}')
8384
AUTH_N=$(echo AWS:${TOKEN} | base64 |tr -d "[:space:]")
84-
sed -i "s|${AUTH%??}|${AUTH_N}|g" $CONFIG
85+
echo $AUTH_N > /usr/local/openresty/nginx/token.txt
8586

87+
set -x
8688
# make sure cache directory has correct ownership
8789
chown -R nginx:nginx /cache
8890

0 commit comments

Comments
 (0)