Merge pull request #4 from DreamLab/add_ssl_and_base_auth_conf

reset authorization after logging and +x permissions

Author: pkruk

Dockerfile

@@ -16,6 +16,7 @@ COPY files/nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
 COPY files/ssl.conf /usr/local/openresty/nginx/conf/ssl.conf
 
 ENV PORT 5000
+RUN chmod a+x /startup.sh /renew_token.sh
 
 ENTRYPOINT ["/startup.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

files/nginx.conf

@@ -73,6 +73,7 @@ http {
       proxy_set_header  X-Forwarded-User   "Basic $http_authorization";
       proxy_set_header  Authorization      "Basic $http_authorization";
       proxy_set_header  X-Forwarded-Proto  $scheme;
+      proxy_set_header  Authorization      "";
 
     }
 
@@ -89,6 +90,7 @@ http {
       proxy_set_header  X-Forwarded-User   "Basic $http_authorization";
       proxy_set_header  Authorization      "Basic $http_authorization";
       proxy_set_header  X-Forwarded-Proto  $scheme;
+      proxy_set_header  Authorization      "";
 
       # When accessing image blobs using HTTP GET AWS ECR redirects with
       # s3 buckets uri to download the image. This needs to handled by
@@ -113,6 +115,7 @@ http {
 
     location ~ ^/v2/.*/.*/tags/list+$ {
       # get paginated list of tags
+      proxy_set_header  Authorization      "";
       content_by_lua_block {
         local location, tags, cjson = ngx.var.uri, {}, require "cjson"
         while true do
@@ -144,6 +147,7 @@ http {
       internal;
       set_unescape_uri      $req_uri $arg_req_uri;
       proxy_pass            UPSTREAM$req_uri;
+      proxy_set_header  Authorization      "";
 
       # Add AWS ECR authentication headers
       proxy_set_header  X-Real-IP          $remote_addr;