File tree 3 files changed +28
-9
lines changed
3 files changed +28
-9
lines changed Original file line number Diff line number Diff line change @@ -18,8 +18,21 @@ http {
1818 # this is necessary for us to be able to disable request buffering in all cases
1919 proxy_http_version 1.1 ;
2020
21+ lua_shared_dict token_dict 1m ;
22+
2123 # will run before forking out nginx worker processes
22- init_by_lua_block { require "cjson" }
24+ init_by_lua_block {
25+ require "cjson"
26+
27+ local token_file = io.open('/usr/local/openresty/nginx/token.txt' , 'r' )
28+ if token_file then
29+ local data = token_file:read()
30+ ngx.shared.token_dict:set ("ecr_token" , data)
31+ token_file:close()
32+ else
33+ ngx.log(ngx.ERR, "Failed to open token file: /usr/local/openresty/nginx/token.txt" )
34+ end
35+ }
2336
2437 #https://docs.docker.com/registry/recipes/nginx/#setting-things-up
2538 map $upstream_http_docker_distribution_api_version $docker_distribution_api_version {
@@ -29,6 +42,10 @@ http {
2942 server {
3043 listen PORT SSL_LISTEN default_server ;
3144
45+ set_by_lua_block $http_authorization {
46+ return ngx.shared.token_dict:get("ecr_token" )
47+ }
48+
3249 SSL_INCLUDE
3350
3451 # Cache
Original file line number Diff line number Diff line change @@ -6,17 +6,17 @@ set -xe
66CONFIG=/usr/local/openresty/nginx/conf/nginx.conf
77AUTH=$( grep X-Forwarded-User $CONFIG | awk ' {print $4}' | uniq| tr -d " \n\r" )
88
9+
910# retry till new get new token
1011while true ; do
11- TOKEN=$( aws ecr get-login --no-include-email | awk ' {print $6} ' )
12+ TOKEN=$( aws ecr get-authorization-token --query ' authorizationData[*].authorizationToken ' --output text )
1213 [ ! -z " ${TOKEN} " && break
1314 echo " Warn: Unable to get new token, wait and retry!"
1415 sleep 30
1516done
1617
17-
18- AUTH_N=$( echo AWS:${TOKEN} | base64 | tr -d " [:space:]" )
19-
20- sed -i " s|${AUTH% ??} |${AUTH_N} |g" $CONFIG
18+ set +x
19+ echo $TOKEN > /usr/local/openresty/nginx/token.txt
20+ set -x
2121
2222nginx -s reload
Original file line number Diff line number Diff line change @@ -77,12 +77,14 @@ if [ -z "$AWS_USE_EC2_ROLE_FOR_AUTH" ] || [ "$AWS_USE_EC2_ROLE_FOR_AUTH" != "tru
7777fi
7878chmod 600 -R ${AWS_FOLDER}
7979
80+ set +x
8081# add the auth token in default.conf
8182AUTH=$( grep X-Forwarded-User $CONFIG | awk ' {print $4}' | uniq| tr -d " \n\r" )
82- TOKEN=$( aws ecr get-login --no-include-email | awk ' {print $6}' )
83- AUTH_N=$( echo AWS:${TOKEN} | base64 | tr -d " [:space:]" )
84- sed -i " s|${AUTH% ??} |${AUTH_N} |g" $CONFIG
83+ TOKEN=$( aws ecr get-authorization-token --query ' authorizationData[*].authorizationToken' )
8584
85+ echo $TOKEN > /usr/local/openresty/nginx/token.txt
86+
87+ set -x
8688# make sure cache directory has correct ownership
8789chown -R nginx:nginx /cache
8890
You can’t perform that action at this time.
0 commit comments