Add feature flag to force all direct download URLs to be proxied
Fixes #1667
This commit is contained in:
Joseph Schorr
parent
2b00c644b5
commit
dd2e086a20
12 changed files with 350 additions and 34 deletions
|
|
@ -30,6 +30,36 @@ location /realtime {
|
|||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location ~ ^/_storage_proxy/([^/]+)/([^/]+)/([^/]+)/(.+) {
|
||||
auth_request /_storage_proxy_auth;
|
||||
|
||||
resolver 8.8.8.8;
|
||||
|
||||
proxy_pass $2://$3/$4$is_args$args;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $3;
|
||||
|
||||
add_header Host $3;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
|
||||
proxy_read_timeout 60s;
|
||||
}
|
||||
|
||||
|
||||
location = /_storage_proxy_auth {
|
||||
proxy_pass http://web_app_server;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
|
||||
proxy_set_header X-Original-URI $request_uri;
|
||||
|
||||
proxy_read_timeout 10;
|
||||
}
|
||||
|
||||
# At the begining and end of a push/pull, (/v1/repositories|/v2/auth/) is hit by the Docker
|
||||
# client. By rate-limiting just this endpoint, we can avoid accidentally
|
||||
# blocking pulls/pushes for images with many layers.
|
||||
|
|
|
|||
Reference in a new issue