Upload 5 files
Browse files- nginx.conf.template +15 -0
- start.sh +69 -2
nginx.conf.template
CHANGED
|
@@ -4,6 +4,21 @@ server {
|
|
| 4 |
absolute_redirect off;
|
| 5 |
port_in_redirect off;
|
| 6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
location / {
|
| 8 |
proxy_pass http://${CLI_PROXY_HOST}:${CLI_PROXY_PORT};
|
| 9 |
proxy_http_version 1.1;
|
|
|
|
| 4 |
absolute_redirect off;
|
| 5 |
port_in_redirect off;
|
| 6 |
|
| 7 |
+
location ^~ /v0/management {
|
| 8 |
+
proxy_pass http://${CLI_PROXY_HOST}:${CLI_PROXY_PORT};
|
| 9 |
+
proxy_http_version 1.1;
|
| 10 |
+
proxy_set_header Host $host;
|
| 11 |
+
proxy_set_header X-Real-IP $remote_addr;
|
| 12 |
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
| 13 |
+
proxy_set_header X-Forwarded-Proto $scheme;
|
| 14 |
+
proxy_set_header Upgrade $http_upgrade;
|
| 15 |
+
proxy_set_header Connection "upgrade";
|
| 16 |
+
proxy_set_header X-Management-Key "${MANAGEMENT_KEY}";
|
| 17 |
+
proxy_set_header X-Api-Key "${MANAGEMENT_KEY}";
|
| 18 |
+
proxy_set_header Authorization "Bearer ${MANAGEMENT_KEY}";
|
| 19 |
+
proxy_read_timeout 300;
|
| 20 |
+
}
|
| 21 |
+
|
| 22 |
location / {
|
| 23 |
proxy_pass http://${CLI_PROXY_HOST}:${CLI_PROXY_PORT};
|
| 24 |
proxy_http_version 1.1;
|
start.sh
CHANGED
|
@@ -41,6 +41,63 @@ if [ ! -f "${CONFIG_PATH}" ]; then
|
|
| 41 |
done
|
| 42 |
fi
|
| 43 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 44 |
if [ -f "${CONFIG_PATH}" ]; then
|
| 45 |
ln -sf "${CONFIG_PATH}" /CLIProxyAPI/config.yaml
|
| 46 |
elif [ -f "/CLIProxyAPI/config.yaml" ]; then
|
|
@@ -58,8 +115,18 @@ if [ -d "/etc/nginx/http.d" ]; then
|
|
| 58 |
NGINX_CONF_DIR="/etc/nginx/http.d"
|
| 59 |
fi
|
| 60 |
|
| 61 |
-
|
| 62 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 63 |
< /etc/nginx/templates/default.conf.template \
|
| 64 |
> "${NGINX_CONF_DIR}/default.conf"
|
| 65 |
|
|
|
|
| 41 |
done
|
| 42 |
fi
|
| 43 |
|
| 44 |
+
if [ -n "${CLI_PROXY_KEY:-}" ]; then
|
| 45 |
+
if [ -z "${MANAGEMENT_KEY:-}" ]; then
|
| 46 |
+
MANAGEMENT_KEY="${CLI_PROXY_KEY}"
|
| 47 |
+
fi
|
| 48 |
+
if [ -z "${API_KEYS:-}" ]; then
|
| 49 |
+
API_KEYS="${CLI_PROXY_KEY}"
|
| 50 |
+
fi
|
| 51 |
+
fi
|
| 52 |
+
|
| 53 |
+
if [ -f "${CONFIG_PATH}" ]; then
|
| 54 |
+
if [ -n "${MANAGEMENT_KEY:-}" ]; then
|
| 55 |
+
MGMT_ESCAPED="$(printf '%s' "${MANAGEMENT_KEY}" | sed 's/[\\/&]/\\&/g')"
|
| 56 |
+
if grep -q '^[[:space:]]*secret-key:' "${CONFIG_PATH}"; then
|
| 57 |
+
sed -i "s|^\([[:space:]]*secret-key:\).*|\1 \"${MGMT_ESCAPED}\"|" "${CONFIG_PATH}"
|
| 58 |
+
fi
|
| 59 |
+
fi
|
| 60 |
+
if [ -n "${API_KEYS:-}" ]; then
|
| 61 |
+
TMP_CONFIG="${CONFIG_PATH}.tmp"
|
| 62 |
+
awk -v keys="${API_KEYS}" '
|
| 63 |
+
BEGIN {
|
| 64 |
+
n=split(keys, arr, /[ ,]+/);
|
| 65 |
+
in_api=0;
|
| 66 |
+
found=0;
|
| 67 |
+
}
|
| 68 |
+
function emit_keys() {
|
| 69 |
+
print "api-keys:";
|
| 70 |
+
for (i=1; i<=n; i++) {
|
| 71 |
+
if (length(arr[i]) > 0) {
|
| 72 |
+
print " - \"" arr[i] "\"";
|
| 73 |
+
}
|
| 74 |
+
}
|
| 75 |
+
}
|
| 76 |
+
{
|
| 77 |
+
if (in_api) {
|
| 78 |
+
if ($0 ~ /^[[:space:]]*-/) {
|
| 79 |
+
next;
|
| 80 |
+
} else {
|
| 81 |
+
in_api=0;
|
| 82 |
+
}
|
| 83 |
+
}
|
| 84 |
+
if ($0 ~ /^api-keys:[[:space:]]*$/) {
|
| 85 |
+
emit_keys();
|
| 86 |
+
in_api=1;
|
| 87 |
+
found=1;
|
| 88 |
+
next;
|
| 89 |
+
}
|
| 90 |
+
print $0;
|
| 91 |
+
}
|
| 92 |
+
END {
|
| 93 |
+
if (!found) {
|
| 94 |
+
emit_keys();
|
| 95 |
+
}
|
| 96 |
+
}
|
| 97 |
+
' "${CONFIG_PATH}" > "${TMP_CONFIG}" && mv "${TMP_CONFIG}" "${CONFIG_PATH}"
|
| 98 |
+
fi
|
| 99 |
+
fi
|
| 100 |
+
|
| 101 |
if [ -f "${CONFIG_PATH}" ]; then
|
| 102 |
ln -sf "${CONFIG_PATH}" /CLIProxyAPI/config.yaml
|
| 103 |
elif [ -f "/CLIProxyAPI/config.yaml" ]; then
|
|
|
|
| 115 |
NGINX_CONF_DIR="/etc/nginx/http.d"
|
| 116 |
fi
|
| 117 |
|
| 118 |
+
if [ -z "${MANAGEMENT_KEY:-}" ] && [ -f "${CONFIG_PATH}" ]; then
|
| 119 |
+
MGMT_KEY_LINE="$(sed -n 's/^[[:space:]]*secret-key[[:space:]]*:[[:space:]]*//p' "${CONFIG_PATH}" | head -n 1)"
|
| 120 |
+
MGMT_KEY_LINE="$(printf '%s' "${MGMT_KEY_LINE}" | sed 's/[[:space:]]*$//')"
|
| 121 |
+
MANAGEMENT_KEY="${MGMT_KEY_LINE#\"}"
|
| 122 |
+
MANAGEMENT_KEY="${MANAGEMENT_KEY%\"}"
|
| 123 |
+
MANAGEMENT_KEY="${MANAGEMENT_KEY#\'}"
|
| 124 |
+
MANAGEMENT_KEY="${MANAGEMENT_KEY%\'}"
|
| 125 |
+
export MANAGEMENT_KEY
|
| 126 |
+
fi
|
| 127 |
+
|
| 128 |
+
export PROXY_PATH CLI_PROXY_HOST CLI_PROXY_PORT PORT MANAGEMENT_KEY
|
| 129 |
+
envsubst '${PORT} ${CLI_PROXY_HOST} ${CLI_PROXY_PORT} ${MANAGEMENT_KEY}' \
|
| 130 |
< /etc/nginx/templates/default.conf.template \
|
| 131 |
> "${NGINX_CONF_DIR}/default.conf"
|
| 132 |
|