ืืืืืจ ืื ืืจืฆืื ื ืืืืืง ืืช ืื ืืกืืื ืฉืื ืขื NJS, ืืชืืจืืื JavaScript ืขืืืจ Nginx ืฉืคืืชื ืขื ืืื Nginx Inc, ืืืชืืจ ืืช ืืืืืืืช ืืขืืงืจืืืช ืฉืื ืืืืฆืขืืช ืืืืื ืืืืชืืช. NJS ืืื ืชืช-ืงืืืฆื ืฉื JavaScript ืืืืคืฉืจืช ืื ืืืจืืื ืืช ืืคืื ืงืฆืืื ืืืืช ืฉื Nginx. ืืฉืืื
ืืคื ื ืืื ืจืโฆ
ืืขืืืื ืืืืจืื ื ืฉืื, ืืจืฉืชื ืืช gitlab ืขื ืืกืคืจ ืฆืื ืืจืืช CI/CD ืกืกืืื ืืื ืขื docker-compose, dind ืืชืขื ืืืืช ืืืจืื, ืฉืืืขืืจื ื-kaniko rails. ืืชืืื ืืช ืฉืฉืืืฉื ืืขืืจ ื-CI ืืืขืืจื ืืฆืืจืชื ืืืงืืจืืช. ืื ืขืืื ืืื ืฉืฆืจืื ืขื ืืืื ืฉืื ื-IP ืฉื gitlab ืฉืื ื ืืฉืชื ื ื-CI ืืคื ืืืืขืช. ืืืขืื ืืืืชื ืฉืืืืช ืืชืืื ืืช ื-docker ืฉืืฉืชืชืคื ื-CI ืืืืชื git, ืฉืืฉืื ืืืืืืื ืฉื Python ืืจื ssh. ืขืืืจ ssh ืืชื ืฆืจืื ืืคืชื ืคืจืื ื... ืื ืืื ืืชืืื ื ืืื ืขื ืืืืขืื_ืืืจืืื. ืืื CI ื ืืฉื ืขื ืฉืืืืช ืืืืืช ืืคืชื ืขืงื ืื ืืชืืื ืืื ื-IP ืืืืืชื ืืื ืฉืฆืืื ื-known_hosts. ืชืืื ื ืืืฉื ืืืจืืื ืืืืืจืืช ืื-Dockfiles ืืงืืืืื ืืืืคืฉืจืืช ื ืืกืคื StrictHostKeyChecking no
. ืืื ืืืขื ืืจืข ื ืฉืืจ ืืืื ืจืฆืื ืืืขืืืจ ืืช ื-libs ืืืืืจ PyPI ืคืจืื. ืืื ืืก ื ืืกืฃ, ืืืืจ ืืืขืืจ ื-PyPI ืืคืจืื, ืืื ืฆืื ืืจ ืคืฉืื ืืืชืจ ืืชืืืืจ ืจืืื ืฉื requirements.txt
ืืืืืจื ื ืขืฉืชื, ืจืืืชื!
ืื ืื ื ืืจืืฆืื ืืื ืืขื ื ืื ืื-Kubernetes, ืืืกืืคื ืฉื ืืืจ ืจืฆืื ื ืืงืื ืฉืืจืืช ืงืื ืฉืืื ืงืื ืืืื ืจ ืืกืจ ืืืื ื ืขื ืืืกืื ืืืฆืื ื. ืืืื, ืืืืืื ืฉืื ื ืืฉืชืืฉืื ื-S3, ื ืืชื ื ืื ืขืืืคืืช. ืืื ืืคืฉืจ, ืขื ืืืืืช ื-gitlab (ืชืืื ืืืืกืืฃ ืืช ืื ืืขืฆืื ืืืืืช ืืฆืืจื).
ืืืคืืฉ ืืืืจ ืื ืื ืืกืคืจ ืชืืฆืืืช: s3pypi, pypicloud ืืืคืฉืจืืช ืขื ืืฆืืจื "ืืื ืืช" ืฉื ืงืืฆื html ืขืืืจ ืืคืช. ืืืคืฉืจืืช ืืืืจืื ื ื ืขืืื ืืขืฆืื.
s3pypi: ืืื CLI ืืฉืืืืฉ ืืืืกืื S3. ืื ืื ื ืืขืืื ืืช ืืงืืฆืื, ืืืฆืจืื ืืช ื-html ืืืขืืื ืืืชื ืืืืชื ืืื. ืืชืืื ืืฉืืืืฉ ืืืชื.
pypicloud: ืื ื ืจืื ืืื ืคืจืืืงื ืืขื ืืื, ืืื ืืืจื ืฉืงืจืืชื ืืช ืืชืืขืื ืืชืืืืืชื. ืืืจืืช ืืชืืขืื ืืืื ืืืืืืืช ืืืชืจืื ืืื ืืืชืืื ืืฆืจืืื ืฉืื, ืืืฆืืืืช ืืชืืจืจ ืฉืื ืืืืชืจ ืืงืฉื ืืืืืืจ. ืชืืงืื ืืงืื ืื ืฉืืชืืื ืืืฉืืืืช ืฉืื, ืขื ืคื ืืืขืจืืืช ืืืืชื ืืื, ืืื ืืืงื 3-5 ืืืื. ืืฉืืจืืช ืืงืืง ืื ืืืกื ื ืชืื ืื. ืืฉืืจื ื ืืืชื ืืืงืจื ืฉืื ืืฆืื ื ืฉืื ืืืจ ืืืจ.
ืืืคืืฉ ืืขืืืง ืืืชืจ ืื ืื ืืืืื ืขืืืจ Nginx, ngx_aws_auth. ืชืืฆืืช ืืืืืงื ืฉืื ืืืืชื XML ืฉืืืฆื ืืืคืืคื, ืฉืืจืื ืืช ืืชืืื ืฉื ืืื S3. ืืืชืืืืืืช ืืืืจืื ื ืืืื ืืืืคืืฉ ืืืืชื ืืคื ื ืฉื ื. ืืืืืจ ื ืจืื ื ืืืฉ.
ืขื ืืื ืืขืืจ ืืืงืืจ ืืงืจืืื
ืื ืืืงืืื ืืช ืืืืืื ืืื ืืืกืืก, ืฉืขื ืืืืจ ืืื ืจืืืชื ืืืคืืคื ืฉืื ืืช ืืืชื XML ืืื ืืขืช ืืฉืืืืฉ ืืืืืื ngx_aws_auth, ืืื ืืื ืืืจ ืืื ืืชืื ื-JS.
ืืืื ืืืืชื ืืช ืคืชืจืื nginx. ืจืืฉืืช, ืชืืขืื ืืื ืืืืืืืืช ืจืืืช, ืฉื ืืช, ืื ืื ื ืืงืืืื ืืช ืื ืืืื ืฉื Nginx ืืขืืืื ืขื ืงืืฆืื (ืืืงืืคืกื), ืฉืืืฉืืช, ืื ืื ืฉืืืืข ืืืชืื ืืืืจืืช ืขืืืจ Nginx ืืืื ืืืืื ืื ืื ืื. ืืื ืืืืืื ืืื ืื ืืชืจืื ืขืืืจื, ืืืฉืืืื ืืคืืืชืื ืื ืื (ืื ื ืืชื ืืืคืก), ืฉืื ืืืืจ ืขื nexus.
TL;DR ืืืืจ ืืืืืื, ืืจืกืช ืืืืืงื ืฉื PyPi ืืืจ ืืืืชื ืืฉืืืืฉ ื-CI.
ืืื ืื ืขืืื?
ืืืืืื ื ืืขื ืืชืื Nginx ngx_http_js_module
, ืืืื ืืชืืื ืช ืืืืงืจ ืืจืฉืืืช. ืื ื ืืืืืืื ืืช ืืกืงืจืืคื ืฉืื ื ืืืืฆืขืืช ืืื ืืื js_import
ืืชืฆืืจืช Nginx. ืืคืื ืงืฆืื ื ืงืจืืช ืขื ืืื ืืืจืื js_content
. ืืื ืืื ืืฉืืฉืช ืืงืืืขืช ืืฉืชื ืื js_set
, ืฉืืืงื ืืืจืืืื ื ืจืง ืืช ืืคืื ืงืฆืื ืืืชืืืจืช ืืกืงืจืืคื. ืืื ืื ืื ื ืืืืืื ืืืฆืข ืฉืืืืชืืช ืืฉื ื ื-NJS ืจืง ืืืืฆืขืืช Nginx, ืื ืื XMLHttpRequest. ืืฉื ืื, ืืฉ ืืืืกืืฃ ืืช ืืืืงืื ืืืชืืื ืืชืฆืืจืช Nginx. ืืืชืกืจืื ืืืื ืืชืืจ ืืงืฉืช ืืฉื ื ืืืืงืื ืื. ืืื ืืืืืช ืืกืืื ืืืฉืช ืืคืื ืงืฆืื ืืชืฆืืจืช Nginx, ืืฉ ืืืืฆื ืืช ืฉื ืืคืื ืงืฆืื ืืกืงืจืืคื ืขืฆืื export default
.
nginx.conf
load_module modules/ngx_http_js_module.so;
http {
js_import imported_name from script.js;
server {
listen 8080;
...
location = /sub-query {
internal;
proxy_pass http://upstream;
}
location / {
js_content imported_name.request;
}
}
script.js
function request(r) {
function call_back(resp) {
// handler's code
r.return(resp.status, resp.responseBody);
}
r.subrequest('/sub-query', { method: r.method }, call_back);
}
export default {request}
ืืืฉืจ ืืชืืงืฉืื ืืืคืืคื http://localhost:8080/
ืื ืื ื ื ืื ืกืื location /
ืฉืื ืืื ืืื js_content
ืงืืจื ืืคืื ืงืฆืื request
ืืืชืืืจ ืืชืกืจืื ืฉืื ื script.js
. ืืชืืจื, ืืคืื ืงืฆืื request
ืืชืืฆืขืช ืฉืืืืชืช ืืฉื ื ื location = /sub-query
, ืขื ืฉืืื (ืืืืืื ืื ืืืืืช GET) ืืืชืงืืืช ืืืืจืืืื ื (r)
, ืืืขืืจ ืืืืคื ืืจืืื ืืืฉืจ ืงืืจืืื ืืคืื ืงืฆืื ืืื. ืชืืืืช ืืงืฉืช ืืืฉื ื ืชืขืืื ืืคืื ืงืฆืื call_back
.
ืื ืกื S3
ืืื ืืืืืฉ ืืงืฉื ืืืืกืื S3 ืคืจืื, ืื ืื ื ืฆืจืืืื:
ACCESS_KEY
SECRET_KEY
S3_BUCKET
ืืฉืืืช http ืืฉืืืืฉ, ืืชืืจืื/ืฉืขื ืื ืืืืืื, S3_NAME ื-URI, ื ืืฆืจ ืกืื ืืกืืื ืฉื ืืืจืืืช, ืืฉืจ ื ืืชืืช (HMAC_SHA1) ืืืืฆืขืืช SECRET_KEY. ืืื ืฉืืจื ืืื AWS $ACCESS_KEY:$HASH
, ื ืืชื ืืืฉืชืืฉ ืืืืชืจืช ืืืจืฉืื. ืืฉ ืืืืกืืฃ ืืืืชืจืช ืืช ืืืชื ืชืืจืื/ืฉืขื ืฉืฉืืืฉื ืืืฆืืจืช ืืืืจืืืช ืืฉืื ืืงืืื X-amz-date
. ืืงืื ืื ื ืจืื ืื:
nginx.conf
load_module modules/ngx_http_js_module.so;
http {
js_import s3 from s3.js;
js_set $s3_datetime s3.date_now;
js_set $s3_auth s3.s3_sign;
server {
listen 8080;
...
location ~* /s3-query/(?<s3_path>.*) {
internal;
proxy_set_header X-amz-date $s3_datetime;
proxy_set_header Authorization $s3_auth;
proxy_pass $s3_endpoint/$s3_path;
}
location ~ "^/(?<prefix>[w-]*)[/]?(?<postfix>[w-.]*)$" {
js_content s3.request;
}
}
s3.js
(ืืืืื ืืืจืฉืื ืฉื AWS Sign v2, ืฉืื ื ืืกืืืืก ืฉืืืฆื ืืฉืืืืฉ)
var crypt = require('crypto');
var s3_bucket = process.env.S3_BUCKET;
var s3_access_key = process.env.S3_ACCESS_KEY;
var s3_secret_key = process.env.S3_SECRET_KEY;
var _datetime = new Date().toISOString().replace(/[:-]|.d{3}/g, '');
function date_now() {
return _datetime
}
function s3_sign(r) {
var s2s = r.method + 'nnnn';
s2s += `x-amz-date:${date_now()}n`;
s2s += '/' + s3_bucket;
s2s += r.uri.endsWith('/') ? '/' : r.variables.s3_path;
return `AWS ${s3_access_key}:${crypt.createHmac('sha1', s3_secret_key).update(s2s).digest('base64')}`;
}
function request(r) {
var v = r.variables;
function call_back(resp) {
r.return(resp.status, resp.responseBody);
}
var _subrequest_uri = r.uri;
if (r.uri === '/') {
// root
_subrequest_uri = '/?delimiter=/';
} else if (v.prefix !== '' && v.postfix === '') {
// directory
var slash = v.prefix.endsWith('/') ? '' : '/';
_subrequest_uri = '/?prefix=' + v.prefix + slash;
}
r.subrequest(`/s3-query${_subrequest_uri}`, { method: r.method }, call_back);
}
export default {request, s3_sign, date_now}
ืืกืืจ ืงืื ืขื _subrequest_uri
: ืืื ืืฉืชื ื ืืฉืจ ืืืชืื ืืืืจื ืืืชืืืชื, ืืืฆืจ ืืงืฉื ื-S3. ืื ืืชื ืฆืจืื ืืงืื ืืช ืืชืืื ืฉื ื"ืฉืืจืฉ", ืื ืืชื ืฆืจืื ืืืฆืืจ ืืงืฉืช uri ืืืฆืืื ืช ืืช ืืืคืจืื delimiter
, ืฉืืืืืจ ืจืฉืืื ืฉื ืื ืจืืืื ื-xml ืฉื CommonPrefixes, ืืชืืืืื ืืกืคืจืืืช (ืืืงืจื ืฉื PyPI, ืจืฉืืื ืฉื ืื ืืืืืืืช). ืื ืืชื ืฆืจืื ืืงืื ืจืฉืืืช ืชืืื ืืกืคืจืืื ืกืคืฆืืคืืช (ืจืฉืืื ืฉื ืื ืืจืกืืืช ืืืืืื), ืืื ืืงืฉืช ื-uri ืืืืืช ืืืืื ืฉืื ืงืืืืืช ืขื ืฉื ืืกืคืจืืื (ืืืืื) ืฉืืกืชืืื ืืืืจื ืืงื ื ืืื /. ืืืจืช, ืืชื ืืฉืืช ืืคืฉืจืืช ืืขืช ืืงืฉื ืืชืืื ืฉื ืกืคืจืืื, ืืืฉื. ืืฉ ืกืคืจืืืช aiohttp-request ื-aiohttp-requests ืืื ืืืงืฉื ืืฆืืื ืช /?prefix=aiohttp-request
, ืื ืืชืืืื ืชืืื ืืช ืืชืืื ืฉื ืฉืชื ืืกืคืจืืืช. ืื ืืฉ ืงื ื ืืื ืืกืืฃ, /?prefix=aiohttp-request/
, ืื ืืชืืืื ืชืืื ืจืง ืืช ืืกืคืจืืื ืื ืืจืฉืช. ืืื ื ืืงืฉ ืงืืืฅ, ืื ืืืืจื ืืืชืงืื ืื ืฆืจืื ืืืืืช ืฉืื ื ืืืืงืืจื.
ืฉืืืจ ืืืคืขื ืืืืฉ ืืช Nginx. ืืืคืืคื ื ืืื ืืช ืืืชืืืช ืฉื ื-Nginx ืฉืื ื, ืืชืืฆืื ืฉื ืืืงืฉื ืชืืื XML, ืืืฉื:
ืจืฉืืืช ืกืคืจืืืช
<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Name>myback-space</Name>
<Prefix></Prefix>
<Marker></Marker>
<MaxKeys>10000</MaxKeys>
<Delimiter>/</Delimiter>
<IsTruncated>false</IsTruncated>
<CommonPrefixes>
<Prefix>new/</Prefix>
</CommonPrefixes>
<CommonPrefixes>
<Prefix>old/</Prefix>
</CommonPrefixes>
</ListBucketResult>
ืืจืฉืืืช ืืกืคืจืืืช ืชืฆืืจื ืจืง ืืช ืืืืื ืืื CommonPrefixes
.
ืขื ืืื ืืืกืคืช ืืืืจืื ืฉืื ื ืฆืจืืืื ืืืชืืืช ืฉืื ื ืืืคืืคื, ื ืงืื ืื ืืช ืชืืื ื ืืฆืืจืช XML:
ืจืฉืืืช ืงืืฆืื ืืกืคืจืืื
<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Name> myback-space</Name>
<Prefix>old/</Prefix>
<Marker></Marker>
<MaxKeys>10000</MaxKeys>
<Delimiter></Delimiter>
<IsTruncated>false</IsTruncated>
<Contents>
<Key>old/giphy.mp4</Key>
<LastModified>2020-08-21T20:27:46.000Z</LastModified>
<ETag>"00000000000000000000000000000000-1"</ETag>
<Size>1350084</Size>
<Owner>
<ID>02d6176db174dc93cb1b899f7c6078f08654445fe8cf1b6ce98d8855f66bdbf4</ID>
<DisplayName></DisplayName>
</Owner>
<StorageClass>STANDARD</StorageClass>
</Contents>
<Contents>
<Key>old/hsd-k8s.jpg</Key>
<LastModified>2020-08-31T16:40:01.000Z</LastModified>
<ETag>"b2d76df4aeb4493c5456366748218093"</ETag>
<Size>93183</Size>
<Owner>
<ID>02d6176db174dc93cb1b899f7c6078f08654445fe8cf1b6ce98d8855f66bdbf4</ID>
<DisplayName></DisplayName>
</Owner>
<StorageClass>STANDARD</StorageClass>
</Contents>
</ListBucketResult>
ืืจืฉืืืช ืืงืืฆืื ื ืืงื ืจืง ืืืื ืืื Key
.
ืื ืื ืฉื ืืชืจ ืืื ืื ืชื ืืช ื-XML ืฉื ืืฆืจ ืืืฉืืื ืืืชื ื-HTML, ืืืืจ ืฉืืืืคืช ืชืืืื ืืช ืืืืชืจืช Content-Type ื-text/html.
function request(r) {
var v = r.variables;
function call_back(resp) {
var body = resp.responseBody;
if (r.method !== 'PUT' && resp.status < 400 && v.postfix === '') {
r.headersOut['Content-Type'] = "text/html; charset=utf-8";
body = toHTML(body);
}
r.return(resp.status, body);
}
var _subrequest_uri = r.uri;
...
}
function toHTML(xml_str) {
var keysMap = {
'CommonPrefixes': 'Prefix',
'Contents': 'Key',
};
var pattern = `<k>(?<v>.*?)</k>`;
var out = [];
for(var group_key in keysMap) {
var reS;
var reGroup = new RegExp(pattern.replace(/k/g, group_key), 'g');
while(reS = reGroup.exec(xml_str)) {
var data = new RegExp(pattern.replace(/k/g, keysMap[group_key]), 'g');
var reValue = data.exec(reS);
var a_text = '';
if (group_key === 'CommonPrefixes') {
a_text = reValue.groups.v.replace(///g, '');
} else {
a_text = reValue.groups.v.split('/').slice(-1);
}
out.push(`<a href="/iw/${reValue.groups.v}">${a_text}</a>`);
}
}
return '<html><body>n' + out.join('</br>n') + 'n</html></body>'
}
ืื ืกื PyPI
ืื ืื ื ืืืืงืื ืฉืฉืื ืืืจ ืื ื ืฉืืจ ืืฉืื ืืงืื ืขื ืืืืืืช ืฉืืืืข ืืขืืืืืช.
# ะกะพะทะดะฐะตะผ ะดะปั ัะตััะพะฒ ะฝะพะฒะพะต ะพะบััะถะตะฝะธะต
python3 -m venv venv
. ./venv/bin/activate
# ะกะบะฐัะธะฒะฐะตะผ ัะฐะฑะพัะธะต ะฟะฐะบะตัั.
pip download aiohttp
# ะะฐะณััะถะฐะตะผ ะฒ ะฟัะธะฒะฐัะฝัั ัะตะฟั
for wheel in *.whl; do curl -T $wheel http://localhost:8080/${wheel%%-*}/$wheel; done
rm -f *.whl
# ะฃััะฐะฝะฐะฒะปะธะฒะฐะตะผ ะธะท ะฟัะธะฒะฐัะฝะพะน ัะตะฟั
pip install aiohttp -i http://localhost:8080
ืื ื ืืืืจืื ืขื ืืขืฉืื ื.
# ะกะพะทะดะฐะตะผ ะดะปั ัะตััะพะฒ ะฝะพะฒะพะต ะพะบััะถะตะฝะธะต
python3 -m venv venv
. ./venv/bin/activate
pip install setuptools wheel
python setup.py bdist_wheel
for wheel in dist/*.whl; do curl -T $wheel http://localhost:8080/${wheel%%-*}/$wheel; done
pip install our_pkg --extra-index-url http://localhost:8080
ื-CI, ืืฆืืจื ืืืขืื ื ืฉื ืืืืื ื ืจืืืช ืื:
pip install setuptools wheel
python setup.py bdist_wheel
curl -sSfT dist/*.whl -u "gitlab-ci-token:${CI_JOB_TOKEN}" "https://pypi.our-domain.com/${CI_PROJECT_NAME}"
ืืืืืช
ื-Gitlab ื ืืชื ืืืฉืชืืฉ ื-JWT ืืืืืืช/ืืจืฉืื ืฉื ืฉืืจืืชืื ืืืฆืื ืืื. ืืืืฆืขืืช ืืื ืืื auth_request ื-Nginx, ื ื ืชื ืืช ื ืชืื ื ืืืืืืช ื-subrequest ืืืืืื ืงืจืืืช ืคืื ืงืฆืื ืืกืงืจืืคื. ืืกืงืจืืคื ืืืฆืข ืืงืฉืช ืืฉื ื ื ืืกืคืช ืืืชืืืช ื-URL ืฉื Gitlab ืืื ื ืชืื ื ืืืืืืช ืฆืืื ื ืืืืื, ืื Gitlab ืชืืืืจ ืงืื 200 ืืืขืืื/ืืืจืื ืฉื ืืืืืื ืชืชืืคืฉืจ. ืืื ืื ืืืฉืชืืฉ ืืฉืืืืชืช ืืฉื ื ืืืช ืืืฉืืื ืืื ืืช ืื ืชืื ืื ื-Gitlab? ืื ืื ื ืฆืืจื ืืขืจืื ืืช ืงืืืฅ ืืชืฆืืจื ืฉื Nginx ืืื ืคืขื ืฉื ืืฆืข ืฉืื ืืืื ืืืฉืื ืืืจืฉืื, ืืื ืืฉืืื ืื ืืืืืขืช. ืืื ืื, ืื Kubernetes ืืฉืชืืฉ ืืืืื ืืืช ืืขืจืืช ืืกืืก ืืงืจืืื ืืืื, ืืืืจ ืืืกืืฃ ืขืื ืืืชืจ ืืืจืืืืช ืืขืช ืืืืคืช nginx.conf ืืืืฆืขืืช configmap. ืืื ืืืคื ืืืืชื ืืคืฉืจื ืืืืืืื ืืืืืืจ ืืช Nginx ืืืืฆืขืืช configmap ืชืื ืฉืืืืฉ ืื-ืืื ืืช ืืืืื ืืืช ืืืืกืจืช ืืืืืจ ืฉื ืืืฆืขื ืืืกืื (pvc) ืืืขืจืืช ืงืืฆืื ืืงืจืืื ืืืื (ืื ืื ืงืืจื).
ืืืืฆืขืืช ืืืืฆืขื NJS, ืื ื ืืงืืืื ืืช ืืืืืื ืืช ืืฉื ืืช ืืช ืืคืจืืืจืื ืฉืฆืืื ื ืืชืฆืืจืช nginx ืืืืฆืขืืช ืืฉืชื ื ืกืืืื ืืืืฆืข ืืื ืืืืงืืช ืืกืงืจืืคื (ืืืืืื, ืืชืืืช URL ืฉืฆืืื ื ืืฆืืจื ืฉืืืื).
nginx.conf
location = /auth-provider {
internal;
proxy_pass $auth_url;
}
location = /auth {
internal;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
js_content auth.auth;
}
location ~ "^/(?<prefix>[w-]*)[/]?(?<postfix>[w-.]*)$" {
auth_request /auth;
js_content s3.request;
}
s3.js
var env = process.env;
var env_bool = new RegExp(/[Tt]rue|[Yy]es|[Oo]n|[TtYy]|1/);
var auth_disabled = env_bool.test(env.DISABLE_AUTH);
var gitlab_url = env.AUTH_URL;
function url() {
return `${gitlab_url}/jwt/auth?service=container_registry`
}
function auth(r) {
if (auth_disabled) {
r.return(202, '{"auth": "disabled"}');
return null
}
r.subrequest('/auth-provider',
{method: 'GET', body: ''},
function(res) {
r.return(res.status, "");
});
}
export default {auth, url}
ืกืืืจ ืืื ืื ืฉืืฉืืื ืืชืืฉืืช: -ืืื ืื ืืืฉืชืืฉ ืืืืืืืื ืืืื ืื? ืืื ืืืจ ื ืขืฉื ืฉื! ืืืืืื, var AWS = require('aws-sdk') ืืืื ืฆืืจื ืืืชืื "ืืืคื ืืื" ืขื ืืืืืช S3!
ืืืื ื ืขืืืจ ืืืกืจืื ืืช
ืขืืืจื, ืืืกืจ ืืืืืืช ืืืืื ืืืืืื JS ืืืฆืื ืืื ืืคื ืืชืืื ื ืื ื ืขืืื, ืื ืฆืคืืื. ืืืชืืืจ ืืืืืื ืืขืื require('crypto') is
ืืฉ ืืืฉืืืช ืืช ืืืืืกื ืื ืขืืืจ ืืคืจืืืงื ืื ืืืื ื-Nginx gzip off;
ืืืืืื ืฉืืื ืืืืื gzip ื-NJS ืืื ืืคืฉืจ ืืืืจ ืืืชื; ืืื, ืืื ืืจื ืืขืืื ืขื ื ืชืื ืื ืืืืกืื. ื ืืื, ืื ืื ืืืฉ ืืื ืืก ืืืงืจื ืืื. ืืื ืืจืื ืืงืกื, ืืืงืืฆืื ืืืืขืืจืื ืืืจ ืืืืกืื ืืืืืกื ื ืืกืคืช ืื ืชืขืืืจ ืืื ืืจืื. ืืื ืื, ืื ืื ืฉืืจืืช ืื ืื ืืขืื ืื ืงืจืืื ืฉืืชื ืฆืจืื ืืืชืขืกืง ืืืกืคืงืช ืชืืื ืืื ืืืคืืืช ืฉื ืืื ืืืจ ืืืชืจ.
ืืืชืืจ ืืืืื ืืกืงืจืืคื ืืืงื ืืื ืจื ืืืชืืคืฉืจ ืจืง ืืืืฆืขืืช "ืืืคืกืืช" ื- error.log. ืืืชืื ืืคืจืื ืจืืช ืืจืืฉืื ืืืืืืจืื, ืืืืจื ืื ืฉืืืื, ืืคืฉืจ ืืืฉืชืืฉ ื-3 ืฉืืืืช r.log, r.warn, r.error ืืืชืืื. ืื ื ืื ืกื ืื ืคืืช ืืืืื ืืืื ืกืงืจืืคืืื ืืืจืื (v8) ืื ืืืื ืืงืื ืกืื ืฉื njs, ืืื ืื ืืื ื ืืชื ืืืืืง ืฉื. ืืขืช ืืืชืืจ ืืืืื ืืงืื, ืืืืืจ ืืืืงืืช ืคืื ืงืฆืืื ืืืืช, ืืืืกืืืจืื ื ืจืืืช ืืขืจื ืื:
docker-compose restart nginx
curl localhost:8080/
docker-compose logs --tail 10 nginx
ืืืืืืื ืืืืืช ืืืืช ืจืฆืคืื ืืืื.
ืืชืืืช ืงืื ืืืืฆืขืืช ืฉืืืืชืืช ืืฉื ื ืืืฉืชื ืื ืขืืืจื ืืืคืืช ืืกืื ืกืืื. ืืคืขืืื ืืชื ืืชืืื ืืืืจ ืกืืื ืืืื ืืช IDE ืฉืื ืื ืื ืืกืืื ืืืืื ืืช ืจืฆืฃ ืืคืขืืืืช ืฉื ืืงืื ืฉืื. ืื ืื ืงืฉื, ืืื ืืคืขืืื ืื ืืืื ืืขืฆืื.
ืืื ืชืืืื ืืืื ื-ES6.
ืืืื ืืฉ ืขืื ืืื ืืกืจืื ืืช, ืืื ืื ื ืชืงืืชื ืืฉืื ืืืจ ืืืจ. ืฉืชืฃ ืืืืข ืื ืืฉ ืื ื ืืกืืื ืฉืืืื ืืฉืืืืฉ ื-NJS.
ืืกืงื ื
NJS ืืื ืืชืืจืืื ืงื ืืฉืงื ืืงืื ืคืชืื ืืืืคืฉืจ ืื ืืืืฉื ืกืงืจืืคืืื ืฉืื ืื ืฉื JavaScript ื-Nginx. ืืืืื ืคืืชืืื ืืืงืืฉื ืชืฉืืืช ืื ืจืื ืืืืฆืืขืื. ืืืืื ืฉืขืืืื ืืกืจ ืืจืื, ืืื ืืคืจืืืงื ืืคืืชื ืขื ืืื ืฆืืืช ืงืื ืืื ืืืกืืคืื ืชืืื ืืช ืืืฉืืช ืืืืคื ืคืขืื ืืืชืงื ืื ืืืืื. ืื ื ืืงืืื ืฉืืชืืฉืื NJS ืืืคืฉืจ ืืื ืืืืจ ืืืืืืื ืืืฆืื ืืื, ืื ืฉืืืคืื ืืช ืืคืื ืงืฆืืื ืืืืช ืฉื Nginx ืืืืขื ืืืชื ืืืืืืช. ืืื ืืฉ NGINX Plus ืืกืืืจ ืืื ืื ืฉืื ืืืื ืชืืื ืืช!
ืืงืืจ: www.habr.com