kwk/docker-registry-frontend

Run as subfolder on proxy

RussianFox opened this issue ยท 2 comments

RussianFox commented

Hi!
I have a large server with some services. And there is a proxy server with directories for them
URL is:
http://largeserver/portainer
http://largeserver/jenkins
http://largeserver/gitlab

And I want run docker-registry-frontend in subfolder http://largeserver/registry, but it is impossible :(

Need config for use subfolder in links

kondelik commented

You didnt wrote what reverse proxy are you using, so I will show you mine with nginx.
Also, you dont mention if you use hard installation or docker compose, so i will show you dockerized solution.

This should answer your question in principle (but you give us no context at all, so there is no way to direct answer).

I hope it helps you anyway:

Nginx is used as reverse proxy to docker network with proxy_pass:

upstream kwk {
    server kwk:80;
}
server {
  listen              80 default_server;
  listen              [::]:80;
  server_name         _;
  return 301 https://$host$request_uri;
}
server {
  listen                        443 ssl;
  listen                        [::]:443 ssl http2;
  client_max_body_size          0; # = any
 (... SSL things ... )
  location /kwk/ {
        proxy_pass              http://kwk/;
        proxy_read_timeout      900;
        proxy_buffering         on; # not sure about this

        access_log             /dev/null;
        #access_log            /var/log/nginx/kwk/access.log;
        error_log              /var/log/nginx/kwk/error.log;

        proxy_set_header        HOST                $http_host;
        proxy_set_header        X-Forwarded-Host    $host;
        proxy_set_header        X-Forwarded-Port    $server_port;
        proxy_set_header        X-Real-IP           $remote_addr;
        proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto   $scheme;
        proxy_set_header        Connection          ""; # Clear for keepalive. Not sure if i need this. Probably not.
    }
}

version: "3.8"

services:
  web: 
    build: ./nginx # just add nginx conf
    restart: always
    (... and some SSL settings ...)
    volumes:
      -./nginx/log/kwk:/var/log/nginx/kwk
    ports:
      - 80:80
      - 443:443
   links: 
      - kwk

  kwk:
    image: konradkleine/docker-registry-frontend:v2
    environment:
      ENV_DOCKER_REGISTRY_HOST: registry
      ENV_DOCKER_REGISTRY_PORT: 5000
      # SSL is from nginx.
      # BUT DO NOT TOUCH 'ENV_USE_SSL=no' because it start some ssl initialization and apache will break without mounted .crt & .key 
    links:
      - registry

  registry:
    image: library/registry:2.6
    environment:
      REGISTRY_HTTP_SECRET: ${SECRET_KEY_BASE}
    volumes:
      - ./registry/storage:/var/lib/registry
    ports:
      - 5000:5000

Now https://localhost/kwk/ is serving kwk index.html. Almost done! But not really...

Next problem:

But everything is broken! Every link is relative from root! styles/main.css is /styles/main.css! how is that possible?
Thats because there is <head><base href="/">(...)</head>. And thats actually great, only one place to override ๐Ÿ˜„

We can either take index.html, modify it to <base href="/kwk/"> and make nginx serve this one instead of the original one from image, but then we have to do that with every update of kwk (there is anti-caching mechanism for new versions, /styles/main.css is really /styles/main.b760445a.css and we would broke that with every update of kwk.). Thats not great.

Another solution is to modify response from server via nginx sub_filter
So I did it by adding sub_filter in nginx.conf:

server {
 (...)
  location /kwk/ {
        (...)
        # replacing does not work with g-zip (well, of course...) https://stackoverflow.com/questions/31893211/
        proxy_set_header        Accept-Encoding     "";
        sub_filter              '<base href="/">'   '<base href="/kwk/">'; # same as location
        sub_filter_once         on;
    }
}

You can check if nginx is compiled with --with-http_sub_module by executing nginx -V, but if you are using FROM nginx:latest it should be there.

And thats all.

What next?

  1. Maybe we should add sub_filter to own location /kwk/index.html { }. Main reason is that we disabled gzip, so angular .js gets a lot bigger.

  2. Now we are running full-blown apache behind nginx. Thats a little overkill (or maybe not... idk). Maybe we should serve content from nginx. Its angular, so its just bunch of javascript, some images and css + one index.html. I didnt try it, but it shouldnt be that hard to get rid of apache, something like "mount the same volume 'to kwk container mapped where page is stored' and 'to nginx container' and serve it from there". No idea if there is some sort of "server side" which would break. I am not gonna try & I dont really care. I am not running my docker-compose up -d on raspberry pi, am I? ๐Ÿ˜„ (fun fact: but on virtualized ubuntu-server with 2 gb ram. Thats same/worse then low-end raspberry pi ๐Ÿ™ƒ )

kondelik commented

Ok, still does not work becouse there are absolute paths in code:

docker-registry-frontend/app/repository/repository-list-controller.spec.js

Line 38 in acd3f1f

$httpBackend.expectGET('/app-mode.json').respond(expectedAppMode);

docker-registry-frontend/app/services/app-mode-services.js

Line 8 in acd3f1f

return $resource('/app-mode.json', {}, {

etc...

see #50 :-/