Commit 1fe3d006 authored by nanahira's avatar nanahira

add EXTERNAL_REAL_IP

parent 081f0eb6
Pipeline #15988 failed with stages
in 60 minutes
stages: stages:
- build - build
- combine
- deploy - deploy
variables: variables:
GIT_DEPTH: "1" GIT_DEPTH: "1"
CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
CONTAINER_TEST_ARM_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
CONTAINER_TEST_X86_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
before_script: before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
build-x86:
.build-image:
stage: build stage: build
tags:
- docker
script: script:
- TARGET_IMAGE=$CONTAINER_TEST_X86_IMAGE
- docker build --pull -t $TARGET_IMAGE . - docker build --pull -t $TARGET_IMAGE .
- docker push $TARGET_IMAGE - docker push $TARGET_IMAGE
build-x86:
extends: .build-image
tags:
- docker
variables:
TARGET_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
build-arm: build-arm:
stage: build extends: .build-image
tags: tags:
- docker-arm - docker-arm
script: variables:
- TARGET_IMAGE=$CONTAINER_TEST_ARM_IMAGE TARGET_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
- docker build --pull -t $TARGET_IMAGE .
- docker push $TARGET_IMAGE .deploy:
combine: stage: deploy
stage: combine
tags: tags:
- docker - docker
script: script:
- TARGET_IMAGE=$CONTAINER_TEST_IMAGE - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
- SOURCE_IMAGE_2=$CONTAINER_TEST_ARM_IMAGE - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
- SOURCE_IMAGE_1=$CONTAINER_TEST_X86_IMAGE - docker manifest create $TARGET_IMAGE --amend $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86 --amend
- docker pull $SOURCE_IMAGE_1 $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
- docker pull $SOURCE_IMAGE_2
- docker manifest create $TARGET_IMAGE --amend $SOURCE_IMAGE_1 --amend
$SOURCE_IMAGE_2
- docker manifest push $TARGET_IMAGE - docker manifest push $TARGET_IMAGE
deploy_latest: deploy_latest:
stage: deploy extends: .deploy
tags: variables:
- docker TARGET_IMAGE: $CI_REGISTRY_IMAGE:latest
script:
- TARGET_IMAGE=$CONTAINER_RELEASE_IMAGE
- SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
- docker pull $SOURCE_IMAGE
- docker tag $SOURCE_IMAGE $TARGET_IMAGE
- docker push $TARGET_IMAGE
only: only:
- master - master
deploy_tag:
stage: deploy deploy_branch:
tags: extends: .deploy
- docker variables:
script: TARGET_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
- TARGET_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
- docker pull $SOURCE_IMAGE
- docker tag $SOURCE_IMAGE $TARGET_IMAGE
- docker push $TARGET_IMAGE
only:
- tags
...@@ -32,6 +32,7 @@ export interface SiteRenderData { ...@@ -32,6 +32,7 @@ export interface SiteRenderData {
export interface RenderData { export interface RenderData {
purgeAllowed?: string[]; purgeAllowed?: string[];
externalRealIp?: boolean;
realIp?: string[]; realIp?: string[];
limitRate?: string; limitRate?: string;
limitBurst?: string; limitBurst?: string;
...@@ -85,6 +86,7 @@ export function getData( ...@@ -85,6 +86,7 @@ export function getData(
const parser = new Parser('', input); const parser = new Parser('', input);
return { return {
purgeAllowed: parser.getArray('PURGE_ALLOWED'), purgeAllowed: parser.getArray('PURGE_ALLOWED'),
externalRealIp: parser.getBoolean('EXTERNAL_REAL_IP'),
realIp: parser.getArray('REAL_IP'), realIp: parser.getArray('REAL_IP'),
limitRate: parser.getString('LIMIT_RATE'), limitRate: parser.getString('LIMIT_RATE'),
limitBurst: parser.getString('LIMIT_BURST'), limitBurst: parser.getString('LIMIT_BURST'),
......
...@@ -124,12 +124,14 @@ http { ...@@ -124,12 +124,14 @@ http {
resolver 127.0.0.11 ipv6=off; resolver 127.0.0.11 ipv6=off;
{{^externalRealIp}}
set_real_ip_from 172.16.0.0/12; set_real_ip_from 172.16.0.0/12;
{{#realIp}} {{#realIp}}
set_real_ip_from {{ . }}; set_real_ip_from {{ . }};
{{/realIp}} {{/realIp}}
real_ip_header X-Forwarded-FOr; real_ip_header X-Forwarded-FOr;
real_ip_recursive on; real_ip_recursive on;
{{/externalRealIp}}
{{#limitRate}} {{#limitRate}}
{{#limitBurst}} {{#limitBurst}}
...@@ -235,4 +237,4 @@ http { ...@@ -235,4 +237,4 @@ http {
stream { stream {
include /etc/nginx/stream/*.conf; include /etc/nginx/stream/*.conf;
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment