add EXTERNAL_REAL_IP

1fe3d006 · nanahira · 081f0eb6 · 1fe3d006 · 1fe3d006 · 1fe3d006
Commit 1fe3d006 authored Aug 22, 2022 by nanahira
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 45 deletions

.gitlab-ci.yml .gitlab-ci.yml +30 -44

src/site.ts src/site.ts +2 -0

views/nginx.conf.mustache views/nginx.conf.mustache +3 -1

No files found.
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 stages:
  - build
-  - combine
  - deploy
 variables:
  GIT_DEPTH: "1"
-  CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
-  CONTAINER_TEST_ARM_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
-  CONTAINER_TEST_X86_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
-  CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE:latest
+
 before_script:
  - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-build-x86:
+
+.build-image:
  stage: build
-  tags:
-    - docker
  script:
-    - TARGET_IMAGE=$CONTAINER_TEST_X86_IMAGE
    - docker build --pull -t $TARGET_IMAGE .
    - docker push $TARGET_IMAGE
+
+build-x86:
+  extends: .build-image
+  tags:
+    - docker
+  variables:
+    TARGET_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
+
 build-arm:
-  stage: build
+  extends: .build-image
  tags:
    - docker-arm
-  script:
-    - TARGET_IMAGE=$CONTAINER_TEST_ARM_IMAGE
-    - docker build --pull -t $TARGET_IMAGE .
-    - docker push $TARGET_IMAGE
-combine:
-  stage: combine
+  variables:
+    TARGET_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
+
+.deploy:
+  stage: deploy
  tags:
    - docker
  script:
-    - TARGET_IMAGE=$CONTAINER_TEST_IMAGE
-    - SOURCE_IMAGE_2=$CONTAINER_TEST_ARM_IMAGE
-    - SOURCE_IMAGE_1=$CONTAINER_TEST_X86_IMAGE
-    - docker pull $SOURCE_IMAGE_1
-    - docker pull $SOURCE_IMAGE_2
-    - docker manifest create $TARGET_IMAGE --amend $SOURCE_IMAGE_1 --amend
-      $SOURCE_IMAGE_2
+    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86
+    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
+    - docker manifest create $TARGET_IMAGE --amend $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-x86 --amend
+      $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-arm
    - docker manifest push $TARGET_IMAGE
+
 deploy_latest:
-  stage: deploy
-  tags:
-    - docker
-  script:
-    - TARGET_IMAGE=$CONTAINER_RELEASE_IMAGE
-    - SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
-    - docker pull $SOURCE_IMAGE
-    - docker tag $SOURCE_IMAGE $TARGET_IMAGE
-    - docker push $TARGET_IMAGE
+  extends: .deploy
+  variables:
+    TARGET_IMAGE: $CI_REGISTRY_IMAGE:latest
  only:
    - master
-deploy_tag:
-  stage: deploy
-  tags:
-    - docker
-  script:
-    - TARGET_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
-    - SOURCE_IMAGE=$CONTAINER_TEST_IMAGE
-    - docker pull $SOURCE_IMAGE
-    - docker tag $SOURCE_IMAGE $TARGET_IMAGE
-    - docker push $TARGET_IMAGE
-  only:
-    - tags
+
+deploy_branch:
+  extends: .deploy
+  variables:
+    TARGET_IMAGE: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
--- a/src/site.ts
+++ b/src/site.ts
@@ -32,6 +32,7 @@ export interface SiteRenderData {

 export interface RenderData {
  purgeAllowed?: string[];
+  externalRealIp?: boolean;
  realIp?: string[];
  limitRate?: string;
  limitBurst?: string;
@@ -85,6 +86,7 @@ export function getData(
  const parser = new Parser('', input);
  return {
    purgeAllowed: parser.getArray('PURGE_ALLOWED'),
+    externalRealIp: parser.getBoolean('EXTERNAL_REAL_IP'),
    realIp: parser.getArray('REAL_IP'),
    limitRate: parser.getString('LIMIT_RATE'),
    limitBurst: parser.getString('LIMIT_BURST'),

--- a/views/nginx.conf.mustache
+++ b/views/nginx.conf.mustache
@@ -124,12 +124,14 @@ http {

  resolver 127.0.0.11 ipv6=off;

+{{^externalRealIp}}
  set_real_ip_from 172.16.0.0/12;
 {{#realIp}}
  set_real_ip_from {{ . }};
 {{/realIp}}
  real_ip_header X-Forwarded-FOr;
  real_ip_recursive on;
+{{/externalRealIp}}

 {{#limitRate}}
 {{#limitBurst}}
@@ -235,4 +237,4 @@ http {

 stream {
  include /etc/nginx/stream/*.conf;
-}
\ No newline at end of file
+}