initial commit

Author: Prajithp

Dockerfile

@@ -0,0 +1,12 @@
+FROM perl:5.30.1
+
+WORKDIR /app
+EXPOSE 3000 8080
+
+ENV MOJO_VERSION 8.33
+COPY hub.pl /app/
+RUN cpanm Mojolicious@"$MOJO_VERSION"
+RUN cpanm Cache::FileCache Syntax::Keyword::Try  && rm -r /root/.cpanm
+RUN cpanm IO::Socket::SSL  && rm -r /root/.cpanm
+
+ENTRYPOINT ["hypnotoad", "--foreground", "/app/hub.pl"]

ecr.pl

@@ -0,0 +1,109 @@
+#!/usr/bin/env perl
+use Mojolicious::Lite;
+use Paws ();
+use Paws::Credential::File;
+use Cpanel::JSON::XS;
+
+Paws->default_config->immutable(1);
+Paws->preload_service('ECR');
+
+plugin 'DefaultHelpers';
+
+helper paws => sub {
+    state $paws = Paws->new(
+       config => {
+           region => 'ap-south-1',
+           credentials => Paws::Credential::File->new(
+                profile => 'prod'
+           ),
+       }
+    );
+};
+
+helper ecr => sub {
+    state $client = $_[0]->paws->service('ECR');
+};
+
+helper 'docker.manifests' => sub {
+    my ($c, $name, $ref) = @_;
+
+    my $imageStruct = {};
+    if ($ref =~ m/^\w+:([A-Fa-f0-9]+$)/) {
+        $imageStruct->{'ImageDigest'} = $ref;
+    }   
+    else {
+       $imageStruct->{'ImageTag'} = $ref;
+    }
+
+    my $images = $c->ecr->BatchGetImage(ImageIds => [$imageStruct], RepositoryName => $name)->Images;
+    if (my $image = $images->[0]) {
+        return decode_json($image->ImageManifest);
+    }
+
+    return undef;
+};
+
+under '/v2/'; 
+
+get '/' => sub {
+  my $c = shift;
+
+  $c->render(json => ['ok']);
+};
+
+any '/*name/manifests/*ref' => sub {
+    my $c = shift;
+
+    $c->render_later;
+
+    my $name = $c->param('name');
+    my $ref  = $c->param('ref');
+
+    my $image  = $c->docker->manifests($name, $ref);
+    my $status = $image ? 200 : 404;
+   
+    if ($c->req->method eq 'HEAD') {
+        return $c->rendered($status);
+    }
+
+    return $c->render(json => {}, status => $status) unless $image;
+
+    my $mediaType = $image->{'mediaType'};
+    $c->res->headers->content_type($mediaType);
+    
+    return $c->render(json => $image, status => $status);
+};
+
+get '/*name/blobs/:ref' => sub {
+    my $c = shift;
+    
+    $c->render_later;
+    
+    my $name = $c->param('name');
+    my $ref  = $c->param('ref');
+   
+    my $url = $c->ecr->GetDownloadUrlForLayer(LayerDigest => $ref, RepositoryName => $name);
+    $c->res->headers->header('Location' => $url->DownloadUrl);
+    $c->res->headers->header('Docker-Content-Digest' => $url->LayerDigest);
+    return $c->rendered(307);
+};
+
+get '/*name/tags/list' => sub {
+    my $c = shift;
+    my $name = $c->param('name');
+
+    my $imagesResponse = $c->ecr->DescribeImages(RepositoryName => $name);
+    my $imageDetails = $imagesResponse->ImageDetails;
+  
+    if (my $imageDetail = $imageDetails->[0]) {     
+       my $response = {
+           name => $name,
+           tags => $imageDetail->imageDetail
+       };
+       return $c->render(json => $response);
+    }
+
+    return $c->rendered(404);    
+};
+
+app->start;

hub.conf

@@ -0,0 +1,33 @@
+proxy_cache_path /docker_mirror_cache levels=1:2 max_size=32g inactive=5d keys_zone=cache:10m use_temp_path=off;
+server {
+        listen      6666 ssl http2 default_server;
+        server_name _;
+
+        set $docker_proxy_request_type "unknown";
+
+        add_header X-Docker-Registry-Proxy-Cache-Upstream-Status "$upstream_cache_status";
+
+        ssl_certificate "/etc/nginx/server.crt";
+        ssl_certificate_key "/etc/nginx/server.key";
+
+        chunked_transfer_encoding on;
+
+        proxy_read_timeout 900;
+        proxy_cache_lock on;
+        proxy_cache_lock_timeout 880s;
+        proxy_cache_valid 200 206 5d;
+        proxy_force_ranges on;
+        proxy_ignore_client_abort on;
+        proxy_cache_revalidate on;
+        proxy_hide_header      Set-Cookie;
+        proxy_ignore_headers   X-Accel-Expires Expires Cache-Control Set-Cookie;
+ 
+        
+  
+        location / { 
+            proxy_pass http://localhost:3000;
+            proxy_cache cache;
+            proxy_cache_key   $uri;
+            proxy_intercept_errors on;
+        }
+}

hub.pl

@@ -0,0 +1,134 @@
+#!/usr/bin/env perl
+
+use Mojolicious::Lite;
+use Cache::FileCache;
+use Syntax::Keyword::Try;
+
+helper 'registry' => sub { 'registry.docker.io' };
+helper 'authUrl'  => sub { 'https://auth.docker.io/token' };
+helper 'cache'    => sub { state $cache = Cache::FileCache->new; };
+
+$ENV{MOJO_MAX_MESSAGE_SIZE} = 524288000;
+app->config(hypnotoad => { clients => $ENV{HYPNOTOAD_CLIENTS} // 100 });
+
+helper authToken => sub {
+    my ($self, $repo) = @_;
+
+    my $cached_token = $self->cache->get($repo);
+    if (! defined $cached_token ) {
+        app->log->info("Requesting for token");
+        my $url    = sprintf("%s?service=%s&scope=repository:%s:pull", $self->authUrl, $self->registry, $repo);
+        my $tx     = $self->ua->get($url);
+        my $res    = $tx->result->json;
+
+        my $token  = $res->{'token'};
+        my $ttl    = $res->{'expires_in'};
+        $self->cache->set($repo, $token, $ttl);
+        
+        return $token;   
+    }
+    app->log->info("Token found in the cache");
+    return $cached_token;
+};
+
+helper authHeader => sub { 
+    my ($self, $repo, $type) = @_;
+
+    my $header = { Authorization => undef, Accept => $type };
+    my $token  = $self->authToken($repo); 
+    $header->{'Authorization'} = 'Bearer ' . $token;
+    return $header;
+};
+
+get '/' => sub {
+  my $c = shift;
+  
+  $c->render(json => ['ok']);
+};
+
+under '/v2';
+get '/' => sub {
+  my $c = shift;
+
+  $c->render(json => ['ok']);
+};
+
+any '/*name/manifests/*ref' => sub {
+    my $c = shift;
+    
+    $c->render_later;
+    
+    my $name = $c->param('name');
+    my $ref  = $c->param('ref');
+
+    my $imageName = $name;
+    if (index ($name, '/') == -1 ) {
+       $imageName = 'library/' . $name;
+    }
+
+    my $auth_head = $c->authHeader($imageName, 'application/vnd.docker.distribution.manifest.v2+json');
+    my $url = sprintf("https://%s/v2/%s/manifests/%s", 'registry-1.docker.io', $imageName, $ref);
+    my $tx  = $c->ua->get($url, $auth_head);
+
+    my $response = {};
+    my $status   = 404;
+    if ($tx->res->code == 200) {
+        $response = $tx->res->json;
+        $status = 200;
+        my $mediaType = $response->{'mediaType'};
+        $c->res->headers->content_type($mediaType);        
+    }
+    return $c->render(json => $response, status => $status);      
+};
+
+get '/*name/blobs/:ref' => sub {
+    my $c = shift;
+       
+    $c->render_later;
+    $c->inactivity_timeout(0);
+
+    my $name = $c->param('name');
+    my $ref  = $c->param('ref');
+    
+    my $imageName = $name;
+    if (index ($name, '/') == -1 ) {
+       $imageName = 'library/' . $name;
+    }
+    my $auth_head = $c->authHeader($imageName, 'application/vnd.docker.distribution.manifest.v2+json');
+    my $url = sprintf("https://%s/v2/%s/blobs/%s", 'registry-1.docker.io', $imageName, $ref);
+    my $tx  = $c->app->ua->get($url, $auth_head);
+
+    if (my $location = $tx->res->headers->location) {
+        $c->res->code(200);
+        $c->res->headers->content_type("application/octet-stream"); 
+
+        my $length = $c->app->ua->head($location)->res->headers->content_length;
+        $c->res->headers->content_length($length);
+
+        $c->app->ua->max_response_size(0);
+        $c->app->log->info("calling remote location $location");
+
+        my $d_tx = $c->app->ua->build_tx('GET' => $location);
+        $d_tx->res->content->unsubscribe('read')->on(
+            read => sub {
+                my (undef, $chunk) = @_;
+                if ($chunk) {
+                    try {
+                        return $c->write($chunk, sub { return });
+                    }
+                    catch {
+			 $c->app->log->info("Writing chunk failed: $@");
+                         $d_tx->res->content->unsubscribe('read');
+                    }
+                }
+            }
+        );
+        $c->app->ua->start_p($d_tx)->then(sub  {
+             my $tx = shift;
+        })->catch(sub  {
+            my $err = shift;
+            warn "Connection error: $err";
+        })->wait;
+    }
+};
+app->start;