0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2024-12-30 22:34:18 -05:00
Commit graph

430 commits

Author SHA1 Message Date
dependabot[bot]
34236b9cbb
.github: bump golangci/golangci-lint-action from 3 to 6
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v6)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-09 04:09:14 +00:00
Will Norris
3aec0fce3a .github: update action versions 2024-05-08 21:08:41 -07:00
Will Norris
2451f30f07 .github: run prettier over all yml files 2024-05-08 21:08:41 -07:00
Will Norris
ef50c1f9a6 cmd/imageproxy: remove gorilla mux router
I'm not entirely sure why I had this in the first place... probably just
a misunderstanding at the time of what a mux did and when it is helpful.
In this case, it serves no purpose.
2023-11-13 15:15:55 -08:00
Will Norris
da55ecefd3 Dockerfile: use wolfi-base as build image
This allows a little more control over which version of go we're using.
2023-08-02 08:44:32 -07:00
Will Norris
9708b430f5 README.md: format file
I'm honestly not sure which formatter this is using. Probably something
from the markdown LSP server I'm using. Maybe something built in to
neovim or that ships with LazyVim?
2023-08-02 08:44:32 -07:00
Will Norris
84960fc8a0 bump go version to 1.18 and update deps 2023-08-02 08:44:32 -07:00
Will Norris
a9b6594b41 return early if remote URL returns a 404 2023-05-12 19:04:10 -07:00
Will Norris
1ba0bd0a6d caddy: follow redirects 2023-05-12 18:21:55 -07:00
Will Norris
67f506bc9b caddy/go.mod: bump imageproxy version and try replace 2023-05-12 18:11:14 -07:00
Will Norris
2008a17f5e don't require redirect URLs to match AllowHosts
When following redirects, ensure that the final URL is not in the
configured DenyHosts list, but do not further enforce presence in the
AllowHosts list.

This was initially added in #237, and the original use case was about
protecting against redirects being used to bypass denied hosts. They
were using URL signatures and deny lists (for localhost, etc), but not
allow lists. So really, checking against the deny list is all that was
needed in that case.

This came up recently for me as I was trying to proxy images on a remote
host that redirects to Amazon S3. Even though the original URL was
signed, the redirect was being denied because s3-us-west-2.amazonaws.com
isn't on of my allowed host. But I don't want to allow all of S3, just
the signed URLs.
2023-05-12 12:27:40 -07:00
Will Norris
4229b98cb3 remove deploy script for my personal instance 2023-05-09 11:20:11 -07:00
Will Norris
5afd9081d8 README: update URL of my personal imageproxy instance 2023-05-09 11:19:23 -07:00
Will Norris
eb9dd53848 first pass at basic caddy module
not all configuration options are exposed yet
2023-05-09 02:27:53 -07:00
Amirhosein Zlf
7295bec995 added clients section to README 2023-05-08 21:42:19 -07:00
Will Norris
f9fd6c9885 .github/workflows: update golangci-lint action 2023-04-03 17:39:50 -07:00
Will Norris
5bef5a840a .github/workflows: switch flag syntax back 2023-04-03 17:25:54 -07:00
Will Norris
b37663f12c .github/workflows: update to actions/setup-go@v4 2023-04-03 17:19:24 -07:00
Will Norris
3e9a5ddc3e cmd/imageproxy-sign: remove broken test
This has begun failing with the error:

    error generating coverage report: write |1: file already closed

I'm not 100% sure what's causing this, but this test isn't actually
covering very much, and trying to test a main function is often fraught
anyway, so it's not worth the hassle.
2023-04-03 17:17:31 -07:00
Will Norris
b84da53898 go.mod: update dependencies 2023-04-03 16:54:34 -07:00
dependabot[bot]
3815eb832b build(deps): bump golang.org/x/image from 0.3.0 to 0.5.0
Bumps [golang.org/x/image](https://github.com/golang/image) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/golang/image/releases)
- [Commits](https://github.com/golang/image/compare/v0.3.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/image
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-17 14:14:09 -08:00
Will Norris
f314cbfc87 .github/workfow: try to fix fly deploy
go back to remote-only build for fly deploy, but use buildx v0.9.1 for
building the docker image.  Also add manual trigger for fly deploy
action.
2023-01-31 21:08:50 -08:00
Will Norris
431c70aaa9 .github/workflow: switch to local-build fly deploy 2023-01-31 20:58:22 -08:00
Will Norris
5ffd8db241 all: remove deprecated use of io/ioutil 2023-01-31 20:32:45 -08:00
Will Norris
12d8f92d33 go.mod: set go version to 1.17
This is not a new requirement... I started using 1.17 features at some
point in the past (as indicated in the CI tests).  I just missed
declaring that requirement in the go.mod file.

With go1.17, the structure of the go.mod files changes a bit, but this
shouldn't actually have any actual changes in the dependency tree.
2023-01-31 20:23:50 -08:00
Will Norris
3b7abaf462 go.mod: bump dependencies 2023-01-31 20:08:51 -08:00
Will Norris
d95da8f749 README: update URL for test images 2023-01-15 15:26:37 -08:00
yinpeng
99c0bba938 Update imageproxy.service 2022-12-29 19:54:06 -08:00
Will Norris
a0eb26e18c .github: run deploy workflow after successful docker push
Otherwise, it's very likely that the deploy would complete before the
new docker push, so we'd be redeploying an old image.
2022-12-12 22:47:30 -08:00
Will Norris
8c1d05fc2f fly: add action and config for fly deployment 2022-12-12 17:38:55 -08:00
Will Norris
93dcedd516 docker: go back to signing digests
apparently cosign doesn't like signing tags :)

WARNING: Image reference ghcr.io/willnorris/imageproxy:main uses a tag,
not a digest, to identify the image to sign.

This can lead you to sign a different image than the intended one.
Please use a digest (example.com/ubuntu@sha256:abc123...) rather than
tag (example.com/ubuntu:latest) for the input to cosign. The ability to
refer to images by tag will be removed in a future release.
2022-12-06 08:58:52 -08:00
Will Norris
631d363749 docker: cosign sign tags rather than digest 2022-12-06 08:53:06 -08:00
Will Norris
4121c064ee readme: update minimum working go version 2022-11-14 20:34:06 -08:00
Will Norris
eba736ded3 .github: bump minimum go version to 1.17 2022-11-14 12:05:06 -08:00
Will Norris
26b706015a .github: bump minimum go version to 1.16 2022-11-14 12:01:31 -08:00
Will Norris
635cc9ef3b go.mod: bump all deps 2022-11-14 11:58:59 -08:00
Will Norris
a6f541de1b docker: add multi-platform support
Fixes #345
2022-11-14 11:45:35 -08:00
Will Norris
b6e5e700cf Revert "docker: add multi-platform support"
Didn't mean to push this yet.

This reverts commit 43b75b0ba2.
2022-11-14 11:20:07 -08:00
Will Norris
43b75b0ba2 docker: add multi-platform support 2022-11-14 11:18:09 -08:00
Will Norris
0e35e587f2 .github: clarify docker build steps 2022-11-14 11:15:00 -08:00
Will Norris
59aad26e29 cmd/imageproxy: add proper server timeouts 2022-11-08 17:04:39 -08:00
Will Norris
e4a58965b2 godoc: fix godoc formatting 2022-11-08 16:43:39 -08:00
Will Norris
a1ea6d81a7 .github: bump all github action versions 2022-11-08 16:39:54 -08:00
Will Norris
e35f8298bd workflow: bump actions for building docker image 2022-11-08 16:18:53 -08:00
Will Norris
6022f6a372 bump minimum go version to 1.15
this is due to a newer version of golang.org/x/net using
os.ErrDeadlineExceeded, which was added in go1.15.
2022-02-16 11:15:36 -08:00
Will Norris
7584ca6a7b bump golangci-lint version 2022-02-16 11:15:36 -08:00
Will Norris
a1741ac0e2 update dependencies 2022-02-16 11:15:36 -08:00
Will Norris
a81add5d96 lint: improve error handling 2022-02-16 11:15:36 -08:00
Will Norris
ef8aec77a9 lint: explain hash alg exclusion better 2022-02-16 11:15:36 -08:00
Jacopo
13bafdbf9e Add MaxRedirects option
Add `MaxRedirects` option to set maximum redirection-followings allowed.
The option is only valid when `FollowRedirects` is `true`.

Being able to limit the amount of redirections is helpful in order to
avoid possible loops of redirections or just too long round trips.
2021-12-10 09:25:11 -08:00