nginx too long parameter error, AWS ECR auth token has become larger than 4K #31
Description
AWS seem to have increased their ECR auth token size beyond 4K which NGINX does not accept in its config lines as the buffer limit is set to 4K for line reading.
The error from nginx:
[emerg] 39#39: too long parameter, probably missing terminating """ character in /usr/local/openresty/nginx/conf/nginx.conf:70
I've worked around it by splitting the token in half. I can't send a PR / diff as I'm not using the code provided in this page but what's shown below should help to those who have the same problem.
I've come across the same problem on a similar stack, not using the same code/repo so I can't provide you a PR/diff but here's how I worked around it. I hope it helps
nginx.conf
set $auth_part1 "PART1";
set $auth_part2 "PART2";
set $aws_auth_header "$auth_part1$auth_part2";
proxy_set_header X-Forwarded-User "Basic $aws_auth_header";
proxy_set_header Authorization "Basic $aws_auth_header";
renew_token.sh
while true; do
TOKEN="$(aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken')"
length=${#TOKEN}
middle=$((length / 2))
part1=${TOKEN:0:middle}
part2=${TOKEN:middle}
[ -n "${TOKEN}" ] && break
echo "Warn: Unable to get new token, wait and retry!"
sleep 30
done
old_part1=$(grep -m1 'auth_part1' "$CONFIG" | sed -E 's/.*auth_part1.*"([^"]+)".*/\1/')
old_part2=$(grep -m1 'auth_part2' "$CONFIG" | sed -E 's/.*auth_part2.*"([^"]+)".*/\1/')
sed -i "s|$old_part1|$part1|g" "$CONFIG"
sed -i "s|$old_part2|$part2|g" "$CONFIG"
startup.sh
TOKEN="$(aws ecr get-authorization-token --output text --query 'authorizationData[].authorizationToken')"
length=${#TOKEN}
middle=$((length / 2))
part1=${TOKEN:0:middle}
part2=${TOKEN:middle}
sed -i "s|PART1|$part1|g" "$CONFIG"
sed -i "s|PART2|$part2|g" "$CONFIG"