Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
c2bef377ab
PromucFlow_constructor/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs

245 lines
6.6 KiB
JavaScript
Raw Normal View History

feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
import * as fs from "fs"
import {dirname} from "path"
import {spawnSync} from "child_process"
import {X509Certificate} from "crypto"
fix: Remove Server header and allow all on port 80 (#29585) Another attempt at #29550, which was reverted. Fallback is not happening if cert provisioning fails _despite_ having the correct header. But with the changes in this PR, since we'll listen on `:80`, fallback _will_ happen when cert provisioning fails due to incorrect domain configuration. We're also adding [Hurl](https://hurl.dev) based tests. They're not run in any CI yet. That'll come in soon.
2023-12-18 04:14:31 +00:00
// The custom domain is expected to only have the domain. So if it has a protocol, we ignore the whole value.
// This was the effective behaviour before Caddy.
const CUSTOM_DOMAIN = (process.env.APPSMITH_CUSTOM_DOMAIN || "").replace(/^https?:\/\/.+$/, "")
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
const CaddyfilePath = process.env.TMP + "/Caddyfile"
chore: Switch to vanilla Caddy, when rate limiting is disabled (#33387) Depends-on: [33591](https://github.com/appsmithorg/appsmith/pull/33591/files) Fixes: #31997 --------- Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
2024-05-24 07:41:56 +00:00
const AppsmithCaddy = process.env._APPSMITH_CADDY
// Rate limit environment.
const isRateLimitingEnabled = process.env.APPSMITH_RATE_LIMIT !== "disabled"
const RATE_LIMIT = parseInt(process.env.APPSMITH_RATE_LIMIT || 100, 10)
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
let certLocation = null
fix: Remove Server header and allow all on port 80 (#29585) Another attempt at #29550, which was reverted. Fallback is not happening if cert provisioning fails _despite_ having the correct header. But with the changes in this PR, since we'll listen on `:80`, fallback _will_ happen when cert provisioning fails due to incorrect domain configuration. We're also adding [Hurl](https://hurl.dev) based tests. They're not run in any CI yet. That'll come in soon.
2023-12-18 04:14:31 +00:00
if (CUSTOM_DOMAIN !== "") {
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
try {
fs.accessSync("/appsmith-stacks/ssl/fullchain.pem", fs.constants.R_OK)
certLocation = "/appsmith-stacks/ssl"
fix: Remove Server header and allow all on port 80 (#29585) Another attempt at #29550, which was reverted. Fallback is not happening if cert provisioning fails _despite_ having the correct header. But with the changes in this PR, since we'll listen on `:80`, fallback _will_ happen when cert provisioning fails due to incorrect domain configuration. We're also adding [Hurl](https://hurl.dev) based tests. They're not run in any CI yet. That'll come in soon.
2023-12-18 04:14:31 +00:00
} catch {
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
// no custom certs, see if old certbot certs are there.
chore: Remove unneeded letsencrypt symlink (#30221)
2024-01-11 04:28:52 +00:00
const letsEncryptCertLocation = "/appsmith-stacks/letsencrypt/live/" + CUSTOM_DOMAIN
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
const fullChainPath = letsEncryptCertLocation + `/fullchain.pem`
try {
fs.accessSync(fullChainPath, fs.constants.R_OK)
console.log("Old Let's Encrypt cert file exists, now checking if it's expired.")
if (!isCertExpired(fullChainPath)) {
certLocation = letsEncryptCertLocation
}
fix: Remove Server header and allow all on port 80 (#29585) Another attempt at #29550, which was reverted. Fallback is not happening if cert provisioning fails _despite_ having the correct header. But with the changes in this PR, since we'll listen on `:80`, fallback _will_ happen when cert provisioning fails due to incorrect domain configuration. We're also adding [Hurl](https://hurl.dev) based tests. They're not run in any CI yet. That'll come in soon.
2023-12-18 04:14:31 +00:00
} catch {
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
// no certs there either, ignore.
}
}
}
fix: frame-ancestors env variable being overridden (#29521) We're setting the default value for `APPSMITH_ALLOWED_FRAME_ANCESTORS` before we initialize env variables from `docker.env`. This make the default value take a higher precedence over the value configured in `docker.env`. And since the value in `docker.env` is the one configured from Admin Settings, it feels like the value configured from the UI is being ignored. This fixes the problem by moving the check for this env variable to _inside_ the reconfigure script, and so doesn't affect any env variables.
2023-12-11 13:55:12 +00:00
const frameAncestorsPolicy = (process.env.APPSMITH_ALLOWED_FRAME_ANCESTORS || "'self'")
.replace(/;.*$/, "")
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
const parts = []
parts.push(`
{
chore: Local Caddy support (#31325) Replaces NGINX for local dev with Caddy. The advandage here is that the script that generates `Caddyfile` at runtime on production deployments, is also used to generate the `Caddyfile` at local development. This reduces the local--production gap. /ok-to-test tags="@tag.Sanity"
2024-04-19 01:08:01 +00:00
debug
update caddy address (#36291) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Updated Caddy web server configuration to allow broader accessibility to the admin interface. - **Security Notice** - The admin interface is now accessible from any IP address, which may require enhanced security measures to protect against unauthorized access. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-09-13 10:00:08 +00:00
admin 0.0.0.0:2019
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
persist_config off
acme_ca_root /etc/ssl/certs/ca-certificates.crt
servers {
trusted_proxies static 0.0.0.0/0
fix: caddy partial metrics (#36376) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Introduced metrics collection for enhanced monitoring and performance analysis. - **Bug Fixes** - Preserved existing functionality related to rate limiting and basic authentication. <!-- end of auto-generated comment: release notes by coderabbit.ai --> <!-- This is an auto-generated comment: Cypress test results --> > [!WARNING] > Tests have not run on the HEAD 61808ad230907d204676a7aa83aee9d3b4054376 yet > <hr>Tue, 17 Sep 2024 13:28:01 UTC <!-- end of auto-generated comment: Cypress test results -->
2024-09-17 13:29:51 +00:00
metrics
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
}
chore: Switch to vanilla Caddy, when rate limiting is disabled (#33387) Depends-on: [33591](https://github.com/appsmithorg/appsmith/pull/33591/files) Fixes: #31997 --------- Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
2024-05-24 07:41:56 +00:00
${isRateLimitingEnabled ? "order rate_limit before basicauth" : ""}
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
}
(file_server) {
file_server {
precompressed br gzip
disable_canonical_uris
}
}
(reverse_proxy) {
reverse_proxy {
to 127.0.0.1:{args[0]}
header_up -Forwarded
chore: Add an internal request ID for logging (#33086) /ok-to-test tags="@tag.All" <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/8918415111> > Commit: f902355ece5445d27fd8a65dcf4607afb4c5d656 > Cypress dashboard url: <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=8918415111&attempt=2" target="_blank">Click here!</a> <!-- end of auto-generated comment: Cypress test results -->
2024-05-02 07:30:23 +00:00
header_up X-Appsmith-Request-Id {http.request.uuid}
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
}
}
(all-config) {
log {
output stdout
}
chore: caddy: enable logging of static file requests (#36500) ## Description - Enable logs of static file requests in caddy. - Skip logging for CSS and JS source map files. These files are inconsequential for page rendering and therefore not worth tracking, as they only pollute the log files. Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Sanity" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11016033178> > Commit: 97cfe307355f159a9cb80295fb566c406ffc056a > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11016033178&attempt=3" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Wed, 25 Sep 2024 05:08:51 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Enhanced logging configurations to improve performance by skipping logs for health check requests and JavaScript map files. - **Bug Fixes** - Adjusted existing logging behavior for file handling to ensure more accurate log processing. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-09-25 05:31:18 +00:00
# skip logs for health check
fix: remove cache control headers for requests handled with an error in Caddy (#36590)
2024-10-07 08:29:29 +00:00
log_skip /api/v1/health
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
chore: caddy: enable logging of static file requests (#36500) ## Description - Enable logs of static file requests in caddy. - Skip logging for CSS and JS source map files. These files are inconsequential for page rendering and therefore not worth tracking, as they only pollute the log files. Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Sanity" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11016033178> > Commit: 97cfe307355f159a9cb80295fb566c406ffc056a > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11016033178&attempt=3" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Wed, 25 Sep 2024 05:08:51 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Enhanced logging configurations to improve performance by skipping logs for health check requests and JavaScript map files. - **Bug Fixes** - Adjusted existing logging behavior for file handling to ensure more accurate log processing. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-09-25 05:31:18 +00:00
# skip logs for sourcemap files
@source-map-files {
path_regexp ^.*\.(js|css)\.map$
}
fix: remove cache control headers for requests handled with an error in Caddy (#36590)
2024-10-07 08:29:29 +00:00
log_skip @source-map-files
chore: caddy: enable logging of static file requests (#36500) ## Description - Enable logs of static file requests in caddy. - Skip logging for CSS and JS source map files. These files are inconsequential for page rendering and therefore not worth tracking, as they only pollute the log files. Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Sanity" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11016033178> > Commit: 97cfe307355f159a9cb80295fb566c406ffc056a > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11016033178&attempt=3" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Wed, 25 Sep 2024 05:08:51 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Enhanced logging configurations to improve performance by skipping logs for health check requests and JavaScript map files. - **Bug Fixes** - Adjusted existing logging behavior for file handling to ensure more accurate log processing. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-09-25 05:31:18 +00:00
chore: Add an internal request ID for logging (#33086) /ok-to-test tags="@tag.All" <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/8918415111> > Commit: f902355ece5445d27fd8a65dcf4607afb4c5d656 > Cypress dashboard url: <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=8918415111&attempt=2" target="_blank">Click here!</a> <!-- end of auto-generated comment: Cypress test results -->
2024-05-02 07:30:23 +00:00
# The internal request ID header should never be accepted from an incoming request.
request_header -X-Appsmith-Request-Id
# Ref: https://stackoverflow.com/a/38191078/151048
# We're only accepting v4 UUIDs today, in order to not make it too lax unless needed.
@valid-request-id expression {header.X-Request-Id}.matches("(?i)^[0-9A-F]{8}-[0-9A-F]{4}-[4][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$")
header @valid-request-id X-Request-Id {header.X-Request-Id}
@invalid-request-id expression !{header.X-Request-Id}.matches("(?i)^[0-9A-F]{8}-[0-9A-F]{4}-[4][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$")
header @invalid-request-id X-Request-Id invalid_request_id
request_header @invalid-request-id X-Request-Id invalid_request_id
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
header {
-Server
fix: frame-ancestors env variable being overridden (#29521) We're setting the default value for `APPSMITH_ALLOWED_FRAME_ANCESTORS` before we initialize env variables from `docker.env`. This make the default value take a higher precedence over the value configured in `docker.env`. And since the value in `docker.env` is the one configured from Admin Settings, it feels like the value configured from the UI is being ignored. This fixes the problem by moving the check for this env variable to _inside_ the reconfigure script, and so doesn't affect any env variables.
2023-12-11 13:55:12 +00:00
Content-Security-Policy "frame-ancestors ${frameAncestorsPolicy}"
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
X-Content-Type-Options "nosniff"
chore: Add an internal request ID for logging (#33086) /ok-to-test tags="@tag.All" <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/8918415111> > Commit: f902355ece5445d27fd8a65dcf4607afb4c5d656 > Cypress dashboard url: <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=8918415111&attempt=2" target="_blank">Click here!</a> <!-- end of auto-generated comment: Cypress test results -->
2024-05-02 07:30:23 +00:00
X-Appsmith-Request-Id {http.request.uuid}
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
}
chore: Add cache control header for static files (#35461) ## Description Add cache control header to static files in Caddy Fixes #34643 ## Automation /ok-to-test tags="@tag.All" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/10987267745> > Commit: 779d12e84054412d436e8a0c0f26878e475d7469 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=10987267745&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.All` > Spec: > <hr>Mon, 23 Sep 2024 04:38:28 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit - **New Features** - Enhanced caching strategy for static assets, improving performance and reducing load times. - Introduced a `Cache-Control` header for static files to optimize browser caching. - Updated caching configuration to allow more frequent updates of JavaScript and CSS files. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-09-23 07:15:13 +00:00
header /static/* {
Cache-Control "public, max-age=31536000, immutable"
}
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
request_body {
chore: Support configurable body max size in Caddyfile (#31461) Fixes #31454.
2024-03-04 10:40:07 +00:00
max_size ${process.env.APPSMITH_CODEC_SIZE || 150}MB
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
}
handle {
root * {$WWW_PATH}
try_files /loading.html /index.html
import file_server
}
root * /opt/appsmith/editor
@file file
handle @file {
import file_server
}
fix: Incorrect status code for missing static files (#29374) I think the route precedence in Caddy is different when using `handle` directive, vs when directly using the `error` directive. This is causing the file `handle {` route, which is a catch-all route is handling `/static/*` requests that don't have a corresponding file. This handler however, doesn't respond with 404 status, it responds with 200 status for missing files, and render the `index.html` for our SPA behaviour. Now, the CDN we have on release.app.appsmith.com caches responses from upstream when the status is 200. If it is 404, it won't cache and retry next time. This is why it's essential that we respond with 404 for files that don't exist, irrespective of the content of the response. When the container is starting up, Caddy doesn't have all the information yet, and may have responded with not-found for one of the assets. But since this went out with 200 status, our CDN cached it, and once the file _was_ available with Caddy, the CDN wouldn't retry ever. This fix will ensure we get 404 status code for requests to `/static/*` that point to files that don't exist.
2023-12-06 09:12:25 +00:00
handle /static/* {
error 404
}
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
handle /info {
root * /opt/appsmith
rewrite * /info.json
import file_server
}
@backend path /api/* /oauth2/* /login/*
handle @backend {
import reverse_proxy 8080
}
handle /rts/* {
import reverse_proxy 8091
}
redir /supervisor /supervisor/
handle_path /supervisor/* {
import reverse_proxy 9001
}
chore: Switch to vanilla Caddy, when rate limiting is disabled (#33387) Depends-on: [33591](https://github.com/appsmithorg/appsmith/pull/33591/files) Fixes: #31997 --------- Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
2024-05-24 07:41:56 +00:00
${isRateLimitingEnabled ? `rate_limit {
feat: Rate limiting on Caddy (#31496)
2024-03-07 10:52:29 +00:00
zone dynamic_zone {
fix: Rate limiting key should respect load balancers (#37409) This PR changes the `key` used for rate limiting so that it includes any `Forwarded` or `X-Forwarded-For` headers, so that rate-limiting counter respects any load balancers that are running on top of Appsmith container. /test sanity ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/11855493733> > Commit: af2d760c6e5f3ea61ae0bfb476cb4e023648cecc > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=11855493733&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Fri, 15 Nov 2024 12:04:04 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Enhanced rate limiting configuration for improved performance with load balancers. - Adjusted handling of custom domains for better certificate management. - **Bug Fixes** - Improved error handling by removing unnecessary headers to enhance security and response consistency. - **Documentation** - Updated internal logic for generating server configurations, ensuring clarity in server setup. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-20 05:10:02 +00:00
# This key is designed to work irrespective of any load balancers running on the Appsmith container.
# We use "+" as the separator here since we don't expect it in any of the placeholder values here, and has no
# significance in header value syntax.
key {header.Forwarded}+{header.X-Forwarded-For}+{remote_host}
feat: Rate limiting on Caddy (#31496)
2024-03-07 10:52:29 +00:00
events ${RATE_LIMIT}
window 1s
}
chore: Switch to vanilla Caddy, when rate limiting is disabled (#33387) Depends-on: [33591](https://github.com/appsmithorg/appsmith/pull/33591/files) Fixes: #31997 --------- Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
2024-05-24 07:41:56 +00:00
}`: ""}
feat: Rate limiting on Caddy (#31496)
2024-03-07 10:52:29 +00:00
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
handle_errors {
respond "{err.status_code} {err.status_text}" {err.status_code}
fix: remove cache control headers for requests handled with an error in Caddy (#36590)
2024-10-07 08:29:29 +00:00
header {
# Remove the Server header from the response.
-Server
# Remove Cache-Control header from the response.
-Cache-Control
}
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
}
}
fix: Remove Server header and allow all on port 80 (#29585) Another attempt at #29550, which was reverted. Fallback is not happening if cert provisioning fails _despite_ having the correct header. But with the changes in this PR, since we'll listen on `:80`, fallback _will_ happen when cert provisioning fails due to incorrect domain configuration. We're also adding [Hurl](https://hurl.dev) based tests. They're not run in any CI yet. That'll come in soon.
2023-12-18 04:14:31 +00:00
# We bind to http on 80, so that localhost requests don't get redirected to https.
fix: Consider heroku deployment while generating Caddyfile (#33559) ## Description Looks like while replacing NGINX with Caddy, Heroku deployment usecase was missed. Updated Caddyfile generation to use `$PORT` if available. Fixes #33555 Tested on Heroku Standard-2x Dyno.
2024-05-21 06:37:58 +00:00
:${process.env.PORT || 80} {
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
import all-config
}
fix: Remove Server header and allow all on port 80 (#29585) Another attempt at #29550, which was reverted. Fallback is not happening if cert provisioning fails _despite_ having the correct header. But with the changes in this PR, since we'll listen on `:80`, fallback _will_ happen when cert provisioning fails due to incorrect domain configuration. We're also adding [Hurl](https://hurl.dev) based tests. They're not run in any CI yet. That'll come in soon.
2023-12-18 04:14:31 +00:00
`)
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
fix: Remove Server header and allow all on port 80 (#29585) Another attempt at #29550, which was reverted. Fallback is not happening if cert provisioning fails _despite_ having the correct header. But with the changes in this PR, since we'll listen on `:80`, fallback _will_ happen when cert provisioning fails due to incorrect domain configuration. We're also adding [Hurl](https://hurl.dev) based tests. They're not run in any CI yet. That'll come in soon.
2023-12-18 04:14:31 +00:00
if (CUSTOM_DOMAIN !== "") {
fix: Allow incoming TLS traffic without restricting the domain (#30571) This is a fix for a user's problem. They have custom domain set, a custom cert in the `stacks/ssl` folder, but because a different team operates a reverse-proxy, they aren't sure which _host_ is actually used by the reverse proxy. And the way we bind to port 443 requires that that puzzle be solved, for very little extra value. This change makes it so that we accept any incoming TLS connections, if a custom domain is set, which should be much more convenient. [Slack Thread](https://theappsmith.slack.com/archives/C0341RERY4R/p1705700120412079). Already deployed on users' system, and they've confirmed its working.
2024-01-24 09:49:17 +00:00
if (certLocation) {
// There's a custom certificate, don't bind to any exact domain.
parts.push(`
https:// {
import all-config
tls ${certLocation}/fullchain.pem ${certLocation}/privkey.pem
}
`)
} else {
// No custom certificate, bind to the custom domain explicitly, so Caddy can auto-provision the cert.
parts.push(`
https://${CUSTOM_DOMAIN} {
import all-config
}
`)
}
fix: Remove Server header and allow all on port 80 (#29585) Another attempt at #29550, which was reverted. Fallback is not happening if cert provisioning fails _despite_ having the correct header. But with the changes in this PR, since we'll listen on `:80`, fallback _will_ happen when cert provisioning fails due to incorrect domain configuration. We're also adding [Hurl](https://hurl.dev) based tests. They're not run in any CI yet. That'll come in soon.
2023-12-18 04:14:31 +00:00
// We have to own the http-to-https redirect, since we need to remove the `Server` header from the response.
parts.push(`
http://${CUSTOM_DOMAIN} {
redir https://{host}{uri}
header -Server
header Connection close
}
`)
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
}
chore: Local Caddy support (#31325) Replaces NGINX for local dev with Caddy. The advandage here is that the script that generates `Caddyfile` at runtime on production deployments, is also used to generate the `Caddyfile` at local development. This reduces the local--production gap. /ok-to-test tags="@tag.Sanity"
2024-04-19 01:08:01 +00:00
if (!process.argv.includes("--no-finalize-index-html")) {
chore: Fix env varibles in 404.html (#37672) Environment variables in `404.html` page aren't getting replaced with their values. This PR fixes that. ## Automation /test sanity ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!WARNING] > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/12005727044> > Commit: 56b10fddf2ee7ed180ed59845b6f0223cd26b06a > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=12005727044&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: @tag.Sanity > Spec: > It seems like **no tests ran** 😔. We are not able to recognize it, please check <a href="https://github.com/appsmithorg/appsmith/actions/runs/12005727044" target="_blank">workflow here</a>. > <hr>Mon, 25 Nov 2024 08:48:10 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Improved dynamic retrieval of environment variables for better integration with environment-specific settings in the 404 error page. - Enhanced handling of HTML files, including the 404 page, during the configuration process. - **Bug Fixes** - Improved error handling for missing SSL certificates and custom domains. - **Documentation** - Updated logic for processing HTML files to ensure correct paths and configurations are applied. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-26 06:11:01 +00:00
finalizeHtmlFiles()
chore: Local Caddy support (#31325) Replaces NGINX for local dev with Caddy. The advandage here is that the script that generates `Caddyfile` at runtime on production deployments, is also used to generate the `Caddyfile` at local development. This reduces the local--production gap. /ok-to-test tags="@tag.Sanity"
2024-04-19 01:08:01 +00:00
}
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
fs.mkdirSync(dirname(CaddyfilePath), { recursive: true })
fs.writeFileSync(CaddyfilePath, parts.join("\n"))
chore: Switch to vanilla Caddy, when rate limiting is disabled (#33387) Depends-on: [33591](https://github.com/appsmithorg/appsmith/pull/33591/files) Fixes: #31997 --------- Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
2024-05-24 07:41:56 +00:00
spawnSync(AppsmithCaddy, ["fmt", "--overwrite", CaddyfilePath])
spawnSync(AppsmithCaddy, ["reload", "--config", CaddyfilePath])
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
chore: Fix env varibles in 404.html (#37672) Environment variables in `404.html` page aren't getting replaced with their values. This PR fixes that. ## Automation /test sanity ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!WARNING] > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/12005727044> > Commit: 56b10fddf2ee7ed180ed59845b6f0223cd26b06a > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=12005727044&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: @tag.Sanity > Spec: > It seems like **no tests ran** 😔. We are not able to recognize it, please check <a href="https://github.com/appsmithorg/appsmith/actions/runs/12005727044" target="_blank">workflow here</a>. > <hr>Mon, 25 Nov 2024 08:48:10 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Improved dynamic retrieval of environment variables for better integration with environment-specific settings in the 404 error page. - Enhanced handling of HTML files, including the 404 page, during the configuration process. - **Bug Fixes** - Improved error handling for missing SSL certificates and custom domains. - **Documentation** - Updated logic for processing HTML files to ensure correct paths and configurations are applied. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-26 06:11:01 +00:00
function finalizeHtmlFiles() {
chore: Don't break on missing info.json (#31287) The `caddy-reconfigure.mjs` script fails to gracefully continue when `info.json` is missing. This PR brings back that grace.
2024-02-27 10:37:57 +00:00
let info = null;
try {
info = JSON.parse(fs.readFileSync("/opt/appsmith/info.json", "utf8"))
} catch(e) {
// info will be empty, that's okay.
chore: Local Caddy support (#31325) Replaces NGINX for local dev with Caddy. The advandage here is that the script that generates `Caddyfile` at runtime on production deployments, is also used to generate the `Caddyfile` at local development. This reduces the local--production gap. /ok-to-test tags="@tag.Sanity"
2024-04-19 01:08:01 +00:00
console.error("Error reading info.json", e.message)
chore: Don't break on missing info.json (#31287) The `caddy-reconfigure.mjs` script fails to gracefully continue when `info.json` is missing. This PR brings back that grace.
2024-02-27 10:37:57 +00:00
}
chore: Render env vars in caddy-reconfigure script (#30673) Move more logic in managing Caddy into Javascript from the shell script.
2024-01-31 06:08:49 +00:00
const extraEnv = {
chore: Don't break on missing info.json (#31287) The `caddy-reconfigure.mjs` script fails to gracefully continue when `info.json` is missing. This PR brings back that grace.
2024-02-27 10:37:57 +00:00
APPSMITH_VERSION_ID: info?.version ?? "",
APPSMITH_VERSION_SHA: info?.commitSha ?? "",
APPSMITH_VERSION_RELEASE_DATE: info?.imageBuiltAt ?? "",
chore: add grafana faro sdk (CE) (#38301) ## Description - Remove new relic browser agent - Add faro sdk to capture frontend perf metrics and traces. Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.All" ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/12490844984> > Commit: c9d4264027467bf33e1de519eb69c7762b6e7f75 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=12490844984&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `@tag.All` > Spec: > <hr>Wed, 25 Dec 2024 09:33:26 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit - **New Features** - Introduced new environment variable `APPSMITH_HOSTNAME` for dynamic hostname configuration in HTML files. - Enhanced telemetry capabilities with new imports and updated types for better observability. - Added `tracingUrl` under the observability section in configuration files for improved telemetry tracking. - **Bug Fixes** - Adjusted telemetry data handling to utilize new `Attributes` type for improved consistency. - **Documentation** - Updated import paths for various telemetry-related components to reflect new module organization. - **Chores** - Removed deprecated telemetry configurations and streamlined build processes. - Updated Nginx configuration to reflect new telemetry parameters. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-12-26 05:07:41 +00:00
APPSMITH_HOSTNAME: process.env.HOSTNAME ?? "appsmith-0"
chore: Render env vars in caddy-reconfigure script (#30673) Move more logic in managing Caddy into Javascript from the shell script.
2024-01-31 06:08:49 +00:00
}
chore: Fix env varibles in 404.html (#37672) Environment variables in `404.html` page aren't getting replaced with their values. This PR fixes that. ## Automation /test sanity ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!WARNING] > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/12005727044> > Commit: 56b10fddf2ee7ed180ed59845b6f0223cd26b06a > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=12005727044&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: @tag.Sanity > Spec: > It seems like **no tests ran** 😔. We are not able to recognize it, please check <a href="https://github.com/appsmithorg/appsmith/actions/runs/12005727044" target="_blank">workflow here</a>. > <hr>Mon, 25 Nov 2024 08:48:10 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Improved dynamic retrieval of environment variables for better integration with environment-specific settings in the 404 error page. - Enhanced handling of HTML files, including the 404 page, during the configuration process. - **Bug Fixes** - Improved error handling for missing SSL certificates and custom domains. - **Documentation** - Updated logic for processing HTML files to ensure correct paths and configurations are applied. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-26 06:11:01 +00:00
for (const file of ["index.html", "404.html"]) {
const content = fs.readFileSync("/opt/appsmith/editor/" + file, "utf8").replaceAll(
/\{\{env\s+"(APPSMITH_[A-Z0-9_]+)"}}/g,
(_, name) => (process.env[name] || extraEnv[name] || "")
)
chore: Render env vars in caddy-reconfigure script (#30673) Move more logic in managing Caddy into Javascript from the shell script.
2024-01-31 06:08:49 +00:00
chore: Fix env varibles in 404.html (#37672) Environment variables in `404.html` page aren't getting replaced with their values. This PR fixes that. ## Automation /test sanity ### :mag: Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!WARNING] > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/12005727044> > Commit: 56b10fddf2ee7ed180ed59845b6f0223cd26b06a > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=12005727044&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: @tag.Sanity > Spec: > It seems like **no tests ran** 😔. We are not able to recognize it, please check <a href="https://github.com/appsmithorg/appsmith/actions/runs/12005727044" target="_blank">workflow here</a>. > <hr>Mon, 25 Nov 2024 08:48:10 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Improved dynamic retrieval of environment variables for better integration with environment-specific settings in the 404 error page. - Enhanced handling of HTML files, including the 404 page, during the configuration process. - **Bug Fixes** - Improved error handling for missing SSL certificates and custom domains. - **Documentation** - Updated logic for processing HTML files to ensure correct paths and configurations are applied. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2024-11-26 06:11:01 +00:00
fs.writeFileSync(process.env.WWW_PATH + "/" + file, content)
}
chore: Render env vars in caddy-reconfigure script (#30673) Move more logic in managing Caddy into Javascript from the shell script.
2024-01-31 06:08:49 +00:00
}
feat: Caddy (#28081) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
2023-12-05 05:17:36 +00:00
function isCertExpired(path) {
const cert = new X509Certificate(fs.readFileSync(path, "utf-8"))
console.log(path, cert)
return new Date(cert.validTo) < new Date()
}
Reference in New Issue Copy Permalink