chore: Switch to vanilla Caddy, when rate limiting is disabled (#33387)

Depends-on: [33591](https://github.com/appsmithorg/appsmith/pull/33591/files) Fixes: #31997 --------- Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
2024-05-24 13:11:56 +05:30 · 2024-05-24 13:11:56 +05:30 · bf05e0f185
commit bf05e0f185
parent 75bd4292ea
4 changed files with 25 additions and 13 deletions
--- a/.github/workflows/ci-test-custom-script.yml
+++ b/.github/workflows/ci-test-custom-script.yml
@ -183,7 +183,7 @@ jobs:
            -e APPSMITH_INTERCOM_APP_ID=DUMMY_VALUE \
            -e APPSMITH_CLOUD_SERVICES_BASE_URL=http://host.docker.internal:5001 \
            -e APPSMITH_CLOUD_SERVICES_SIGNATURE_BASE_URL=http://host.docker.internal:8090 \
-            -e _APPSMITH_RATE_LIMIT=1000 \
+            -e APPSMITH_RATE_LIMIT=1000 \
            --add-host=host.docker.internal:host-gateway --add-host=api.segment.io:host-gateway --add-host=t.appsmith.com:host-gateway \
            cicontainer

--- a/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs
+++ b/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs
@ -6,11 +6,12 @@ import {X509Certificate} from "crypto"
 // The custom domain is expected to only have the domain. So if it has a protocol, we ignore the whole value.
 // This was the effective behaviour before Caddy.
 const CUSTOM_DOMAIN = (process.env.APPSMITH_CUSTOM_DOMAIN || "").replace(/^https?:\/\/.+$/, "")
-
-// Rate limit, numeric value defining the requests-per-second allowed.
-const RATE_LIMIT = parseInt(process.env._APPSMITH_RATE_LIMIT || 100, 10)
-
 const CaddyfilePath = process.env.TMP + "/Caddyfile"
+const AppsmithCaddy = process.env._APPSMITH_CADDY
+
+// Rate limit environment.
+const isRateLimitingEnabled = process.env.APPSMITH_RATE_LIMIT !== "disabled"
+const RATE_LIMIT = parseInt(process.env.APPSMITH_RATE_LIMIT || 100, 10)

 let certLocation = null
 if (CUSTOM_DOMAIN !== "") {
@ -48,7 +49,7 @@ parts.push(`
  servers {
    trusted_proxies static 0.0.0.0/0
  }
-  order rate_limit before basicauth
+  ${isRateLimitingEnabled ? "order rate_limit before basicauth" : ""}
 }

 (file_server) {
@ -131,13 +132,13 @@ parts.push(`
    import reverse_proxy 9001
  }

-  rate_limit {
+  ${isRateLimitingEnabled ? `rate_limit {
    zone dynamic_zone {
      key {http.request.remote_ip}
      events ${RATE_LIMIT}
      window 1s
    }
-  }
+  }`: ""}

  handle_errors {
    respond "{err.status_code} {err.status_text}" {err.status_code}
@ -187,8 +188,8 @@ if (!process.argv.includes("--no-finalize-index-html")) {

 fs.mkdirSync(dirname(CaddyfilePath), { recursive: true })
 fs.writeFileSync(CaddyfilePath, parts.join("\n"))
-spawnSync("/opt/caddy/caddy", ["fmt", "--overwrite", CaddyfilePath])
-spawnSync("/opt/caddy/caddy", ["reload", "--config", CaddyfilePath])
+spawnSync(AppsmithCaddy, ["fmt", "--overwrite", CaddyfilePath])
+spawnSync(AppsmithCaddy, ["reload", "--config", CaddyfilePath])

 function finalizeIndexHtml() {
  let info = null;
@ -218,3 +219,4 @@ function isCertExpired(path) {
  console.log(path, cert)
  return new Date(cert.validTo) < new Date()
 }
+
--- a/deploy/docker/fs/opt/appsmith/entrypoint.sh
+++ b/deploy/docker/fs/opt/appsmith/entrypoint.sh
@ -464,13 +464,21 @@ runEmbeddedPostgres=1
 init_postgres || runEmbeddedPostgres=0
 }

+setup_caddy() {
+  if [[ "$APPSMITH_RATE_LIMIT" == "disabled" ]]; then
+    export _APPSMITH_CADDY="/opt/caddy/caddy_vanilla"
+  else
+    export _APPSMITH_CADDY="/opt/caddy/caddy"
+  fi
+}
+
 init_loading_pages(){
  export XDG_DATA_HOME=/appsmith-stacks/data  # so that caddy saves tls certs and other data under stacks/data/caddy
  export XDG_CONFIG_HOME=/appsmith-stacks/configuration
  mkdir -p "$XDG_DATA_HOME" "$XDG_CONFIG_HOME"
  cp templates/loading.html "$WWW_PATH"
  node caddy-reconfigure.mjs
-  /opt/caddy/caddy start --config "$TMP/Caddyfile"
+  "$_APPSMITH_CADDY" start --config "$TMP/Caddyfile"
 }

 function setup_auto_heal(){
@ -491,6 +499,7 @@ function capture_infra_details(){

 # Main Section
 print_appsmith_info
+setup_caddy
 init_loading_pages
 unset_unused_variables

--- a/deploy/docker/fs/opt/appsmith/run-caddy.sh
+++ b/deploy/docker/fs/opt/appsmith/run-caddy.sh
@ -16,6 +16,7 @@ gzip --keep --force "$(basename "$WWW_PATH/index.html")"
 popd

 # Caddy may already be running for the loading page.
-/opt/caddy/caddy stop --config "$TMP/Caddyfile" || true
+"$_APPSMITH_CADDY" stop --config "$TMP/Caddyfile" || true
+
+exec "$_APPSMITH_CADDY" run --config "$TMP/Caddyfile"

-exec /opt/caddy/caddy run --config "$TMP/Caddyfile"