diff --git a/.github/workflows/ci-test-custom-script.yml b/.github/workflows/ci-test-custom-script.yml index 5c3976d153..ab543b7430 100644 --- a/.github/workflows/ci-test-custom-script.yml +++ b/.github/workflows/ci-test-custom-script.yml @@ -183,7 +183,7 @@ jobs: -e APPSMITH_INTERCOM_APP_ID=DUMMY_VALUE \ -e APPSMITH_CLOUD_SERVICES_BASE_URL=http://host.docker.internal:5001 \ -e APPSMITH_CLOUD_SERVICES_SIGNATURE_BASE_URL=http://host.docker.internal:8090 \ - -e _APPSMITH_RATE_LIMIT=1000 \ + -e APPSMITH_RATE_LIMIT=1000 \ --add-host=host.docker.internal:host-gateway --add-host=api.segment.io:host-gateway --add-host=t.appsmith.com:host-gateway \ cicontainer diff --git a/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs b/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs index d24958210f..c3a9fd5174 100644 --- a/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs +++ b/deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs @@ -6,11 +6,12 @@ import {X509Certificate} from "crypto" // The custom domain is expected to only have the domain. So if it has a protocol, we ignore the whole value. // This was the effective behaviour before Caddy. const CUSTOM_DOMAIN = (process.env.APPSMITH_CUSTOM_DOMAIN || "").replace(/^https?:\/\/.+$/, "") - -// Rate limit, numeric value defining the requests-per-second allowed. -const RATE_LIMIT = parseInt(process.env._APPSMITH_RATE_LIMIT || 100, 10) - const CaddyfilePath = process.env.TMP + "/Caddyfile" +const AppsmithCaddy = process.env._APPSMITH_CADDY + +// Rate limit environment. +const isRateLimitingEnabled = process.env.APPSMITH_RATE_LIMIT !== "disabled" +const RATE_LIMIT = parseInt(process.env.APPSMITH_RATE_LIMIT || 100, 10) let certLocation = null if (CUSTOM_DOMAIN !== "") { @@ -48,7 +49,7 @@ parts.push(` servers { trusted_proxies static 0.0.0.0/0 } - order rate_limit before basicauth + ${isRateLimitingEnabled ? "order rate_limit before basicauth" : ""} } (file_server) { @@ -131,13 +132,13 @@ parts.push(` import reverse_proxy 9001 } - rate_limit { + ${isRateLimitingEnabled ? `rate_limit { zone dynamic_zone { key {http.request.remote_ip} events ${RATE_LIMIT} window 1s } - } + }`: ""} handle_errors { respond "{err.status_code} {err.status_text}" {err.status_code} @@ -187,8 +188,8 @@ if (!process.argv.includes("--no-finalize-index-html")) { fs.mkdirSync(dirname(CaddyfilePath), { recursive: true }) fs.writeFileSync(CaddyfilePath, parts.join("\n")) -spawnSync("/opt/caddy/caddy", ["fmt", "--overwrite", CaddyfilePath]) -spawnSync("/opt/caddy/caddy", ["reload", "--config", CaddyfilePath]) +spawnSync(AppsmithCaddy, ["fmt", "--overwrite", CaddyfilePath]) +spawnSync(AppsmithCaddy, ["reload", "--config", CaddyfilePath]) function finalizeIndexHtml() { let info = null; @@ -218,3 +219,4 @@ function isCertExpired(path) { console.log(path, cert) return new Date(cert.validTo) < new Date() } + diff --git a/deploy/docker/fs/opt/appsmith/entrypoint.sh b/deploy/docker/fs/opt/appsmith/entrypoint.sh index 2bf6be004e..fc182ecdb9 100644 --- a/deploy/docker/fs/opt/appsmith/entrypoint.sh +++ b/deploy/docker/fs/opt/appsmith/entrypoint.sh @@ -464,13 +464,21 @@ runEmbeddedPostgres=1 init_postgres || runEmbeddedPostgres=0 } +setup_caddy() { + if [[ "$APPSMITH_RATE_LIMIT" == "disabled" ]]; then + export _APPSMITH_CADDY="/opt/caddy/caddy_vanilla" + else + export _APPSMITH_CADDY="/opt/caddy/caddy" + fi +} + init_loading_pages(){ export XDG_DATA_HOME=/appsmith-stacks/data # so that caddy saves tls certs and other data under stacks/data/caddy export XDG_CONFIG_HOME=/appsmith-stacks/configuration mkdir -p "$XDG_DATA_HOME" "$XDG_CONFIG_HOME" cp templates/loading.html "$WWW_PATH" node caddy-reconfigure.mjs - /opt/caddy/caddy start --config "$TMP/Caddyfile" + "$_APPSMITH_CADDY" start --config "$TMP/Caddyfile" } function setup_auto_heal(){ @@ -491,6 +499,7 @@ function capture_infra_details(){ # Main Section print_appsmith_info +setup_caddy init_loading_pages unset_unused_variables diff --git a/deploy/docker/fs/opt/appsmith/run-caddy.sh b/deploy/docker/fs/opt/appsmith/run-caddy.sh index 185a01ad99..612b1e03c5 100755 --- a/deploy/docker/fs/opt/appsmith/run-caddy.sh +++ b/deploy/docker/fs/opt/appsmith/run-caddy.sh @@ -16,6 +16,7 @@ gzip --keep --force "$(basename "$WWW_PATH/index.html")" popd # Caddy may already be running for the loading page. -/opt/caddy/caddy stop --config "$TMP/Caddyfile" || true +"$_APPSMITH_CADDY" stop --config "$TMP/Caddyfile" || true + +exec "$_APPSMITH_CADDY" run --config "$TMP/Caddyfile" -exec /opt/caddy/caddy run --config "$TMP/Caddyfile"