Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

chore: Switch to vanilla Caddy, when rate limiting is disabled (#33387)

Browse Source 
Depends-on:
[33591](https://github.com/appsmithorg/appsmith/pull/33591/files)
Fixes: #31997

---------

Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
This commit is contained in:
Goutham Pratapa 2024-05-24 13:11:56 +05:30 committed by GitHub
parent 75bd4292ea
commit bf05e0f185
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/ci-test-custom-script.yml vendored
View File

@ -183,7 +183,7 @@ jobs:
-e APPSMITH_INTERCOM_APP_ID=DUMMY_VALUE \ -e APPSMITH_INTERCOM_APP_ID=DUMMY_VALUE \
-e APPSMITH_CLOUD_SERVICES_BASE_URL=http://host.docker.internal:5001 \ -e APPSMITH_CLOUD_SERVICES_BASE_URL=http://host.docker.internal:5001 \
-e APPSMITH_CLOUD_SERVICES_SIGNATURE_BASE_URL=http://host.docker.internal:8090 \ -e APPSMITH_CLOUD_SERVICES_SIGNATURE_BASE_URL=http://host.docker.internal:8090 \
-e _APPSMITH_RATE_LIMIT=1000 \ -e APPSMITH_RATE_LIMIT=1000 \
--add-host=host.docker.internal:host-gateway --add-host=api.segment.io:host-gateway --add-host=t.appsmith.com:host-gateway \ --add-host=host.docker.internal:host-gateway --add-host=api.segment.io:host-gateway --add-host=t.appsmith.com:host-gateway \
cicontainer cicontainer

20
deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs
View File

@ -6,11 +6,12 @@ import {X509Certificate} from "crypto"
// The custom domain is expected to only have the domain. So if it has a protocol, we ignore the whole value. // The custom domain is expected to only have the domain. So if it has a protocol, we ignore the whole value.
// This was the effective behaviour before Caddy. // This was the effective behaviour before Caddy.
const CUSTOM_DOMAIN = (process.env.APPSMITH_CUSTOM_DOMAIN || "").replace(/^https?:\/\/.+$/, "") const CUSTOM_DOMAIN = (process.env.APPSMITH_CUSTOM_DOMAIN || "").replace(/^https?:\/\/.+$/, "")
// Rate limit, numeric value defining the requests-per-second allowed.
const RATE_LIMIT = parseInt(process.env._APPSMITH_RATE_LIMIT || 100, 10)
const CaddyfilePath = process.env.TMP + "/Caddyfile" const CaddyfilePath = process.env.TMP + "/Caddyfile"
const AppsmithCaddy = process.env._APPSMITH_CADDY
// Rate limit environment.
const isRateLimitingEnabled = process.env.APPSMITH_RATE_LIMIT !== "disabled"
const RATE_LIMIT = parseInt(process.env.APPSMITH_RATE_LIMIT || 100, 10)
let certLocation = null let certLocation = null
if (CUSTOM_DOMAIN !== "") { if (CUSTOM_DOMAIN !== "") {
@ -48,7 +49,7 @@ parts.push(`
servers { servers {
trusted_proxies static 0.0.0.0/0 trusted_proxies static 0.0.0.0/0
} }
order rate_limit before basicauth ${isRateLimitingEnabled ? "order rate_limit before basicauth" : ""}
} }
(file_server) { (file_server) {
@ -131,13 +132,13 @@ parts.push(`
import reverse_proxy 9001 import reverse_proxy 9001
} }
rate_limit { ${isRateLimitingEnabled ? `rate_limit {
zone dynamic_zone { zone dynamic_zone {
key {http.request.remote_ip} key {http.request.remote_ip}
events ${RATE_LIMIT} events ${RATE_LIMIT}
window 1s window 1s
} }
} }`: ""}
handle_errors { handle_errors {
respond "{err.status_code} {err.status_text}" {err.status_code} respond "{err.status_code} {err.status_text}" {err.status_code}
@ -187,8 +188,8 @@ if (!process.argv.includes("--no-finalize-index-html")) {
fs.mkdirSync(dirname(CaddyfilePath), { recursive: true }) fs.mkdirSync(dirname(CaddyfilePath), { recursive: true })
fs.writeFileSync(CaddyfilePath, parts.join("\n")) fs.writeFileSync(CaddyfilePath, parts.join("\n"))
spawnSync("/opt/caddy/caddy", ["fmt", "--overwrite", CaddyfilePath]) spawnSync(AppsmithCaddy, ["fmt", "--overwrite", CaddyfilePath])
spawnSync("/opt/caddy/caddy", ["reload", "--config", CaddyfilePath]) spawnSync(AppsmithCaddy, ["reload", "--config", CaddyfilePath])
function finalizeIndexHtml() { function finalizeIndexHtml() {
let info = null; let info = null;
@ -218,3 +219,4 @@ function isCertExpired(path) {
console.log(path, cert) console.log(path, cert)
return new Date(cert.validTo) < new Date() return new Date(cert.validTo) < new Date()
} }

11
deploy/docker/fs/opt/appsmith/entrypoint.sh
View File

@ -464,13 +464,21 @@ runEmbeddedPostgres=1
init_postgres || runEmbeddedPostgres=0 init_postgres || runEmbeddedPostgres=0
} }
setup_caddy() {
if [[ "$APPSMITH_RATE_LIMIT" == "disabled" ]]; then
export _APPSMITH_CADDY="/opt/caddy/caddy_vanilla"
else
export _APPSMITH_CADDY="/opt/caddy/caddy"
fi
}
init_loading_pages(){ init_loading_pages(){
export XDG_DATA_HOME=/appsmith-stacks/data # so that caddy saves tls certs and other data under stacks/data/caddy export XDG_DATA_HOME=/appsmith-stacks/data # so that caddy saves tls certs and other data under stacks/data/caddy
export XDG_CONFIG_HOME=/appsmith-stacks/configuration export XDG_CONFIG_HOME=/appsmith-stacks/configuration
mkdir -p "$XDG_DATA_HOME" "$XDG_CONFIG_HOME" mkdir -p "$XDG_DATA_HOME" "$XDG_CONFIG_HOME"
cp templates/loading.html "$WWW_PATH" cp templates/loading.html "$WWW_PATH"
node caddy-reconfigure.mjs node caddy-reconfigure.mjs
/opt/caddy/caddy start --config "$TMP/Caddyfile" "$_APPSMITH_CADDY" start --config "$TMP/Caddyfile"
} }
function setup_auto_heal(){ function setup_auto_heal(){
@ -491,6 +499,7 @@ function capture_infra_details(){
# Main Section # Main Section
print_appsmith_info print_appsmith_info
setup_caddy
init_loading_pages init_loading_pages
unset_unused_variables unset_unused_variables

5
deploy/docker/fs/opt/appsmith/run-caddy.sh
View File

@ -16,6 +16,7 @@ gzip --keep --force "$(basename "$WWW_PATH/index.html")"
popd popd
# Caddy may already be running for the loading page. # Caddy may already be running for the loading page.
/opt/caddy/caddy stop --config "$TMP/Caddyfile" || true "$_APPSMITH_CADDY" stop --config "$TMP/Caddyfile" || true
exec "$_APPSMITH_CADDY" run --config "$TMP/Caddyfile"
exec /opt/caddy/caddy run --config "$TMP/Caddyfile"