Majority of the NGINX config is the same, for both HTTP and HTTPS.
Having two separate templates for them is making configuration changes
error-prone, where we often risk forgetting making the same change in
the other file.
This PR merges the two files into one, so the above risk isn't there. It
also makes it easier to experiment with the file while developing, since
we have to make every single change twice during development.
Note: This _will_ cause conflicts in sync, after being merged.
Why are we doing this? This will be a step towards simplifying our
`Dockerfile` with reduced layers and improved caching performance. The
image build time in CI should be faster once this is done.
So far, only calls that go to the Java backend, had the
`X-Content-Type-Options` header in the responses. This PR adds them to
all responses by
1. adding it to NGINX configuration.
2. removing it from Spring security's configuration, so we don't end up
with _two_ `X-Content-Type-Options` headers in the response.
---------
Co-authored-by: Nidhi <nidhi@appsmith.com>
When Appsmith is deployed with HTTPS, all HTTP requests are redirected
to HTTP. But this redirection response, is leaking the NGINX version in
the `Server` header. This PR fixes that.
## Description
- The default request timeout on nginx is set to 60s. This feat allows
users to configure custom nginx timeout value specified via the
Environment variable `APPSMITH_SERVER_TIMEOUT`
- Solves https://github.com/appsmithorg/appsmith/issues/14535
## Testing
#### How Has This Been Tested?
- [x] Manual
- [ ] Jest
- [ ] Cypress
---------
Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
When services within the fat container try to communicate with each
other, like backend to RTS etc., if they use the loopback address of
IPv4, `127.0.0.1`, it works. But if they use the loopback address of
IPv6, `::1`, it fails because the NGINX inside the fat container isn't
set to bind to IPv6.
This PR fixes this.
In EE, we attempt to make connections to Keycloak without setting the
hostname on the `WebClient`. This picks up the hostname of `::1` on
systems with IPv6 as default, and so the communication between backend
and Keycloak fails.
This is affecting users on ECS Fargate, for example.
## Description
We're increasing the default limit of request payload on cloud so that
100 MB files that are base 64 encoded can also be uploaded via Appsmith.
Fixes#20424
## Type of change
- Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
- Manual
### Test Plan
> Add Testsmith test cases links that relate to this PR
### Issues raised during DP testing
> Link issues raised during DP testing for better visiblity and tracking
(copy link from comments dropped on this PR)
## Checklist:
### Dev activity
- [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my own code
- [ ] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] PR is being merged under a feature flag
### QA activity:
- [ ] Test plan has been approved by relevant developers
- [ ] Test plan has been peer reviewed by QA
- [ ] Cypress test cases have been added and approved by either SDET or
manual QA
- [ ] Organized project review call with relevant stakeholders after
Round 1/2 of QA
- [ ] Added Test Plan Approved label after reveiwing all Cypress test
Issue: Nginx and RTS used the same env PORT for binding it's service,
while the backend server had the rts port hardcoded on its rts uri.
- Renamed env PORT to APPSMITH_RTS_PORT for starting the rts server.
- Updated nginx config templates to use env `APPSMITH_RTS_PORT`
- Added appsmith.rts.port property in server to use env
APPSMITH_RTS_PORT
- Updated CommonConfig.java rtsBaseDomain to use appsmith.rts.port
---------
Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
The control to configure what domains are allowed to embed Appsmith apps is still available, but the default of not allowing anything except for 'self' is changed to allow everything.
While this is convenient, we encourage our users to configure their frame ancestors to limit what domains can embed their Appsmith apps.
Signed-off-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
* Remove optimizely, as it isn't being used anymore from the frontend codebase
* Remove optimizely references form netlify config, vercel config, index.html, docker script, nginx templates and example .env file
Refactor flow to generate nginx configuration file corresponding Custom domain set up
Add 2 template for Nginx template for HTTP and HTTPS. HTTPS contains new block for auto-redirect for HTTPS
