PromucFlow_constructor

Protei/PromucFlow_constructor

Fork 0

Commit Graph

Author	SHA1	Message	Date
Shrikant Sharat Kandula	47d9a5e99e	fix: frame-ancestors env variable being overridden (#29521 ) We're setting the default value for `APPSMITH_ALLOWED_FRAME_ANCESTORS` before we initialize env variables from `docker.env`. This make the default value take a higher precedence over the value configured in `docker.env`. And since the value in `docker.env` is the one configured from Admin Settings, it feels like the value configured from the UI is being ignored. This fixes the problem by moving the check for this env variable to _inside_ the reconfigure script, and so doesn't affect any env variables.	2023-12-11 19:25:12 +05:30
Shrikant Sharat Kandula	689d29065a	fix: Incorrect status code for missing static files (#29374 ) I think the route precedence in Caddy is different when using `handle` directive, vs when directly using the `error` directive. This is causing the file `handle {` route, which is a catch-all route is handling `/static/` requests that don't have a corresponding file. This handler however, doesn't respond with 404 status, it responds with 200 status for missing files, and render the `index.html` for our SPA behaviour. Now, the CDN we have on release.app.appsmith.com caches responses from upstream when the status is 200. If it is 404, it won't cache and retry next time. This is why it's essential that we respond with 404 for files that don't exist, irrespective of the content of the response. When the container is starting up, Caddy doesn't have all the information yet, and may have responded with not-found for one of the assets. But since this went out with 200 status, our CDN cached it, and once the file _was_ available with Caddy, the CDN wouldn't retry ever. This fix will ensure we get 404 status code for requests to `/static/` that point to files that don't exist.	2023-12-06 14:42:25 +05:30
Shrikant Sharat Kandula	4d24aba331	feat: Caddy (#28081 ) This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.	2023-12-05 10:47:36 +05:30

Author

SHA1

Message

Date

Shrikant Sharat Kandula

47d9a5e99e

fix: frame-ancestors env variable being overridden (#29521 )

We're setting the default value for `APPSMITH_ALLOWED_FRAME_ANCESTORS`
before we initialize env variables from `docker.env`. This make the
default value take a higher precedence over the value configured in
`docker.env`. And since the value in `docker.env` is the one configured
from Admin Settings, it feels like the value configured from the UI is
being ignored.

This fixes the problem by moving the check for this env variable to
_inside_ the reconfigure script, and so doesn't affect any env
variables.

2023-12-11 19:25:12 +05:30

Shrikant Sharat Kandula

689d29065a

fix: Incorrect status code for missing static files (#29374 )

I think the route precedence in Caddy is different when using `handle`
directive, vs when directly using the `error` directive.

This is causing the file `handle {` route, which is a catch-all route is
handling `/static/*` requests that don't have a corresponding file. This
handler however, doesn't respond with 404 status, it responds with 200
status for missing files, and render the `index.html` for our SPA
behaviour.

Now, the CDN we have on release.app.appsmith.com caches responses from
upstream when the status is 200. If it is 404, it won't cache and retry
next time. This is why it's essential that we respond with 404 for files
that don't exist, irrespective of the content of the response.

When the container is starting up, Caddy doesn't have all the
information yet, and may have responded with not-found for one of the
assets. But since this went out with 200 status, our CDN cached it, and
once the file _was_ available with Caddy, the CDN wouldn't retry ever.

This fix will ensure we get 404 status code for requests to `/static/*`
that point to files that don't exist.

2023-12-06 14:42:25 +05:30

Shrikant Sharat Kandula

4d24aba331

feat: Caddy (#28081 )

This PR replaces NGINX and Certbot with Caddy.

1. Auto-HTTPS when custom domain is set, is handled by Caddy.
2. If past certs exist, that were provisioned by Certbot in older
Appsmith versions, we configure Caddy to make use of them. But this only
applies if the certs aren't already expired. If they're expired, point 1
applies.
3. If custom certs are provided in `ssl` folder, Caddy will be
configured to use them.
4. Incoming `Forwarded` header is not passed to any reverse proxies. So
redirect URL is correctly computed on Google Cloud Run.
5. All other route configurations are exactly as they are in NGINX
today.

Caddy configuration file is generated in the `caddy-reconfigure.mjs`
script, which will also reload Caddy with the new configuration.

2023-12-05 10:47:36 +05:30

3 Commits