There's a few CVEs reported on the version of python-requests that's
being used in the image, which we don't need that badly anyway. This PR
removes `python-requests` altogather so we shouldn't see CVEs on it show
up on our image anymore.
Majority of the NGINX config is the same, for both HTTP and HTTPS.
Having two separate templates for them is making configuration changes
error-prone, where we often risk forgetting making the same change in
the other file.
This PR merges the two files into one, so the above risk isn't there. It
also makes it easier to experiment with the file while developing, since
we have to make every single change twice during development.
Note: This _will_ cause conflicts in sync, after being merged.
Why are we doing this? This will be a step towards simplifying our
`Dockerfile` with reduced layers and improved caching performance. The
image build time in CI should be faster once this is done.
The health endpoint in the Docker container's healthcheck command is
currently pointing to `/users/me`. But we have a designated endpoint for
this, at `/health`. This PR switches to using this endpoint instead.
1. Changing the Maps API Key doesn't need restart anymore.
2. The `isRestartRequired` field in the response of updating env
settings, was being ignored. The client owns the decision of when to
restart (which is correct), so removed this from the server.
3. Write Maps API Key to the database, in the tenant configuration.
4. The Settings page for Maps Ke gets the current value from
`/tenant/current` response, and not `/admin/env`.
5. Removed `APPSMITH_GOOGLE_MAPS_API_KEY` from `/admin/env` response.
6. Tests.
DO NOT MERGE. Please only review/approve. This is expected to break EE
once it goes there, which I intend to solve alongside merging this.
Changing the Maps API Key will update it both in the tenant config in
the database, as well as in the `docker.env` file. This is predominantly
for backwards compatibility, and phased rollout. As part of a separate
PR, we'll have a migration that proactively copies the env variable
value to the database, and comment out the value in the `docker.env`
file. Then we can stop updating the `docker.env` file as well.
## New
## Old
---------
Co-authored-by: Ankita Kinger <ankita@appsmith.com>
- Removed event listener python script, removed supervisor conf for the
same.
- Added new python script to handle the starting page init.
- Python script will be called via a shell script with a failsafe
removal of the loading page.
- The above shell script will be run as a child of the run java script
Tests:
The child script exits after execution, and does not create zombie
process even when the run java script is called multiple times with
restarts.
Verified exceptions and failsafe manually by introducing syntax errors
and uninstalling requests module.
---------
Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
We replace env variables in `index.html`, `view.html` and `edit.html`,
just before start NGINX. But the `.gz` versions of these files don't
have these changes applied to them. This PR gzips those HTML files
again, after the substitutions are applied.
From
https://github.com/appsmithorg/appsmith/pull/23539#issuecomment-1554509537.
Event Listener Python script fixes:
- Added exception handling in health check request
- Updated backend health check point to
`http://localhost:8080/api/vi/health`
Appsmith supports running with a HTTP proxy, that can be configured with
`HTTP_PROXY` or `HTTPS_PROXY` env variables. Like this:
```sh
HTTP_PROXY=http://myproxy:8080
HTTPS_PROXY=http://myproxy:8443
```
However, this proxy support didn't support authentication. This PR
implements that. Now, proxy with authentication can be configured like
this:
```sh
HTTP_PROXY=http://user:password@myproxy:8080
HTTPS_PROXY=http://user:password@myproxy:8080
```
This is not syntax or standards invented by Appsmith. This is the
standard way proxy is usually configured.
Fixes#16330🍰
When we have `NO_PROXY=localhost,one.com,two.com,three.com`, then the
current implementation will pass the following to the backend server:
```
localhost|one.com,two.com,three.com
```
This will mean that only `localhost` will bypass the proxy, which is not
what's expected.
This PR fixes this problem, so that the following is sent to the backend
server:
```
localhost|one.com|two.com|three.com
```
This will mean that requests to all four of them, will bypass the proxy,
as expected.
This upgrade takes care of our move to JDK 17, Spring Boot 3.0.1 and a
few other security upgrades along the way.
Fixes#18993
TODO:
- [x] Check CI changes for Java 17
- [x] Check vulnerability report
- [x] Mongock needs an upgrade
- [x] Add JVM args at all possible places for exposing java.time module
- [x] Add type adapters everywhere / use the same config for type
adapters everywhere
Refactor flow to generate nginx configuration file corresponding Custom domain set up
Add 2 template for Nginx template for HTTP and HTTPS. HTTPS contains new block for auto-redirect for HTTPS
Add script to re-generate nginx config file & start nginx
Move function init_ssl_cert into separated file and reuse it in new script and entrypoint
Change command config & add new config to kill all sub-process of a supervisord child program in editor program configure file
Added additional details about how to use the fat container, and how to manage / maintain it.
Also includes some refactorings that shouldn't affect the functionality significantly.
