4d24aba331
This PR replaces NGINX and Certbot with Caddy. 1. Auto-HTTPS when custom domain is set, is handled by Caddy. 2. If past certs exist, that were provisioned by Certbot in older Appsmith versions, we configure Caddy to make use of them. But this only applies if the certs aren't already expired. If they're expired, point 1 applies. 3. If custom certs are provided in `ssl` folder, Caddy will be configured to use them. 4. Incoming `Forwarded` header is not passed to any reverse proxies. So redirect URL is correctly computed on Google Cloud Run. 5. All other route configurations are exactly as they are in NGINX today. Caddy configuration file is generated in the `caddy-reconfigure.mjs` script, which will also reload Caddy with the new configuration.
36 lines
938 B
Bash
Executable File
36 lines
938 B
Bash
Executable File
#!/bin/bash
|
|
|
|
set -o errexit
|
|
set -o nounset
|
|
set -o pipefail
|
|
|
|
if [[ -z "${APPSMITH_DISABLE_IFRAME_WIDGET_SANDBOX-}" ]]; then
|
|
# For backwards compatibility, if this is not set to anything, we default to no sandbox for iframe widgets.
|
|
export APPSMITH_DISABLE_IFRAME_WIDGET_SANDBOX="true"
|
|
fi
|
|
|
|
apply-env-vars() {
|
|
original="$1"
|
|
served="$2"
|
|
node -e '
|
|
const fs = require("fs")
|
|
const content = fs.readFileSync("'"$original"'", "utf8").replace(
|
|
/\b__(APPSMITH_[A-Z0-9_]+)__\b/g,
|
|
(placeholder, name) => (process.env[name] || "")
|
|
)
|
|
fs.writeFileSync("'"$served"'", content)
|
|
'
|
|
pushd "$(dirname "$served")"
|
|
gzip --keep --force "$(basename "$served")"
|
|
popd
|
|
}
|
|
|
|
apply-env-vars /opt/appsmith/editor/index.html "$WWW_PATH/index.html"
|
|
|
|
node caddy-reconfigure.mjs
|
|
|
|
# Caddy may already be running for the loading page.
|
|
/opt/caddy/caddy stop --config "$TMP/Caddyfile" || true
|
|
|
|
exec /opt/caddy/caddy run --config "$TMP/Caddyfile"
|