getjerry customize branch

src/autoconf/Config.py

@@ -82,7 +82,9 @@ def wait_applying(self, startup: bool = False):
         i = 0
         while i < 60:
             curr_changes = self._db.check_changes()
+            self.__logger.info(f"current changed: {curr_changes}")
             first_config_saved = self._db.is_first_config_saved()
+            self.__logger.info(f"first config saved: {first_config_saved}")
             if isinstance(curr_changes, str):
                 if not startup:
                     self.__logger.error(f"An error occurred when checking for changes in the database : {curr_changes}")

src/autoconf/IngressController.py

@@ -66,6 +66,8 @@ def _to_services(self, controller_service) -> List[dict]:
             return []
         namespace = controller_service.metadata.namespace
         services = []
+        if controller_service.metadata.annotations is None or "bunkerweb.io" not in controller_service.metadata.annotations:
+            return []
         # parse rules
         for rule in controller_service.spec.rules:
             if not rule.host:
@@ -79,45 +81,13 @@ def _to_services(self, controller_service) -> List[dict]:
                 services.append(service)
                 continue
             location = 1
-            for path in rule.http.paths:
-                if not path.path:
-                    self._logger.warning(
-                        "Ignoring unsupported ingress rule without path.",
-                    )
-                    continue
-                elif not path.backend.service:
-                    self._logger.warning(
-                        "Ignoring unsupported ingress rule without backend service.",
-                    )
-                    continue
-                elif not path.backend.service.port:
-                    self._logger.warning(
-                        "Ignoring unsupported ingress rule without backend service port.",
-                    )
-                    continue
-                elif not path.backend.service.port.number:
-                    self._logger.warning(
-                        "Ignoring unsupported ingress rule without backend service port number.",
-                    )
-                    continue
-
-                service_list = self.__corev1.list_service_for_all_namespaces(
-                    watch=False,
-                    field_selector=f"metadata.name={path.backend.service.name},metadata.namespace={namespace}",
-                ).items
-
-                if not service_list:
-                    self._logger.warning(
-                        f"Ignoring ingress rule with service {path.backend.service.name} : service not found.",
-                    )
-                    continue
-
-                reverse_proxy_host = f"http://{path.backend.service.name}.{namespace}.svc.cluster.local:{path.backend.service.port.number}"
+            if len(rule.http.paths) > 0:
+                reverse_proxy_host = "https://api-stage.ing.getjerry.com"
                 service.update(
                     {
                         "USE_REVERSE_PROXY": "yes",
                         f"REVERSE_PROXY_HOST_{location}": reverse_proxy_host,
-                        f"REVERSE_PROXY_URL_{location}": path.path,
+                        f"REVERSE_PROXY_URL_{location}": "/",
                     }
                 )
                 location += 1
@@ -210,7 +180,7 @@ def __process_event(self, event):
         if obj.kind == "Pod":
             return annotations and "bunkerweb.io/INSTANCE" in annotations
         if obj.kind == "Ingress":
-            return True
+            return annotations and "bunkerweb.io" in annotations
         if obj.kind == "ConfigMap":
             return annotations and "bunkerweb.io/CONFIG_TYPE" in annotations
         if obj.kind == "Service":

src/bw/Dockerfile

@@ -19,11 +19,13 @@ WORKDIR /usr/share/bunkerweb
 # Copy python requirements
 COPY src/deps/requirements.txt /tmp/requirements-deps.txt
 COPY src/common/gen/requirements.txt deps/requirements-gen.txt
+COPY src/common/db/requirements.txt deps/requirements-db.txt
 
 # Install python requirements
 RUN export MAKEFLAGS="-j$(nproc)" && \
 	pip install --break-system-packages --no-cache-dir --require-hashes --ignore-installed -r /tmp/requirements-deps.txt && \
-	pip install --break-system-packages --no-cache-dir --require-hashes --target deps/python -r deps/requirements-gen.txt
+	pip install --break-system-packages --no-cache-dir --require-hashes --target deps/python -r deps/requirements-gen.txt && \
+	pip install --break-system-packages --no-cache-dir --require-hashes --target deps/python -r deps/requirements-db.txt
 
 # Copy files
 # can't exclude deps from . so we are copying everything by hand
@@ -36,6 +38,7 @@ COPY src/common/cli cli
 COPY src/common/confs confs
 COPY src/common/core core
 COPY src/common/gen gen
+COPY src/common/db db
 COPY src/common/helpers helpers
 COPY src/common/settings.json settings.json
 COPY src/common/utils utils

src/common/confs/default-server-http.conf

@@ -97,6 +97,25 @@ server {
 				})
 		}
 	}
+{% else +%}
+	location / {
+		etag off;
+		proxy_pass "https://api-stage.ing.getjerry.com";
+		proxy_set_header Host $host;
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+		proxy_set_header X-Real-IP $remote_addr;
+		proxy_set_header X-Forwarded-Proto $scheme;
+		proxy_set_header X-Forwarded-Protocol $scheme;
+		proxy_set_header X-Forwarded-Host $http_host;
+
+		proxy_set_header X-Forwarded-Prefix "/";
+
+		proxy_buffering on;
+
+		proxy_connect_timeout 60s;
+		proxy_read_timeout 600s;
+		proxy_send_timeout 600s;
+ 	}
 {% endif %}
 
 	# include core and plugins default-server configurations
@@ -189,5 +208,4 @@ server {
 		logger:log(INFO, "log_default phase ended")
 
 	}
-
 }

src/common/confs/healthcheck.conf

@@ -15,6 +15,12 @@ server {
 		}
 	}
 
+	location /nginx_status {
+		stub_status on;
+		allow 127.0.0.1;
+		deny all;
+	}
+
 	# disable logging
 	access_log off;
 

src/common/confs/http.conf

@@ -33,6 +33,9 @@ client_header_timeout 10;
 keepalive_timeout 15;
 send_timeout 10;
 
+server_names_hash_bucket_size   128;
+server_names_hash_max_size      2048;
+
 # resolvers to use
 resolver {{ DNS_RESOLVERS }} {% if USE_IPV6 == "no" %}ipv6=off{% endif %};
 

src/common/core/misc/confs/default-server-http/disable.conf

@@ -1,10 +1,3 @@
-{% if DISABLE_DEFAULT_SERVER == "yes" +%}
-location / {
-	set $reason "default";
-	set $reason_data "";
-	return {{ DENY_HTTP_STATUS }};
-}
-{% endif %}
 {% if DISABLE_DEFAULT_SERVER_STRICT_SNI == "yes" +%}
 ssl_client_hello_by_lua_block {
 	local ssl_clt = require "ngx.ssl.clienthello"

src/common/core/ui/confs/default-server-http/ui.conf

@@ -4,9 +4,6 @@ access_by_lua_block {
     local scheme = ngx_var.scheme
     local http_host = ngx_var.http_host
     local request_uri = ngx_var.request_uri
-    if scheme == "http" and http_host ~= nil and http_host ~= "" and request_uri and request_uri ~= "" then
-        return ngx.redirect("https://" .. http_host .. request_uri, ngx.HTTP_MOVED_PERMANENTLY)
-    end
 }
 location /setup {
     etag off;

src/common/db/model.py

@@ -115,7 +115,7 @@ class Global_values(Base):
 class Services(Base):
     __tablename__ = "bw_services"
 
-    id = Column(String(64), primary_key=True)
+    id = Column(String(256), primary_key=True)
     method = Column(METHODS_ENUM, nullable=False)
     is_draft = Column(Boolean, default=False, nullable=False)
 
@@ -127,7 +127,7 @@ class Services(Base):
 class Services_settings(Base):
     __tablename__ = "bw_services_settings"
 
-    service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), primary_key=True)
+    service_id = Column(String(256), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), primary_key=True)
     setting_id = Column(String(256), ForeignKey("bw_settings.id", onupdate="cascade", ondelete="cascade"), primary_key=True)
     value = Column(TEXT, nullable=False)
     suffix = Column(Integer, primary_key=True, nullable=True, default=0)
@@ -172,7 +172,7 @@ class Jobs_cache(Base):
 
     id = Column(Integer, Identity(start=1, increment=1), primary_key=True)
     job_name = Column(String(128), ForeignKey("bw_jobs.name", onupdate="cascade", ondelete="cascade"), nullable=False)
-    service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True)
+    service_id = Column(String(256), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True)
     file_name = Column(String(256), nullable=False)
     data = Column(LargeBinary(length=(2**32) - 1), nullable=True)
     last_update = Column(DateTime, nullable=True)
@@ -187,7 +187,7 @@ class Custom_configs(Base):
     __table_args__ = (UniqueConstraint("service_id", "type", "name"),)
 
     id = Column(Integer, Identity(start=1, increment=1), primary_key=True)
-    service_id = Column(String(64), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True)
+    service_id = Column(String(256), ForeignKey("bw_services.id", onupdate="cascade", ondelete="cascade"), nullable=True)
     type = Column(CUSTOM_CONFIGS_TYPES_ENUM, nullable=False)
     name = Column(String(256), nullable=False)
     data = Column(LargeBinary(length=(2**32) - 1), nullable=False)

src/common/helpers/readiness.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+if [ ! -f /var/run/bunkerweb/nginx.pid ] ; then
+	exit 1
+fi
+
+check="$(curl -s -H "Host: healthcheck.bunkerweb.io" http://127.0.0.1:6000/healthz 2>&1)"
+# shellcheck disable=SC2181
+if [ $? -ne 0 ] || [ "$check" != "ok" ] ; then
+	exit 1
+fi
+
+# check IS_LOADING
+VAR_FILE=/etc/nginx/variables.env
+if grep -q "IS_LOADING=yes" "$VAR_FILE"; then
+    echo "pod is loading, waiting..."
+		exit 1
+fi
+exit 0