diff --git a/Dockerfile b/Dockerfile index 9c7beb205..ac2e0b47f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -116,6 +116,13 @@ RUN go build -ldflags="-extldflags=-static -s -w \ -X 'github.com/up9inc/mizu/agent/pkg/version.BuildTimestamp=${BUILD_TIMESTAMP}' \ -X 'github.com/up9inc/mizu/agent/pkg/version.Ver=${VER}'" -o mizuagent . +# running commands will work only here and cannot be done in "${TARGETARCH}/busybox:latest" (if you want to run command on arm machine when you ara on amd64) +ARG TARGETARCH=amd64 +RUN wget -O nginx_amd64 storage.googleapis.com/static.up9.io/nginx-binaries/nginx-1.21.5-x86_64-linux && \ + wget -O nginx_arm64v8 storage.googleapis.com/static.up9.io/nginx-binaries/nginx-1.21.5-aarch64-linux && \ + chmod 755 nginx* && \ + mv nginx_"${TARGETARCH}" nginx + # Download Basenine executable, verify the sha1sum ADD https://github.com/up9inc/basenine/releases/download/v0.8.3/basenine_linux_${GOARCH} ./basenine_linux_${GOARCH} ADD https://github.com/up9inc/basenine/releases/download/v0.8.3/basenine_linux_${GOARCH}.sha256 ./basenine_linux_${GOARCH}.sha256 @@ -136,7 +143,12 @@ WORKDIR /app # Copy binary and config files from /build to root folder of scratch container. COPY --from=builder ["/app/agent-build/mizuagent", "."] COPY --from=builder ["/app/agent-build/basenine", "/usr/local/bin/basenine"] -COPY --from=front-end ["/app/ui-build/build", "site"] +COPY --from=builder ["/app/agent-build/nginx", "/usr/sbin/nginx"] +COPY --from=front-end ["/app/ui-build/build", "/usr/share/nginx/html/"] + +COPY ["startup_nginx.sh", "/usr/sbin/"] + +COPY ["nginx-files/", "/etc/nginx"] # this script runs both apiserver and passivetapper and exits either if one of them exits, preventing a scenario where the container runs without one process ENTRYPOINT ["/app/mizuagent"] diff --git a/agent/main.go b/agent/main.go index 6e9f9a9d9..54abeeb64 100644 --- a/agent/main.go +++ b/agent/main.go @@ -8,6 +8,7 @@ import ( "io/ioutil" "net/http" "os" + "os/exec" "os/signal" "strconv" "strings" @@ -15,7 +16,6 @@ import ( "time" "github.com/gin-contrib/pprof" - "github.com/gin-contrib/static" "github.com/gin-gonic/gin" "github.com/up9inc/mizu/agent/pkg/dependency" "github.com/up9inc/mizu/agent/pkg/entries" @@ -52,6 +52,7 @@ const ( socketConnectionRetries = 30 socketConnectionRetryDelay = time.Second * 2 socketHandshakeTimeout = time.Second * 2 + NginxScriptPath = "startup_nginx.sh" ) func main() { @@ -72,6 +73,7 @@ func main() { runInTapperMode() } else if *apiServerMode { ginApp := runInApiServerMode(*namespace) + startNginx() if *profiler { pprof.Register(ginApp) @@ -90,6 +92,14 @@ func main() { logger.Log.Info("Exiting") } +func startNginx() { + cmd := exec.Command(NginxScriptPath) + if err := cmd.Run(); err != nil { + logger.Log.Errorf("Cannot reload nginx %v", err) + } + logger.Log.Infof("Nginx configuration reloaded") +} + func hostApi(socketHarOutputChannel chan<- *tapApi.OutputChannelItem) *gin.Engine { ginApp := gin.Default() @@ -101,18 +111,19 @@ func hostApi(socketHarOutputChannel chan<- *tapApi.OutputChannelItem) *gin.Engin SocketOutChannel: socketHarOutputChannel, } - ginApp.Use(disableRootStaticCache()) + // ginApp.Use(disableRootStaticCache()) - staticFolder := "./site" - indexStaticFile := staticFolder + "/index.html" - if err := setUIFlags(indexStaticFile); err != nil { - logger.Log.Errorf("Error setting ui flags, err: %v", err) - } + //staticFolder := "./site" + //indexStaticFile := staticFolder + "/index.html" + //if err := setUIFlags(indexStaticFile); err != nil { + // logger.Log.Errorf("Error setting ui flags, err: %v", err) + //} - ginApp.Use(static.ServeRoot("/", staticFolder)) - ginApp.NoRoute(func(c *gin.Context) { - c.File(indexStaticFile) - }) + // ginApp.Use(static.ServeRoot("/", staticFolder)) + + //ginApp.NoRoute(func(c *gin.Context) { + // c.File(indexStaticFile) + //}) ginApp.Use(middlewares.CORSMiddleware()) // This has to be called after the static middleware, does not work if it's called before diff --git a/cli/apiserver/provider.go b/cli/apiserver/provider.go index af1fae796..f0e74def8 100644 --- a/cli/apiserver/provider.go +++ b/cli/apiserver/provider.go @@ -28,7 +28,7 @@ const DefaultTimeout = 2 * time.Second func NewProvider(url string, retries int, timeout time.Duration) *Provider { return &Provider{ - url: url, + url: fmt.Sprintf("%v/api", url), retries: config.GetIntEnvConfig(config.ApiServerRetries, retries), client: &http.Client{ Timeout: timeout, diff --git a/nginx-files/conf.d/applications/00-api-server.conf b/nginx-files/conf.d/applications/00-api-server.conf new file mode 100644 index 000000000..3a7a25543 --- /dev/null +++ b/nginx-files/conf.d/applications/00-api-server.conf @@ -0,0 +1,19 @@ +location /api/ { + proxy_pass http://127.0.0.1:8899/; +} +location /ws/ { + proxy_pass http://127.0.0.1:8899/ws/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 86400s; +} +location /wsTapper { + proxy_pass http://127.0.0.1:8899/wsTapper; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 86400s; +} diff --git a/nginx-files/conf.d/applications/98-fallback.conf b/nginx-files/conf.d/applications/98-fallback.conf new file mode 100644 index 000000000..6d5928143 --- /dev/null +++ b/nginx-files/conf.d/applications/98-fallback.conf @@ -0,0 +1,7 @@ +location / { + root /usr/share/nginx/html; + index index.html index.htm; + # First attempt to serve request as file, then + # as directory, then fall back to redirecting to index.html + try_files $uri $uri/ $uri.html /index.html; +} diff --git a/nginx-files/conf.d/applications/99-error-config.conf b/nginx-files/conf.d/applications/99-error-config.conf new file mode 100644 index 000000000..9f61f726d --- /dev/null +++ b/nginx-files/conf.d/applications/99-error-config.conf @@ -0,0 +1,4 @@ +error_page 500 502 503 504 /50x.html; +location = /50x.html { + root /usr/share/nginx/html; +} diff --git a/nginx-files/conf.d/default.conf b/nginx-files/conf.d/default.conf new file mode 100644 index 000000000..22bc00bc7 --- /dev/null +++ b/nginx-files/conf.d/default.conf @@ -0,0 +1,6 @@ +server { + listen 80; + server_name localhost; + + include /etc/nginx/conf.d/applications/*.conf; +} \ No newline at end of file diff --git a/nginx-files/fastcgi_params b/nginx-files/fastcgi_params new file mode 100644 index 000000000..28decb955 --- /dev/null +++ b/nginx-files/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx-files/mime.types b/nginx-files/mime.types new file mode 100644 index 000000000..1c00d701a --- /dev/null +++ b/nginx-files/mime.types @@ -0,0 +1,99 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/nginx-files/nginx.conf b/nginx-files/nginx.conf new file mode 100644 index 000000000..4304c893f --- /dev/null +++ b/nginx-files/nginx.conf @@ -0,0 +1,32 @@ + +user nobody nobody; +worker_processes auto; + +error_log /var/log-nginx-error.log notice; +pid /var/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log-nginx-access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/nginx-files/scgi_params b/nginx-files/scgi_params new file mode 100644 index 000000000..6d4ce4f3e --- /dev/null +++ b/nginx-files/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/nginx-files/uwsgi_params b/nginx-files/uwsgi_params new file mode 100644 index 000000000..09c732cd6 --- /dev/null +++ b/nginx-files/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/shared/kubernetes/provider.go b/shared/kubernetes/provider.go index 51da59d86..fbdcf7860 100644 --- a/shared/kubernetes/provider.go +++ b/shared/kubernetes/provider.go @@ -414,7 +414,7 @@ func (provider *Provider) CreateService(ctx context.Context, namespace string, s }, }, Spec: core.ServiceSpec{ - Ports: []core.ServicePort{{TargetPort: intstr.FromInt(shared.DefaultApiServerPort), Port: 80, Name: "api"}}, + Ports: []core.ServicePort{{TargetPort: intstr.FromInt(80), Port: 80, Name: "api"}}, Type: core.ServiceTypeClusterIP, Selector: map[string]string{"app": appLabelValue}, }, diff --git a/startup_nginx.sh b/startup_nginx.sh new file mode 100755 index 000000000..653314251 --- /dev/null +++ b/startup_nginx.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +# nginx options (taken from new docker of nginx: `docker run --rm -it nginx sh -c 'nginx -h'` +# nginx -h +#nginx version: nginx/1.21.5 +#Usage: nginx [-?hvVtTq] [-s signal] [-p prefix] +# [-e filename] [-c filename] [-g directives] +#Options: +# -?,-h : this help +# -v : show version and exit +# -V : show version and configure options then exit +# -t : test configuration and exit +# -T : test configuration, dump it and exit +# -q : suppress non-error messages during configuration testing +# -s signal : send signal to a master process: stop, quit, reopen, reload +# -p prefix : set prefix path (default: /etc/nginx/) +# -e filename : set error log file (default: /var/log/nginx/error.log) +# -c filename : set configuration file (default: /etc/nginx/nginx.conf) +# -g directives : set global directives out of configuration file + +# because we are running a command after the nginx we leave the daemon on (by not passing the -g 'daemon off') +# "$@" - to enable passing the parameters (-s reload) +nginx -p /etc/nginx/ -e /var/log-nginx-error.log -c /etc/nginx/nginx.conf "$@" \ No newline at end of file diff --git a/ui/src/helpers/api.js b/ui/src/helpers/api.js index 381e2aebc..ece9220a6 100644 --- a/ui/src/helpers/api.js +++ b/ui/src/helpers/api.js @@ -1,11 +1,11 @@ import * as axios from "axios"; export const MizuWebsocketURL = process.env.REACT_APP_OVERRIDE_WS_URL ? process.env.REACT_APP_OVERRIDE_WS_URL : - window.location.protocol === 'https:' ? `wss://${window.location.host}/ws` : `ws://${window.location.host}/ws`; + window.location.protocol === 'https:' ? `wss://${window.location.host}/api/ws` : `ws://${window.location.host}/api/ws`; const CancelToken = axios.CancelToken; -const apiURL = process.env.REACT_APP_OVERRIDE_API_URL ? process.env.REACT_APP_OVERRIDE_API_URL : `${window.location.origin}/`; +const apiURL = process.env.REACT_APP_OVERRIDE_API_URL ? process.env.REACT_APP_OVERRIDE_API_URL : `${window.location.origin}`; let client = null let source = null @@ -26,31 +26,31 @@ export default class Api { } serviceMapData = async () => { - const response = await client.get(`/servicemap/get`); + const response = await client.get(`/api/servicemap/get`); return response.data; } tapStatus = async () => { - const response = await client.get("/status/tap"); + const response = await client.get("/api/status/tap"); return response.data; } getTapConfig = async () => { - const response = await this.client.get("/config/tap"); + const response = await this.client.get("/api/config/tap"); return response.data; } setTapConfig = async (config) => { - const response = await this.client.post("/config/tap", { tappedNamespaces: config }); + const response = await this.client.post("/api/config/tap", { tappedNamespaces: config }); return response.data; } getEntry = async (id, query) => { - const response = await client.get(`/entries/${id}?query=${encodeURIComponent(query)}`); + const response = await client.get(`/api/entries/${id}?query=${encodeURIComponent(query)}`); return response.data; } fetchEntries = async (leftOff, direction, query, limit, timeoutMs) => { - const response = await client.get(`/entries/?leftOff=${leftOff}&direction=${direction}&query=${encodeURIComponent(query)}&limit=${limit}&timeoutMs=${timeoutMs}`).catch(function (thrown) { + const response = await client.get(`/api/entries/?leftOff=${leftOff}&direction=${direction}&query=${encodeURIComponent(query)}&limit=${limit}&timeoutMs=${timeoutMs}`).catch(function (thrown) { console.error(thrown.message); return {}; }); @@ -58,27 +58,27 @@ export default class Api { } replayRequest = async (requestData) => { - const response = await client.post(`/replay/`, requestData); + const response = await client.post(`/api/replay/`, requestData); return response.data; } getAuthStatus = async () => { - const response = await client.get("/status/auth"); + const response = await client.get("/api/status/auth"); return response.data; } getOasServices = async () => { - const response = await client.get("/oas/"); + const response = await client.get("/api/oas/"); return response.data; } getOasByService = async (selectedService) => { - const response = await client.get(`/oas/${selectedService}`); + const response = await client.get(`/api/oas/${selectedService}`); return response.data; } gelAlloasServicesInOneSpec = async () => { - const response = await this.client.get("/oas/all"); + const response = await this.client.get("/api/oas/all"); return response.data; } @@ -90,7 +90,7 @@ export default class Api { const form = new FormData(); form.append('query', query) - const response = await client.post(`/query/validate`, form, { + const response = await client.post(`/api/query/validate`, form, { cancelToken: source.token }).catch(function (thrown) { if (!axios.isCancel(thrown)) { @@ -117,7 +117,7 @@ export default class Api { } getTrafficStats = async () => { - const response = await client.get("/status/trafficStats"); + const response = await client.get("/api/status/trafficStats"); return response.data; } }