Merge pull request #4481 from Budibase/fix/docker-things

increase burst limit, remove log mounts
Budibase · Feb 16, 2022 · d66adab · d66adab
2 parents 5bc084d + 2ebcca8
commit d66adab
Show file tree

Hide file tree

Showing 14 changed files with 138 additions and 914 deletions.
diff --git a/.gitignore b/.gitignore
@@ -65,6 +65,7 @@ typings/
 .env
 !hosting/.env
 hosting/.generated-nginx.dev.conf
+hosting/proxy/.generated-nginx.prod.conf
 
 # parcel-bundler cache (https://parceljs.org/)
 .cache

diff --git a/charts/budibase/Chart.yaml b/charts/budibase/Chart.yaml
@@ -11,7 +11,7 @@ sources:
   - https://github.com/Budibase/budibase
   - https://budibase.com
 type: application
-version: 0.2.6
+version: 0.2.7
 appVersion: 1.0.48
 dependencies:
   - name: couchdb

diff --git a/charts/budibase/templates/proxy-service-deployment.yaml b/charts/budibase/templates/proxy-service-deployment.yaml
@@ -25,7 +25,7 @@ spec:
         app.kubernetes.io/name: budibase-proxy
     spec:
       containers:
-      - image: budibase/proxy:k8s
+      - image: budibase/proxy:{{ .Values.services.proxy.tag | default "k8s" }}
         imagePullPolicy: Always
         name: proxy-service
         ports:

diff --git a/charts/budibase/values.yaml b/charts/budibase/values.yaml
@@ -124,7 +124,7 @@ services:
     logLevel: info
 
   worker:
-    port: 4001
+    port: 4003
     replicaCount: 1
 
   couchdb:

diff --git a/hosting/docker-compose.yaml b/hosting/docker-compose.yaml
@@ -7,8 +7,6 @@ services:
     restart: always
     image: budibase.docker.scarf.sh/budibase/apps
     container_name: bbapps
-    ports:
-      - "${APP_PORT}:4002"
     environment:
       SELF_HOSTED: 1
       COUCH_DB_URL: http://${COUCH_DB_USER}:${COUCH_DB_PASSWORD}@couchdb-service:5984
@@ -25,8 +23,6 @@ services:
       ENABLE_ANALYTICS: "true"
       REDIS_URL: redis-service:6379
       REDIS_PASSWORD: ${REDIS_PASSWORD}
-    volumes:
-      - ./logs:/logs
     depends_on:
       - worker-service
       - redis-service
@@ -35,8 +31,6 @@ services:
     restart: always
     image: budibase.docker.scarf.sh/budibase/worker
     container_name: bbworker
-    ports:
-      - "${WORKER_PORT}:4003"
     environment:
       SELF_HOSTED: 1
       PORT: 4003
@@ -53,8 +47,6 @@ services:
       INTERNAL_API_KEY: ${INTERNAL_API_KEY}
       REDIS_URL: redis-service:6379
       REDIS_PASSWORD: ${REDIS_PASSWORD}
-    volumes:
-      - ./logs:/logs
     depends_on:
       - redis-service
       - minio-service
@@ -65,8 +57,6 @@ services:
     image: minio/minio
     volumes:
       - minio_data:/data
-    ports:
-      - "${MINIO_PORT}:9000"
     environment:
       MINIO_ACCESS_KEY: ${MINIO_ACCESS_KEY}
       MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
@@ -80,10 +70,10 @@ services:
 
   proxy-service:
     restart: always
-    container_name: bbproxy
-    image: budibase/proxy
     ports:
       - "${MAIN_PORT}:10000"
+    container_name: bbproxy
+    image: budibase/proxy
     depends_on:
       - minio-service
       - worker-service
@@ -96,8 +86,6 @@ services:
     environment:
       - COUCHDB_PASSWORD=${COUCH_DB_PASSWORD}
       - COUCHDB_USER=${COUCH_DB_USER}
-    ports:
-      - "${COUCH_DB_PORT}:5984"
     volumes:
       - couchdb3_data:/opt/couchdb/data
 
@@ -113,15 +101,11 @@ services:
     restart: always
     image: redis
     command: redis-server --requirepass ${REDIS_PASSWORD}
-    ports:
-      - "${REDIS_PORT}:6379"
     volumes:
       - redis_data:/data
 
   watchtower-service:
     image: containrrr/watchtower
-    ports:
-      - "${WATCHTOWER_PORT}:8080"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
     command: --debug --http-api-update bbapps bbworker bbproxy

diff --git a/hosting/kubernetes/nginx/Dockerfile b/hosting/kubernetes/nginx/Dockerfile
diff --git a/hosting/kubernetes/nginx/nginx.conf → hosting/nginx.prod.conf.hbs b/hosting/kubernetes/nginx/nginx.conf → hosting/nginx.prod.conf.hbs
@@ -9,7 +9,7 @@ events {
 }
 
 http {
-  limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=10r/s;
+  limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=20r/s;
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;
   charset utf-8;
@@ -18,6 +18,10 @@ http {
   tcp_nodelay on;
   server_tokens off;
   types_hash_max_size 2048;
+  {{#if compose}}
+  resolver 127.0.0.11 ipv6=off;
+  {{/if}}
+
 
   # buffering
   client_body_buffer_size 1K;
@@ -34,70 +38,71 @@ http {
     default     "upgrade";
   }
 
-  server { 
+  server {
     listen       10000 default_server;
     listen  [::]:10000 default_server;
     server_name  _;
-    port_in_redirect off;
+    client_max_body_size 1000m;
+    ignore_invalid_headers off;
+    proxy_buffering off;
+    # port_in_redirect off;
 
     # Security Headers
     add_header X-Frame-Options SAMEORIGIN always;
     add_header X-Content-Type-Options nosniff always;
     add_header X-XSS-Protection "1; mode=block" always;
-    add_header Content-Security-Policy  "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me; frame-src 'self'; img-src http: https: data:; manifest-src 'self'; media-src 'self'; worker-src 'none';" always;
+    add_header Content-Security-Policy  "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.budi.live https://js.intercomcdn.com https://widget.intercom.io; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://rsms.me; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://app.posthog.com wss://nexus-websocket-a.intercom.io; font-src 'self' data https://cdn.jsdelivr.net https://fonts.gstatic.com https://rsms.me; frame-src 'self'; img-src http: https: data; manifest-src 'self'; media-src 'self'; worker-src 'none';" always;
+
+    # upstreams
+    set $apps {{ apps }};
+    set $worker {{ worker }};
+    set $minio {{ minio }};
+    set $couchdb {{ couchdb }};
+    {{#if watchtower}}
+    set $watchtower {{ watchtower }};
+    {{/if}}
 
     location /app {
-      proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
+      proxy_pass      http://$apps:4002;
       rewrite ^/app/(.*)$ /$1 break;
     }
 
     location = / {
-      proxy_http_version  1.1;
-      proxy_set_header    Connection          $connection_upgrade;
-      proxy_set_header    Upgrade             $http_upgrade;
-      proxy_set_header    Host                $host;
-      proxy_set_header    X-Real-IP           $remote_addr;
-      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-      proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
+      proxy_pass      http://$apps:4002;
     }
 
-    location /builder/ {
-      proxy_http_version  1.1;
-      proxy_set_header    Connection          $connection_upgrade;
-      proxy_set_header    Upgrade             $http_upgrade;
-      proxy_set_header    Host                $host;
-      proxy_set_header    X-Real-IP           $remote_addr;
-      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-      proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
+    {{#if watchtower}}
+    location = /v1/update {
+      proxy_pass      http://watchtower-service:8080;
     }
-
+    {{/if}}
     location ~ ^/(builder|app_) {
       proxy_http_version  1.1;
       proxy_set_header    Connection          $connection_upgrade;
       proxy_set_header    Upgrade             $http_upgrade;
       proxy_set_header    Host                $host;
       proxy_set_header    X-Real-IP           $remote_addr;
       proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-      proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
+      proxy_pass      http://$apps:4002;
     }
 
     location ~ ^/api/(system|admin|global)/ {
-      proxy_pass      http://worker-service.budibase.svc.cluster.local:4001;
+      proxy_pass      http://$worker:4003;
     }
 
     location /worker/ {
-      proxy_pass      http://worker-service.budibase.svc.cluster.local:4001;
+      proxy_pass      http://$worker:4003;
       rewrite ^/worker/(.*)$ /$1 break;
     }
 
     location /api/ {
       # calls to the API are rate limited with bursting
-      limit_req zone=ratelimit burst=10 nodelay;
+      limit_req zone=ratelimit burst=20 nodelay;
 
       # 120s timeout on API requests
       proxy_read_timeout 120s;
       proxy_connect_timeout 120s;
-      proxy_send_timeout 120s; 
+      proxy_send_timeout 120s;
 
       proxy_http_version  1.1;
       proxy_set_header    Connection          $connection_upgrade;
@@ -106,11 +111,11 @@ http {
       proxy_set_header    X-Real-IP           $remote_addr;
       proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
 
-      proxy_pass      http://app-service.budibase.svc.cluster.local:4002;
+      proxy_pass      http://$apps:4002;
     }
 
     location /db/ {
-      proxy_pass      http://budibase-prod-svc-couchdb:5984;
+      proxy_pass      http://$couchdb:5984;
       rewrite ^/db/(.*)$ /$1 break;
     }
 
@@ -119,12 +124,12 @@ http {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Host $http_host;
-      proxy_set_header Connection "";
-      proxy_http_version 1.1;
-      chunked_transfer_encoding off;
 
       proxy_connect_timeout 300;
-      proxy_pass      http://minio-service.budibase.svc.cluster.local:9000;
+      proxy_http_version 1.1;
+      proxy_set_header Connection "";
+      chunked_transfer_encoding off;
+      proxy_pass      http://$minio:9000;
     }
 
     client_header_timeout 60;
@@ -138,4 +143,4 @@ http {
     gzip_comp_level 6;
     gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
   }
-}
+}
diff --git a/hosting/proxy/Dockerfile b/hosting/proxy/Dockerfile
@@ -1,2 +1,2 @@
 FROM nginx:latest
-COPY nginx.conf /etc/nginx/nginx.conf
+COPY .generated-nginx.prod.conf /etc/nginx/nginx.conf
diff --git a/hosting/proxy/nginx.conf b/hosting/proxy/nginx.conf
@@ -9,7 +9,7 @@ events {
 }
 
 http {
-  limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=10r/s;
+  limit_req_zone $binary_remote_addr zone=ratelimit:10m rate=20r/s;
   include       /etc/nginx/mime.types;
   default_type  application/octet-stream;
   charset utf-8;
@@ -96,7 +96,7 @@ http {
 
     location /api/ {
       # calls to the API are rate limited with bursting
-      limit_req zone=ratelimit burst=10 nodelay;
+      limit_req zone=ratelimit burst=20 nodelay;
 
       # 120s timeout on API requests
       proxy_read_timeout 120s;

diff --git a/package.json b/package.json
@@ -44,8 +44,11 @@
     "lint:fix": "yarn run lint:fix:ts && yarn run lint:fix:prettier && yarn run lint:fix:eslint",
     "test:e2e": "lerna run cy:test",
     "test:e2e:ci": "lerna run cy:ci",
-    "build:docker": "lerna run build:docker && npm run build:docker:proxy && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh $BUDIBASE_RELEASE_VERSION && cd -",
+    "build:docker": "lerna run build:docker && npm run build:docker:proxy:compose && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh $BUDIBASE_RELEASE_VERSION && cd -",
     "build:docker:proxy": "docker build hosting/proxy -t proxy-service",
+    "build:docker:proxy:compose": "lerna run generate:proxy:compose && npm run build:docker:proxy",
+    "build:docker:proxy:preprod": "lerna run generate:proxy:preprod && npm run build:docker:proxy",
+    "build:docker:proxy:prod": "lerna run generate:proxy:prod && npm run build:docker:proxy",
     "build:docker:selfhost": "lerna run build:docker && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh latest && cd -",
     "build:docker:develop": "node scripts/pinVersions && lerna run build:docker && npm run build:docker:proxy && cd hosting/scripts/linux/ && ./release-to-docker-hub.sh develop && cd -",
     "build:docker:airgap": "node hosting/scripts/airgapped/airgappedDockerBuild",

diff --git a/packages/builder/yarn.lock b/packages/builder/yarn.lock
@@ -915,11 +915,6 @@
   resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
   integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
 
-"@budibase/colorpicker@1.1.2":
-  version "1.1.2"
-  resolved "https://registry.yarnpkg.com/@budibase/colorpicker/-/colorpicker-1.1.2.tgz#f7436924ee746d7be9b2009c2fa193e710c30f89"
-  integrity sha512-2PlZBVkATDqDC4b4Ri8Xi8X3OxhuHOGfmZwtXbZL38lNIeofaQT3Qyc1ECzEY5N+HrdGrWhY9EnliF6QM+LIuA==
-
 "@cnakazawa/watch@^1.0.3":
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/@cnakazawa/watch/-/watch-1.0.4.tgz#f864ae85004d0fcab6f50be9141c4da368d1656a"

diff --git a/packages/server/package.json b/packages/server/package.json
@@ -21,6 +21,9 @@
     "dev:stack:down": "node scripts/dev/manage.js down",
     "dev:stack:nuke": "node scripts/dev/manage.js nuke",
     "dev:builder": "yarn run dev:stack:up && nodemon",
+    "generate:proxy:compose": "node scripts/proxy/generateProxyConfig compose",
+    "generate:proxy:preprod": "node scripts/proxy/generateProxyConfig preprod",
+    "generate:proxy:prod": "node scripts/proxy/generateProxyConfig prod",
     "format": "prettier --config ../../.prettierrc.json 'src/**/*.ts' --write",
     "lint": "eslint --fix src/",
     "lint:fix": "yarn run format && yarn run lint",