chore: Switch to vanilla Caddy, when rate limiting is disabled

[pratapaprasanna]

Depends-on: 33591
Fixes: #31997

[coderabbitai]

Walkthrough

Walkthrough

The changes primarily focus on refining the configuration and setup processes for the Caddy server within the Appsmith deployment scripts. Key updates include handling the RATE_LIMIT environment variable more dynamically, introducing a setup_caddy() function, and modifying script calls to use environment variables. Additionally, a CI test script was updated to reflect these changes in environment variable handling.

Changes

File Path	Change Summary
.../caddy-reconfigure.mjs .../entrypoint.sh	Enhanced handling of the RATE_LIMIT environment variable in caddy-reconfigure.mjs and added setup_caddy() function in entrypoint.sh.
.../run-caddy.sh	Replaced direct calls to /opt/caddy/caddy with $_APPSMITH_CADDY for managing Caddy operations.
.github/workflows/ci-test-custom-script.yml	Updated the environment variable from _APPSMITH_RATE_LIMIT to APPSMITH_RATE_LIMIT for CI tests.

---

Recent Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between a6aaa0e and 6b66526.

Files selected for processing (1)

• deploy/docker/fs/opt/appsmith/entrypoint.sh (2 hunks)

Additional Context Used

ShellCheck (8)

deploy/docker/fs/opt/appsmith/entrypoint.sh (8)

[warning] 57-57: Declare and assign separately to avoid masking return values.

---

[warning] 61-61: Declare and assign separately to avoid masking return values.

---

[warning] 65-65: Declare and assign separately to avoid masking return values.

---

[warning] 69-69: Declare and assign separately to avoid masking return values.

---

[warning] 79-79: ShellCheck can't follow non-constant source. Use a directive to specify location.

---

[info] 80-80: Not following: ./pre-define.env was not specified as input (see shellcheck -x).

---

[style] 136-136: Use -n instead of ! -z.

---

[info] 471-471: Double quote to prevent globbing and word splitting.

Additional comments not posted (1)

deploy/docker/fs/opt/appsmith/entrypoint.sh (1)

464-464: Quote the command to prevent globbing and word splitting.

-  "$_APPSMITH_CADDY" start --config "$TMP/Caddyfile"
+  "${_APPSMITH_CADDY}" start --config "$TMP/Caddyfile"

This modification ensures that the command is properly quoted, which is crucial for preventing errors in paths that might contain spaces or special characters.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

Out of diff range and nitpick comments (2)

deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs (1)

Line range hint 266-284: Ensure proper error handling when writing to the Caddyfile.

try {
  fs.mkdirSync(dirname(CaddyfilePath), { recursive: true });
  fs.writeFileSync(CaddyfilePath, parts.join("\n"));
  spawnSync("/opt/caddy/caddy", ["fmt", "--overwrite", CaddyfilePath]);
  spawnSync("/opt/caddy/caddy", ["reload", "--config", CaddyfilePath]);
} catch (error) {
  console.error("Error configuring Caddy:", error);
}

deploy/docker/fs/opt/appsmith/entrypoint.sh (1)

Line range hint 136-136: Use -n instead of ! -z for better readability.

if [[ -n ${maximum_heap} ]]; then
  export APPSMITH_JAVA_HEAP_ARG="-Xmx${maximum_heap}m"
fi

[coderabbitai]

Avoid masking return values by separating declaration and assignment.

RUN set -o xtrace \
  && mkdir -p /opt/basecaddy \
-  && version="$(curl --write-out '%{redirect_url}' 'https://github.com/caddyserver/caddy/releases/latest' | sed 's,.*/v,,')" \
+  && curl --write-out '%{redirect_url}' 'https://github.com/caddyserver/caddy/releases/latest' | sed 's,.*/v,,') \
+  && version="${version}" \
  && curl --location "https://github.com/caddyserver/caddy/releases/download/v$version/caddy_${version}_linux_$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/').tar.gz" \
  | tar -xz -C /opt/basecaddy

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	RUN set -o xtrace \
	&& mkdir -p /opt/basecaddy \
	&& version="$(curl --write-out '%{redirect_url}' 'https://github.com/caddyserver/caddy/releases/latest' | sed 's,.*/v,,')" \
	&& curl --location "https://github.com/caddyserver/caddy/releases/download/v$version/caddy_${version}_linux_$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/').tar.gz" \
	| tar -xz -C /opt/basecaddy
	RUN set -o xtrace \
	&& mkdir -p /opt/basecaddy \
	&& curl --write-out '%{redirect_url}' 'https://github.com/caddyserver/caddy/releases/latest' | sed 's,.*/v,,') \
	&& version="${version}" \
	&& curl --location "https://github.com/caddyserver/caddy/releases/download/v$version/caddy_${version}_linux_$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/').tar.gz" \
	| tar -xz -C /opt/basecaddy

[coderabbitai]

Use const or let instead of var for block-scoped variables.

const RATE_LIMIT_ENV = (process.env._APPSMITH_RATE_LIMIT);

if (RATE_LIMIT_ENV == "disabled") {
-  var RATE_LIMIT = undefined;
+  let RATE_LIMIT = undefined;
} else {
  // Rate limit, numeric value defining the requests-per-second allowed.
-  var RATE_LIMIT = parseInt(process.env._APPSMITH_RATE_LIMIT || 100, 10);
+  let RATE_LIMIT = parseInt(process.env._APPSMITH_RATE_LIMIT || 100, 10);
}

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	const RATE_LIMIT_ENV = (process.env._APPSMITH_RATE_LIMIT)
	if (RATE_LIMIT_ENV == "disabled") {
	var RATE_LIMIT = undefined
	}
	else {
	// Rate limit, numeric value defining the requests-per-second allowed.
	var RATE_LIMIT = parseInt(process.env._APPSMITH_RATE_LIMIT || 100, 10)
	}
	const RATE_LIMIT_ENV = (process.env._APPSMITH_RATE_LIMIT);
	if (RATE_LIMIT_ENV == "disabled") {
	let RATE_LIMIT = undefined;
	} else {
	// Rate limit, numeric value defining the requests-per-second allowed.
	let RATE_LIMIT = parseInt(process.env._APPSMITH_RATE_LIMIT || 100, 10);
	}

[coderabbitai]

Consider refactoring the repeated Caddyfile configuration blocks to avoid duplication.

if (RATE_LIMIT == undefined) {
  parts.push(`
  {
    debug
    admin 127.0.0.1:2019
    persist_config off
    acme_ca_root /etc/ssl/certs/ca-certificates.crt
    servers {
      trusted_proxies static 0.0.0.0/0
    }
  }
  ...
  `);
} else {
  parts.push(`
  {
    debug
    admin 127.0.0.1:2019
    persist_config off
    acme_ca_root /etc/ssl/certs/ca-certificates.crt
    servers {
      trusted_proxies static 0.0.0.0/0
    }
    order rate_limit before basicauth
  }
  ...
  `);
}

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	if (RATE_LIMIT == undefined ) {
	parts.push(`
	{
	debug
	admin 127.0.0.1:2019
	persist_config off
	acme_ca_root /etc/ssl/certs/ca-certificates.crt
	servers {
	trusted_proxies static 0.0.0.0/0
	}
	}
	(file_server) {
	file_server {
	precompressed br gzip
	disable_canonical_uris
	}
	}
	(reverse_proxy) {
	reverse_proxy {
	to 127.0.0.1:{args[0]}
	header_up -Forwarded
	header_up X-Appsmith-Request-Id {http.request.uuid}
	}
	}
	(all-config) {
	log {
	output stdout
	}
	skip_log /api/v1/health
	# The internal request ID header should never be accepted from an incoming request.
	request_header -X-Appsmith-Request-Id
	# Ref: https://stackoverflow.com/a/38191078/151048
	# We're only accepting v4 UUIDs today, in order to not make it too lax unless needed.
	@valid-request-id expression {header.X-Request-Id}.matches("(?i)^[0-9A-F]{8}-[0-9A-F]{4}-[4][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$")
	header @valid-request-id X-Request-Id {header.X-Request-Id}
	@invalid-request-id expression !{header.X-Request-Id}.matches("(?i)^[0-9A-F]{8}-[0-9A-F]{4}-[4][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$")
	header @invalid-request-id X-Request-Id invalid_request_id
	request_header @invalid-request-id X-Request-Id invalid_request_id
	header {
	-Server
	Content-Security-Policy "frame-ancestors ${frameAncestorsPolicy}"
	X-Content-Type-Options "nosniff"
	X-Appsmith-Request-Id {http.request.uuid}
	}
	request_body {
	max_size ${process.env.APPSMITH_CODEC_SIZE || 150}MB
	}
	handle {
	root * {$WWW_PATH}
	try_files /loading.html /index.html
	import file_server
	}
	root * /opt/appsmith/editor
	@file file
	handle @file {
	import file_server
	skip_log
	}
	handle /static/* {
	error 404
	}
	handle /info {
	root * /opt/appsmith
	rewrite * /info.json
	import file_server
	}
	@backend path /api/* /oauth2/* /login/*
	handle @backend {
	import reverse_proxy 8080
	}
	handle /rts/* {
	import reverse_proxy 8091
	}
	redir /supervisor /supervisor/
	handle_path /supervisor/* {
	import reverse_proxy 9001
	}
	handle_errors {
	respond "{err.status_code} {err.status_text}" {err.status_code}
	header -Server
	}
	}
	# We bind to http on 80, so that localhost requests don't get redirected to https.
	:80 {
	import all-config
	}
	`)
	if (RATE_LIMIT == undefined) {
	parts.push(`
	{
	debug
	admin 127.0.0.1:2019
	persist_config off
	acme_ca_root /etc/ssl/certs/ca-certificates.crt
	servers {
	trusted_proxies static 0.0.0.0/0
	}
	...
	`);
	} else {
	parts.push(`
	{
	debug
	admin 127.0.0.1:2019
	persist_config off
	acme_ca_root /etc/ssl/certs/ca-certificates.crt
	servers {
	trusted_proxies static 0.0.0.0/0
	}
	order rate_limit before basicauth
	...
	`);
	}

[coderabbitai]

Double quote to prevent globbing and word splitting.

setup_caddy() {
  if [[ "$_APPSMITH_RATE_LIMIT" == "disabled" ]]; then
    echo "rate limiting is disabled"
    mv /opt/basecaddy/caddy /opt/caddy/caddy
  fi
}

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	setup_caddy() {
	if [[ $_APPSMITH_RATE_LIMIT == "disabled" ]]; then
	echo "rate limiting is disabled"
	mv /opt/basecaddy/caddy /opt/caddy/caddy
	fi
	}
	setup_caddy() {
	if [[ "$_APPSMITH_RATE_LIMIT" == "disabled" ]]; then
	echo "rate limiting is disabled"
	mv /opt/basecaddy/caddy /opt/caddy/caddy
	fi
	}

[sharat87]

We need to reverse the boolean check we added in the reconfigure script, it's inverted currently. Rest are minor recommended fixes and we should be ready to merge.

[sharat87]

Small nitpick, let's not lose the final newline. A final newline character at the end of files is usually recommended since some old tools have problem dealing with files that don't have a final newline character.

Ref:

• https://stackoverflow.com/questions/729692
• https://unix.stackexchange.com/questions/18743

[pratapaprasanna]

It is because of the vi editor I use I guess. I dont do that deliberately Let me take care going forward

[sharat87]

Suggested change

	$_APPSMITH_CADDY stop --config "$TMP/Caddyfile" || true
	"$_APPSMITH_CADDY" stop --config "$TMP/Caddyfile" || true

[sharat87]

Let's not remove the final newline.

Suggested change

	}
	}

[sharat87]

Looks like I've unfortunately applied this condition in reverse. It's named isRateLimitingDisabled, but is actually used in later code like it's isRateLimitingEnabled. Let's rename it and change === to !==.

[sharat87]

Suggested change

	$_APPSMITH_CADDY start --config "$TMP/Caddyfile"
	"$_APPSMITH_CADDY" start --config "$TMP/Caddyfile"

[coderabbitai]

Actionable comments posted: 2

[coderabbitai]

Quote the variable to prevent globbing and word splitting.

-  if [[ "$APPSMITH_RATE_LIMIT" == "disabled" ]]; then
+  if [[ "${APPSMITH_RATE_LIMIT}" == "disabled" ]]; then

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	if [[ "$APPSMITH_RATE_LIMIT" == "disabled" ]]; then
	if [[ "${APPSMITH_RATE_LIMIT}" == "disabled" ]]; then

[coderabbitai]

Quote the command to prevent globbing and word splitting.

-  "$_APPSMITH_CADDY" start --config "$TMP/Caddyfile"
+  "${_APPSMITH_CADDY}" start --config "$TMP/Caddyfile"

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	"$_APPSMITH_CADDY" start --config "$TMP/Caddyfile"
	"${_APPSMITH_CADDY}" start --config "$TMP/Caddyfile"

[sharat87]

Line 190 and 191 are still using hard-coded Caddy. Can we change them to use the env variable please?

Can we also test with if the container built with changes in this PR, starts when all Docker capabilities are dropped please?

[pratapaprasanna]

Yea my bad. Sorry

[sharat87]

Looks good. Do you want to merge just the base.dockerfile first, let the base image be built, and then merge the rest of it? If yes, let me know and I'll pick just that file's changes and push to release.

[sharat87]

@pratapaprasanna, also, can we ensure the "Semantic PR" check passes on PRs please? It checks that PR titles should start with feat: or fix: or chore: or test: or ci:. Having this correct helps us generate our release notes correctly. Like, entries with chore: or test: or ci: will be automatically removed from release notes. So if we don't want our PR to show up for users reading release notes, we use one of those that's most appropriate.

I'm fixing the title for this PR, please feel free to change if you disagree. Thanks!

[coderabbitai]

Actionable comments posted: 2

[coderabbitai]

Ensure setup_caddy is called before init_loading_pages to properly configure Caddy before starting it.

setup_caddy
init_loading_pages
print_appsmith_info
unset_unused_variables

This sequence ensures that the Caddy server is configured before any pages are loaded, which is crucial for proper application behavior.

[coderabbitai]

Ensure consistent environment variable naming.

-  if [[ "$APPSMITH_RATE_LIMIT" == "disabled" ]]; then
+  if [[ "${APPSMITH_RATE_LIMIT}" == "disabled" ]]; then

This change ensures that the variable is properly quoted to prevent globbing and word splitting, aligning with best practices in shell scripting.

---

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	setup_caddy() {
	if [[ "$APPSMITH_RATE_LIMIT" == "disabled" ]]; then
	export _APPSMITH_CADDY="/opt/caddy/caddy_vanilla"
	else
	export _APPSMITH_CADDY="/opt/caddy/caddy"
	fi
	}
	setup_caddy() {
	if [[ "${APPSMITH_RATE_LIMIT}" == "disabled" ]]; then
	export _APPSMITH_CADDY="/opt/caddy/caddy_vanilla"
	else
	export _APPSMITH_CADDY="/opt/caddy/caddy"
	fi
	}