statically allocate app container IPs

We removed httpPort with the assumption that docker allocated IPs and kept them as long as the container is around. This turned out to be not true because the IP changes on even container restart. So we now allocate IPs statically. The iprange makes sure we don't overlap with addons and other CI app or JupyterHub apps. https://github.com/moby/moby/issues/6743 https://github.com/moby/moby/pull/19001
2020-11-20 14:13:16 -08:00
parent 64af278f39
commit c0b0029935
13 changed files with 165 additions and 59 deletions
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -38,7 +38,6 @@ var acme2 = require('./cert/acme2.js'),
    constants = require('./constants.js'),
    crypto = require('crypto'),
    debug = require('debug')('box:reverseproxy'),
-    docker = require('./docker.js'),
    domains = require('./domains.js'),
    ejs = require('ejs'),
    eventlog = require('./eventlog.js'),
@@ -434,52 +433,48 @@ function writeAppNginxConfig(app, bundle, callback) {
    assert.strictEqual(typeof bundle, 'object');
    assert.strictEqual(typeof callback, 'function');

-    docker.getContainerIp(app.containerId, function (error, ip) {
-        if (error) return callback(error);
+    var sourceDir = path.resolve(__dirname, '..');
+    var endpoint = 'app';

-        var sourceDir = path.resolve(__dirname, '..');
-        var endpoint = 'app';
+    let robotsTxtQuoted = null, hideHeaders = [], cspQuoted = null;
+    const reverseProxyConfig = app.reverseProxyConfig || {}; // some of our code uses fake app objects
+    if (reverseProxyConfig.robotsTxt) robotsTxtQuoted = JSON.stringify(app.reverseProxyConfig.robotsTxt);
+    if (reverseProxyConfig.csp) {
+        cspQuoted = `"${app.reverseProxyConfig.csp}"`;
+        hideHeaders = [ 'Content-Security-Policy' ];
+        if (reverseProxyConfig.csp.includes('frame-ancestors ')) hideHeaders.push('X-Frame-Options');
+    }

-        let robotsTxtQuoted = null, hideHeaders = [], cspQuoted = null;
-        const reverseProxyConfig = app.reverseProxyConfig || {}; // some of our code uses fake app objects
-        if (reverseProxyConfig.robotsTxt) robotsTxtQuoted = JSON.stringify(app.reverseProxyConfig.robotsTxt);
-        if (reverseProxyConfig.csp) {
-            cspQuoted = `"${app.reverseProxyConfig.csp}"`;
-            hideHeaders = [ 'Content-Security-Policy' ];
-            if (reverseProxyConfig.csp.includes('frame-ancestors ')) hideHeaders.push('X-Frame-Options');
-        }
+    var data = {
+        sourceDir: sourceDir,
+        adminOrigin: settings.adminOrigin(),
+        vhost: app.fqdn,
+        hasIPv6: sysinfo.hasIPv6(),
+        ip: app.containerIp,
+        port: app.manifest.httpPort,
+        endpoint: endpoint,
+        certFilePath: bundle.certFilePath,
+        keyFilePath: bundle.keyFilePath,
+        robotsTxtQuoted,
+        cspQuoted,
+        hideHeaders,
+        proxyAuth: {
+            enabled: app.sso && app.manifest.addons && app.manifest.addons.proxyAuth,
+            id: app.id
+        },
+        httpPaths: app.manifest.httpPaths || {}
+    };
+    var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);

-        var data = {
-            sourceDir: sourceDir,
-            adminOrigin: settings.adminOrigin(),
-            vhost: app.fqdn,
-            hasIPv6: sysinfo.hasIPv6(),
-            ip,
-            port: app.manifest.httpPort,
-            endpoint: endpoint,
-            certFilePath: bundle.certFilePath,
-            keyFilePath: bundle.keyFilePath,
-            robotsTxtQuoted,
-            cspQuoted,
-            hideHeaders,
-            proxyAuth: {
-                enabled: app.sso && app.manifest.addons && app.manifest.addons.proxyAuth,
-                id: app.id
-            },
-            httpPaths: app.manifest.httpPaths || {}
-        };
-        var nginxConf = ejs.render(NGINX_APPCONFIG_EJS, data);
+    var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf');
+    debug('writeAppNginxConfig: writing config for "%s" to %s with options %j', app.fqdn, nginxConfigFilename, data);

-        var nginxConfigFilename = path.join(paths.NGINX_APPCONFIG_DIR, app.id + '.conf');
-        debug('writeAppNginxConfig: writing config for "%s" to %s with options %j', app.fqdn, nginxConfigFilename, data);
+    if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
+        debug('Error creating nginx config for "%s" : %s', app.fqdn, safe.error.message);
+        return callback(new BoxError(BoxError.FS_ERROR, safe.error));
+    }

-        if (!safe.fs.writeFileSync(nginxConfigFilename, nginxConf)) {
-            debug('Error creating nginx config for "%s" : %s', app.fqdn, safe.error.message);
-            return callback(new BoxError(BoxError.FS_ERROR, safe.error));
-        }
-
-        reload(callback);
-    });
+    reload(callback);
 }

 function writeAppRedirectNginxConfig(app, fqdn, bundle, callback) {