chore: provide custom https server

Canner · Jul 14, 2024 · 46f317f · 46f317f
1 parent 8911ae5
commit 46f317f
Show file tree

Hide file tree

Showing 5 changed files with 159 additions and 5 deletions.
diff --git a/docker/docker-compose-dev.yaml b/docker/docker-compose-dev.yaml
@@ -10,7 +10,6 @@ networks:
 services:
   bootstrap:
     image: ghcr.io/canner/wren-bootstrap:${WREN_BOOTSTRAP_VERSION}
-    pull_policy: always
     platform: ${PLATFORM}
     environment:
       DATA_PATH: /app/data
@@ -22,7 +21,6 @@ services:
 
   wren-engine:
     image: ghcr.io/canner/wren-engine:${WREN_ENGINE_VERSION}
-    pull_policy: always
     platform: ${PLATFORM}
     expose:
       - ${WREN_ENGINE_SQL_PORT}
@@ -37,8 +35,8 @@ services:
 
   wren-ai-service:
     image: ghcr.io/canner/wren-ai-service:${WREN_AI_SERVICE_VERSION}
-    pull_policy: always
     platform: ${PLATFORM}
+    pull_policy: never
     ports:
       - ${AI_SERVICE_FORWARD_PORT}:${WREN_AI_SERVICE_PORT}
     environment:
@@ -53,6 +51,7 @@ services:
       # sometimes the console won't show print messages,
       # using PYTHONUNBUFFERED: 1 can fix this
       PYTHONUNBUFFERED: 1
+    command: [ "/app/entrypoint.sh" ]
     networks:
       - wren
     depends_on:
@@ -61,7 +60,6 @@ services:
 
   ibis-server:
     image: ghcr.io/canner/wren-engine-ibis:${IBIS_SERVER_VERSION}
-    pull_policy: always
     platform: ${PLATFORM}
     expose:
       - 8000
@@ -75,7 +73,6 @@ services:
 
   qdrant:
     image: qdrant/qdrant:v1.7.4
-    pull_policy: always
     ports:
       - 6333:6333
       - 6334:6334

diff --git a/wren-ai-service/src/force_deploy.py b/wren-ai-service/src/force_deploy.py
@@ -14,6 +14,7 @@ async def force_deploy():
     async with aiohttp.ClientSession() as session:
         async with session.post(
             f"{os.getenv("WREN_UI_ENDPOINT", "http://wren-ui:3000")}/api/graphql",
+            ssl=False,
             json={
                 "query": "mutation Deploy($force: Boolean) { deploy(force: $force) }",
                 "variables": {"force": True},

diff --git a/wren-ai-service/src/providers/engine/wren.py b/wren-ai-service/src/providers/engine/wren.py
@@ -24,6 +24,7 @@ async def dry_run_sql(
     ) -> Tuple[bool, Optional[Dict[str, Any]]]:
         async with session.post(
             f"{self._endpoint}/api/graphql",
+            ssl=False,
             json={
                 "query": "mutation PreviewSql($data: PreviewSQLDataInput) { previewSql(data: $data) }",
                 "variables": {

diff --git a/wren-ui/scripts/mkcert.js b/wren-ui/scripts/mkcert.js
@@ -0,0 +1,117 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+const { exec, execSync } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+const https = require('https');
+
+function getBinaryName() {
+  const platform = process.platform;
+  const arch = process.arch === 'x64' ? 'amd64' : process.arch;
+  if (platform === 'win32') {
+    return `mkcert-${mkcertVersion}-windows-${arch}.exe`;
+  }
+  if (platform === 'darwin') {
+    return `mkcert-${mkcertVersion}-darwin-${arch}`;
+  }
+  if (platform === 'linux') {
+    return `mkcert-${mkcertVersion}-linux-${arch}`;
+  }
+  throw new Error(`Unsupported platform: ${platform}`);
+}
+
+// 定義下載URL
+const mkcertVersion = 'v1.4.4';
+const mkcertUrl = `https://github.com/FiloSottile/mkcert/releases/latest/download/${mkcertVersion}/${getBinaryName()}`;
+const mkcertFileName = 'mkcert';
+
+// 定義mkcert和證書保存的目錄
+const mkcertDir = path.join(__dirname, '../mkcert');
+const certDir = path.join(__dirname, '../certificates');
+const mkcertPath = path.join(mkcertDir, mkcertFileName);
+
+console.log('mkcertUrl', mkcertUrl);
+console.log('certDir', certDir);
+console.log('mkcertPath', mkcertPath);
+
+const createSelfSignedCertificate = new Promise((resolve, reject) => {
+  // 確保目錄存在
+  if (!fs.existsSync(mkcertDir)) {
+    fs.mkdirSync(mkcertDir);
+  }
+  if (!fs.existsSync(certDir)) {
+    fs.mkdirSync(certDir);
+  }
+
+  // 下載mkcert
+  const downloadMkcert = (url, dest, cb) => {
+    const file = fs.createWriteStream(dest);
+    https
+      .get(url, (response) => {
+        response.pipe(file);
+        file.on('finish', () => {
+          file.close(cb);
+        });
+      })
+      .on('error', (err) => {
+        fs.unlink(dest);
+        if (cb) cb(err.message);
+      });
+  };
+
+  // 設定可執行權限 (僅適用於類Unix系統)
+  const setExecutable = (filePath) => {
+    if (process.platform !== 'win32') {
+      execSync(`chmod +x ${filePath}`);
+    }
+  };
+
+  // 生成證書的命令
+  const mkcertCheckCommand = `${mkcertPath} -version`;
+  const mkcertCommand = `${mkcertPath} -install && ${mkcertPath} -cert-file ${certDir}/localhost.pem -key-file ${certDir}/localhost-key.pem localhost 127.0.0.1 ::1`;
+
+  // 下載並執行mkcert
+  downloadMkcert(mkcertUrl, mkcertPath, (downloadError) => {
+    if (downloadError) {
+      console.error(`下載mkcert出錯: ${downloadError}`);
+      return;
+    }
+    console.log('mkcert下載完成。');
+
+    setExecutable(mkcertPath);
+
+    exec(mkcertCheckCommand, (checkError, checkStdout, checkStderr) => {
+      if (checkError) {
+        console.error(`執行mkcert命令出錯: ${checkError}`);
+        reject();
+        return;
+      }
+      if (checkStderr) {
+        console.error(`mkcert stderr: ${checkStderr}`);
+        reject();
+        return;
+      }
+      console.log(`check mkcert stdout: ${checkStdout}`);
+    });
+
+    // 執行mkcert命令來生成證書
+    exec(mkcertCommand, (mkcertError, mkcertStdout, mkcertStderr) => {
+      if (mkcertError) {
+        console.error(`執行mkcert命令出錯: ${mkcertError}`);
+        reject();
+        return;
+      }
+      if (mkcertStderr) {
+        console.error(`mkcert stderr: ${mkcertStderr}`);
+        reject();
+        return;
+      }
+      console.log(`mkcert stdout: ${mkcertStdout}`);
+      console.log('證書已成功生成並保存在certificates目錄中。');
+      resolve();
+    });
+  });
+});
+
+module.exports = {
+  createSelfSignedCertificate,
+};
diff --git a/wren-ui/scripts/server.https.js b/wren-ui/scripts/server.https.js
@@ -0,0 +1,38 @@
+/* eslint-disable @typescript-eslint/no-var-requires */
+const { createServer } = require('https');
+const fs = require('fs');
+const mkcert = require('./mkcert');
+const { parse } = require('url');
+const path = require('path');
+const next = require('next');
+
+const currentPort = parseInt(process.env.PORT, 10) || 3000;
+const hostname = process.env.HOSTNAME || '0.0.0.0';
+
+const certPath = path.join(__dirname, '../certificates/localhost.pem');
+const keyPath = path.join(__dirname, '../certificates/localhost-key.pem');
+
+const app = next({
+  dev: false,
+  hostname,
+  port: currentPort,
+});
+
+const handle = app.getRequestHandler();
+app.prepare().then(async () => {
+  if (!fs.existsSync(certPath)) {
+    await mkcert.createSelfSignedCertificate();
+  }
+
+  const httpsOptions = {
+    key: fs.readFileSync(keyPath),
+    cert: fs.readFileSync(certPath),
+  };
+
+  createServer(httpsOptions, async (req, res) => {
+    const parsedUrl = parse(req.url, true);
+    handle(req, res, parsedUrl);
+  }).listen(currentPort, async () => {
+    console.log(`> Ready on https://${hostname}:${currentPort}`);
+  });
+});