From 54b5a3a8670e73e49e621062e266446029c75566 Mon Sep 17 00:00:00 2001 From: Hauke Hund Date: Mon, 7 Oct 2024 17:16:09 +0200 Subject: [PATCH 1/4] nginx config cleanup and version upgrade --- .../docker-compose.yml | 2 +- .../proxy/conf.d/default.conf | 46 ------------------- .../proxy/nginx.conf | 21 +-------- 3 files changed, 2 insertions(+), 67 deletions(-) delete mode 100644 dsf-docker-test-setup-3dic-ttp/proxy/conf.d/default.conf diff --git a/dsf-docker-test-setup-3dic-ttp/docker-compose.yml b/dsf-docker-test-setup-3dic-ttp/docker-compose.yml index 3fd3bd014..440701125 100644 --- a/dsf-docker-test-setup-3dic-ttp/docker-compose.yml +++ b/dsf-docker-test-setup-3dic-ttp/docker-compose.yml @@ -1,7 +1,7 @@ version: '3.8' services: proxy: - image: nginx:1.23 + image: nginx:1.27 restart: "no" ports: - 127.0.0.1:443:443 diff --git a/dsf-docker-test-setup-3dic-ttp/proxy/conf.d/default.conf b/dsf-docker-test-setup-3dic-ttp/proxy/conf.d/default.conf deleted file mode 100644 index b460be080..000000000 --- a/dsf-docker-test-setup-3dic-ttp/proxy/conf.d/default.conf +++ /dev/null @@ -1,46 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} - diff --git a/dsf-docker-test-setup-3dic-ttp/proxy/nginx.conf b/dsf-docker-test-setup-3dic-ttp/proxy/nginx.conf index 04ee80c96..d9aece023 100644 --- a/dsf-docker-test-setup-3dic-ttp/proxy/nginx.conf +++ b/dsf-docker-test-setup-3dic-ttp/proxy/nginx.conf @@ -1,16 +1,6 @@ - -user nginx; -worker_processes 1; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - events { - worker_connections 1024; } - http { include /etc/nginx/mime.types; default_type application/octet-stream; @@ -19,15 +9,6 @@ http { '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - ssl_certificate /run/secrets/proxy_certificate_and_int_cas.pem; ssl_certificate_key /run/secrets/proxy_certificate_private_key.pem; ssl_protocols TLSv1.2 TLSv1.3; @@ -45,4 +26,4 @@ http { } include /etc/nginx/conf.d/*.conf; -} +} \ No newline at end of file From b2072d82f485ffb13dd619318c2cce82c1bcde06 Mon Sep 17 00:00:00 2001 From: Hauke Hund Date: Mon, 7 Oct 2024 17:20:03 +0200 Subject: [PATCH 2/4] forward proxy image and service, proxy configured for dic1-bpe keycloak excluded from forward proxy, works with fix from PR #234 --- .../docker-compose.yml | 16 ++++++++++++++++ .../forward-proxy/Dockerfile | 4 ++++ .../forward-proxy/tinyproxy.conf | 6 ++++++ 3 files changed, 26 insertions(+) create mode 100644 dsf-docker-test-setup-3dic-ttp/forward-proxy/Dockerfile create mode 100644 dsf-docker-test-setup-3dic-ttp/forward-proxy/tinyproxy.conf diff --git a/dsf-docker-test-setup-3dic-ttp/docker-compose.yml b/dsf-docker-test-setup-3dic-ttp/docker-compose.yml index 440701125..5895c6bd5 100644 --- a/dsf-docker-test-setup-3dic-ttp/docker-compose.yml +++ b/dsf-docker-test-setup-3dic-ttp/docker-compose.yml @@ -106,6 +106,15 @@ services: --spi-truststore-file-password=password --spi-truststore-file-hostname-verification-policy=STRICT + forward-proxy: + build: ./forward-proxy + restart: "no" + environment: + TZ: Europe/Berlin + networks: + forward-proxy: + internet: + dic1-fhir: build: ../dsf-fhir/dsf-fhir-server-jetty/docker image: datasharingframework/fhir @@ -518,15 +527,21 @@ services: DEV_DSF_SERVER_AUTH_OIDC_PROVIDER_CLIENT_TRUST_SERVER_CERTIFICATE_CAS: /run/secrets/app_server_trust_certificates.pem DEV_DSF_SERVER_AUTH_OIDC_CLIENT_ID: dic1-bpe DEV_DSF_SERVER_AUTH_OIDC_CLIENT_SECRET: ytqFCErw9GfhVUrrM8xc0Grbu4r7qGig + DEV_DSF_PROXY_URL: http://forward-proxy:8080 + DEV_DSF_PROXY_USERNAME: proxy_user + DEV_DSF_PROXY_PASSWORD: proxy_password + DEV_DSF_PROXY_NOPROXY: keycloak networks: dic1-bpe-frontend: ipv4_address: 172.20.0.35 dic1-bpe-backend: internet: + forward-proxy: depends_on: - db - dic1-fhir - keycloak + - forward-proxy dic2-bpe: build: ../dsf-bpe/dsf-bpe-server-jetty/docker @@ -944,6 +959,7 @@ networks: - subnet: 172.20.0.56/29 ttp-bpe-backend: internet: + forward-proxy: volumes: db-data: diff --git a/dsf-docker-test-setup-3dic-ttp/forward-proxy/Dockerfile b/dsf-docker-test-setup-3dic-ttp/forward-proxy/Dockerfile new file mode 100644 index 000000000..bd4f3af20 --- /dev/null +++ b/dsf-docker-test-setup-3dic-ttp/forward-proxy/Dockerfile @@ -0,0 +1,4 @@ +FROM alpine:3.20 +RUN apk add --no-cache tinyproxy +COPY tinyproxy.conf /etc/tinyproxy/tinyproxy.conf +CMD ["tinyproxy", "-d"] \ No newline at end of file diff --git a/dsf-docker-test-setup-3dic-ttp/forward-proxy/tinyproxy.conf b/dsf-docker-test-setup-3dic-ttp/forward-proxy/tinyproxy.conf new file mode 100644 index 000000000..e08799ca1 --- /dev/null +++ b/dsf-docker-test-setup-3dic-ttp/forward-proxy/tinyproxy.conf @@ -0,0 +1,6 @@ +User tinyproxy +Group tinyproxy +Port 8080 +Timeout 100 +LogLevel Connect +BasicAuth proxy_user proxy_password \ No newline at end of file From ef240cb6c542d79d602c368b0e50f948231d4bc5 Mon Sep 17 00:00:00 2001 From: Hauke Hund Date: Mon, 7 Oct 2024 17:30:49 +0200 Subject: [PATCH 3/4] code cleanup --- .../main/java/dev/dsf/bpe/subscription/FhirConnectorImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/subscription/FhirConnectorImpl.java b/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/subscription/FhirConnectorImpl.java index d53a85f7d..c61265a20 100644 --- a/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/subscription/FhirConnectorImpl.java +++ b/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/subscription/FhirConnectorImpl.java @@ -228,7 +228,7 @@ private void connectWebsocket(Subscription subscription) { try { - WebsocketClient client = clientProvider.getLocalWebsocketClient(() -> connect(), + WebsocketClient client = clientProvider.getLocalWebsocketClient(this::connect, subscription.getIdElement().getIdPart()); EventType eventType = toEventType(subscription.getChannel().getPayload()); @@ -260,7 +260,7 @@ private Void onError(Throwable t) { // no debug log, exception previously logged by retrieveWebsocketSubscription, loadNewResources and // connectWebsocket methods - logger.error("Error while loading existing {} resources and connecting websocket: {} - {}", resourceName, + logger.error("Error loading existing {} resources and connecting websocket: {} - {}", resourceName, t.getClass().getName(), t.getMessage()); return null; From 5ee060bf5eaf781077068ba5bb8537b55762f7a8 Mon Sep 17 00:00:00 2001 From: Hauke Hund Date: Mon, 7 Oct 2024 17:36:13 +0200 Subject: [PATCH 4/4] enables reconnect including REST GET for abnormally closed websockets Enables the use of the re-connector code for abnormally closed websocket connections. The (re-)connector searches for Subscription resources, downloads existing Task and QuestionnaireResponse resources before establishing the Task and QuestionnaireResponse websocket connections. Fixes #233 --- .../src/main/java/dev/dsf/fhir/client/ClientEndpoint.java | 4 +++- .../main/java/dev/dsf/fhir/client/WebsocketClientTyrus.java | 6 ++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/dsf-fhir/dsf-fhir-websocket-client/src/main/java/dev/dsf/fhir/client/ClientEndpoint.java b/dsf-fhir/dsf-fhir-websocket-client/src/main/java/dev/dsf/fhir/client/ClientEndpoint.java index 9283afe33..842548613 100755 --- a/dsf-fhir/dsf-fhir-websocket-client/src/main/java/dev/dsf/fhir/client/ClientEndpoint.java +++ b/dsf-fhir/dsf-fhir-websocket-client/src/main/java/dev/dsf/fhir/client/ClientEndpoint.java @@ -1,5 +1,6 @@ package dev.dsf.fhir.client; +import java.util.EnumSet; import java.util.function.Consumer; import java.util.function.Supplier; @@ -80,7 +81,8 @@ public void onClose(Session session, CloseReason closeReason) logger.warn("Websocket closed, session {}: {} - {}", session.getId(), closeReason.getCloseCode().getCode(), closeReason.getReasonPhrase()); - if (CloseReason.CloseCodes.CANNOT_ACCEPT.equals(closeReason.getCloseCode())) + if (EnumSet.of(CloseReason.CloseCodes.CANNOT_ACCEPT, CloseReason.CloseCodes.CLOSED_ABNORMALLY) + .contains(closeReason.getCloseCode())) { logger.info("Trying to reconnect websocket"); reconnector.run(); diff --git a/dsf-fhir/dsf-fhir-websocket-client/src/main/java/dev/dsf/fhir/client/WebsocketClientTyrus.java b/dsf-fhir/dsf-fhir-websocket-client/src/main/java/dev/dsf/fhir/client/WebsocketClientTyrus.java index 04165f981..40fe3f13f 100755 --- a/dsf-fhir/dsf-fhir-websocket-client/src/main/java/dev/dsf/fhir/client/WebsocketClientTyrus.java +++ b/dsf-fhir/dsf-fhir-websocket-client/src/main/java/dev/dsf/fhir/client/WebsocketClientTyrus.java @@ -90,8 +90,8 @@ public boolean onDisconnect(CloseReason closeReason) private final String userAgentValue; private final ClientEndpoint endpoint; - private ClientManager manager; - private Session connection; + private volatile ClientManager manager; + private volatile Session connection; private volatile boolean closed; public WebsocketClientTyrus(Runnable reconnector, URI wsUri, KeyStore trustStore, KeyStore keyStore, @@ -131,6 +131,8 @@ public void connect() if (manager != null) throw new IllegalStateException("Allready connecting/connected"); + closed = false; + manager = ClientManager.createClient(); manager.getProperties().put(ClientProperties.RECONNECT_HANDLER, reconnectHandler); manager.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR, new SslEngineConfigurator(sslContext));