From 7df27e8a879d82d96e97304a71b4b77775825a12 Mon Sep 17 00:00:00 2001 From: Zhijie He Date: Mon, 30 Sep 2024 20:38:22 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7=20build:=20enhance=20Self-host=20C?= =?UTF-8?q?A=20usage=20&=20remove=20TLS=20detection=20(#4223)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 👷 build: enhance TLS cert checking & Self-host CA usage * 👷 build: add Wenxin ENV * 🔨 chore: handle timeout * Update startServer.js * 👷 build: remove TLS detection --- Dockerfile | 7 ++- Dockerfile.database | 7 ++- scripts/serverLauncher/startServer.js | 91 +++------------------------ 3 files changed, 20 insertions(+), 85 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2a9b15210886..6b0c7894f2f7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -114,8 +114,9 @@ COPY --from=app / / ENV NODE_ENV="production" \ NODE_OPTIONS="--use-openssl-ca" \ - NODE_EXTRA_CA_CERTS="/etc/ssl/certs/ca-certificates.crt" \ - NODE_TLS_REJECT_UNAUTHORIZED="" + NODE_EXTRA_CA_CERTS="" \ + NODE_TLS_REJECT_UNAUTHORIZED="" \ + SSL_CERT_DIR="/etc/ssl/certs/ca-certificates.crt" # set hostname to localhost ENV HOSTNAME="0.0.0.0" \ @@ -185,6 +186,8 @@ ENV \ TOGETHERAI_API_KEY="" TOGETHERAI_MODEL_LIST="" \ # Upstage UPSTAGE_API_KEY="" \ + # Wenxin + WENXIN_ACCESS_KEY="" WENXIN_SECRET_KEY="" \ # 01.AI ZEROONE_API_KEY="" ZEROONE_MODEL_LIST="" \ # Zhipu diff --git a/Dockerfile.database b/Dockerfile.database index 1aa9e411a2eb..9507f19dafe4 100644 --- a/Dockerfile.database +++ b/Dockerfile.database @@ -127,8 +127,9 @@ COPY --from=app / / ENV NODE_ENV="production" \ NODE_OPTIONS="--use-openssl-ca" \ - NODE_EXTRA_CA_CERTS="/etc/ssl/certs/ca-certificates.crt" \ - NODE_TLS_REJECT_UNAUTHORIZED="" + NODE_EXTRA_CA_CERTS="" \ + NODE_TLS_REJECT_UNAUTHORIZED="" \ + SSL_CERT_DIR="/etc/ssl/certs/ca-certificates.crt" # set hostname to localhost ENV HOSTNAME="0.0.0.0" \ @@ -217,6 +218,8 @@ ENV \ TOGETHERAI_API_KEY="" TOGETHERAI_MODEL_LIST="" \ # Upstage UPSTAGE_API_KEY="" \ + # Wenxin + WENXIN_ACCESS_KEY="" WENXIN_SECRET_KEY="" \ # 01.AI ZEROONE_API_KEY="" ZEROONE_MODEL_LIST="" \ # Zhipu diff --git a/scripts/serverLauncher/startServer.js b/scripts/serverLauncher/startServer.js index cb6f61a364af..3d7ddda2dfbd 100644 --- a/scripts/serverLauncher/startServer.js +++ b/scripts/serverLauncher/startServer.js @@ -1,6 +1,5 @@ const dns = require('dns').promises; const fs = require('fs').promises; -const tls = require('tls'); const { spawn } = require('child_process'); // Set file paths @@ -23,68 +22,6 @@ const isValidIP = (ip, version = 4) => { } }; -// Function to check TLS validity of a URL -const isValidTLS = (url = '') => { - if (!url) { - console.log('⚠️ TLS Check: No URL provided. Skipping TLS check. Ensure correct setting ENV.'); - console.log('-------------------------------------'); - return Promise.resolve(); - } - - const { protocol, host, port } = parseUrl(url); - if (protocol !== 'https') { - console.log(`⚠️ TLS Check: Non-HTTPS protocol (${protocol}). Skipping TLS check for ${url}.`); - console.log('-------------------------------------'); - return Promise.resolve(); - } - - const options = { host, port, servername: host }; - return new Promise((resolve, reject) => { - const socket = tls.connect(options, () => { - console.log(`✅ TLS Check: Valid certificate for ${host}:${port}.`); - console.log('-------------------------------------'); - - socket.end(); - - resolve(); - }); - - socket.on('error', (err) => { - const errMsg = `❌ TLS Check: Error for ${host}:${port}. Details:`; - switch (err.code) { - case 'CERT_HAS_EXPIRED': - case 'DEPTH_ZERO_SELF_SIGNED_CERT': - case 'ERR_TLS_CERT_ALTNAME_INVALID': - console.error(`${errMsg} Certificate is not valid. Consider setting NODE_TLS_REJECT_UNAUTHORIZED="0" or mapping /etc/ssl/certs/ca-certificates.crt.`); - break; - case 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY': - console.error(`${errMsg} Unable to verify issuer. Ensure correct mapping of /etc/ssl/certs/ca-certificates.crt.`); - break; - default: - console.error(`${errMsg} Network issue. Check firewall or DNS.`); - break; - } - reject(err); - }); - }); -}; - -// Function to check TLS connections for OSS and Auth Issuer -const checkTLSConnections = async () => { - await Promise.all([ - isValidTLS(process.env.S3_ENDPOINT), - isValidTLS(process.env.S3_PUBLIC_DOMAIN), - isValidTLS(getEnvVarsByKeyword('_ISSUER')), - ]); -}; - -// Function to get environment variable by keyword -const getEnvVarsByKeyword = (keyword) => { - return Object.entries(process.env) - .filter(([key, value]) => key.includes(keyword) && value) - .map(([, value]) => value)[0] || null; -}; - // Function to parse protocol, host and port from a URL const parseUrl = (url) => { const { protocol, hostname: host, port } = new URL(url); @@ -170,26 +107,18 @@ const runServer = async () => { if (process.env.DATABASE_DRIVER) { try { - try { - await fs.access(DB_MIGRATION_SCRIPT_PATH); - - await runScript(DB_MIGRATION_SCRIPT_PATH); - } catch (err) { - if (err.code === 'ENOENT') { - console.log(`⚠️ DB Migration: Not found ${DB_MIGRATION_SCRIPT_PATH}. Skipping DB migration. Ensure to migrate database manually.`); - console.log('-------------------------------------'); - } else { - console.error('❌ Error during DB migration:'); - console.error(err); - process.exit(1); - } - } + await fs.access(DB_MIGRATION_SCRIPT_PATH); - await checkTLSConnections(); + await runScript(DB_MIGRATION_SCRIPT_PATH); } catch (err) { - console.error('❌ Error during TLS connection check:'); - console.error(err); - process.exit(1); + if (err.code === 'ENOENT') { + console.log(`⚠️ DB Migration: Not found ${DB_MIGRATION_SCRIPT_PATH}. Skipping DB migration. Ensure to migrate database manually.`); + console.log('-------------------------------------'); + } else { + console.error('❌ Error during DB migration:'); + console.error(err); + process.exit(1); + } } }