-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Replace client side HTTP requests using the hostname that is in the address bar #2004
Conversation
Can one of the admins verify this patch? |
Hi Mario! I'm concerned on how will it work if I run che on server1.mycompany.com and run docker on server2.mycompany.com. |
the fixHostName shouldn't be duplicated 4 times in different .js files, you should introduce an angular service instance that should handle this at a single place example of a service: https://github.com/eclipse/che/blob/master/dashboard/src/components/injector/che-ui-elements-injector.service.js as there is REGEXP I would like to see a unit test in the javascript as well also do we need a regexp to replace a location ? |
@garagatyi To support this kind of scenario (che server and wsagent on different hosts) you could use a reverse proxy as traefik. This has a couple of benefits:
@benoitf thank you for these feedbacks. I'll do the modifications. I haven't found anything better than a regexp to replace the hostname of an URL. Do you have something in mind? |
@l0rd https://jsfiddle.net/2tokq7m9/ (I didn't import angular in this fiddle but it's almost the same way) |
@l0rd But if you merge this PR we will broke Che for those users who already use Che in a such way without proxy. |
I'm not sure it will work right now on codenvy setup (with different machines that provides docker runners (where agents are running)) |
Ok I wasn't aware of that scenario. How does it work? How can you share folders between servers and agents if they live in remote machines? To support it we could introduce a new property ( |
It is possible in several cases:
Properties are placed on server-side, so implementation on client side won't help. If you want to implement something like that you should do that on server-side. |
agents URLs are retrieved by the client by getting workspace runtime configuration so updating the value returned by the workspace master would work on all clients instead of patching each client |
@l0rd @benoitf @garagatyi - I unfortunately am not able to understand the implications well enough to be able to comment if the trade off is acceptable for end users. Generally, yes, I agree that any sort of details that return hostnames or IP addresses for specific locations of a workspace should be done on the server-side. This is necessary so that we can support multi-IDE scenarios where different IDEs can interrogate either the workspace or the Che server to find out the necessary configuration. @l0rd - can you help by providing a mini-spec in the comments here on the various configurations that a user might need to do with Che to support the use case you are solving and those stated by @garagatyi? |
Can one of the admins verify this patch? |
…ddress bar Signed-off-by: Mario Loriedo <mloriedo@redhat.com>
@benoitf I've updated this PR with your feedbacks on the UD side. Please review. @garagatyi I've tested the configuration with wsmaster and wsagent(s) on remote hosts using traefik. It worked but that wasn't as easy as I thought. Should work better once that traefik issue get addressed. I will share the config here and we will discuss how to proceed. Meanwhile I'll rename this PR as [WIP] |
@l0rd - can you post the configuration that you are using for testing? Is the basic setup that che server and workspaces are on a remote VM, and the browser is on a different IP, and this configuration will now work without having to set CHE_HOST_IP or set --remote:ip? If so - can you also post your traefik configuration? Will this traefik configuration allow for the possibility of routing all browser -> ws communications through a single port, with traefik redirecting traffic back to the right ephemeral port within the ws? Thanks for working on this - very important - improvement. |
@TylerJewell Here are the details of how I've used Traefik to support the scenario where the Che Server and the Docker host are in different remote servers. The setupI've built my branch ( On MacOS with Docker toolbox, running Che this way starts the server as java web app and the workspaces as containers in the guest OS (boot2docker). Server and workspaces have different IPs and that's the scenario I needed to test. Testing
# 192.168.99.100 is the VM IP
# 32775 to 32781 are the ports exposed by the workspace
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
# Enable web console
[web]
address = ":8081"
# Entrypoints
[entryPoints]
[entryPoints.wsagent1]
address = ":32775"
[entryPoints.wsagent2]
address = ":32776"
[entryPoints.wsagent3]
address = ":32777"
[entryPoints.wsagent4]
address = ":32778"
[entryPoints.wsagent5]
address = ":32779"
[entryPoints.wsagent6]
address = ":32780"
[entryPoints.wsagent7]
address = ":32781"
[entryPoints.wsagent8]
address = ":32782"
[entryPoints.wsagent9]
address = ":32783"
[file]
# Frontends
[frontends]
[frontends.wsagent1]
backend = "backend1"
passHostHeader = true
entrypoints = ["wsagent1"]
[frontends.wsagent1.routes.defaultroute]
rule = "Host:localhost,{subdomain:[a-z]+}.localhost"
[frontends.wsagent2]
backend = "backend2"
passHostHeader = true
entrypoints = ["wsagent2"]
[frontends.wsagent2.routes.defaultroute]
rule = "Host:localhost,{subdomain:[a-z]+}.localhost"
[frontends.wsagent3]
backend = "backend3"
passHostHeader = true
entrypoints = ["wsagent3"]
[frontends.wsagent3.routes.defaultroute]
rule = "Host:localhost,{subdomain:[a-z]+}.localhost"
[frontends.wsagent4]
backend = "backend4"
passHostHeader = true
entrypoints = ["wsagent4"]
[frontends.wsagent4.routes.defaultroute]
rule = "Host:localhost,{subdomain:[a-z]+}.localhost"
[frontends.wsagent5]
backend = "backend5"
passHostHeader = true
entrypoints = ["wsagent5"]
[frontends.wsagent5.routes.defaultroute]
rule = "Host:localhost,{subdomain:[a-z]+}.localhost"
[frontends.wsagent6]
backend = "backend6"
passHostHeader = true
entrypoints = ["wsagent6"]
[frontends.wsagent6.routes.defaultroute]
rule = "Host:localhost,{subdomain:[a-z]+}.localhost"
[frontends.wsagent7]
backend = "backend7"
passHostHeader = true
entrypoints = ["wsagent7"]
[frontends.wsagent7.routes.defaultroute]
rule = "Host:localhost,{subdomain:[a-z]+}.localhost"
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
url = "http://192.168.99.100:32775"
[backends.backend2]
[backends.backend2.servers.server2]
url = "http://192.168.99.100:32776"
[backends.backend3]
[backends.backend3.servers.server3]
url = "http://192.168.99.100:32777"
[backends.backend4]
[backends.backend4.servers.server4]
url = "http://192.168.99.100:32778"
[backends.backend5]
[backends.backend5.servers.server5]
url = "http://192.168.99.100:32779"
[backends.backend6]
[backends.backend6.servers.server6]
url = "http://192.168.99.100:32780"
[backends.backend7]
[backends.backend7.servers.server7]
url = "http://192.168.99.100:32781" Considerations
|
@l0rd - thanks for the contribution! It's taken me some time to get around to reviewing this, but I have been through it now, and understand the approach and the analysis. A few questions - these may be ignorant based upon my limited understand how multi-host or reverse proxies work. This area of technology is not my strong suit. 1: If the browser is sending all port communications to the same host that the Che server is running on, then what are the types of code changes that are being made? If the solution that you are proposing by adding in a reverse proxy communicating on the same host as the che-server, and that proxy is going to look for all communications over certain ports (to forward), shouldn't this solution work without any Che server code modifications? 2: Out of curiosity, what are the pros / cons of modifying the Che server to proxy these communications to the related workspace? BTW - I now recognize the power of Traefik - it really allows for moment-in-time reverse proxy deployment. We could deploy 1..n reverse proxies on-demand alongside a Che server or other system to be used as special purpose configurations to solve certain challenges with networking in multi-host situations. |
|
@l0rd - I am unsure of the path forward needed to let us merge these changes. Is there perhaps an environment variable that we can set on the command line which would then trigger the che-launcher to launch a traefik reverse proxy? If so, let's include those improvements into this PR and then launch the CLI, che-launcher and these improvements together. Can you suggest additional command-line configuration details that would be present that would trigger this configuration? Then we can make improvements together on the che-launcher and che cli. I like this approach. We will also need to do some detailed docs together. |
@garagatyi I would prefer to keep it open. I would like to continue the work to integrate Traefik in the che-launcher here. I'm waiting proposal traefik/traefik#444 is addressed before going any further. |
Can you try idea from #2402 with IPTables? I think it would be even better than usage of traefik. |
Yes I'm trying that idea right now :-). That should fix the Docker for Mac issue. However Traefik would add the ability to start a reverse proxy automatically configured to route requests to Che and the containers. That could still be valuable. wdyt @garagatyi? |
What use-cases are covered by this approach? |
I understand what reverse proxy is. I just want to understand what profit will get Che if we use reverse proxy in it? |
The "Uses of reverse proxy" section explains what are the benefits of a reverse proxy. In particular:
could make sense for Che. |
I think we want to continue exploring the embedded reverse proxy approach for the following use cases:
|
A quick update on this PR. It was initially opened to fix issue #1644. This issue has now been fixed with #2402 but we would like to continue working on this PR for the use cases listed by @TylerJewell and to allow Che workspaces to run with OpenShift routes. The goal would be to be able to contact a workspace service (e.g. wsagent) on port 80 or 443 using a specific hostname (e.g. Work on that PR should start as soon as Che will be able to start and stop workspaces as OpenShift pods (second bullet of #2847). |
This would be a substantial improvement - being able to hide the ephemeral ports - many people have asked for that. |
@l0rd - what is our plan with this PR given the release of 5.0? |
From a meeting with Red Hat. The current plan for this issue is that this will be replaced with a different implementation. The focus of the implementation will be to provide a new URL resolution strategy that allows browsers to channel traffic through a single Che port. Mario will open this new PR in the next couple weeks and then we will close this PR. |
This PR has been replaced by #4351 |
What does this PR do?
Che used the wsagent internal IP address to send HTTP requests from the browser to the wsagent itself. This can be a problem when the browser cannot ping this IP address. In this PR we have fixed the HTTP requests to the wsagent replacing this internal IP address with the hostname from the browser address bar.
What issues does this PR fix or reference?
This PR fixes #1644 and #1925
Previous Behavior
HTTP requests from the browser to the wsagent used the wsagent internal IP address
New Behavior
HTTP requests from the browser to the wsagent use the hostname in the address bar
Tests written?
Yes
Docs requirements?
Users don't need to set some options anymore:
CHE_HOST_IP
in the launcher is useless--remote:
inche.sh
is uselessSigned-off-by: Mario Loriedo mloriedo@redhat.com