Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance wasm plugins #10829

Merged
merged 12 commits into from
Jun 25, 2024
Merged

Enhance wasm plugins #10829

merged 12 commits into from
Jun 25, 2024

Conversation

juliens
Copy link
Member

@juliens juliens commented Jun 20, 2024
edited
Loading

What does this PR do?

This PR enhance the wasm plugins mechanism by adding:

  • The ability to use http-wasm builds with go thanks to wasm-goexport ( GOOS=wasip1 GOARCH=wasm ).
    • To allow this we had to use a fork of the http-wasm-host part.
  • The ability to use wazergo for the wasip1 implementation and the WasmEdge socket extension (only if sockets were detected to avoid breaking changes). WARNING this doesn't work on Windows.
  • The ability to configure mounts (shared directory) and envs (shared environment variables) for wasm plugin.
    • for now, virtual shared directory is not possible when using Wazergo, only exact match mount ( /etc:/etcworks but not /tmp/etc:/etc)

Motivation

As describe in #10801 , it allows more powerful wasm plugin.

More

You can find an plugin example here: https://github.com/traefik/plugindemowasm-http-call

- [ ] Added/updated tests
- [ ] Added/updated documentation

Additional Notes

Co-authored-by: Michael <michael.matur@gmail.com>

@juliens juliens added this to the next milestone Jun 20, 2024
@juliens juliens mentioned this pull request Jun 20, 2024
Merged
@juliens juliens force-pushed the poc-http-wasm branch 2 times, most recently from 421a482 to 21c5a6c Compare June 20, 2024 14:28
@juliens juliens mentioned this pull request Jun 20, 2024
Closed
kevinpollet
kevinpollet reviewed Jun 24, 2024
View reviewed changes
pkg/plugins/types.go Outdated Show resolved Hide resolved
kevinpollet
kevinpollet reviewed Jun 24, 2024
View reviewed changes
pkg/plugins/types.go Outdated Show resolved Hide resolved
kevinpollet
kevinpollet requested changes Jun 24, 2024
View reviewed changes
pkg/plugins/types.go Outdated Show resolved Hide resolved
pkg/plugins/types.go Outdated Show resolved Hide resolved
pkg/plugins/types.go Outdated Show resolved Hide resolved
pkg/plugins/middlewarewasm.go Outdated Show resolved Hide resolved
pkg/plugins/middlewarewasm.go Outdated Show resolved Hide resolved
pkg/plugins/wasip.go Outdated Show resolved Hide resolved
pkg/plugins/wasip.go Outdated Show resolved Hide resolved
pkg/plugins/wasip.go Show resolved Hide resolved
pkg/plugins/wasip.go Outdated Show resolved Hide resolved
pkg/plugins/wasip.go Outdated Show resolved Hide resolved
@kevinpollet kevinpollet changed the title enhance wasm plugins Enhance wasm plugins Jun 24, 2024
rtribotte
rtribotte approved these changes Jun 24, 2024
View reviewed changes
Copy link
Member

@rtribotte rtribotte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mmatur
mmatur approved these changes Jun 24, 2024
View reviewed changes
Copy link
Member

@mmatur mmatur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@juliens @kevinpollet
Update pkg/plugins/middlewarewasm.go
ac0c880 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
@traefiker traefiker merged commit e7d1a98 into traefik:master Jun 25, 2024
23 checks passed
jcchavezs
jcchavezs reviewed Jun 27, 2024
View reviewed changes
docs/content/reference/static-configuration/cli-ref.md
Environment variables to forward to the wasm guest.

`--experimental.localplugins.<name>.settings.mounts`:
Directory to mount to the wasm guest.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should specify the syntax for this as IMHO it is very counter intuitive.

jcchavezs
jcchavezs reviewed Jun 27, 2024
View reviewed changes
docs/content/reference/static-configuration/file.toml
@@ -473,14 +473,26 @@
[experimental.plugins.Descriptor0]
moduleName = "foobar"
version = "foobar"
[experimental.plugins.Descriptor0.settings]
envs = ["foobar", "foobar"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shall we include more realistic values for this?

@ldez ldez deleted the poc-http-wasm branch June 27, 2024 22:50
@nmengin nmengin mentioned this pull request Aug 12, 2024
Closed
2 tasks
@tiangao88
Copy link

Hello all,

It seems that the problem persists in 3.1

Extracted from my docker compose

networks:
coolify:
external: true
services:
traefik:
container_name: coolify-proxy
image: 'traefik:v3.1'
restart: unless-stopped
extra_hosts:
- 'host.docker.internal:host-gateway'
networks:
- coolify
ports:
- '80:80'
- '443:443'
- '443:443/udp'
- '8080:8080'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro'
- '/data/coolify/proxy:/traefik'
- '/data/coolify/proxy/owasp_crs:/data/coolify/proxy/owasp_crs'

And here is my dynamic configuration

http:
middlewares:
my-coraza-waf:
plugin:
coraza-waf:
directives:
- 'SecRuleEngine On'
- 'SecDebugLogLevel 2'
- 'SecRule REQUEST_URI "@Streq /blocked" "id:101,phase:1,log,deny,status:403"'
- 'SecRule REQUEST_HEADERS:User-Agent "@contains BadBot" "id:103,phase:1,log,deny,status:403"'
- 'Include /data/coolify/proxy/owasp_crs/crs-setup.conf'

The include fails

2024-11-12T18:15:26Z DBG github.com/traefik/traefik/v3/pkg/logs/wasm.go:31 > Initializing WAF with CRS embedded and directives:
SecRuleEngine On
SecDebugLogLevel 2
SecRule REQUEST_URI "@Streq /blocked" "id:101,phase:1,log,deny,status:403"
SecRule REQUEST_HEADERS:User-Agent "@contains BadBot" "id:103,phase:1,log,deny,status:403"
Include /data/coolify/proxy/owasp_crs/crs-setup.conf entryPointName=https middlewareName=my-coraza-waf@file middlewareType=wasm routerName=https-0-ssw0w844cw8cgo4gs4c8ko0k-litellm@docker
2024-11-12T18:15:26Z ERR github.com/traefik/traefik/v3/pkg/logs/wasm.go:31 > Failed to initialize WAF: invalid WAF config from string: failed to readfile: open /data/coolify/proxy/owasp_crs/crs-setup.conf: file does not exist entryPointName=https middlewareName=my-coraza-waf@file middlewareType=wasm routerName=https-0-ssw0w844cw8cgo4gs4c8ko0k-litellm@docker
2024-11-12T18:15:26Z ERR github.com/traefik/traefik/v3/pkg/server/router/router.go:136 > error="building Wasm middleware: creating middleware: wasm: error instantiating guest: module closed with exit_code(1)" entryPointName=https routerName=https-0-ssw0w844cw8cgo4gs4c8ko0k-litellm@docker

Thanks for you help!

@rtribotte
Copy link
Member

Hello @tiangao88,

Thanks for reporting this!

Could you please open a dedicated issue?

@jcchavezs
Copy link
Contributor

Related jcchavezs/coraza-http-wasm#17

@juliens juliens self-assigned this Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jcchavezs jcchavezs jcchavezs left review comments

@rtribotte rtribotte rtribotte approved these changes

@mmatur mmatur mmatur approved these changes

@kevinpollet kevinpollet kevinpollet approved these changes

Assignees

@juliens juliens

Labels
area/plugins kind/enhancement a new or improved feature. size/M
Projects
None yet
Milestone
3.1
Development

Successfully merging this pull request may close these issues.
7 participants
@juliens @tiangao88 @rtribotte @jcchavezs @kevinpollet @mmatur @traefiker