Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: read https config from app:config #75

Open
wants to merge 17 commits into
base: master
from

Conversation

Projects
None yet
5 participants
@waitingsong
Copy link
Contributor

commented Aug 29, 2018

@tofix log print http not https cause master.js@Line469 use this.options.https

Checklist
  • npm test passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)
Description of change
@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Aug 29, 2018

问题在这儿 https://cnodejs.org/topic/5b7ac9c7c52ad1482eb940bf#5b8675012a585e4e2f26ffc0
这个 PR 存在问题是以 https 启动成功后日志里面显示的还是 http://....
问题出在 master.js
https://github.com/eggjs/egg-cluster/blob/master/lib/master.js#L468

    address.protocal = this.options.https ? 'https' : 'http';
    address.port = this.options.sticky ? this[REALPORT] : address.port;
    this[APP_ADDRESS] = getAddress(address);

这儿用的是 this.options.https 做判断而没有考虑到 app.config.cluster .
看怎么解决

@codecov

This comment has been minimized.

Copy link

commented Aug 29, 2018

Codecov Report

Merging #75 into master will increase coverage by 0.3%.
The diff coverage is 97.22%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master      #75     +/-   ##
=========================================
+ Coverage   98.35%   98.66%   +0.3%     
=========================================
  Files           7        8      +1     
  Lines         425      448     +23     
=========================================
+ Hits          418      442     +24     
+ Misses          7        6      -1
Impacted Files Coverage Δ
lib/utils/options.js 100% <ø> (ø) ⬆️
lib/app_worker.js 100% <100%> (+3.92%) ⬆️
lib/utils/tls_options.js 96.87% <96.87%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0de0021...3fbca88. Read the comment docs.

@atian25

This comment has been minimized.

Copy link
Member

commented Aug 29, 2018

你的 master 太旧了,要 rebase

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Aug 29, 2018

新pull了才开的分支啊。。。

@atian25

This comment has been minimized.

Copy link
Member

commented Aug 29, 2018

看下 GitHub 帮助里面,如何 sync upstream,或者删掉重新 fork (原代码要注意)

@waitingsong waitingsong force-pushed the waitingsong:https branch from 39c316f to c7af272 Aug 30, 2018

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Aug 30, 2018

看了下,和 upstream 就差一个提交 b0c8d19 。 倒是 upstream 的版本tag没有同步下来

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Aug 30, 2018

master.js 如何获取到 app.config.cluster 配置值 这个不知道如何处理

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Aug 30, 2018

@atian25 咨询个 egg 在 vsc debug的配置问题
断点时间长了会遇上 cluster-client 爆超时

2018-08-30 11:10:07,836 ERROR 932 nodejs.ClusterClientNoResponseError: client no response in 75299ms exceeding maxIdleTime 60000ms, maybe the connection is close on other side.
    at Timeout.Leader._heartbeatTimer.setInterval [as _onTimeout] (E:\project\node_modules\cluster-client\lib\leader.js:75:23)

修改 vsc 配置 launch.json

    {
      "name": "Egg Debug",
      "type": "node",
      "request": "launch",
      "runtimeExecutable": "npm",
      "runtimeArgs": [
        "run",
        "debug",
        "--",
        "--inspect-brk"
      ],
      "args": [
        "--heartbeatInterval", "30000", // <----------这儿
      ],
      "console": "integratedTerminal",
      "restart": true,
      "protocol": "auto",
      "port": 9229,
      "autoAttachChildProcesses": true
    },

egg/lib/agent.js 初始化时此参数值为期望值,但是走到 cluster-client/lib/leader.js 初始化时参数变成默认的 20000 了。
该如何传参覆盖默认值呢?

得空还是考虑用TS重写下egg吧,调试起来效率真不高,一个参数不知道在哪儿会被修改……

if (https) {
const httpsOptions = Object.assign({}, https, {
key: fs.readFileSync(https.key),
cert: fs.readFileSync(https.cert),

This comment has been minimized.

Copy link
@atian25

atian25 Sep 7, 2018

Member
const httpsOptions = Object.assign({}, listenConfig.https, options.https);
httpsOptions.key = fs.readFileSync(httpsOptions.key);
httpsOptions.cert = fs.readFileSync(httpsOptions.cert);
httpsOptions.pfx = fs.readFileSync(httpsOptions.pfx);

This comment has been minimized.

Copy link
@waitingsong

waitingsong Sep 7, 2018

Author Contributor

https://github.com/eggjs/egg-cluster/pull/75/files/c7af27258d297eb0a08094b64b3055496b02f63d#diff-ee1e398c8b3f724318c68cc38d3bde50R24
const https = options.https || listenConfig.https;
这儿是优先使用 options.https 参数的。

这个测试的判断不知道咋写。另外如果用这个PR启动了https,但是控制台输出日志里面还是 http 而不是 https。如果日志不修改,测试也不好做判断吧。

This comment has been minimized.

Copy link
@atian25

atian25 Sep 7, 2018

Member

const https = options.https || listenConfig.https; 这样是 2 选 1,assign 的话,就可以外部传递来覆盖。

不过都行,一般也不需要覆盖。

This comment has been minimized.

Copy link
@atian25

atian25 Sep 7, 2018

Member

要支持下其他的配置,印象中 passphrase 之前有人提过。

pfx 这个也可以顺便支持下 readFileSync

This comment has been minimized.

Copy link
@atian25

atian25 Sep 7, 2018

Member

测试是可以通过 Controller 去输出 protocol 的吧,@popomore test/fixtures/server.key 这个好像开源后就没对应的测试了?

This comment has been minimized.

Copy link
@waitingsong

waitingsong Sep 7, 2018

Author Contributor

你的意思是 https 里面的值要支持单独覆盖? 我之前考虑过是整体覆盖还是细节覆盖,先实现的是整体。
其他配置参数的测试用例估计比较麻烦吧……
readFile 你指的是异步读取证书?

This comment has been minimized.

Copy link
@atian25

atian25 Sep 7, 2018

Member

readFile 你指的是异步读取证书

不是,pfx 是 key 和 cert 的替代品,一般也是文件内容,所以顺便也 readFileSync 下。

你的意思是 https 里面的值要支持单独覆盖? 我之前考虑过是整体覆盖还是细节覆盖,先实现的是整体。

都行,我之前的想法是 assign

其他配置参数的测试用例估计比较麻烦吧……

不需要,我们只需要测试能启动 https 就 ok 了。

This comment has been minimized.

Copy link
@waitingsong

waitingsong Sep 10, 2018

Author Contributor

@atian25 处理完 listenConfig.https 的参数后是否更新到 options.https 上以便后续使用?

@atian25

This comment has been minimized.

Copy link
Member

commented Sep 7, 2018

master.js 如何获取到 app.config.cluster 配置值 这个不知道如何处理

master 不需要获取

咨询个 egg 在 vsc debug的配置问题

非相关问题可以其他渠道沟通

得空还是考虑用TS重写下egg吧,调试起来效率真不高,一个参数不知道在哪儿会被修改……

TS 解决不了问题,也没计划考虑重写。

@atian25

This comment was marked as resolved.

Copy link
Member

commented Sep 7, 2018

image

顺便改下这个 typo

@atian25

This comment has been minimized.

Copy link
Member

commented Sep 7, 2018

protocol 那个,@popomore 有什么建议?

@waitingsong waitingsong force-pushed the waitingsong:https branch from c7af272 to f61b6ce Sep 10, 2018

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Sep 10, 2018

  1. 删除了 options.key|cert 参数支持。仅支持 https.key|cert 参数
  2. egg-mock 不支持测试 https (会抛异常), 故没写完整的自签发证书启动服务用例。如果在启动 https 时 egg-mock 不抛异常,我可以补上相关用例。
  describe('options with https', () => {
    let app;
    before(() => {
      app = utils.cluster('apps/options', {
        framework: path.dirname(require.resolve('egg')),
        https: {
          key: '/key.unsecure',
          cert: '/02.crt',
        },
        port: 7701,
      });
      return app.ready();
    });
    after(() => app.close());
    it('should be passed through', () => {
      return app.httpRequest()
        .get('/')
        .expect('true');
    });
  });

egg-mock 异常

POST http://127.0.0.1:7701/__egg_mock_call_function error, method: mockRestore, args: []
  1. 使用配置参数(非命令行)传入 https 参数,启动系统后日志显示为不正确的 protocol: http://

@waitingsong waitingsong force-pushed the waitingsong:https branch from f61b6ce to 5597759 Sep 10, 2018

@atian25 atian25 requested a review from dead-horse Sep 11, 2018

@waitingsong waitingsong force-pushed the waitingsong:https branch from b1127de to 3fbca88 Sep 11, 2018

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Sep 11, 2018

重构处理证书逻辑: 先合并参数,最后启动app_worker 时再验证、加载证书。适用于当配置的证书(文件)无效(不存在、过期等)时可在不修改代码情况下临时通过命令行指定有效的证书文件路径启动服务的情况。

waitingsong added some commits Aug 29, 2018

feat: read https config from app:config
@tofix log print http not https cause master.js@Line469 use this.options.https

waitingsong added some commits Sep 10, 2018

refactor: move reading cert file into parseTLSOpts()
validate cert file exists during start worker
test: remove https in options.test.js
test exists in tls_options.test.js

@waitingsong waitingsong force-pushed the waitingsong:https branch from 453bc61 to 5944a60 Sep 17, 2018

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Nov 13, 2018

没人看看?

@atian25

This comment has been minimized.

Copy link
Member

commented Nov 14, 2018

Show resolved Hide resolved README.md
@catherinessssss

This comment has been minimized.

Copy link

commented Jan 28, 2019

所以这里是有解决从config读https配置了吗?还是说还是只能
`egg-scripts start --daemon --https.key='path' --https.cert='path'?

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Jan 28, 2019

所以这里是有解决从config读https配置了吗?

这个问题应该没解决:
#75 (comment)

@catherinessssss

This comment has been minimized.

Copy link

commented Jan 28, 2019

所以这里是有解决从config读https配置了吗?

这个问题应该没解决:
#75 (comment)

那这里是解决了什么问题?

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Jan 28, 2019

所以这里是有解决从config读https配置了吗?

这个问题应该没解决:
#75 (comment)

那这里是解决了什么问题?

从 package.json 读取证书配置没问题,就是日志显示 protocol 不正常

@catherinessssss

This comment has been minimized.

Copy link

commented Jan 28, 2019

所以这里是有解决从config读https配置了吗?

这个问题应该没解决:
#75 (comment)

那这里是解决了什么问题?

从 package.json 读取证书配置没问题,就是日志显示 protocol 不正常

谢谢!之后会支持通过配置去开启https吗?而不是通过package.json

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Jan 28, 2019

从 package.json 读取证书配置没问题,就是日志显示 protocol 不正常

谢谢!之后会支持通过配置去开启https吗?而不是通过package.json

按道理在命令行启动时额外传入证书参数也是可行的。这个我没测试。

@catherinessssss

This comment has been minimized.

Copy link

commented Jan 28, 2019

从 package.json 读取证书配置没问题,就是日志显示 protocol 不正常

谢谢!之后会支持通过配置去开启https吗?而不是通过package.json

按道理在命令行启动时额外传入证书参数也是可行的。这个我没测试。

可以支持类似配置吗?
config.cluster = {
listen: {
port: process.env.PORT || 7001,
hostname: '0.0.0.0',
},
https: {
key: process.env.PORT || '.key',
cert: process.env.PORT || '
.crt',
}
};

@waitingsong

This comment has been minimized.

Copy link
Contributor Author

commented Jan 29, 2019

@catherinessssss
支持 process.env.PORT || '.crt'
这个文件需要在项目根目录下存在

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.