Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add IPv6 support #2220

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions debugging/mariadb.build.md
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@ usermod -aG frappe www-data
```nginx
echo "server {
listen 80;
listen [::]:80;
server_name packages.frappe.cloud;

location / {
Expand Down
8 changes: 7 additions & 1 deletion deployment/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,15 @@ upstream frappe-bench-socketio-server {


server {
listen 80 default_server;
listen 80 default_server;
listen [::]:80 default_server;
server_name "";
return 444;
}

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name "";

ssl on;
Expand All @@ -42,6 +44,7 @@ map $host $site_name_sxjfjnv {
server {

listen 443 ssl http2;
listen [::]:443 ssl http2;


server_name
Expand Down Expand Up @@ -75,6 +78,7 @@ server {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name
frappe.cloud
;
Expand All @@ -88,6 +92,7 @@ proxy_cache_path /var/cache/nginx/assets keys_zone=assets_cache:10m loader_thres
server {

listen 443 ssl http2;
listen [::]:443 ssl http2;


server_name
Expand Down Expand Up @@ -431,6 +436,7 @@ server {


listen 80;
listen [::]:80;
server_name
frappecloud.com
;
Expand Down
42 changes: 41 additions & 1 deletion press/api/site.py
Original file line number Diff line number Diff line change
Expand Up @@ -1615,6 +1615,37 @@
return result


def check_dns_aaaa(name, domain):
result = {"type": "AAAA", "matched": False, "answer": ""}
try:
resolver = Resolver(configure=False)
resolver.nameservers = NAMESERVERS
answer = resolver.query(domain, "AAAA")
domain_ip = answer[0].to_text()
site_ip = resolver.query(name, "AAAA")[0].to_text()
result["answer"] = answer.rrset.to_text()
if domain_ip == site_ip:
result["matched"] = True
elif site_ip:
# We can issue certificates even if the domain points to the secondary proxies
server = frappe.db.get_value("Site", name, "server")
proxy = frappe.db.get_value("Server", server, "proxy_server")
secondary_ips = frappe.get_all(
"Proxy Server",
{"status": "Active", "primary": proxy, "is_replication_setup": True},
pluck="ip6",
)
if domain_ip in secondary_ips:
result["matched"] = True
except dns.exception.DNSException as e:
result["answer"] = str(e)
except Exception as e:
result["answer"] = str(e)
log_error("DNS Query Exception - AAAA", site=name, domain=domain, exception=e)
finally:
return result

Check failure on line 1646 in press/api/site.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (B012)

press/api/site.py:1646:3: B012 `return` inside `finally` blocks cause exceptions to be silenced


def ensure_dns_aaaa_record_doesnt_exist(domain: str):
"""
Ensure that the domain doesn't have an AAAA record
Expand All @@ -1639,7 +1670,7 @@

def check_dns_cname_a(name, domain):
check_domain_allows_letsencrypt_certs(domain)
ensure_dns_aaaa_record_doesnt_exist(domain)
# ensure_dns_aaaa_record_doesnt_exist(domain)
cname = check_dns_cname(name, domain)
result = {"CNAME": cname}
result.update(cname)
Expand All @@ -1651,6 +1682,15 @@
result.update({"A": a})
result.update(a)

# Check that both A and AAAA records match a proxy
aaaa = check_dns_aaaa(name, domain)
result.update({"AAAA": aaaa})
a_found = a["answer"] and "does not contain an answer" not in a["answer"]
aaaa_found = aaaa["answer"] and "does not contain an answer" not in aaaa["answer"]
if a_found and aaaa_found and a["matched"] != aaaa["matched"]:
# There is both records but one does not match.
result["matched"] = False

return result


Expand Down
1 change: 1 addition & 0 deletions press/docker/registry.conf
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ map $upstream_http_docker_distribution_api_version $docker_distribution_api_vers

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name registry.frappe.cloud;

# SSL
Expand Down
1 change: 1 addition & 0 deletions press/playbooks/roles/ssl_nginx/templates/ssl.conf
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
server {
listen 80;
listen [::]:80;
server_name {{ domain }};

location ^~ /.well-known/acme-challenge/ {
Expand Down
10 changes: 9 additions & 1 deletion press/press/doctype/analytics_server/analytics_server.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
"is_server_setup",
"networking_section",
"ip",
"ip6",
"column_break_10",
"private_ip",
"private_mac_address",
Expand Down Expand Up @@ -107,6 +108,13 @@
"reqd": 1,
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.public_ip6_address",
"fieldname": "ip6",
"fieldtype": "Data",
"label": "IPv6",
"set_only_once": 1
},
{
"fieldname": "column_break_10",
"fieldtype": "Column Break"
Expand Down Expand Up @@ -252,7 +260,7 @@
"link_fieldname": "server"
}
],
"modified": "2023-12-13 15:09:40.978998",
"modified": "2024-10-15 15:28:10.193273",
"modified_by": "Administrator",
"module": "Press",
"name": "Analytics Server",
Expand Down
1 change: 1 addition & 0 deletions press/press/doctype/analytics_server/analytics_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,18 @@
if TYPE_CHECKING:
from frappe.types import DF

agent_password: DF.Password | None

Check failure on line 23 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:23:19: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
domain: DF.Link | None

Check failure on line 24 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:24:11: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
frappe_public_key: DF.Code | None

Check failure on line 25 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:25:22: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
frappe_user_password: DF.Password | None

Check failure on line 26 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:26:25: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
google_client_id: DF.Data | None

Check failure on line 27 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:27:21: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
google_client_secret: DF.Password | None

Check failure on line 28 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:28:25: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
hostname: DF.Data
ip: DF.Data
ip6: DF.Data | None

Check failure on line 31 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:31:8: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
is_server_setup: DF.Check
monitoring_password: DF.Password | None

Check failure on line 33 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:33:24: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
plausible_mail_login: DF.Data | None

Check failure on line 34 in press/press/doctype/analytics_server/analytics_server.py

View workflow job for this annotation

GitHub Actions / Lint and Format

Ruff (FA102)

press/press/doctype/analytics_server/analytics_server.py:34:25: FA102 Missing `from __future__ import annotations`, but uses PEP 604 union
plausible_mail_password: DF.Password | None
plausible_mail_port: DF.Int
plausible_mail_server: DF.Data | None
Expand Down
1 change: 1 addition & 0 deletions press/press/doctype/app_release/code.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ docker run -it -p 127.0.0.1:8021:8080 \
```
server {
listen 80;
listen [::]:80;
server_name code.staging.frappe.cloud;
location / {
proxy_pass http://127.0.0.1:8021;
Expand Down
10 changes: 9 additions & 1 deletion press/press/doctype/database_server/database_server.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
"auto_add_storage_max",
"networking_section",
"ip",
"ip6",
"column_break_10",
"private_ip",
"private_mac_address",
Expand Down Expand Up @@ -104,6 +105,13 @@
"label": "IP",
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.public_ip6_address",
"fieldname": "ip6",
"fieldtype": "Data",
"label": "IPv6",
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.private_ip_address",
"fieldname": "private_ip",
Expand Down Expand Up @@ -521,7 +529,7 @@
],
"index_web_pages_for_search": 1,
"links": [],
"modified": "2024-08-13 11:02:07.399141",
"modified": "2024-10-15 15:28:10.193273",
"modified_by": "Administrator",
"module": "Press",
"name": "Database Server",
Expand Down
1 change: 1 addition & 0 deletions press/press/doctype/database_server/database_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ class DatabaseServer(BaseServer):
hostname: DF.Data
hostname_abbreviation: DF.Data | None
ip: DF.Data | None
ip6: DF.Data | None
is_performance_schema_enabled: DF.Check
is_primary: DF.Check
is_replication_setup: DF.Check
Expand Down
10 changes: 9 additions & 1 deletion press/press/doctype/log_server/log_server.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
"is_server_setup",
"networking_section",
"ip",
"ip6",
"column_break_9",
"private_ip",
"private_mac_address",
Expand Down Expand Up @@ -90,6 +91,13 @@
"label": "IP",
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.public_ip6_address",
"fieldname": "ip6",
"fieldtype": "Data",
"label": "IPv6",
"set_only_once": 1
},
{
"fieldname": "column_break_9",
"fieldtype": "Column Break"
Expand Down Expand Up @@ -198,7 +206,7 @@
"link_fieldname": "server"
}
],
"modified": "2023-12-13 15:09:14.473225",
"modified": "2024-10-15 15:28:10.193273",
"modified_by": "Administrator",
"module": "Press",
"name": "Log Server",
Expand Down
1 change: 1 addition & 0 deletions press/press/doctype/log_server/log_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ class LogServer(BaseServer):
frappe_user_password: DF.Password | None
hostname: DF.Data
ip: DF.Data | None
ip6: DF.Data | None
is_server_setup: DF.Check
kibana_password: DF.Password | None
monitoring_password: DF.Password | None
Expand Down
10 changes: 9 additions & 1 deletion press/press/doctype/monitor_server/monitor_server.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
"is_server_setup",
"networking_section",
"ip",
"ip6",
"column_break_9",
"private_ip",
"private_mac_address",
Expand Down Expand Up @@ -92,6 +93,13 @@
"label": "IP",
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.public_ip6_address",
"fieldname": "ip6",
"fieldtype": "Data",
"label": "IPv6",
"set_only_once": 1
},
{
"fieldname": "column_break_9",
"fieldtype": "Column Break"
Expand Down Expand Up @@ -212,7 +220,7 @@
"link_fieldname": "server"
}
],
"modified": "2024-02-05 20:07:19.024804",
"modified": "2024-10-15 15:28:10.193273",
"modified_by": "Administrator",
"module": "Press",
"name": "Monitor Server",
Expand Down
1 change: 1 addition & 0 deletions press/press/doctype/monitor_server/monitor_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ class MonitorServer(BaseServer):
grafana_password: DF.Password | None
hostname: DF.Data
ip: DF.Data | None
ip6: DF.Data | None
is_server_setup: DF.Check
monitoring_password: DF.Password | None
private_ip: DF.Data
Expand Down
10 changes: 9 additions & 1 deletion press/press/doctype/proxy_server/proxy_server.json
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
"public",
"section_break_8",
"ip",
"ip6",
"enabled_default_routing",
"column_break_10",
"private_ip",
Expand Down Expand Up @@ -70,6 +71,13 @@
"label": "IP",
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.public_ip6_address",
"fieldname": "ip6",
"fieldtype": "Data",
"label": "IPv6",
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.private_ip_address",
"fieldname": "private_ip",
Expand Down Expand Up @@ -400,7 +408,7 @@
}
],
"links": [],
"modified": "2024-09-10 15:44:10.989216",
"modified": "2024-10-15 15:28:10.193273",
"modified_by": "Administrator",
"module": "Press",
"name": "Proxy Server",
Expand Down
1 change: 1 addition & 0 deletions press/press/doctype/proxy_server/proxy_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ class ProxyServer(BaseServer):
hostname: DF.Data
hostname_abbreviation: DF.Data | None
ip: DF.Data | None
ip6: DF.Data | None
is_primary: DF.Check
is_proxysql_setup: DF.Check
is_replication_setup: DF.Check
Expand Down
10 changes: 9 additions & 1 deletion press/press/doctype/registry_server/registry_server.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
"is_server_setup",
"networking_section",
"ip",
"ip6",
"column_break_9",
"private_ip",
"private_mac_address",
Expand Down Expand Up @@ -75,6 +76,13 @@
"reqd": 1,
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.public_ip6_address",
"fieldname": "ip6",
"fieldtype": "Data",
"label": "IPv6",
"set_only_once": 1
},
{
"fetch_from": "virtual_machine.private_ip_address",
"fieldname": "private_ip",
Expand Down Expand Up @@ -204,7 +212,7 @@
"link_fieldname": "server"
}
],
"modified": "2023-12-13 15:09:46.909110",
"modified": "2024-10-15 15:28:10.193273",
"modified_by": "Administrator",
"module": "Press",
"name": "Registry Server",
Expand Down
1 change: 1 addition & 0 deletions press/press/doctype/registry_server/registry_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ class RegistryServer(BaseServer):
frappe_user_password: DF.Password | None
hostname: DF.Data
ip: DF.Data
ip6: DF.Data | None
is_server_setup: DF.Check
monitoring_password: DF.Password | None
private_ip: DF.Data
Expand Down
Loading
Loading