Page MenuHomePhabricator

Get MoeData up and running on Toolforge
Closed, ResolvedPublic

Description

Trying to get the react app MoeData to work in Toolforge. The application uses "react-router" and is client-side only. The applications use of router require costume configuration for the web interface. There will be use of lighttpd. There are two route areas that needs to be configured:

The tool will be used on the uri "https://<toolname>.toolforge.org". To simplify the configuration.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 20 2020, 9:52 PM
RhinosF1 added a subscriber: RhinosF1.EditedApr 20 2020, 9:54 PM

Welcome to Wikimedia Phabricator @Premeditated. Can you please associate at least one active project with this task (via the Add Action...Change Project Tags dropdown)? This will allow others to get notified, or see this task when searching via projects.

Also, I see that you assigned this task to @bd808. Did you talk to them before, and did they agree that they plan to work on this task?
(If they did not, then please remove the assignee via Add Action...Assign / Claim in the dropdown menu.) Thanks!

bd808 closed this task as Resolved.Apr 21 2020, 12:26 AM

The tricky part of this app is trying to figure out a lighttpd equivalent for this nginx config snippet:

location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
    try_files $uri $uri/ /index.html;
}

The interesting part of that config is the try_files $uri $uri/ /index.html; statement. That tells the nginx server to:

  • look for a file on disk matching the requested path and serve it if present
  • look for a directory on disk matching the requested path and serve it if present
  • if no file found on disk, return the index.html root document

Before diving into the lighttpd config side, I made the tool canonically redirect to its toolforge.org name. This will simplify things a bit in the lighttpd config. This can be done with webservice --backend=kubernetes --canonical php7.3 start. To make this easier to preserve, I created a $HOME/service.template file:

$HOME/service.template
backend: kubernetes
type: php7.3
canonical: true

With that file created, we can just use webservice start and backend, type, and canonical flags will all be picked up from the template file.

The lighttpd url.rewrite-if-not-file directive is a close match for nginx's try_files. Let's try using that in a $HOME/.lighttpd.conf to do the mappings:

$HOME/.lighttpd.conf
# Look for files on disk and if not found return our index
url.rewrite-if-not-file = (
    "(.*)" => "/index.html",
)

I think this is working as expected at this point?


Here are a few notes/suggestions about other things I see the tool doing:

Eventually T130748: Add Content-Security-Policy header enforcing 3rd party web interaction restrictions to proxy responses may be changed from report-only mode to enforcement mode and then these requests will break. As these interactions are core to the tool's functionality, adding a reverse proxy with a restrictive allow list for proxied URLs to the tool itself is probably the "best" way to present the desired content without exposing the user to direct interaction with 3rd party hosting and potential tracking. This could be done with a PHP script to do the proxying.

bd808 edited projects, added Tool-MoeData; removed Tools.Apr 22 2020, 5:18 PM