Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace Nginx based session proxy with orchestrator proxy #417

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

Replace Nginx based session proxy with orchestrator proxy #417

wants to merge 21 commits into from
+310 −21

Conversation

sitole
Copy link
Member

@sitole sitole commented Mar 11, 2025

Implements http proxy in orchestrator that replaces current nginx-based session proxy that is using dns server from orchestrator to route traffic.

  • Legacy Nginx session-proxy is intact and can still be used as it is, next step will be remove it when traffic migrated
  • Orchestrator proxy for now runs on port 5007 allowing smooth deployment
  • Support for pretty (for browsers) and json error messages when port in sandbox not listening
  • Proxy settings is taken from currently used client-proxy, so should be already battle-tested

@sitole sitole added the improvement Improvement for current functionality label Mar 11, 2025
@sitole sitole self-assigned this Mar 11, 2025
@linear Linear
Copy link

linear bot commented Mar 11, 2025

E2B-1752 Merge session proxy to orchestrator

@sitole sitole marked this pull request as ready for review March 11, 2025 16:34
@sitole sitole force-pushed the merge-session-proxy-to-orchestrator-e2b-1752 branch from de6b900 to 3f945bd Compare March 11, 2025 16:45
@ValentaTomas
Copy link
Member

Right now (for the deployment) we will have both proxies running at the same time?

@sitole
Copy link
Member Author

sitole commented Mar 11, 2025

Right now (for the deployment) we will have both proxies running at the same time?

Yea, both are running but for traffic new one is used. Actually it's just change of the port in client-proxy.

Comes to my mind, if you think its somehow invasive we can for example route traffic to now one just for some teams / enable it with some feature flag to enable quick revert. Request proxy is done in context where we know about exact client so gives us big space.

@sitole sitole force-pushed the merge-session-proxy-to-orchestrator-e2b-1752 branch from 3f945bd to 37893d3 Compare March 12, 2025 10:06
@sitole sitole requested a review from dobrac as a code owner March 12, 2025 10:06
0div
0div requested changes Mar 12, 2025
View reviewed changes
@sitole sitole force-pushed the merge-session-proxy-to-orchestrator-e2b-1752 branch from 90e639d to 96c3425 Compare March 13, 2025 11:19
@sitole
Copy link
Member Author

sitole commented Mar 13, 2025
edited
Loading

Related to 96c3425 commit

Reverts change that routed traffic to orchestrator proxy. After internal discussion we decided that we want to implement orchestrator proxy and then try to add feature-flags to enable it, but its dedicated to separated request.

Just if you want to test changes its needed to revert this commit, without it traffic will float via session-proxy instead.

@sitole sitole force-pushed the merge-session-proxy-to-orchestrator-e2b-1752 branch 2 times, most recently from bacbce6 to a8bbdd6 Compare March 13, 2025 13:04
jakubno
jakubno requested changes Mar 14, 2025
View reviewed changes
@sitole sitole force-pushed the merge-session-proxy-to-orchestrator-e2b-1752 branch from a8bbdd6 to 05a5ca5 Compare March 14, 2025 14:15
@ValentaTomas ValentaTomas mentioned this pull request Mar 15, 2025
Closed
3 tasks
jakubno
jakubno requested changes Mar 17, 2025
View reviewed changes
Copy link
Member

@jakubno jakubno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there's some problem with RPC after this change (I changed the port in client proxy). I can write / read files from sandbox (uses HTTP server). But I can't start command etc..

@sitole sitole force-pushed the merge-session-proxy-to-orchestrator-e2b-1752 branch from 2366375 to 31163b7 Compare March 17, 2025 14:21
@ValentaTomas
Copy link
Member

@sitole Building up to what @jakubno encountered—running the E2B SDK test suite (and also potentially the code interpreter tests) against your staging with might be a good early test for similar functionality.

@sitole sitole force-pushed the merge-session-proxy-to-orchestrator-e2b-1752 branch from 31163b7 to 3330b9f Compare March 18, 2025 14:41
sitole added 17 commits March 18, 2025 15:42
@sitole
usage of session proxy inside orchestrator
75896a6
@sitole
sorted imports, missing proxy arg in test mocks
6b0e9cb
@sitole
renamed var for orchestrator proxy port
7300010
@sitole
orchestrator: renamed session proxy to sandbox proxy
cf407f7
@sitole
simplified proxy error handling via channel
b74ea28
@sitole
revert traffic routing to sandbox proxy
e45eaa8
@sitole
use html template for replacing variables
2bd1871
@sitole
proxy sandbox removal with strictly exact ip
c8964da
@sitole
fixed typo
7dcb359
@sitole
initialize html temp once, use type structs for variables
df75e85
@sitole
use regexp for browser user-agent matching
4932d7f
@sitole
orchestrator proxy service shutdown without timeout specified
454d3f3
@sitole
separated metric name for orchestrator proxy
f1dc5f3
@sitole
propagate upstream error into log
891c62c
@sitole
go template can work only with sturcts with visible fields
441be2b
@sitole
fixed json serializaiton after moved from anonymous struct to named one
c0a183b
@sitole
disable keep alives for orchestrator proxy to match settings of curre…
709dd69 
…nt nginx based session-proxy

with new implementation there is error that envd returns "connection
reset by peer" when there was support for keep alive tcp connections for
re-use.
@sitole sitole force-pushed the merge-session-proxy-to-orchestrator-e2b-1752 branch from 3330b9f to 709dd69 Compare March 18, 2025 14:42
@sitole
Copy link
Member Author

sitole commented Mar 18, 2025

With commit 3330b9f i fixed issue were envd randomly responds with connection reset by peer.
Disabling connections keep-alive on new proxy resolved issue.

I noticed current nginx session-proxy is missing keepalive setup (https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) and it looks like default value for missing keep-alive statement is empty, so keep-alive is disabled. That makes sense why current solution worked until now.

I don't like idea to disabling it just because envd complains. Iam mostly concerned about how this can affect traffic. Sure, keepalive was already disabled, but iam not sure if this behave exactly matches nginx vs golang http-proxy one.

I will continue with finding some relevant docs about golang http.server and handling idle connections.

cc @ValentaTomas @jakubno

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ValentaTomas ValentaTomas ValentaTomas left review comments

@jakubno jakubno jakubno requested changes

@0div 0div 0div requested changes

@dobrac dobrac Awaiting requested review from dobrac dobrac is a code owner

Requested changes must be addressed to merge this pull request.

Assignees

@sitole sitole

Labels
improvement Improvement for current functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sitole @ValentaTomas @jakubno @0div