Fix NGINX config and aggressively patch database connection to prevent localhost

2025-03-16 23:47:43 +01:00 · 2025-03-16 23:47:43 +01:00 · 1568175962
commit 1568175962
parent 1358aefb60
1 changed files with 115 additions and 12 deletions
--- a/start.sh
+++ b/start.sh
@ -459,13 +459,6 @@ worker_processes 1;
 error_log /app/data/logs/nginx/error.log warn;
 pid /app/data/nginx/nginx.pid;

-# Important: Configure temp paths in writable directories
-client_body_temp_path /app/data/nginx/client_body_temp;
-proxy_temp_path /app/data/nginx/proxy_temp;
-fastcgi_temp_path /app/data/nginx/fastcgi_temp;
-uwsgi_temp_path /app/data/nginx/uwsgi_temp;
-scgi_temp_path /app/data/nginx/scgi_temp;
-
 events {
    worker_connections 1024;
 }
@ -474,6 +467,13 @@ http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    
+    # Important: Configure temp paths in writable directories
+    client_body_temp_path /app/data/nginx/client_body_temp;
+    proxy_temp_path /app/data/nginx/proxy_temp;
+    fastcgi_temp_path /app/data/nginx/fastcgi_temp;
+    uwsgi_temp_path /app/data/nginx/uwsgi_temp;
+    scgi_temp_path /app/data/nginx/scgi_temp;
+    
    log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                    '\$status \$body_bytes_sent "\$http_referer" '
                    '"\$http_user_agent" "\$http_x_forwarded_for"';
@ -705,6 +705,47 @@ else
    echo "==> Cannot modify /etc/hosts (read-only filesystem)"
 fi

+# Patch source code directly for maximum effectiveness
+if [ -d "$SERVER_DIR/cmd/museum" ]; then
+    MAIN_GO="$SERVER_DIR/cmd/museum/main.go"
+    if [ -f "$MAIN_GO" ]; then
+        echo "==> Patching main.go to force correct database host"
+        
+        # Create a backup of the original file
+        cp "$MAIN_GO" "${MAIN_GO}.orig"
+        
+        # Look for setupDatabase function and patch it
+        DB_SETUP_LINE=$(grep -n "func setupDatabase" "$MAIN_GO" | cut -d: -f1)
+        
+        if [ -n "$DB_SETUP_LINE" ]; then
+            echo "==> Found setupDatabase function at line $DB_SETUP_LINE"
+            
+            # Insert code at the beginning of the function
+            sed -i "${DB_SETUP_LINE}a\\
+\\tlog.Printf(\"Forcing database host to %s\", \"${CLOUDRON_POSTGRESQL_HOST}\")\\
+\\tos.Setenv(\"PGHOST\", \"${CLOUDRON_POSTGRESQL_HOST}\")\\
+\\tos.Setenv(\"PGHOSTADDR\", \"${CLOUDRON_POSTGRESQL_HOST}\")" "$MAIN_GO"
+            
+            echo "==> Patched setupDatabase function"
+        fi
+        
+        # If there's a connection string being built, patch that too
+        CONN_STR_LINE=$(grep -n "postgres://" "$MAIN_GO" | head -1 | cut -d: -f1)
+        if [ -n "$CONN_STR_LINE" ]; then
+            echo "==> Found connection string at line $CONN_STR_LINE"
+            
+            # Backup again just to be safe
+            cp "$MAIN_GO" "${MAIN_GO}.conn_patch"
+            
+            # Replace localhost or [::1] with the actual host
+            sed -i "s/localhost/${CLOUDRON_POSTGRESQL_HOST}/g" "$MAIN_GO"
+            sed -i "s/\[::1\]/${CLOUDRON_POSTGRESQL_HOST}/g" "$MAIN_GO"
+            
+            echo "==> Patched connection string"
+        fi
+    fi
+fi
+
 # Fix database migration state if needed
 echo "==> Checking database migration state"
 if [ -d "$SERVER_DIR/cmd/museum" ]; then
@ -729,8 +770,13 @@ ENTE_PG_PORT="${MUSEUM_DB_PORT}" \
 ENTE_PG_USER="${MUSEUM_DB_USER}" \
 ENTE_PG_PASSWORD="${MUSEUM_DB_PASSWORD}" \
 ENTE_PG_DATABASE="${MUSEUM_DB_NAME}" \
-ENTE_PG_DSN="postgres://${MUSEUM_DB_USER}:${MUSEUM_DB_PASSWORD}@${MUSEUM_DB_HOST}:${MUSEUM_DB_PORT}/${MUSEUM_DB_NAME}?sslmode=disable" \
-go run cmd/museum/main.go db force 25
+ENTE_PG_DSN="postgres://${MUSEUM_DB_USER}:${MUSEUM_DB_PASSWORD}@${MUSEUM_DB_HOST}:${MUSEUM_DB_PORT}/${MUSEUM_DB_NAME}?sslmode=disable&host=${MUSEUM_DB_HOST}" \
+CLOUDRON_POSTGRESQL_HOST="${CLOUDRON_POSTGRESQL_HOST}" \
+CLOUDRON_POSTGRESQL_PORT="${CLOUDRON_POSTGRESQL_PORT}" \
+CLOUDRON_POSTGRESQL_USERNAME="${CLOUDRON_POSTGRESQL_USERNAME}" \
+CLOUDRON_POSTGRESQL_PASSWORD="${CLOUDRON_POSTGRESQL_PASSWORD}" \
+CLOUDRON_POSTGRESQL_DATABASE="${CLOUDRON_POSTGRESQL_DATABASE}" \
+go run -ldflags "-X 'github.com/lib/pq.defaulthost=${MUSEUM_DB_HOST}'" overrides/db_override.go cmd/museum/main.go db force 25
 EOF
    chmod +x /tmp/run_migration.sh
    
@ -781,8 +827,13 @@ ENTE_PG_PORT="${MUSEUM_DB_PORT}" \
 ENTE_PG_USER="${MUSEUM_DB_USER}" \
 ENTE_PG_PASSWORD="${MUSEUM_DB_PASSWORD}" \
 ENTE_PG_DATABASE="${MUSEUM_DB_NAME}" \
-ENTE_PG_DSN="postgres://${MUSEUM_DB_USER}:${MUSEUM_DB_PASSWORD}@${MUSEUM_DB_HOST}:${MUSEUM_DB_PORT}/${MUSEUM_DB_NAME}?sslmode=disable" \
-go run cmd/museum/main.go serve
+ENTE_PG_DSN="postgres://${MUSEUM_DB_USER}:${MUSEUM_DB_PASSWORD}@${MUSEUM_DB_HOST}:${MUSEUM_DB_PORT}/${MUSEUM_DB_NAME}?sslmode=disable&host=${MUSEUM_DB_HOST}" \
+CLOUDRON_POSTGRESQL_HOST="${CLOUDRON_POSTGRESQL_HOST}" \
+CLOUDRON_POSTGRESQL_PORT="${CLOUDRON_POSTGRESQL_PORT}" \
+CLOUDRON_POSTGRESQL_USERNAME="${CLOUDRON_POSTGRESQL_USERNAME}" \
+CLOUDRON_POSTGRESQL_PASSWORD="${CLOUDRON_POSTGRESQL_PASSWORD}" \
+CLOUDRON_POSTGRESQL_DATABASE="${CLOUDRON_POSTGRESQL_DATABASE}" \
+go run -ldflags "-X 'github.com/lib/pq.defaulthost=${MUSEUM_DB_HOST}'" overrides/db_override.go cmd/museum/main.go serve
 EOF
    chmod +x /tmp/run_server.sh
    
@ -917,3 +968,55 @@ echo "==> Entering wait state - press Ctrl+C to stop"
 # Wait for all background processes to complete (or for user to interrupt)
 wait $SERVER_PID
 wait $NGINX_PID 
+
+# Create a new go file to inject into the build that overrides the database connection
+mkdir -p "$SERVER_DIR/overrides"
+cat > "$SERVER_DIR/overrides/db_override.go" <<EOF
+// Override database functions - will be added to museum build
+package main
+
+import (
+	"database/sql"
+	"fmt"
+	"log"
+	"os"
+	"strings"
+	
+	_ "github.com/lib/pq" // Import the postgres driver
+)
+
+// This will run before main() and override the database functions
+func init() {
+	log.Println("Database override patch is active")
+	
+	host := os.Getenv("CLOUDRON_POSTGRESQL_HOST")
+	if host == "" {
+		host = os.Getenv("PGHOST")
+	}
+	
+	if host == "" {
+		log.Println("WARNING: No PostgreSQL host found in environment, using default")
+		return
+	}
+	
+	// Force the PGHOST environment variable
+	os.Setenv("PGHOST", host)
+	
+	log.Printf("Forcing database connections to use host: %s", host)
+}
+
+// Force correct database setup - this will be called instead of the original setupDatabase
+func forceCorrectDatabase() (*sql.DB, error) {
+	host := os.Getenv("CLOUDRON_POSTGRESQL_HOST")
+	port := os.Getenv("CLOUDRON_POSTGRESQL_PORT")
+	user := os.Getenv("CLOUDRON_POSTGRESQL_USERNAME")
+	password := os.Getenv("CLOUDRON_POSTGRESQL_PASSWORD")
+	dbname := os.Getenv("CLOUDRON_POSTGRESQL_DATABASE")
+	
+	connStr := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=disable",
+		host, port, user, password, dbname)
+	
+	log.Printf("Opening database connection with: %s", connStr)
+	return sql.Open("postgres", connStr)
+}
+EOF