Add manual proxy testing setup scripts & notes (#375)

* Add proxy-test setup files * Simplify configuration of proxy test * Add testing notes for proxy-test * Add changelog entry * Add proxy test step specifying which docker image is required
matrix-org · May 17, 2024 · 534d845 · 534d845
1 parent f308a28
commit 534d845
Show file tree

Hide file tree

Showing 8 changed files with 203 additions and 0 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -256,6 +256,27 @@ unit tests and lints in a local development environment:
 - `tox -e check_types` to check types with MyPy.
 - `tox` **to do all of the above.**
 
+### Testing proxy support
+
+To test whether proxy support is working or not, a docker compose file has been
+provided to make things easier.
+
+For GCM Pushkin proxy testing follow these steps:
+- create a firebase project & service account
+- download the service account file from firebase & save to `./scripts-dev/proxy-test/service_account.json`
+- configure the PROJECT_ID in `./scripts-dev/proxy-test/sygnal.yaml`
+- build a docker image of sygnal named `sygnal`
+- cd to `./scripts-dev/proxy-test/`
+- run `docker compose up`
+- in another terminal, run `docker exec -it sygnal bash`
+- run `apt update && apt install curl -y`
+- run `chmod +x curl.sh`
+- run `./curl.sh`
+- you can tell if the proxy is **NOT** working by inspecting the sygnal logs & seeing something along the lines of "Network is unreachable" or DNS resolution/proxy errors
+- you cal tell if the proxy is working by inspecting the sygnal logs & seeing the following error from firebase '"code": 400, "message": "The registration token is not a valid FCM registration token"'
+- this is due to the `pushkey` being set to PUSHKEY_HERE in `notification.json`
+- if you want to fully test an actual notification, you will have to update this value in `./scripts-dev/proxy-test/notification.json` before calling `docker compose up`
+
 ## Updating your pull request
 
 If you decide to make changes to your pull request - perhaps to address issues

diff --git a/changelog.d/375.misc b/changelog.d/375.misc
@@ -0,0 +1 @@
+Add manual proxy testing scripts & docs.
diff --git a/scripts-dev/proxy-test/curl.sh b/scripts-dev/proxy-test/curl.sh
@@ -0,0 +1 @@
+curl -i -H "Content-Type: application/json" --request POST -d @notification.json http://localhost:5000/_matrix/push/v1/notify
diff --git a/scripts-dev/proxy-test/docker-compose.yml b/scripts-dev/proxy-test/docker-compose.yml
@@ -0,0 +1,38 @@
+services:
+  sygnal:
+    image: sygnal
+    networks:
+      no-internet:
+        ipv4_address: 172.28.0.2
+    container_name: sygnal
+    volumes:
+      - ./sygnal.yaml:/sygnal.yaml
+      - ./service_account.json:/service_account.json:ro
+      - ./curl.sh:/curl.sh
+      - ./notification.json:/notification.json
+      - ./proxy.conf:/etc/apt/apt.conf.d/proxy.conf
+    ports:
+      - 5000:5000
+
+  proxy:
+    image: dominikbechstein/nginx-forward-proxy
+    networks:
+      no-internet:
+        ipv4_address: 172.28.0.3
+      internet:
+    container_name: nginx-forward-proxy
+    volumes:
+      - ./nginx.conf:/usr/local/nginx/conf/nginx.conf:ro
+    ports:
+      - 8080:8080
+
+networks:
+  no-internet:
+    driver: bridge
+    internal: true
+    ipam:
+      config:
+        - subnet: 172.28.0.0/16
+          gateway: 172.28.0.1
+  internet:
+    driver: bridge
diff --git a/scripts-dev/proxy-test/nginx.conf b/scripts-dev/proxy-test/nginx.conf
@@ -0,0 +1,44 @@
+worker_processes auto;
+
+daemon off;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include mime.types;
+
+  access_log /dev/stdout;
+  error_log  /dev/stderr;
+
+  server {
+    listen 8080;
+
+    resolver 1.1.1.1 ipv6=off;
+
+    proxy_connect;
+    proxy_connect_allow           443 563;
+    proxy_connect_connect_timeout 10s;
+    proxy_connect_read_timeout    10s;
+    proxy_connect_send_timeout    10s;
+
+    proxy_hide_header Upgrade;
+    proxy_hide_header X-Powered-By;
+
+    add_header Content-Security-Policy "upgrade-insecure-requests";
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Cache-Control "no-transform" always;
+    add_header Referrer-Policy no-referrer always;
+    add_header X-Robots-Tag none;
+
+    location / {
+      proxy_http_version 1.1;
+      proxy_set_header Host $host;
+      proxy_pass $scheme://$host;
+    }
+  }
+}
+
diff --git a/scripts-dev/proxy-test/notification.json b/scripts-dev/proxy-test/notification.json
@@ -0,0 +1,31 @@
+{
+  "notification": {
+    "event_id": "\\$3957tyerfgewrf384",
+    "room_id": "!slw48wfj34rtnrf:example.org",
+    "type": "m.room.message",
+    "sender": "@exampleuser:example.org",
+    "sender_display_name": "Major Tom",
+    "room_name": "Mission Control",
+    "room_alias": "#exampleroom:example.org",
+    "prio": "high",
+    "content": {
+      "msgtype": "m.text",
+      "body": "I'm floating in a most peculiar way."
+    },
+    "counts": {
+      "unread": 2,
+      "missed_calls": 1
+    },
+    "devices": [
+      {
+        "app_id": "im.vector.app",
+        "pushkey": "<PUSHKEY HERE>",
+        "pushkey_ts": 12345678,
+        "data": {},
+        "tweaks": {
+          "sound": "bing"
+        }
+      }
+    ]
+  }
+}
diff --git a/scripts-dev/proxy-test/proxy.conf b/scripts-dev/proxy-test/proxy.conf
@@ -0,0 +1 @@
+Acquire::http::Proxy "http://172.28.0.3:8080/";
diff --git a/scripts-dev/proxy-test/sygnal.yaml b/scripts-dev/proxy-test/sygnal.yaml
@@ -0,0 +1,66 @@
+##
+# This is a configuration for Sygnal, the reference Push Gateway for Matrix
+##
+
+log:
+  setup:
+    version: 1
+    formatters:
+      normal:
+        format: "%(asctime)s [%(process)d] %(levelname)-5s %(name)s %(message)s"
+    handlers:
+      stderr:
+        class: "logging.StreamHandler"
+        formatter: "normal"
+        stream: "ext://sys.stderr"
+
+      stdout:
+        class: "logging.StreamHandler"
+        formatter: "normal"
+        stream: "ext://sys.stdout"
+
+      file:
+        class: "logging.handlers.WatchedFileHandler"
+        formatter: "normal"
+        filename: "./sygnal.log"
+    loggers:
+      sygnal.access:
+        propagate: false
+        handlers: ["stdout"]
+        level: "INFO"
+
+      sygnal:
+        propagate: false
+        handlers: ["stderr", "file"]
+
+    root:
+      handlers: ["stderr"]
+      level: "INFO"
+
+    disable_existing_loggers: false
+
+  access:
+    x_forwarded_for: false
+
+http:
+  bind_addresses: ['127.0.0.1']
+  port: 5000
+
+proxy: 'http://172.28.0.3:8080'
+
+metrics:
+  prometheus:
+    enabled: false
+
+  opentracing:
+    enabled: false
+
+  sentry:
+    enabled: false
+
+apps:
+  im.vector.app:
+    type: gcm
+    api_version: v1
+    project_id: <PROJECT_ID>
+    service_account_file: /service_account.json
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		curl -i -H "Content-Type: application/json" --request POST -d @notification.json http://localhost:5000/_matrix/push/v1/notify
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Acquire::http::Proxy "http://172.28.0.3:8080/";