diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7790857d..fb4bb63d 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -256,6 +256,27 @@ unit tests and lints in a local development environment: - `tox -e check_types` to check types with MyPy. - `tox` **to do all of the above.** +### Testing proxy support + +To test whether proxy support is working or not, a docker compose file has been +provided to make things easier. + +For GCM Pushkin proxy testing follow these steps: +- create a firebase project & service account +- download the service account file from firebase & save to `./scripts-dev/proxy-test/service_account.json` +- configure the PROJECT_ID in `./scripts-dev/proxy-test/sygnal.yaml` +- build a docker image of sygnal named `sygnal` +- cd to `./scripts-dev/proxy-test/` +- run `docker compose up` +- in another terminal, run `docker exec -it sygnal bash` +- run `apt update && apt install curl -y` +- run `chmod +x curl.sh` +- run `./curl.sh` +- you can tell if the proxy is **NOT** working by inspecting the sygnal logs & seeing something along the lines of "Network is unreachable" or DNS resolution/proxy errors +- you cal tell if the proxy is working by inspecting the sygnal logs & seeing the following error from firebase '"code": 400, "message": "The registration token is not a valid FCM registration token"' +- this is due to the `pushkey` being set to PUSHKEY_HERE in `notification.json` +- if you want to fully test an actual notification, you will have to update this value in `./scripts-dev/proxy-test/notification.json` before calling `docker compose up` + ## Updating your pull request If you decide to make changes to your pull request - perhaps to address issues diff --git a/changelog.d/375.misc b/changelog.d/375.misc new file mode 100644 index 00000000..8c52be13 --- /dev/null +++ b/changelog.d/375.misc @@ -0,0 +1 @@ +Add manual proxy testing scripts & docs. diff --git a/scripts-dev/proxy-test/curl.sh b/scripts-dev/proxy-test/curl.sh new file mode 100755 index 00000000..96994af0 --- /dev/null +++ b/scripts-dev/proxy-test/curl.sh @@ -0,0 +1 @@ +curl -i -H "Content-Type: application/json" --request POST -d @notification.json http://localhost:5000/_matrix/push/v1/notify diff --git a/scripts-dev/proxy-test/docker-compose.yml b/scripts-dev/proxy-test/docker-compose.yml new file mode 100644 index 00000000..b83f242b --- /dev/null +++ b/scripts-dev/proxy-test/docker-compose.yml @@ -0,0 +1,38 @@ +services: + sygnal: + image: sygnal + networks: + no-internet: + ipv4_address: 172.28.0.2 + container_name: sygnal + volumes: + - ./sygnal.yaml:/sygnal.yaml + - ./service_account.json:/service_account.json:ro + - ./curl.sh:/curl.sh + - ./notification.json:/notification.json + - ./proxy.conf:/etc/apt/apt.conf.d/proxy.conf + ports: + - 5000:5000 + + proxy: + image: dominikbechstein/nginx-forward-proxy + networks: + no-internet: + ipv4_address: 172.28.0.3 + internet: + container_name: nginx-forward-proxy + volumes: + - ./nginx.conf:/usr/local/nginx/conf/nginx.conf:ro + ports: + - 8080:8080 + +networks: + no-internet: + driver: bridge + internal: true + ipam: + config: + - subnet: 172.28.0.0/16 + gateway: 172.28.0.1 + internet: + driver: bridge diff --git a/scripts-dev/proxy-test/nginx.conf b/scripts-dev/proxy-test/nginx.conf new file mode 100644 index 00000000..0a7c8a88 --- /dev/null +++ b/scripts-dev/proxy-test/nginx.conf @@ -0,0 +1,44 @@ +worker_processes auto; + +daemon off; + +events { + worker_connections 1024; +} + +http { + include mime.types; + + access_log /dev/stdout; + error_log /dev/stderr; + + server { + listen 8080; + + resolver 1.1.1.1 ipv6=off; + + proxy_connect; + proxy_connect_allow 443 563; + proxy_connect_connect_timeout 10s; + proxy_connect_read_timeout 10s; + proxy_connect_send_timeout 10s; + + proxy_hide_header Upgrade; + proxy_hide_header X-Powered-By; + + add_header Content-Security-Policy "upgrade-insecure-requests"; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Cache-Control "no-transform" always; + add_header Referrer-Policy no-referrer always; + add_header X-Robots-Tag none; + + location / { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_pass $scheme://$host; + } + } +} + diff --git a/scripts-dev/proxy-test/notification.json b/scripts-dev/proxy-test/notification.json new file mode 100644 index 00000000..35720496 --- /dev/null +++ b/scripts-dev/proxy-test/notification.json @@ -0,0 +1,31 @@ +{ + "notification": { + "event_id": "\\$3957tyerfgewrf384", + "room_id": "!slw48wfj34rtnrf:example.org", + "type": "m.room.message", + "sender": "@exampleuser:example.org", + "sender_display_name": "Major Tom", + "room_name": "Mission Control", + "room_alias": "#exampleroom:example.org", + "prio": "high", + "content": { + "msgtype": "m.text", + "body": "I'm floating in a most peculiar way." + }, + "counts": { + "unread": 2, + "missed_calls": 1 + }, + "devices": [ + { + "app_id": "im.vector.app", + "pushkey": "", + "pushkey_ts": 12345678, + "data": {}, + "tweaks": { + "sound": "bing" + } + } + ] + } +} diff --git a/scripts-dev/proxy-test/proxy.conf b/scripts-dev/proxy-test/proxy.conf new file mode 100644 index 00000000..59de5bd2 --- /dev/null +++ b/scripts-dev/proxy-test/proxy.conf @@ -0,0 +1 @@ +Acquire::http::Proxy "http://172.28.0.3:8080/"; diff --git a/scripts-dev/proxy-test/sygnal.yaml b/scripts-dev/proxy-test/sygnal.yaml new file mode 100644 index 00000000..4d91d446 --- /dev/null +++ b/scripts-dev/proxy-test/sygnal.yaml @@ -0,0 +1,66 @@ +## +# This is a configuration for Sygnal, the reference Push Gateway for Matrix +## + +log: + setup: + version: 1 + formatters: + normal: + format: "%(asctime)s [%(process)d] %(levelname)-5s %(name)s %(message)s" + handlers: + stderr: + class: "logging.StreamHandler" + formatter: "normal" + stream: "ext://sys.stderr" + + stdout: + class: "logging.StreamHandler" + formatter: "normal" + stream: "ext://sys.stdout" + + file: + class: "logging.handlers.WatchedFileHandler" + formatter: "normal" + filename: "./sygnal.log" + loggers: + sygnal.access: + propagate: false + handlers: ["stdout"] + level: "INFO" + + sygnal: + propagate: false + handlers: ["stderr", "file"] + + root: + handlers: ["stderr"] + level: "INFO" + + disable_existing_loggers: false + + access: + x_forwarded_for: false + +http: + bind_addresses: ['127.0.0.1'] + port: 5000 + +proxy: 'http://172.28.0.3:8080' + +metrics: + prometheus: + enabled: false + + opentracing: + enabled: false + + sentry: + enabled: false + +apps: + im.vector.app: + type: gcm + api_version: v1 + project_id: + service_account_file: /service_account.json