You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2021/06/16 01:16:20 UTC

[GitHub] [skywalking] wu-sheng opened a new issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

wu-sheng opened a new issue #7122:
URL: https://github.com/apache/skywalking/issues/7122


   We were using Spring boot 1.x and Zuul gateway as the webapp container to host UI, and bypass GraphQL query to OAP. According to @hanahmily https://github.com/apache/skywalking/pull/7119#discussion_r652272379, we are facing continuous CVEs, which should drive us to look for a replacement solution.
    
   To all @apache/skywalking-committers , we have the following options.
   1. Keep in Java, upgrade to Spring boot 2.x, use Spring Gateway or something in Spring ecosystem to host UI. This solution would be coherent.
   2. Use NodeJS server to provide service, which basically we to just simply distribute rocketbot-ui in a server mode, and 100% adopt NodeJS ecosystem. @Jtrust @Fine0830 What do you think about this?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-862072207


   > as far as i know, nginx can run on unix, linux and windows
   
   It can, but with different binary tars. So we have to release -linux, -win, etc. Then plus we have -es6 and -es7, it would be a huge release set.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] heyanlong commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

heyanlong commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-862070124


   as far as i know, nginx can run on unix, linux and windows


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] Fine0830 commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

Fine0830 commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861987624


   > > Can we use `Nginx` to provide web server? CVEs seems to be avoided.
   > 
   > We could use Nginx or APISIX/OpenResty, if we want. @Fine0830 So, you don't like NodeJS to host service directly, right?
   
   Yes. For fixing CVEs, If we adopted to 2, there will be other uncontrollable problems. like this, 
   
   ![1](https://user-images.githubusercontent.com/20871783/122148571-477cbd80-ce8d-11eb-8517-7516d30f97d7.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] heyanlong commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

heyanlong commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861990426


   I think it would be good to use nginx to host the UI, and i often do this in my work. only need to put the compiled UI in the www directory to provide high-quality services.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] Fine0830 commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

Fine0830 commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861946339


   Can we use `Nginx` to provide web server? CVEs seems to be avoided.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-867507603


   @JaredTan95 Let's try Spring boot 2 and Spring Gateway.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] kezhenxu94 commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

kezhenxu94 commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861938203


   Both works for me.
   
   But I just want to remind that the number of dependencies in NodeJS is sometimes unpredictably LARGE even if you only import a simple package, and CVEs in NodeJS is not necessarily less than Java. It would be helpful if UI team could evaluate before we make a final decision.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861980763


   > Can we use `Nginx` to provide web server? CVEs seems to be avoided.
   
   We could use Nginx or APISIX/OpenResty, if we want. @Fine0830 So, you don't like NodeJS to host service directly, right?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] Fine0830 edited a comment on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

Fine0830 edited a comment on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861987624


   > > Can we use `Nginx` to provide web server? CVEs seems to be avoided.
   > 
   > We could use Nginx or APISIX/OpenResty, if we want. @Fine0830 So, you don't like NodeJS to host service directly, right?
   
   Yes. For fixing CVEs, If we adopted to 2, there will be other uncontrollable problems. like this, 
   ![2](https://user-images.githubusercontent.com/20871783/122148749-988cb180-ce8d-11eb-9460-5fedd8dfef99.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861936161


   Any other suggestion is also welcome.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] hanahmily commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

hanahmily commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861937177


   If we adopted to 2, the dev UI docker image building artifacts should be transferred to the UI repo, the release UI docker process should be updated correspondingly. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861992499


   > I think it would be good to use nginx to host the UI, and i often do this in my work. only need to put the compiled UI in the www directory to provide high-quality services.
   
   The challenge about Nignx/OpenResty/APISIX is all about how to distribute so many distributions for different OS.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861940939


   Notice, in this issue, we don't discuss `UI release separately`. The query protocol keeps upgrading and enhancing, this is not a good time to do so. We don't recommend mismatched UI and OAP versions.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] kezhenxu94 closed issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

kezhenxu94 closed issue #7122:
URL: https://github.com/apache/skywalking/issues/7122


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861938690


   > Both works for me.
   > 
   > But I just want to remind that the number of dependencies in NodeJS is sometimes unpredictably LARGE even if you only import a simple package, and CVEs in NodeJS is not necessarily less than Java. It would be helpful if UI team could evaluate before we make a final decision.
   
   Yes, NodeJS server doesn't mean less CVE at all. All web containers are the place exposing CVEs, as it is a network port.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #7122: Evaluate Webapp container(Spring boot 1.x + Zuul) replacement options

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #7122:
URL: https://github.com/apache/skywalking/issues/7122#issuecomment-861988849


   OK than. @hanahmily it seems moving to Spring Gateway + Spring boot 2 would be better.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org