From 46c75b6db7d4c92b2464287b07074d98b82e5865 Mon Sep 17 00:00:00 2001
From: Norbert Ferchen <5385633+nferc@users.noreply.github.com>
Date: Fri, 23 Feb 2024 12:04:37 +0100
Subject: [PATCH] separate health check

---
 avgate/avgate.py |  9 ++++-----
 docs/develop.md  | 12 ++++++++----
 nginx.conf       | 37 ++++++++++++++++++++++++-------------
 requirements.txt |  2 --
 uwsgi.ini        |  2 +-
 5 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/avgate/avgate.py b/avgate/avgate.py
index 6fbfdc3..2aa1f78 100644
--- a/avgate/avgate.py
+++ b/avgate/avgate.py
@@ -12,7 +12,6 @@
 from email.message import EmailMessage
 from typing import List, cast
 from urllib.parse import unquote, urlparse
-from prometheus_flask_instrumentator import PrometheusFlaskInstrumentator
 
 import lxml.etree as ET
 import requests
@@ -36,7 +35,7 @@
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
 app = Flask(__name__)
-PrometheusFlaskInstrumentator().instrument(app).expose(app)
+
 config = configparser.ConfigParser()
 
 config.read("avgate.ini")
@@ -119,7 +118,7 @@ def health():
     res = check_clamav() or ""
     res += check_icap() or ""
     if res:
-        return Response(res, mimetype="text/xml", status=503)
+        return Response(res, mimetype="text/plain", status=503)
     return "OK"
 
 
@@ -150,7 +149,7 @@ def check():
             )
 
             if test.ok:
-                res += f"{konn}: ok"
+                res += f"{konn}: ok \n"
             else:
                 err_count += 1
                 res += f"{client} {konn}: {test.status_code} \n"
@@ -163,7 +162,7 @@ def check():
             res += f"{client} {konn}: {err} \n"
             logger.warn(f"check failed for Konnektor: {client} {konn} {err}")
 
-    return Response(res, mimetype="text/xml", status=503 if err_count else 200)
+    return Response(res, mimetype="text/plain", status=503 if err_count else 200)
 
 
 def check_clamav():
diff --git a/docs/develop.md b/docs/develop.md
index fb4666f..b32071e 100644
--- a/docs/develop.md
+++ b/docs/develop.md
@@ -6,9 +6,13 @@ Für den Zugriff ohne Nginx ist ein Beispiel unter ./script/retrieveDocumentSet-
 Für den Zugriff mit Nginx muss dieser umkonfiguriert werden. In nginx.conf statt uwsgi die Zeilen für den Fallback konfigurieren
 
 ```
-    proxy_set_header X-real-ip $remote_addr; 
-    proxy_set_header host $server_addr:$server_port; 
-    proxy_pass "http://127.0.0.1:5001"; 
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header host $server_addr:$server_port;
+    proxy_pass "http://127.0.0.1:5001";
 ```
 
-
+Ein lokaler icap server kann gestartet werden über
+```
+    docker build -t c-icap c-icap
+    docker run -p 1344:1344 --rm --name c-icap c-icap
+```
diff --git a/nginx.conf b/nginx.conf
index ba2d0a0..a221165 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,6 +1,6 @@
 
 ### for more information
-#error_log /opt/homebrew/var/log/nginx/error.log info;
+# error_log ~/Library/Logs/Homebrew/nginx/error.log info;
 
 events {
     worker_connections  1024;
@@ -11,7 +11,6 @@ http {
   server {
     # entry point for clients
     listen 8400-8500 ssl;
-    # listen 5002 ssl;
 
     # TLS
     ssl_certificate       /Users/nferc/Workspace/gematik/ePa_av-gate/cert/server.cert;
@@ -22,27 +21,28 @@ http {
     ssl_verify_client on;
 
     # only pass PHRService and connector.sds to av-gate
-    # location ~ ^/(soap-api/PHRService|connector.sds|health|check) {
+    # location ~ ^/(soap-api/PHRService|connector.sds) {
     location / {
-
       proxy_redirect off;
       proxy_set_header X-Client-Cert $ssl_client_s_dn;
 
       ### uwsgi preferred
-      # include docker/uwsgi_params;
-      # uwsgi_param HTTP_X_REAL_IP $remote_addr;
-      # uwsgi_pass localhost:5001;
-
-      ### Fallback for no uwsgi
-      include /opt/homebrew/etc/nginx/uwsgi_params;
-      proxy_set_header X-real-ip $remote_addr;
-      proxy_set_header host $server_addr:$server_port;
-      proxy_pass "http://127.0.0.1:5001";
+      uwsgi_param HTTP_X_REAL_IP $remote_addr;
+      include docker/uwsgi_params;
+      uwsgi_pass localhost:8080;
+
+      ### Fallback for no uwsgi (dev only)
+      # include /opt/homebrew/etc/nginx/uwsgi_params;
+      # proxy_set_header X-real-ip $remote_addr;
+      # proxy_set_header host $server_addr:$server_port;
+      # proxy_pass "http://127.0.0.1:5001";
     }
 
     # bypass other services to connector (optional)
     # only neccessary for av_proxy.ini/[konnektor]/proxy_all_services = true
     # this reduce workload for av-gate dramatically and should be used when proxy_all_services is set.
+    # you have to set the location for the previous section to "~ ^/(soap-api/PHRService|connector.sds)"
+
     # location / {
     #   proxy_ssl_certificate       /Users/nferc/Workspace/gematik/ePa_av-gate/cert/kclient.cert;
     #   proxy_ssl_certificate_key   /Users/nferc/Workspace/gematik/ePa_av-gate/cert/kclient.key;
@@ -53,6 +53,17 @@ http {
 
     # }
   }
+
+  # separate endpoint for health, check, metrics without ssl and m-tls
+  server {
+    listen 8300;
+    location ~ ^/(health|check) {
+      proxy_redirect off;
+      uwsgi_param HTTP_X_REAL_IP $remote_addr;
+      include docker/uwsgi_params;
+      uwsgi_pass localhost:8080;
+    }
+  }
 }
 
 
diff --git a/requirements.txt b/requirements.txt
index 6c00e13..ec05471 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -17,8 +17,6 @@ mypy==1.8.0
 mypy-extensions==1.0.0
 packaging==23.2
 pluggy==1.4.0
-prometheus-flask-instrumentator==4.1.1
-prometheus_client==0.20.0
 pycparser==2.21
 pytest==8.0.1
 requests==2.31.0
diff --git a/uwsgi.ini b/uwsgi.ini
index fbd2cf2..5647e99 100644
--- a/uwsgi.ini
+++ b/uwsgi.ini
@@ -4,7 +4,7 @@ processes = 4
 socket = localhost:8080
 
 chdir = /Users/nferc/Workspace/gematik/ePa_av-gate
-wsgi-file = avgate.py
+module = avgate.avgate:app
 
 # only when virtualenv was used on install
 virtualenv = venv