feat(traefik): enhance file upload handling and timeouts

[drizzentic]

• Add buffering middleware for large file uploads (100MB limit)
• Configure dial and response timeouts (120s)
• Add network connectivity for MinIO integration
• Update service configuration for improved reliability

This resolves context timeout issues and enables handling of large file uploads.

Summary by CodeRabbit

Release Notes

• New Features

  • Enhanced routing capabilities for MinIO services, separating console and API functionalities for better traffic management.
  • Introduced middleware to manage large file uploads effectively.
  • Added explicit volume and configuration definitions for ClickHouse logging.

• Bug Fixes

  • Updated image reference for PostgreSQL to ensure consistent deployments.

• Documentation

  • Revised documentation for the Reverse Proxy Traefik package, including new port settings for MinIO services.

• Chores

  • Removed unnecessary environment variable related to MinIO browser redirect URL.

[coderabbitai]

Walkthrough

The pull request introduces several modifications across multiple files, primarily focusing on enhancing configuration for PostgreSQL and MinIO services. Key changes include updating the POSTGRES_IMAGE to a specific SHA256 digest, restructuring the docker-compose.yml for MinIO to improve routing rules and service definitions, and updating documentation for the Reverse Proxy Traefik to reflect new configurations. Additionally, the monitoring/package-metadata.json file sees the removal of the MINIO_BROWSER_REDIRECT_URL variable, while the reverse-proxy-traefik/docker-compose.yml file adds middleware and timeout settings for improved request handling.

Changes

File	Change Summary
database-postgres/package-metadata.json	Updated POSTGRES_IMAGE from "bitnami/postgresql-repmgr:14" to "bitnami/postgresql-repmgr:14@sha256:<digest>".
datalake/docker-compose.yml	Modified MinIO service routing rules, added new routes for console and API, updated network configuration.
documentation/packages/reverse-proxy-traefik/README.md	Updated MinIO configuration details, including port settings and MINIO_BROWSER_REDIRECT_URL.
monitoring/package-metadata.json	Removed environment variable MINIO_BROWSER_REDIRECT_URL.
reverse-proxy-traefik/docker-compose.yml	Added middleware for large file uploads and new timeout settings for Traefik service handling.
analytics-datastore-clickhouse/docker-compose.yml	Expanded log configurations and added a new external network for ClickHouse service.

Possibly related PRs

• 86c0t11yc - Extract Minio from monitoring package into an independent package #330: The changes in the main PR regarding the POSTGRES_IMAGE variable relate to the broader context of managing image references in the project, which is also a focus in PR 86c0t11yc - Extract Minio from monitoring package into an independent package #330 that involves extracting MinIO configurations, indicating a shift towards more modular and precise image management.

Suggested reviewers

• rcrichton
• BMartinos
• ItsMurumba
• brett-onions

Poem

🐇 In the land of code, where changes bloom,
A SHA256 digest dispels the gloom.
MinIO's routes now dance and play,
With Traefik guiding the traffic's way.
Oh, how our services now align,
In this rabbit's world, all works fine! 🌟

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between bdc4eeb and c6a8287.

📒 Files selected for processing (6)

• analytics-datastore-clickhouse/docker-compose.yml (2 hunks)
• database-postgres/package-metadata.json (1 hunks)
• datalake/docker-compose.yml (1 hunks)
• documentation/packages/reverse-proxy-traefik/README.md (1 hunks)
• monitoring/package-metadata.json (0 hunks)
• reverse-proxy-traefik/docker-compose.yml (1 hunks)

💤 Files with no reviewable changes (1)

• monitoring/package-metadata.json

🚧 Files skipped from review as they are similar to previous changes (2)

• database-postgres/package-metadata.json
• reverse-proxy-traefik/docker-compose.yml

🔇 Additional comments (7)

datalake/docker-compose.yml (3)

27-33: LGTM: MinIO console routing configuration is correct.

The console service configuration properly maps to port 9001 and includes necessary middleware for path stripping.

---

35-41: LGTM: MinIO API routing configuration is correct.

The API service configuration properly maps to port 9090 and includes necessary middleware for path stripping.

---

Line range hint 6-6: Verify command line arguments match Traefik routing configuration.

The MinIO server command line arguments (--console-address ":9001" --address ":9090") align with the Traefik service ports, but let's verify the configuration is working as expected.

Also applies to: 27-41

✅ Verification successful

MinIO server ports and Traefik configuration are correctly aligned

The verification confirms that:

• MinIO server is configured to listen on port 9090 for API and port 9001 for console
• Traefik loadbalancer services are correctly mapped:
  • minio-console-service → port 9001
  • minio-api-service → port 9090

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify MinIO service configuration
echo "=== Checking MinIO service ports ==="
rg "console-address|address.*9[0-9]{3}" datalake/docker-compose.yml

echo -e "\n=== Checking Traefik service ports ==="
rg "loadbalancer.server.port" datalake/docker-compose.yml

Length of output: 629

analytics-datastore-clickhouse/docker-compose.yml (1)

60-62: LGTM: Network configuration enables MinIO integration.

The datalake network configuration properly connects to minio_public, enabling communication with MinIO services.

✅ Verification successful

Let me analyze the network configuration in more detail to ensure proper integration across services.

---

Network configuration is correctly integrated across services

The network configuration is properly set up, with consistent usage of minio_public network across relevant services:

• The datalake service defines and exposes the network
• The monitoring service correctly references it
• The analytics-datastore-clickhouse service properly connects to it

The network configuration follows the expected pattern of being marked as external and using the same network name across services, ensuring proper communication between MinIO and dependent services.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify network configuration consistency
echo "=== Checking network references ==="
rg "minio_public" -g "docker-compose*" .

Length of output: 304

---

Script:

#!/bin/bash
# Check if the network is used consistently across services
echo "=== Checking network usage in docker-compose files ==="
for file in $(fd "docker-compose.yml$"); do
  echo "=== File: $file ==="
  cat "$file" | grep -A5 -B5 "minio_public"
done

Length of output: 6122

documentation/packages/reverse-proxy-traefik/README.md (3)

99-99: LGTM: MinIO browser redirect URL updated correctly.

The URL has been updated to reflect the new path /minio-console/.

---

103-118: LGTM: MinIO configuration section is well documented.

The new section clearly documents the port settings and provides example Traefik labels.

---

103-118: Documentation update needed for configuration changes

The verification reveals that the following configurations exist in the implementation:

• File upload limit of 100MB: maxRequestBodyBytes=100000000
• Timeout settings of 120s: dialTimeout=120s and responseHeaderTimeout=120s
• MinIO console path change: The docker-compose files show MinIO console is configured at /minio-console path with corresponding traefik routes

Please update the documentation to:

1. Explain that the URL path changed to 'minio-console' to align with the MinIO's console service configuration
2. Add the following configurations that are implemented:
   • Maximum file upload size: 100MB
   • Connection timeout: 120 seconds
   • Response timeout: 120 seconds

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (1)

documentation/packages/reverse-proxy-traefik/README.md (1)

Line range hint 1-118: Document missing features from PR objectives.

The documentation needs to be updated to reflect all changes mentioned in the PR objectives:

1. File Upload Handling:

   • Document the new buffering middleware
   • Specify the 100MB file upload limit
   • Explain any configuration required for large file uploads

2. Timeout Configurations:

   • Document the new 120-second dial and response timeouts
   • Explain when and why these timeouts might need adjustment

3. Network Connectivity:

   • Add a section about MinIO network integration
   • Include any required network configuration steps

Consider organizing these configurations under a new "Advanced Configuration" section to help users understand and implement these features correctly.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 796dc87 and bdc4eeb.

📒 Files selected for processing (5)

• database-postgres/package-metadata.json (1 hunks)
• datalake/docker-compose.yml (1 hunks)
• documentation/packages/reverse-proxy-traefik/README.md (1 hunks)
• monitoring/package-metadata.json (0 hunks)
• reverse-proxy-traefik/docker-compose.yml (1 hunks)

💤 Files with no reviewable changes (1)

• monitoring/package-metadata.json

🔇 Additional comments (6)

database-postgres/package-metadata.json (1)

12-12: LGTM! Pinning PostgreSQL image improves reproducibility.

The change to use SHA256 digest ensures consistent deployments by preventing potential issues from floating tags.

Let's verify the image digest and check for any security advisories:

datalake/docker-compose.yml (3)

27-33: LGTM! Well-structured MinIO console routing configuration.

The routing configuration for the MinIO console is well-defined with:

• Proper host and path prefix matching
• Console-specific port (9001)
• Path prefix stripping middleware
• TLS configuration

---

35-41: LGTM! Well-structured MinIO API routing configuration.

The routing configuration for the MinIO API is well-defined with:

• Proper host and path prefix matching
• API-specific port (9090)
• Path prefix stripping middleware
• TLS configuration

---

44-44: Verify network connectivity between MinIO and Traefik.

The network configuration looks correct, but let's verify the network setup to ensure proper connectivity.

Also applies to: 49-51

✅ Verification successful

Network configuration between MinIO and Traefik is correctly defined

The docker-compose.yml shows proper network configuration:

• MinIO service is connected to the traefik network (aliased as reverse-proxy-traefik_public)
• Network is properly declared as external
• Traefik labels are correctly configured with proper routing rules and service definitions
• Both API (9090) and Console (9001) ports are properly exposed through Traefik

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify network configuration
# Check if the Traefik network exists and is being used by other services
docker network ls --format "{{.Name}}" | grep "reverse-proxy-traefik_public"

# Check services connected to the Traefik network
docker network inspect reverse-proxy-traefik_public -f '{{range .Containers}}{{.Name}} {{end}}'

Length of output: 368

---

Script:

#!/bin/bash
# Let's analyze the docker-compose configuration to verify network setup
cat datalake/docker-compose.yml

Length of output: 2237

reverse-proxy-traefik/docker-compose.yml (1)

53-54: LGTM! Extended timeouts for handling large requests.

The 120-second timeouts for both dial and response headers are appropriate for:

• Handling large file uploads
• Addressing the context timeout issues mentioned in the PR

Let's check for any related timeout configurations:

✅ Verification successful

Timeouts are consistently configured across the infrastructure

The verification shows that the 120-second timeouts added to Traefik are well-aligned with the timeout configurations across other services:

• Database connections use 60s timeout (HAPI FHIR)
• Health checks use shorter timeouts (5-20s) for quick failure detection
• Search operations in Elasticsearch have no timeout (-1) for complex queries
• No conflicting or problematic timeout configurations were found

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for other timeout configurations
rg -i "timeout|dial.*time|response.*time" --type yaml --type json -A 2

Length of output: 10106

documentation/packages/reverse-proxy-traefik/README.md (1)

105-118: Enhance security documentation and verify port configurations.

The MinIO port configuration is well documented, but consider adding:

1. Security implications and recommended practices for exposing these ports
2. Any required firewall or network configurations
3. SSL/TLS requirements for secure communication

Let's verify if these are the correct ports being used in the implementation:

✅ Verification successful

Port configurations are correctly documented and match the implementation

The verification confirms that the documented MinIO port configurations (API: 9090, Console: 9001) match the actual implementation in the codebase:

• Found in datalake/docker-compose.yml:
  • MinIO server command: --console-address ":9001" --address ":9090"
  • Traefik labels match: minio-console-service.loadbalancer.server.port=9001 and minio-api-service.loadbalancer.server.port=9090
• TLS is already configured via Traefik:
  • traefik.http.routers.minio-console.tls=${TLS}
  • traefik.http.routers.minio-api.tls=${TLS}

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for MinIO port configurations in docker-compose files
rg "9090|9001" | grep -A 5 "minio"

# Search for any SSL/TLS configurations related to MinIO
rg -i "ssl|tls|cert" | grep -A 5 "minio"

Length of output: 8418

[ItsMurumba]

LGTM!

[sushantpatil1214]

Looks Good to me

[sushantpatil1214]

Looks good to me