Enhance network resilience features in HMAC File Server 3.2

2025-07-20 15:21:27 +00:00
parent 3c8a96c14e
commit f8e4d8fcba
11 changed files with 162 additions and 16 deletions
--- a/builddebian.sh
+++ b/builddebian.sh
@ -193,6 +193,26 @@ chunksize = "10MB"
 resumableuploadsenabled = true
 ttlenabled = false
 ttl = "168h"
+networkevents = true
+
+# Network Resilience Configuration (3.2 Enhanced Features)
+[network_resilience]
+enabled = true
+fast_detection = false                  # Standard detection for server deployment
+quality_monitoring = true              # Enable quality monitoring
+predictive_switching = false           # Conservative switching for servers
+mobile_optimizations = false           # Standard thresholds for server environment
+upload_resilience = true               # Resume uploads across network changes
+detection_interval = "5s"              # Standard detection interval
+quality_check_interval = "10s"         # Regular quality monitoring
+network_change_threshold = 3           # Switches required to trigger network change
+interface_stability_time = "30s"       # Server-appropriate stability time
+upload_pause_timeout = "5m"           # Standard upload pause timeout
+upload_retry_timeout = "10m"          # Standard retry timeout
+rtt_warning_threshold = "200ms"        # Server network warning threshold
+rtt_critical_threshold = "1000ms"      # Server network critical threshold
+packet_loss_warning_threshold = 2.0    # 2% packet loss warning
+packet_loss_critical_threshold = 10.0  # 10% packet loss critical

 [downloads]
 chunkeddownloadsenabled = true
--- a/cmd/server/config_simplified.go
+++ b/cmd/server/config_simplified.go
@ -188,6 +188,15 @@ file = "/var/log/hmac-file-server.log"
 # [uploads]
 # max_resumable_age = "48h"
 # chunk_size = "10MB"
+# networkevents = true
+
+# [network_resilience]
+# enabled = true
+# fast_detection = true              # Enable 1-second detection for mobile
+# quality_monitoring = true          # Monitor RTT and packet loss
+# predictive_switching = true        # Switch before complete failure
+# mobile_optimizations = true       # Cellular-friendly thresholds
+# upload_resilience = true           # Resume uploads across network changes

 # [workers]
 # numworkers = 4
--- a/config-default.toml
+++ b/config-default.toml
@ -26,6 +26,26 @@ chunkeduploadsenabled = true
 chunksize = "32MB"
 resumableuploadsenabled = true
 maxresumableage = "48h"
+networkevents = true
+
+# Network Resilience Configuration (3.2 Enhanced Features)
+[network_resilience]
+enabled = true
+fast_detection = false                  # Standard 5-second detection
+quality_monitoring = false             # Basic monitoring only
+predictive_switching = false           # Wait for complete failure
+mobile_optimizations = false           # Standard network thresholds
+upload_resilience = true               # Resume uploads across network changes
+detection_interval = "5s"              # Standard detection interval
+quality_check_interval = "10s"         # Standard quality monitoring
+network_change_threshold = 3           # Switches required to trigger network change
+interface_stability_time = "30s"       # Time to wait before considering interface stable
+upload_pause_timeout = "5m"           # Standard upload pause timeout
+upload_retry_timeout = "10m"          # Standard retry timeout
+rtt_warning_threshold = "200ms"        # Standard RTT warning
+rtt_critical_threshold = "1000ms"      # Standard RTT critical
+packet_loss_warning_threshold = 2.0    # 2% packet loss warning
+packet_loss_critical_threshold = 10.0  # 10% packet loss critical

 [downloads]
 resumabledownloadsenabled = true
--- a/config-simple.toml
+++ b/config-simple.toml
@ -31,6 +31,15 @@ file = "/opt/hmac-file-server/data/logs/hmac-file-server.log"
 # [uploads]
 # sessiontimeout = "60m"
 # chunk_size = "10MB"
+# networkevents = true
+
+# [network_resilience]
+# enabled = true
+# fast_detection = true              # Enable 1-second detection for mobile
+# quality_monitoring = true          # Monitor RTT and packet loss
+# predictive_switching = true        # Switch before complete failure
+# mobile_optimizations = true       # Cellular-friendly thresholds
+# upload_resilience = true           # Resume uploads across network changes

 # [timeouts]
 # readtimeout = "4800s"
--- a/config-simplified-production.toml
+++ b/config-simplified-production.toml
@ -11,3 +11,12 @@ secret = "f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW"
 [logging]
 level = "info"
 file = "/opt/hmac-file-server/data/logs/hmac-file-server.log"
+
+# Network resilience for production environments
+[uploads]
+networkevents = true
+
+[network_resilience]
+enabled = true
+quality_monitoring = true
+upload_resilience = true
--- a/dockerenv/dockerbuild/Dockerfile
+++ b/dockerenv/dockerbuild/Dockerfile
@ -11,16 +11,32 @@ RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o hmac-file-server ./cmd/server/
 # Stage 2: Runtime
 FROM alpine:latest

-RUN apk --no-cache add ca-certificates
+RUN apk --no-cache add ca-certificates tzdata iputils
+
+# Create non-root user for security
+RUN adduser -D -s /bin/sh -u 1011 appuser

 RUN mkdir -p /opt/hmac-file-server/data/uploads \
    && mkdir -p /opt/hmac-file-server/data/duplicates \
    && mkdir -p /opt/hmac-file-server/data/temp \
-    && mkdir -p /opt/hmac-file-server/data/logs
+    && mkdir -p /opt/hmac-file-server/data/logs \
+    && chown -R appuser:appuser /opt/hmac-file-server \
+    && chmod 750 /opt/hmac-file-server/data/uploads \
+    && chmod 750 /opt/hmac-file-server/data/duplicates \
+    && chmod 750 /opt/hmac-file-server/data/temp \
+    && chmod 750 /opt/hmac-file-server/data/logs

 WORKDIR /opt/hmac-file-server

 COPY --from=builder /build/hmac-file-server .
+RUN chown appuser:appuser hmac-file-server && chmod +x hmac-file-server
+
+# Switch to non-root user
+USER appuser
+
+# Health check for network resilience
+HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \
+  CMD curl -f http://localhost:8080/health || exit 1

 EXPOSE 8080

--- a/dockerenv/podman/Dockerfile.podman
+++ b/dockerenv/podman/Dockerfile.podman
@ -29,13 +29,14 @@ RUN apk add --no-cache \
    tzdata \
    curl \
    shadow \
+    iputils \
    && adduser -D -s /bin/sh -u 1011 appuser \
    && rm -rf /var/cache/apk/*

-# Create application directories with proper ownership
+# Create application directories with proper ownership and secure permissions
 RUN mkdir -p /app /data /deduplication /iso /logs /tmp && \
    chown -R appuser:appuser /app /data /deduplication /iso /logs /tmp && \
-    chmod 755 /app /data /deduplication /iso /logs && \
+    chmod 750 /app /data /deduplication /iso /logs && \
    chmod 1777 /tmp

 # Copy binary from builder stage
@ -59,8 +60,8 @@ LABEL org.opencontainers.image.title="HMAC File Server" \
      org.opencontainers.image.source="https://github.com/PlusOne/hmac-file-server" \
      org.opencontainers.image.licenses="MIT"

-# Health check for container orchestration
-HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
+# Health check for container orchestration with network resilience awareness
+HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \
  CMD curl -f http://localhost:8888/health || exit 1

 # Expose default port (configurable via config)
--- a/dockerenv/podman/config.toml.example
+++ b/dockerenv/podman/config.toml.example
@ -48,13 +48,22 @@ max_upload_retries = 3

 # Enhanced Network Resilience (NEW)
 [network_resilience]
+enabled = true
 fast_detection = true               # 1-second network change detection
 quality_monitoring = true           # Monitor RTT and packet loss
 predictive_switching = true         # Proactive network switching
 mobile_optimizations = true        # Mobile-friendly thresholds
+upload_resilience = true            # Resume uploads across network changes
 detection_interval = "1s"
 quality_check_interval = "5s"
-max_detection_interval = "10s"
+network_change_threshold = 3        # Switches required to trigger network change
+interface_stability_time = "10s"    # Mobile-appropriate stability time
+upload_pause_timeout = "10m"       # Mobile-friendly upload pause timeout
+upload_retry_timeout = "20m"       # Extended retry for mobile scenarios
+rtt_warning_threshold = "500ms"     # Cellular network warning threshold
+rtt_critical_threshold = "2000ms"   # Cellular network critical threshold
+packet_loss_warning_threshold = 5.0 # 5% packet loss warning
+packet_loss_critical_threshold = 15.0 # 15% packet loss critical

 [downloads]
 resumable_downloads_enabled = true
--- a/dockerenv/podman/deploy-podman.sh
+++ b/dockerenv/podman/deploy-podman.sh
@ -94,6 +94,7 @@ worker_scale_down_thresh = 10
 deduplication_enabled = true
 min_free_bytes = "1GB"
 file_naming = "original"
+networkevents = true                # Enable network monitoring for resilience

 [uploads]
 # XMPP-compatible file extensions for maximum client support
@ -113,6 +114,16 @@ upload_slot_ttl = "3600s"
 retry_failed_uploads = true
 max_upload_retries = 3

+# Enhanced Network Resilience (NEW)
+[network_resilience]
+fast_detection = true               # 1-second network change detection
+quality_monitoring = true           # Monitor RTT and packet loss
+predictive_switching = true         # Proactive network switching
+mobile_optimizations = true        # Mobile-friendly thresholds
+detection_interval = "1s"
+quality_check_interval = "5s"
+max_detection_interval = "10s"
+
 [downloads]
 resumable_downloads_enabled = true
 chunked_downloads_enabled = true
--- a/dockerenv/podman/hmac-file-server.service
+++ b/dockerenv/podman/hmac-file-server.service
@ -38,9 +38,9 @@ ExecStart=/usr/bin/podman run \
    --volume /opt/podman/hmac-file-server/logs:/logs:rw,Z \
    --health-cmd="curl -f http://localhost:8888/health || exit 1" \
    --health-interval=30s \
-    --health-timeout=10s \
+    --health-timeout=15s \
    --health-retries=3 \
-    --health-start-period=40s \
+    --health-start-period=60s \
    localhost/hmac-file-server:latest -config /app/config.toml

 # Stop and cleanup
--- a/installer.sh
+++ b/installer.sh
@ -64,6 +64,7 @@ show_help() {
    echo ""
    echo "New in 3.2 'Tremora del Terra':"
    echo "  - 93% Configuration Reduction: Simplified setup with intelligent defaults"
+    echo "  - Enhanced Network Resilience: Fast detection, quality monitoring, mobile optimization"
    echo "  - Enhanced Worker Scaling: Optimized 40%/10% thresholds"
    echo "  - Extended Timeouts: 4800s defaults for large file reliability"
    echo "  - Multi-Architecture Support: Native AMD64, ARM64, ARM32v7 builds"
@ -91,7 +92,8 @@ echo -e "${BLUE}                     HMAC File Server 3.2 'Tremora del Terra' In
 echo -e "${BLUE}                           Professional XMPP Integration${NC}"
 echo ""
 echo -e "${YELLOW}--------------------------------------------------------------------------------${NC}"
-echo -e "${GREEN} 93% Config Reduction             Extended 4800s Timeouts${NC}"
+echo -e "${GREEN} 93% Config Reduction             Enhanced Network Resilience${NC}"
+echo -e "${GREEN} Fast Mobile Detection (1s)       Extended 4800s Timeouts${NC}"
 echo -e "${GREEN} Enhanced Worker Scaling (40/10)  Multi-Architecture Support${NC}"  
 echo -e "${GREEN} Prometheus Metrics Integration   ClamAV Virus Scanning${NC}"
 echo -e "${GREEN} Redis Cache & Session Management JWT & HMAC Authentication${NC}"
@ -507,7 +509,7 @@ build_server() {
    
    # Build the server
    cd "$(dirname "$0")"
-    go build -o "$INSTALL_DIR/hmac-file-server" cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go
+    go build -o "$INSTALL_DIR/hmac-file-server" cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go cmd/server/network_resilience.go cmd/server/upload_session.go cmd/server/chunked_upload_handler.go
    
    # Set ownership and permissions
    chown "$HMAC_USER:$HMAC_USER" "$INSTALL_DIR/hmac-file-server"
@ -543,6 +545,7 @@ max_file_age = "720h"
 enable_dynamic_workers = true
 worker_scale_up_thresh = 40
 worker_scale_down_thresh = 10
+networkevents = true

 # Caching and performance
 pre_cache = true
@ -587,6 +590,14 @@ max_resumable_age = "48h"
 sessiontimeout = "60m"
 maxretries = 3

+# Upload resilience settings
+session_persistence = true
+session_recovery_timeout = "300s"
+client_reconnect_window = "120s"
+upload_slot_ttl = "3600s"
+retry_failed_uploads = true
+max_upload_retries = 3
+
 [downloads]
 chunked_downloads_enabled = true
 chunk_size = "10MB"
@ -617,6 +628,16 @@ shutdown = "30s"

 [build]
 version = "3.2"
+
+# Enhanced Network Resilience (3.2+)
+[network_resilience]
+fast_detection = true
+quality_monitoring = true
+predictive_switching = true
+mobile_optimizations = true
+detection_interval = "1s"
+quality_check_interval = "5s"
+max_detection_interval = "10s"
 EOF

    if [[ $ENABLE_CLAMAV == "true" ]]; then
@ -694,9 +715,9 @@ services:
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:$SERVER_PORT/health"]
      interval: 30s
-      timeout: 10s
+      timeout: 15s
      retries: 3
-      start_period: 40s
+      start_period: 60s
 EOF

    if [[ $ENABLE_REDIS == "true" ]]; then
@ -747,11 +768,11 @@ COPY . .

 RUN apk add --no-cache git ca-certificates tzdata && \\
    go mod download && \\
-    CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o hmac-file-server cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go
+    CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o hmac-file-server cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go cmd/server/network_resilience.go cmd/server/upload_session.go cmd/server/chunked_upload_handler.go

 FROM alpine:latest

-RUN apk --no-cache add ca-certificates curl && \\
+RUN apk --no-cache add ca-certificates curl iputils && \\
    addgroup -g 1000 hmac && \\
    adduser -D -s /bin/sh -u 1000 -G hmac hmac

@ -767,7 +788,7 @@ USER hmac

 EXPOSE $SERVER_PORT $METRICS_PORT

-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \\
+HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \\
    CMD curl -f http://localhost:$SERVER_PORT/health || exit 1

 CMD ["./hmac-file-server", "-config", "/etc/hmac-file-server/config.toml"]
@ -903,6 +924,27 @@ chunkeduploadsenabled = true
 chunksize = "10MB"
 ttlenabled = false
 ttl = "168h"
+networkevents = true
+
+# Network Resilience for Mobile Networks (Enhanced 3.2 features)
+# Optimized for mobile devices switching between WLAN and IPv6 5G
+[network_resilience]
+enabled = true
+fast_detection = true                    # 1-second detection vs 5-second standard
+quality_monitoring = true               # Monitor RTT and packet loss per interface
+predictive_switching = true             # Switch before complete failure
+mobile_optimizations = true            # Cellular network friendly thresholds
+upload_resilience = true               # Resume uploads across network changes
+detection_interval = "1s"              # Fast mobile network change detection
+quality_check_interval = "2s"          # Regular quality monitoring
+network_change_threshold = 3           # Switches required to trigger network change
+interface_stability_time = "10s"       # Time to wait before considering interface stable
+upload_pause_timeout = "10m"          # Mobile-friendly upload pause timeout
+upload_retry_timeout = "20m"          # Extended retry for mobile scenarios
+rtt_warning_threshold = "500ms"        # Cellular network warning threshold
+rtt_critical_threshold = "2000ms"      # Cellular network critical threshold
+packet_loss_warning_threshold = 5.0    # 5% packet loss warning
+packet_loss_critical_threshold = 15.0  # 15% packet loss critical

 [downloads]
 chunkeddownloadsenabled = true