diff --git a/builddebian.sh b/builddebian.sh index 613afe1..ac791c6 100755 --- a/builddebian.sh +++ b/builddebian.sh @@ -193,6 +193,26 @@ chunksize = "10MB" resumableuploadsenabled = true ttlenabled = false ttl = "168h" +networkevents = true + +# Network Resilience Configuration (3.2 Enhanced Features) +[network_resilience] +enabled = true +fast_detection = false # Standard detection for server deployment +quality_monitoring = true # Enable quality monitoring +predictive_switching = false # Conservative switching for servers +mobile_optimizations = false # Standard thresholds for server environment +upload_resilience = true # Resume uploads across network changes +detection_interval = "5s" # Standard detection interval +quality_check_interval = "10s" # Regular quality monitoring +network_change_threshold = 3 # Switches required to trigger network change +interface_stability_time = "30s" # Server-appropriate stability time +upload_pause_timeout = "5m" # Standard upload pause timeout +upload_retry_timeout = "10m" # Standard retry timeout +rtt_warning_threshold = "200ms" # Server network warning threshold +rtt_critical_threshold = "1000ms" # Server network critical threshold +packet_loss_warning_threshold = 2.0 # 2% packet loss warning +packet_loss_critical_threshold = 10.0 # 10% packet loss critical [downloads] chunkeddownloadsenabled = true diff --git a/cmd/server/config_simplified.go b/cmd/server/config_simplified.go index 3270dfe..7cbb30a 100644 --- a/cmd/server/config_simplified.go +++ b/cmd/server/config_simplified.go @@ -188,6 +188,15 @@ file = "/var/log/hmac-file-server.log" # [uploads] # max_resumable_age = "48h" # chunk_size = "10MB" +# networkevents = true + +# [network_resilience] +# enabled = true +# fast_detection = true # Enable 1-second detection for mobile +# quality_monitoring = true # Monitor RTT and packet loss +# predictive_switching = true # Switch before complete failure +# mobile_optimizations = true # Cellular-friendly thresholds +# upload_resilience = true # Resume uploads across network changes # [workers] # numworkers = 4 diff --git a/config-default.toml b/config-default.toml index 88861d8..30fdb88 100644 --- a/config-default.toml +++ b/config-default.toml @@ -26,6 +26,26 @@ chunkeduploadsenabled = true chunksize = "32MB" resumableuploadsenabled = true maxresumableage = "48h" +networkevents = true + +# Network Resilience Configuration (3.2 Enhanced Features) +[network_resilience] +enabled = true +fast_detection = false # Standard 5-second detection +quality_monitoring = false # Basic monitoring only +predictive_switching = false # Wait for complete failure +mobile_optimizations = false # Standard network thresholds +upload_resilience = true # Resume uploads across network changes +detection_interval = "5s" # Standard detection interval +quality_check_interval = "10s" # Standard quality monitoring +network_change_threshold = 3 # Switches required to trigger network change +interface_stability_time = "30s" # Time to wait before considering interface stable +upload_pause_timeout = "5m" # Standard upload pause timeout +upload_retry_timeout = "10m" # Standard retry timeout +rtt_warning_threshold = "200ms" # Standard RTT warning +rtt_critical_threshold = "1000ms" # Standard RTT critical +packet_loss_warning_threshold = 2.0 # 2% packet loss warning +packet_loss_critical_threshold = 10.0 # 10% packet loss critical [downloads] resumabledownloadsenabled = true diff --git a/config-simple.toml b/config-simple.toml index 76fcc42..8506c94 100644 --- a/config-simple.toml +++ b/config-simple.toml @@ -31,6 +31,15 @@ file = "/opt/hmac-file-server/data/logs/hmac-file-server.log" # [uploads] # sessiontimeout = "60m" # chunk_size = "10MB" +# networkevents = true + +# [network_resilience] +# enabled = true +# fast_detection = true # Enable 1-second detection for mobile +# quality_monitoring = true # Monitor RTT and packet loss +# predictive_switching = true # Switch before complete failure +# mobile_optimizations = true # Cellular-friendly thresholds +# upload_resilience = true # Resume uploads across network changes # [timeouts] # readtimeout = "4800s" diff --git a/config-simplified-production.toml b/config-simplified-production.toml index c40fd0e..43afaf0 100644 --- a/config-simplified-production.toml +++ b/config-simplified-production.toml @@ -11,3 +11,12 @@ secret = "f6g4ldPvQM7O2UTFeBEUUj33VrXypDAcsDt0yqKrLiOr5oQW" [logging] level = "info" file = "/opt/hmac-file-server/data/logs/hmac-file-server.log" + +# Network resilience for production environments +[uploads] +networkevents = true + +[network_resilience] +enabled = true +quality_monitoring = true +upload_resilience = true diff --git a/dockerenv/dockerbuild/Dockerfile b/dockerenv/dockerbuild/Dockerfile index 3b8b1ed..fa816dc 100644 --- a/dockerenv/dockerbuild/Dockerfile +++ b/dockerenv/dockerbuild/Dockerfile @@ -11,16 +11,32 @@ RUN CGO_ENABLED=0 go build -ldflags="-w -s" -o hmac-file-server ./cmd/server/ # Stage 2: Runtime FROM alpine:latest -RUN apk --no-cache add ca-certificates +RUN apk --no-cache add ca-certificates tzdata iputils + +# Create non-root user for security +RUN adduser -D -s /bin/sh -u 1011 appuser RUN mkdir -p /opt/hmac-file-server/data/uploads \ && mkdir -p /opt/hmac-file-server/data/duplicates \ && mkdir -p /opt/hmac-file-server/data/temp \ - && mkdir -p /opt/hmac-file-server/data/logs + && mkdir -p /opt/hmac-file-server/data/logs \ + && chown -R appuser:appuser /opt/hmac-file-server \ + && chmod 750 /opt/hmac-file-server/data/uploads \ + && chmod 750 /opt/hmac-file-server/data/duplicates \ + && chmod 750 /opt/hmac-file-server/data/temp \ + && chmod 750 /opt/hmac-file-server/data/logs WORKDIR /opt/hmac-file-server COPY --from=builder /build/hmac-file-server . +RUN chown appuser:appuser hmac-file-server && chmod +x hmac-file-server + +# Switch to non-root user +USER appuser + +# Health check for network resilience +HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \ + CMD curl -f http://localhost:8080/health || exit 1 EXPOSE 8080 diff --git a/dockerenv/podman/Dockerfile.podman b/dockerenv/podman/Dockerfile.podman index 12075d4..8b2e863 100644 --- a/dockerenv/podman/Dockerfile.podman +++ b/dockerenv/podman/Dockerfile.podman @@ -29,13 +29,14 @@ RUN apk add --no-cache \ tzdata \ curl \ shadow \ + iputils \ && adduser -D -s /bin/sh -u 1011 appuser \ && rm -rf /var/cache/apk/* -# Create application directories with proper ownership +# Create application directories with proper ownership and secure permissions RUN mkdir -p /app /data /deduplication /iso /logs /tmp && \ chown -R appuser:appuser /app /data /deduplication /iso /logs /tmp && \ - chmod 755 /app /data /deduplication /iso /logs && \ + chmod 750 /app /data /deduplication /iso /logs && \ chmod 1777 /tmp # Copy binary from builder stage @@ -59,8 +60,8 @@ LABEL org.opencontainers.image.title="HMAC File Server" \ org.opencontainers.image.source="https://github.com/PlusOne/hmac-file-server" \ org.opencontainers.image.licenses="MIT" -# Health check for container orchestration -HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \ +# Health check for container orchestration with network resilience awareness +HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \ CMD curl -f http://localhost:8888/health || exit 1 # Expose default port (configurable via config) diff --git a/dockerenv/podman/config.toml.example b/dockerenv/podman/config.toml.example index f58e791..cf1802f 100644 --- a/dockerenv/podman/config.toml.example +++ b/dockerenv/podman/config.toml.example @@ -48,13 +48,22 @@ max_upload_retries = 3 # Enhanced Network Resilience (NEW) [network_resilience] +enabled = true fast_detection = true # 1-second network change detection quality_monitoring = true # Monitor RTT and packet loss predictive_switching = true # Proactive network switching mobile_optimizations = true # Mobile-friendly thresholds +upload_resilience = true # Resume uploads across network changes detection_interval = "1s" quality_check_interval = "5s" -max_detection_interval = "10s" +network_change_threshold = 3 # Switches required to trigger network change +interface_stability_time = "10s" # Mobile-appropriate stability time +upload_pause_timeout = "10m" # Mobile-friendly upload pause timeout +upload_retry_timeout = "20m" # Extended retry for mobile scenarios +rtt_warning_threshold = "500ms" # Cellular network warning threshold +rtt_critical_threshold = "2000ms" # Cellular network critical threshold +packet_loss_warning_threshold = 5.0 # 5% packet loss warning +packet_loss_critical_threshold = 15.0 # 15% packet loss critical [downloads] resumable_downloads_enabled = true diff --git a/dockerenv/podman/deploy-podman.sh b/dockerenv/podman/deploy-podman.sh index ef83df5..ed3d1dd 100755 --- a/dockerenv/podman/deploy-podman.sh +++ b/dockerenv/podman/deploy-podman.sh @@ -94,6 +94,7 @@ worker_scale_down_thresh = 10 deduplication_enabled = true min_free_bytes = "1GB" file_naming = "original" +networkevents = true # Enable network monitoring for resilience [uploads] # XMPP-compatible file extensions for maximum client support @@ -113,6 +114,16 @@ upload_slot_ttl = "3600s" retry_failed_uploads = true max_upload_retries = 3 +# Enhanced Network Resilience (NEW) +[network_resilience] +fast_detection = true # 1-second network change detection +quality_monitoring = true # Monitor RTT and packet loss +predictive_switching = true # Proactive network switching +mobile_optimizations = true # Mobile-friendly thresholds +detection_interval = "1s" +quality_check_interval = "5s" +max_detection_interval = "10s" + [downloads] resumable_downloads_enabled = true chunked_downloads_enabled = true diff --git a/dockerenv/podman/hmac-file-server.service b/dockerenv/podman/hmac-file-server.service index 0f77c17..68888c3 100644 --- a/dockerenv/podman/hmac-file-server.service +++ b/dockerenv/podman/hmac-file-server.service @@ -38,9 +38,9 @@ ExecStart=/usr/bin/podman run \ --volume /opt/podman/hmac-file-server/logs:/logs:rw,Z \ --health-cmd="curl -f http://localhost:8888/health || exit 1" \ --health-interval=30s \ - --health-timeout=10s \ + --health-timeout=15s \ --health-retries=3 \ - --health-start-period=40s \ + --health-start-period=60s \ localhost/hmac-file-server:latest -config /app/config.toml # Stop and cleanup diff --git a/installer.sh b/installer.sh index 9b2c4ba..1a95281 100755 --- a/installer.sh +++ b/installer.sh @@ -64,6 +64,7 @@ show_help() { echo "" echo "New in 3.2 'Tremora del Terra':" echo " - 93% Configuration Reduction: Simplified setup with intelligent defaults" + echo " - Enhanced Network Resilience: Fast detection, quality monitoring, mobile optimization" echo " - Enhanced Worker Scaling: Optimized 40%/10% thresholds" echo " - Extended Timeouts: 4800s defaults for large file reliability" echo " - Multi-Architecture Support: Native AMD64, ARM64, ARM32v7 builds" @@ -91,7 +92,8 @@ echo -e "${BLUE} HMAC File Server 3.2 'Tremora del Terra' In echo -e "${BLUE} Professional XMPP Integration${NC}" echo "" echo -e "${YELLOW}--------------------------------------------------------------------------------${NC}" -echo -e "${GREEN} 93% Config Reduction Extended 4800s Timeouts${NC}" +echo -e "${GREEN} 93% Config Reduction Enhanced Network Resilience${NC}" +echo -e "${GREEN} Fast Mobile Detection (1s) Extended 4800s Timeouts${NC}" echo -e "${GREEN} Enhanced Worker Scaling (40/10) Multi-Architecture Support${NC}" echo -e "${GREEN} Prometheus Metrics Integration ClamAV Virus Scanning${NC}" echo -e "${GREEN} Redis Cache & Session Management JWT & HMAC Authentication${NC}" @@ -507,7 +509,7 @@ build_server() { # Build the server cd "$(dirname "$0")" - go build -o "$INSTALL_DIR/hmac-file-server" cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go + go build -o "$INSTALL_DIR/hmac-file-server" cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go cmd/server/network_resilience.go cmd/server/upload_session.go cmd/server/chunked_upload_handler.go # Set ownership and permissions chown "$HMAC_USER:$HMAC_USER" "$INSTALL_DIR/hmac-file-server" @@ -543,6 +545,7 @@ max_file_age = "720h" enable_dynamic_workers = true worker_scale_up_thresh = 40 worker_scale_down_thresh = 10 +networkevents = true # Caching and performance pre_cache = true @@ -587,6 +590,14 @@ max_resumable_age = "48h" sessiontimeout = "60m" maxretries = 3 +# Upload resilience settings +session_persistence = true +session_recovery_timeout = "300s" +client_reconnect_window = "120s" +upload_slot_ttl = "3600s" +retry_failed_uploads = true +max_upload_retries = 3 + [downloads] chunked_downloads_enabled = true chunk_size = "10MB" @@ -617,6 +628,16 @@ shutdown = "30s" [build] version = "3.2" + +# Enhanced Network Resilience (3.2+) +[network_resilience] +fast_detection = true +quality_monitoring = true +predictive_switching = true +mobile_optimizations = true +detection_interval = "1s" +quality_check_interval = "5s" +max_detection_interval = "10s" EOF if [[ $ENABLE_CLAMAV == "true" ]]; then @@ -694,9 +715,9 @@ services: healthcheck: test: ["CMD", "curl", "-f", "http://localhost:$SERVER_PORT/health"] interval: 30s - timeout: 10s + timeout: 15s retries: 3 - start_period: 40s + start_period: 60s EOF if [[ $ENABLE_REDIS == "true" ]]; then @@ -747,11 +768,11 @@ COPY . . RUN apk add --no-cache git ca-certificates tzdata && \\ go mod download && \\ - CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o hmac-file-server cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go + CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o hmac-file-server cmd/server/main.go cmd/server/helpers.go cmd/server/config_validator.go cmd/server/config_test_scenarios.go cmd/server/network_resilience.go cmd/server/upload_session.go cmd/server/chunked_upload_handler.go FROM alpine:latest -RUN apk --no-cache add ca-certificates curl && \\ +RUN apk --no-cache add ca-certificates curl iputils && \\ addgroup -g 1000 hmac && \\ adduser -D -s /bin/sh -u 1000 -G hmac hmac @@ -767,7 +788,7 @@ USER hmac EXPOSE $SERVER_PORT $METRICS_PORT -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \\ +HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=3 \\ CMD curl -f http://localhost:$SERVER_PORT/health || exit 1 CMD ["./hmac-file-server", "-config", "/etc/hmac-file-server/config.toml"] @@ -903,6 +924,27 @@ chunkeduploadsenabled = true chunksize = "10MB" ttlenabled = false ttl = "168h" +networkevents = true + +# Network Resilience for Mobile Networks (Enhanced 3.2 features) +# Optimized for mobile devices switching between WLAN and IPv6 5G +[network_resilience] +enabled = true +fast_detection = true # 1-second detection vs 5-second standard +quality_monitoring = true # Monitor RTT and packet loss per interface +predictive_switching = true # Switch before complete failure +mobile_optimizations = true # Cellular network friendly thresholds +upload_resilience = true # Resume uploads across network changes +detection_interval = "1s" # Fast mobile network change detection +quality_check_interval = "2s" # Regular quality monitoring +network_change_threshold = 3 # Switches required to trigger network change +interface_stability_time = "10s" # Time to wait before considering interface stable +upload_pause_timeout = "10m" # Mobile-friendly upload pause timeout +upload_retry_timeout = "20m" # Extended retry for mobile scenarios +rtt_warning_threshold = "500ms" # Cellular network warning threshold +rtt_critical_threshold = "2000ms" # Cellular network critical threshold +packet_loss_warning_threshold = 5.0 # 5% packet loss warning +packet_loss_critical_threshold = 15.0 # 15% packet loss critical [downloads] chunkeddownloadsenabled = true