search

Stirling-Tools / Stirling-PDF

#1 Locally hosted web application that allows you to perform various operations on PDF files
MIT License
40.07k stars 3.16k forks source link

[Feature Request]: enable login without DOCKER_ENABLE_SECURITY=true/false!!! #1602

Closed gowy222 closed 1 month ago

gowy222 commented 1 month ago

Feature Description

The current configuration parameter DOCKER_ENABLE_SECURITY=true/false in Docker environments presents significant operational challenges, especially in production scenarios. This setting inhibits critical functionalities necessary for robust deployment and management of services. Below are the key issues encountered:

  1. Zero-Configuration High Availability:
    Setting DOCKER_ENABLE_SECURITY=true/false prevents achieving zero-configuration high availability. When containers restart unexpectedly, they must re-download dependencies, causing delays in service availability. Moreover, failed downloads could render services permanently unavailable.

  2. Geographical Network Constraints:
    GitHub's accessibility and the ability to download internal plugins are hindered by regional network issues. Not all regions can seamlessly access GitHub or reliably download required dependencies during runtime.

    In cloud function environments, which involve cold start mechanisms and startup timeout constraints:

    Cold starts and startup timeouts in cloud functions can exacerbate the impact of geographical network constraints. Dependencies that cannot be pre-cached or efficiently retrieved due to network issues may lead to increased latency or even service failures during function invocation.

  3. Kubernetes (K8s) Multi-instance Redundancy:
    In Kubernetes environments with multiple instances, each instance independently downloads dependencies, leading to redundant downloads and potential inefficiencies.

These limitations significantly impact operational efficiency and service reliability, necessitating a reconsideration of the current configuration approach.

Why is this feature valuable?

No response

Suggested Implementation

  1. Docker Integration Approach:

    • Objective: Ensure reliable deployment without relying on dynamic plugin downloads at runtime.
    • Proposed Solution: Integrate necessary dependencies internally within Docker during image build or deployment phase. Avoid runtime dependencies that hinder availability and reliability.

  2. Flexibility and Integration Approach:

    • Objective: Enhance flexibility by supporting external authentication services via configurable endpoints.
    • Proposed Solution:
      • Remote URL Configuration: Introduce REMOTE_LOGIN_URL in application settings to specify a remote endpoint for login validation. Applications can securely POST user-provided credentials to REMOTE_LOGIN_URL for validation, facilitating centralized authentication and audit log management.
      • Standardized Communication: Define a JSON request format (e.g., { "username": "example", "password": "*****" }) for secure transmission of credentials. Clearly define expected JSON response structures to handle authentication success or failure, ensuring consistent handling across authentication endpoints.

Additional Context

This approach caters to diverse deployment scenarios, including cloud-based, hybrid, and on-premises environments, facilitating seamless integration with various identity providers.

Additional Information

PLS: Consider the difficulties of intranet/offline environment deployment.

No Duplicate of the Feature

Frooodle commented 1 month ago

Our fat docker contains the security jar and does not download it at runtime You should be good using that