diff --git a/docs/CDP_PROXY_SETUP.md b/docs/CDP_PROXY_SETUP.md new file mode 100644 index 0000000..486dac6 --- /dev/null +++ b/docs/CDP_PROXY_SETUP.md @@ -0,0 +1,101 @@ +# CDP Proxy Setup Guide + +## Problem +When deployed to CDP, the application received **407 Proxy Authentication Required** errors: + +``` +RequestAbortedError [AbortError]: Proxy response (407) !== 200 when HTTP Tunneling +``` + +## Solution +Add `environment.data.gov.uk` to your service's Access Control List (ACL) in the [cdp-tenant-config](https://github.com/DEFRA/cdp-tenant-config) repository. + +## Steps to Configure + +### 1. Fork and Edit cdp-tenant-config + +```bash +# Fork the repository +https://github.com/DEFRA/cdp-tenant-config + +# Edit the ACL file for your service and environment +# Location: environments//squid/.json +# Example: environments/dev/squid/cff-chart-prototype.json +``` + +### 2. Add Domain to ACL + +```json +{ + "allowed_domains": [ + "environment.data.gov.uk" + ] +} +``` + +**Using wildcards** to allow all subdomains: +```json +{ + "allowed_domains": [ + ".data.gov.uk" + ] +} +``` + +### 3. Create Pull Request + +1. Raise PR from your fork +2. Post link in **#cdp-support** Slack channel +3. CDP team reviews and merges +4. Changes deploy automatically + +## Testing + +### Health Check Endpoint +```bash +curl https://cff-chart-prototype.dev.cdp-int.defra.cloud/health/connectivity +``` + +### CDP Terminal Test +```bash +nc -x 127.0.0.1:3128 -X connect -vz environment.data.gov.uk 443 +``` + +**Success:** +``` +Connection to environment.data.gov.uk 443 port [tcp/https] succeeded! +``` + +**Failure (not in ACL):** +``` +nc: Proxy error: "HTTP/1.1 307 Temporary Redirect" +``` + +## How CDP Proxy Works + +1. CDP injects `HTTP_PROXY=http://localhost:3128` into all containers +2. Application uses ProxyAgent for all external requests +3. Proxy checks domain against service's ACL configuration +4. If allowed → connection succeeds +5. If not allowed → returns 407 or 307 error + +## Log Messages + +✅ **Working correctly:** +``` +Fetching station from: https://environment.data.gov.uk/... +Station API response status: 200 OK +Station data retrieved successfully +``` + +❌ **Domain not in ACL:** +``` +Proxy response (407) !== 200 when HTTP Tunneling +Error fetching station from https://environment.data.gov.uk/... +``` + +## Resources + +- [CDP Proxy Documentation](https://portal.cdp-int.defra.cloud/documentation/how-to/proxy.md) +- [cdp-tenant-config Repository](https://github.com/DEFRA/cdp-tenant-config) +- [View Your Proxy Config](https://portal.cdp-int.defra.cloud/) → Services → Your Service → Proxy tab diff --git a/src/routes/health-check.js b/src/routes/health-check.js index f1cd103..b68a573 100644 --- a/src/routes/health-check.js +++ b/src/routes/health-check.js @@ -1,3 +1,5 @@ +import { proxyFetch } from '../lib/flood-service.js' + /** * Extended health check endpoint that also tests external API connectivity */ @@ -19,7 +21,7 @@ export const healthCheck = { const controller = new AbortController() const timeoutId = setTimeout(() => controller.abort(), 5000) - const response = await fetch(testUrl, { signal: controller.signal }) + const response = await proxyFetch(testUrl, { signal: controller.signal }) clearTimeout(timeoutId) results.externalApis.environmentAgency = { @@ -38,7 +40,9 @@ export const healthCheck = { results.externalApis.environmentAgency = { reachable: false, error: error.message, - errorType: error.name + errorType: error.name, + errorCause: error.cause?.message || error.cause, + stack: error.stack?.split('\n').slice(0, 3).join('\n') } }