]>
Commit | Line | Data |
---|---|---|
01b089e4 | 1 | #!/usr/bin/perl -T |
33afb29b | 2 | |
8d5310c1 DM |
3 | # Note: In theory, all this can be done by 'pveproxy' daemon. But som API call |
4 | # still have blocking code, so we use a separate daemon to avoid that the console | |
5 | # get blocked. | |
6 | ||
33afb29b DM |
7 | $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin'; |
8 | ||
9 | delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; | |
10 | ||
33afb29b | 11 | use strict; |
01b089e4 | 12 | use warnings; |
33afb29b | 13 | use English; |
393716a3 | 14 | |
33afb29b | 15 | use PVE::SafeSyslog; |
393716a3 | 16 | use PVE::Daemon; |
33afb29b | 17 | use PVE::APIDaemon; |
d804d82f | 18 | use PVE::API2; |
33afb29b | 19 | |
393716a3 | 20 | use base qw(PVE::Daemon); |
33afb29b | 21 | |
393716a3 | 22 | my $cmdline = [$0, @ARGV]; |
33afb29b | 23 | |
393716a3 | 24 | my %daemon_options = (restart_on_error => 5, stop_wait_time => 15, run_dir => '/var/run/pveproxy'); |
33afb29b | 25 | |
393716a3 | 26 | my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options); |
33afb29b DM |
27 | |
28 | my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n"; | |
29 | POSIX::setgid($gid) || die "setgid $gid failed - $!\n"; | |
30 | $EGID = "$gid $gid"; # this calls setgroups | |
31 | my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n"; | |
32 | POSIX::setuid($uid) || die "setuid $uid failed - $!\n"; | |
33 | ||
34 | # just to be sure | |
35 | die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid"); | |
36 | ||
393716a3 DM |
37 | sub init { |
38 | my ($self) = @_; | |
39 | ||
40 | # we use same ALLOW/DENY/POLICY as pveproxy | |
41 | my $proxyconf = PVE::APIDaemon::read_proxy_config(); | |
17d27a37 | 42 | |
393716a3 | 43 | $self->{api_daemon} = PVE::APIDaemon->new( |
d804d82f | 44 | base_handler_class => 'PVE::API2', |
33afb29b DM |
45 | port => 3128, |
46 | keep_alive => 0, | |
47 | max_workers => 1, # do we need more? | |
48 | max_conn => 500, | |
393716a3 DM |
49 | lockfile => "/var/lock/spiceproxy.lck", |
50 | debug => $self->{debug}, | |
33afb29b | 51 | spiceproxy => 1, |
8d5310c1 | 52 | logfile => '/var/log/pveproxy/access.log', |
17d27a37 DM |
53 | allow_from => $proxyconf->{ALLOW_FROM}, |
54 | deny_from => $proxyconf->{DENY_FROM}, | |
55 | policy => $proxyconf->{POLICY}, | |
33afb29b | 56 | ); |
33afb29b DM |
57 | } |
58 | ||
393716a3 DM |
59 | sub shutdown { |
60 | my ($self) = @_; | |
33afb29b | 61 | |
393716a3 DM |
62 | $self->exit_daemon(0); |
63 | } | |
33afb29b | 64 | |
393716a3 DM |
65 | sub run { |
66 | my ($self) = @_; | |
67 | ||
68 | $self->{api_daemon}->start_server(); | |
69 | } | |
33afb29b | 70 | |
393716a3 DM |
71 | $daemon->register_start_command(__PACKAGE__); |
72 | $daemon->register_restart_command(__PACKAGE__, 0); | |
73 | $daemon->register_reload_command(__PACKAGE__); | |
74 | $daemon->register_stop_command(__PACKAGE__); | |
75 | $daemon->register_status_command(__PACKAGE__); | |
76 | ||
77 | my $cmddef = { | |
78 | start => [ __PACKAGE__, 'start', []], | |
79 | restart => [ __PACKAGE__, 'restart', []], | |
80 | reload => [ __PACKAGE__, 'reload', []], | |
81 | stop => [ __PACKAGE__, 'stop', []], | |
82 | status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ], | |
83 | }; | |
33afb29b | 84 | |
393716a3 | 85 | my $cmd = shift; |
33afb29b | 86 | |
393716a3 | 87 | PVE::CLIHandler::handle_cmd($cmddef, $0, $cmd, \@ARGV, undef, $0); |
33afb29b DM |
88 | |
89 | exit (0); | |
90 | ||
91 | __END__ | |
92 | ||
93 | =head1 NAME | |
94 | ||
95 | spiceproxy - SPICE proxy server for Proxmox VE | |
96 | ||
97 | =head1 SYNOPSIS | |
98 | ||
393716a3 | 99 | =include synopsis |
33afb29b DM |
100 | |
101 | =head1 DESCRIPTION | |
102 | ||
103 | SPICE proxy server for Proxmox VE. Listens on port 3128. | |
104 | ||
17d27a37 DM |
105 | =head1 Host based access control |
106 | ||
107 | It is possible to configure apache2 like access control lists. Values are read | |
108 | from file /etc/default/pveproxy (see 'pveproxy' for details). | |
109 | ||
110 | =head1 FILES | |
111 | ||
112 | /etc/default/pveproxy | |
113 | ||
393716a3 | 114 | =include pve_copyright |