[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs

use std::io;
use std::path::Path;

use proxmox_backup::try_block;
use proxmox_backup::configdir;
use proxmox_backup::tools;
use proxmox_backup::server;
use proxmox_backup::tools::daemon;
use proxmox_backup::api_schema::router::*;
use proxmox_backup::api_schema::config::*;
use proxmox_backup::server::rest::*;
use proxmox_backup::auth_helpers::*;

use failure::*;
use lazy_static::lazy_static;

use futures::*;
use futures::stream::Stream;

use hyper;

fn main() {

    if let Err(err) = run() {
        eprintln!("Error: {}", err);
        std::process::exit(-1);
    }
}

fn load_certificate<T: AsRef<Path>, U: AsRef<Path>>(
    key: T,
    cert: U,
) -> Result<openssl::pkcs12::Pkcs12, Error> {
    let key = tools::file_get_contents(key)?;
    let cert = tools::file_get_contents(cert)?;

    let key = openssl::pkey::PKey::private_key_from_pem(&key)?;
    let cert = openssl::x509::X509::from_pem(&cert)?;

    Ok(openssl::pkcs12::Pkcs12::builder()
        .build("", "", &key, &cert)?)
}

fn run() -> Result<(), Error> {
    if let Err(err) = syslog::init(
        syslog::Facility::LOG_DAEMON,
        log::LevelFilter::Info,
        Some("proxmox-backup-proxy")) {
        bail!("unable to inititialize syslog - {}", err);
    }

    let _ = public_auth_key(); // load with lazy_static
    let _ = csrf_secret(); // load with lazy_static

    lazy_static!{
       static ref ROUTER: Router = proxmox_backup::api2::router();
    }

    let mut config = ApiConfig::new(
        env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC);

    // add default dirs which includes jquery and bootstrap
    // my $base = '/usr/share/libpve-http-server-perl';
    // add_dirs($self->{dirs}, '/css/' => "$base/css/");
    // add_dirs($self->{dirs}, '/js/' => "$base/js/");
    // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
    config.add_alias("novnc", "/usr/share/novnc-pve");
    config.add_alias("extjs", "/usr/share/javascript/extjs");
    config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
    config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
    config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");

    let rest_server = RestServer::new(config);

    let cert_path = configdir!("/proxy.pfx");
    let raw_cert = match std::fs::read(cert_path) {
        Ok(pfx) => pfx,
        Err(ref err) if err.kind() == io::ErrorKind::NotFound => {
            let pkcs12 = load_certificate(configdir!("/proxy.key"), configdir!("/proxy.pem"))?;
            pkcs12.to_der()?
        }
        Err(err) => bail!("unable to read certificate file {} - {}", cert_path, err),
    };

    let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") {
        Ok(data) => data,
        Err(err) => bail!("unable to decode pkcs12 identity {} - {}", cert_path, err),
    };

    let server = daemon::create_daemon(
        ([0,0,0,0,0,0,0,0], 8007).into(),
        |listener| {
            let acceptor = native_tls::TlsAcceptor::new(identity)?;
            let acceptor = std::sync::Arc::new(tokio_tls::TlsAcceptor::from(acceptor));
            let connections = listener
                .incoming()
                .map_err(Error::from)
                .and_then(move |sock| {
                    sock.set_nodelay(true).unwrap();
                    sock.set_send_buffer_size(1024*1024).unwrap();
                    sock.set_recv_buffer_size(1024*1024).unwrap();
                    acceptor.accept(sock).map_err(|e| e.into())
                })
                .then(|r| match r {
                    // accept()s can fail here with an Err() when eg. the client rejects
                    // the cert and closes the connection, so we follow up with mapping
                    // it to an option and then filtering None with filter_map
                    Ok(c) => Ok::<_, Error>(Some(c)),
                    Err(e) => {
                        if let Some(_io) = e.downcast_ref::<std::io::Error>() {
                            // "real" IO errors should not simply be ignored
                            bail!("shutting down...");
                        } else {
                            // handshake errors just get filtered by filter_map() below:
                            Ok(None)
                        }
                    }
                })
                .filter_map(|r| {
                    // Filter out the Nones
                    r
                });

            Ok(hyper::Server::builder(connections)
               .serve(rest_server)
               .with_graceful_shutdown(server::shutdown_future())
               .map_err(|err| eprintln!("server error: {}", err))
            )
        },
    )?;

    daemon::systemd_notify(daemon::SystemdNotify::Ready)?;

    tokio::run(lazy(||  {

        let init_result: Result<(), Error> = try_block!({
            server::create_task_control_socket()?;
            server::server_state_init()?;
            Ok(())
        });

        if let Err(err) = init_result {
            eprintln!("unable to start daemon - {}", err);
        } else {
            tokio::spawn(server.then(|_| {
                log::info!("done - exit server");
                Ok(())
            }));
        }

        Ok(())
    }));

    Ok(())
}
Commit	Line	Data
e8881557 WB	1	use std::io;
	2	use std::path::Path;
	3
d607b886	4	use proxmox_backup::try_block;
a2ca7137	5	use proxmox_backup::configdir;
4223d9f8	6	use proxmox_backup::tools;
e3f41f21	7	use proxmox_backup::server;
a690ecac	8	use proxmox_backup::tools::daemon;
dc9a007b DM	9	use proxmox_backup::api_schema::router::*;
dc9a007b DM	10	use proxmox_backup::api_schema::config::*;
02c7a755	11	use proxmox_backup::server::rest::*;
d01e2420	12	use proxmox_backup::auth_helpers::*;
02c7a755	13
0d176f36	14	use failure::*;
02c7a755 DM	15	use lazy_static::lazy_static;
02c7a755 DM	16
e3f41f21	17	use futures::*;
0d176f36	18	use futures::stream::Stream;
02c7a755 DM	19
	20	use hyper;
	21
	22	fn main() {
	23
4223d9f8 DM	24	if let Err(err) = run() {
	25	eprintln!("Error: {}", err);
	26	std::process::exit(-1);
	27	}
	28	}
	29
e8881557 WB	30	fn load_certificate<T: AsRef<Path>, U: AsRef<Path>>(
	31	key: T,
	32	cert: U,
	33	) -> Result<openssl::pkcs12::Pkcs12, Error> {
	34	let key = tools::file_get_contents(key)?;
	35	let cert = tools::file_get_contents(cert)?;
	36
	37	let key = openssl::pkey::PKey::private_key_from_pem(&key)?;
	38	let cert = openssl::x509::X509::from_pem(&cert)?;
	39
	40	Ok(openssl::pkcs12::Pkcs12::builder()
	41	.build("", "", &key, &cert)?)
	42	}
	43
4223d9f8	44	fn run() -> Result<(), Error> {
02c7a755 DM	45	if let Err(err) = syslog::init(
	46	syslog::Facility::LOG_DAEMON,
	47	log::LevelFilter::Info,
	48	Some("proxmox-backup-proxy")) {
4223d9f8	49	bail!("unable to inititialize syslog - {}", err);
02c7a755 DM	50	}
02c7a755 DM	51
d01e2420 DM	52	let _ = public_auth_key(); // load with lazy_static
	53	let _ = csrf_secret(); // load with lazy_static
	54
02c7a755 DM	55	lazy_static!{
	56	static ref ROUTER: Router = proxmox_backup::api2::router();
	57	}
	58
	59	let mut config = ApiConfig::new(
6285b251	60	env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC);
02c7a755 DM	61
	62	// add default dirs which includes jquery and bootstrap
	63	// my $base = '/usr/share/libpve-http-server-perl';
	64	// add_dirs($self->{dirs}, '/css/' => "$base/css/");
	65	// add_dirs($self->{dirs}, '/js/' => "$base/js/");
	66	// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
	67	config.add_alias("novnc", "/usr/share/novnc-pve");
	68	config.add_alias("extjs", "/usr/share/javascript/extjs");
	69	config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
	70	config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
	71	config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
	72
	73	let rest_server = RestServer::new(config);
	74
4223d9f8	75	let cert_path = configdir!("/proxy.pfx");
e8881557 WB	76	let raw_cert = match std::fs::read(cert_path) {
	77	Ok(pfx) => pfx,
	78	Err(ref err) if err.kind() == io::ErrorKind::NotFound => {
	79	let pkcs12 = load_certificate(configdir!("/proxy.key"), configdir!("/proxy.pem"))?;
	80	pkcs12.to_der()?
	81	}
	82	Err(err) => bail!("unable to read certificate file {} - {}", cert_path, err),
	83	};
4223d9f8 DM	84
	85	let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") {
	86	Ok(data) => data,
97eeea3b	87	Err(err) => bail!("unable to decode pkcs12 identity {} - {}", cert_path, err),
4223d9f8	88	};
0d176f36	89
a690ecac WB	90	let server = daemon::create_daemon(
	91	([0,0,0,0,0,0,0,0], 8007).into(),
	92	\|listener\| {
	93	let acceptor = native_tls::TlsAcceptor::new(identity)?;
	94	let acceptor = std::sync::Arc::new(tokio_tls::TlsAcceptor::from(acceptor));
	95	let connections = listener
	96	.incoming()
	97	.map_err(Error::from)
74d0a6bc DM	98	.and_then(move \|sock\| {
	99	sock.set_nodelay(true).unwrap();
	100	sock.set_send_buffer_size(1024*1024).unwrap();
	101	sock.set_recv_buffer_size(1024*1024).unwrap();
	102	acceptor.accept(sock).map_err(\|e\| e.into())
	103	})
a690ecac WB	104	.then(\|r\| match r {
	105	// accept()s can fail here with an Err() when eg. the client rejects
	106	// the cert and closes the connection, so we follow up with mapping
	107	// it to an option and then filtering None with filter_map
	108	Ok(c) => Ok::<_, Error>(Some(c)),
	109	Err(e) => {
	110	if let Some(_io) = e.downcast_ref::<std::io::Error>() {
	111	// "real" IO errors should not simply be ignored
	112	bail!("shutting down...");
	113	} else {
	114	// handshake errors just get filtered by filter_map() below:
	115	Ok(None)
	116	}
	117	}
	118	})
	119	.filter_map(\|r\| {
	120	// Filter out the Nones
	121	r
	122	});
5f550fd9	123
a690ecac	124	Ok(hyper::Server::builder(connections)
5f550fd9 DM	125	.serve(rest_server)
	126	.with_graceful_shutdown(server::shutdown_future())
	127	.map_err(\|err\| eprintln!("server error: {}", err))
a690ecac	128	)
a2ca7137 WB	129	},
a2ca7137 WB	130	)?;
a2ca7137	131
d98c9a7a WB	132	daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
d98c9a7a WB	133
e3f41f21 DM	134	tokio::run(lazy(\|\| {
e3f41f21 DM	135
d607b886 DM	136	let init_result: Result<(), Error> = try_block!({
	137	server::create_task_control_socket()?;
	138	server::server_state_init()?;
	139	Ok(())
	140	});
	141
	142	if let Err(err) = init_result {
e3f41f21 DM	143	eprintln!("unable to start daemon - {}", err);
e3f41f21 DM	144	} else {
5f550fd9 DM	145	tokio::spawn(server.then(\|_\| {
	146	log::info!("done - exit server");
	147	Ok(())
	148	}));
e3f41f21 DM	149	}
	150
	151	Ok(())
	152	}));
	153
4223d9f8	154	Ok(())
02c7a755	155	}