]>
Commit | Line | Data |
---|---|---|
e8881557 WB |
1 | use std::io; |
2 | use std::path::Path; | |
3 | ||
d607b886 | 4 | use proxmox_backup::try_block; |
a2ca7137 | 5 | use proxmox_backup::configdir; |
4223d9f8 | 6 | use proxmox_backup::tools; |
e3f41f21 | 7 | use proxmox_backup::server; |
a690ecac | 8 | use proxmox_backup::tools::daemon; |
dc9a007b DM |
9 | use proxmox_backup::api_schema::router::*; |
10 | use proxmox_backup::api_schema::config::*; | |
02c7a755 | 11 | use proxmox_backup::server::rest::*; |
d01e2420 | 12 | use proxmox_backup::auth_helpers::*; |
02c7a755 | 13 | |
0d176f36 | 14 | use failure::*; |
02c7a755 DM |
15 | use lazy_static::lazy_static; |
16 | ||
e3f41f21 | 17 | use futures::*; |
0d176f36 | 18 | use futures::stream::Stream; |
02c7a755 DM |
19 | |
20 | use hyper; | |
21 | ||
22 | fn main() { | |
23 | ||
4223d9f8 DM |
24 | if let Err(err) = run() { |
25 | eprintln!("Error: {}", err); | |
26 | std::process::exit(-1); | |
27 | } | |
28 | } | |
29 | ||
e8881557 WB |
30 | fn load_certificate<T: AsRef<Path>, U: AsRef<Path>>( |
31 | key: T, | |
32 | cert: U, | |
33 | ) -> Result<openssl::pkcs12::Pkcs12, Error> { | |
34 | let key = tools::file_get_contents(key)?; | |
35 | let cert = tools::file_get_contents(cert)?; | |
36 | ||
37 | let key = openssl::pkey::PKey::private_key_from_pem(&key)?; | |
38 | let cert = openssl::x509::X509::from_pem(&cert)?; | |
39 | ||
40 | Ok(openssl::pkcs12::Pkcs12::builder() | |
41 | .build("", "", &key, &cert)?) | |
42 | } | |
43 | ||
4223d9f8 | 44 | fn run() -> Result<(), Error> { |
02c7a755 DM |
45 | if let Err(err) = syslog::init( |
46 | syslog::Facility::LOG_DAEMON, | |
47 | log::LevelFilter::Info, | |
48 | Some("proxmox-backup-proxy")) { | |
4223d9f8 | 49 | bail!("unable to inititialize syslog - {}", err); |
02c7a755 DM |
50 | } |
51 | ||
d01e2420 DM |
52 | let _ = public_auth_key(); // load with lazy_static |
53 | let _ = csrf_secret(); // load with lazy_static | |
54 | ||
02c7a755 DM |
55 | lazy_static!{ |
56 | static ref ROUTER: Router = proxmox_backup::api2::router(); | |
57 | } | |
58 | ||
59 | let mut config = ApiConfig::new( | |
6285b251 | 60 | env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC); |
02c7a755 DM |
61 | |
62 | // add default dirs which includes jquery and bootstrap | |
63 | // my $base = '/usr/share/libpve-http-server-perl'; | |
64 | // add_dirs($self->{dirs}, '/css/' => "$base/css/"); | |
65 | // add_dirs($self->{dirs}, '/js/' => "$base/js/"); | |
66 | // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/"); | |
67 | config.add_alias("novnc", "/usr/share/novnc-pve"); | |
68 | config.add_alias("extjs", "/usr/share/javascript/extjs"); | |
69 | config.add_alias("fontawesome", "/usr/share/fonts-font-awesome"); | |
70 | config.add_alias("xtermjs", "/usr/share/pve-xtermjs"); | |
71 | config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit"); | |
72 | ||
73 | let rest_server = RestServer::new(config); | |
74 | ||
4223d9f8 | 75 | let cert_path = configdir!("/proxy.pfx"); |
e8881557 WB |
76 | let raw_cert = match std::fs::read(cert_path) { |
77 | Ok(pfx) => pfx, | |
78 | Err(ref err) if err.kind() == io::ErrorKind::NotFound => { | |
79 | let pkcs12 = load_certificate(configdir!("/proxy.key"), configdir!("/proxy.pem"))?; | |
80 | pkcs12.to_der()? | |
81 | } | |
82 | Err(err) => bail!("unable to read certificate file {} - {}", cert_path, err), | |
83 | }; | |
4223d9f8 DM |
84 | |
85 | let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") { | |
86 | Ok(data) => data, | |
97eeea3b | 87 | Err(err) => bail!("unable to decode pkcs12 identity {} - {}", cert_path, err), |
4223d9f8 | 88 | }; |
0d176f36 | 89 | |
a690ecac WB |
90 | let server = daemon::create_daemon( |
91 | ([0,0,0,0,0,0,0,0], 8007).into(), | |
92 | |listener| { | |
93 | let acceptor = native_tls::TlsAcceptor::new(identity)?; | |
94 | let acceptor = std::sync::Arc::new(tokio_tls::TlsAcceptor::from(acceptor)); | |
95 | let connections = listener | |
96 | .incoming() | |
97 | .map_err(Error::from) | |
98 | .and_then(move |sock| acceptor.accept(sock).map_err(|e| e.into())) | |
99 | .then(|r| match r { | |
100 | // accept()s can fail here with an Err() when eg. the client rejects | |
101 | // the cert and closes the connection, so we follow up with mapping | |
102 | // it to an option and then filtering None with filter_map | |
103 | Ok(c) => Ok::<_, Error>(Some(c)), | |
104 | Err(e) => { | |
105 | if let Some(_io) = e.downcast_ref::<std::io::Error>() { | |
106 | // "real" IO errors should not simply be ignored | |
107 | bail!("shutting down..."); | |
108 | } else { | |
109 | // handshake errors just get filtered by filter_map() below: | |
110 | Ok(None) | |
111 | } | |
112 | } | |
113 | }) | |
114 | .filter_map(|r| { | |
115 | // Filter out the Nones | |
116 | r | |
117 | }); | |
5f550fd9 | 118 | |
a690ecac | 119 | Ok(hyper::Server::builder(connections) |
5f550fd9 DM |
120 | .serve(rest_server) |
121 | .with_graceful_shutdown(server::shutdown_future()) | |
122 | .map_err(|err| eprintln!("server error: {}", err)) | |
a690ecac | 123 | ) |
a2ca7137 WB |
124 | }, |
125 | )?; | |
a2ca7137 | 126 | |
d98c9a7a WB |
127 | daemon::systemd_notify(daemon::SystemdNotify::Ready)?; |
128 | ||
e3f41f21 DM |
129 | tokio::run(lazy(|| { |
130 | ||
d607b886 DM |
131 | let init_result: Result<(), Error> = try_block!({ |
132 | server::create_task_control_socket()?; | |
133 | server::server_state_init()?; | |
134 | Ok(()) | |
135 | }); | |
136 | ||
137 | if let Err(err) = init_result { | |
e3f41f21 DM |
138 | eprintln!("unable to start daemon - {}", err); |
139 | } else { | |
5f550fd9 DM |
140 | tokio::spawn(server.then(|_| { |
141 | log::info!("done - exit server"); | |
142 | Ok(()) | |
143 | })); | |
e3f41f21 DM |
144 | } |
145 | ||
146 | Ok(()) | |
147 | })); | |
148 | ||
4223d9f8 | 149 | Ok(()) |
02c7a755 | 150 | } |