3 # Note: In theory, all this can be done by 'pveproxy' daemon. But some
4 # API call still have blocking code, so we use a separate daemon to avoid
5 # that the console gets blocked.
7 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
9 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
17 use PVE
::APIDaemon
; # fixme: remove
20 use base
qw(PVE::Daemon);
22 $SIG{'__WARN__'} = sub {
27 syslog
('warning', "%s", $t);
31 my $cmdline = [$0, @ARGV];
33 my %daemon_options = (
34 max_workers
=> 1, # todo: do we need more?
35 restart_on_error
=> 5,
37 leave_children_open_on_reload
=> 1,
38 run_dir
=> '/var/run/pveproxy',
41 my $daemon = __PACKAGE__-
>new('spiceproxy', $cmdline, %daemon_options);
43 my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
44 POSIX
::setgid
($gid) || die "setgid $gid failed - $!\n";
45 $EGID = "$gid $gid"; # this calls setgroups
46 my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n";
47 POSIX
::setuid
($uid) || die "setuid $uid failed - $!\n";
50 die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid");
55 # we use same ALLOW/DENY/POLICY as pveproxy
56 my $proxyconf = PVE
::APIDaemon
::read_proxy_config
();
58 my $accept_lock_fn = "/var/lock/spiceproxy.lck";
60 my $lockfh = IO
::File-
>new(">>${accept_lock_fn}") ||
61 die "unable to open lock file '${accept_lock_fn}' - $!\n";
63 my $socket = $self->create_reusable_socket(3128);
65 $self->{server_config
} = {
66 base_handler_class
=> 'PVE::API2',
69 lockfile
=> $accept_lock_fn,
72 debug
=> $self->{debug
},
75 logfile
=> '/var/log/pveproxy/access.log',
76 allow_from
=> $proxyconf->{ALLOW_FROM
},
77 deny_from
=> $proxyconf->{DENY_FROM
},
78 policy
=> $proxyconf->{POLICY
},
85 my $server = PVE
::HTTPServer-
>new(%{$self->{server_config
}});
89 $daemon->register_start_command();
90 $daemon->register_restart_command(1);
91 $daemon->register_stop_command();
92 $daemon->register_status_command();
95 start
=> [ __PACKAGE__
, 'start', []],
96 restart
=> [ __PACKAGE__
, 'restart', []],
97 stop
=> [ __PACKAGE__
, 'stop', []],
98 status
=> [ __PACKAGE__
, 'status', [], undef, sub { print shift . "\n";} ],
103 PVE
::CLIHandler
::handle_cmd
($cmddef, $0, $cmd, \
@ARGV, undef, $0);
111 spiceproxy - SPICE proxy server for Proxmox VE
119 SPICE proxy server for Proxmox VE. Listens on port 3128.
121 =head1 Host based access control
123 It is possible to configure apache2 like access control lists. Values are read
124 from file /etc/default/pveproxy (see 'pveproxy' for details).
128 /etc/default/pveproxy
130 =include pve_copyright