src/bin/proxmox-backup-proxy.rs

   1 use std::sync::Arc;
   2
   3 use failure::*;
   4 use futures::*;
   5 use hyper;
   6 use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
   7
   8 use proxmox::tools::try_block;
   9 use proxmox::api::RpcEnvironmentType;
  10
  11 use proxmox_backup::configdir;
  12 use proxmox_backup::buildcfg;
  13 use proxmox_backup::server;
  14 use proxmox_backup::config;
  15 use proxmox_backup::tools::daemon;
  16 use proxmox_backup::server::{ApiConfig, rest::*};
  17 use proxmox_backup::auth_helpers::*;
  18
  19 #[tokio::main]
  20 async fn main() {
  21     if let Err(err) = run().await {
  22         eprintln!("Error: {}", err);
  23         std::process::exit(-1);
  24     }
  25 }
  26
  27 async fn run() -> Result<(), Error> {
  28     if let Err(err) = syslog::init(
  29         syslog::Facility::LOG_DAEMON,
  30         log::LevelFilter::Info,
  31         Some("proxmox-backup-proxy")) {
  32         bail!("unable to inititialize syslog - {}", err);
  33     }
  34
  35     config::update_self_signed_cert(false)?;
  36
  37     let _ = public_auth_key(); // load with lazy_static
  38     let _ = csrf_secret(); // load with lazy_static
  39
  40     let mut config = ApiConfig::new(
  41         buildcfg::JS_DIR, &proxmox_backup::api2::ROUTER, RpcEnvironmentType::PUBLIC);
  42
  43     // add default dirs which includes jquery and bootstrap
  44     // my $base = '/usr/share/libpve-http-server-perl';
  45     // add_dirs($self->{dirs}, '/css/' => "$base/css/");
  46     // add_dirs($self->{dirs}, '/js/' => "$base/js/");
  47     // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
  48     config.add_alias("novnc", "/usr/share/novnc-pve");
  49     config.add_alias("extjs", "/usr/share/javascript/extjs");
  50     config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
  51     config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
  52     config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
  53     config.add_alias("css", "/usr/share/javascript/proxmox-backup/css");
  54     config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
  55
  56     let rest_server = RestServer::new(config);
  57
  58     //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
  59     let key_path = configdir!("/proxy.key");
  60     let cert_path = configdir!("/proxy.pem");
  61
  62     let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
  63     acceptor.set_private_key_file(key_path, SslFiletype::PEM)
  64         .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
  65     acceptor.set_certificate_chain_file(cert_path)
  66         .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
  67     acceptor.check_private_key().unwrap();
  68
  69     let acceptor = Arc::new(acceptor.build());
  70
  71     let server = daemon::create_daemon(
  72         ([0,0,0,0,0,0,0,0], 8007).into(),
  73         |listener, ready| {
  74             let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener)
  75                 .map_err(Error::from)
  76                 .try_filter_map(move |(sock, _addr)| {
  77                     let acceptor = Arc::clone(&acceptor);
  78                     async move {
  79                         sock.set_nodelay(true).unwrap();
  80                         sock.set_send_buffer_size(1024*1024).unwrap();
  81                         sock.set_recv_buffer_size(1024*1024).unwrap();
  82                         Ok(tokio_openssl::accept(&acceptor, sock)
  83                             .await
  84                             .ok() // handshake errors aren't be fatal, so return None to filter
  85                         )
  86                     }
  87                 });
  88             let connections = proxmox_backup::tools::async_io::HyperAccept(connections);
  89
  90             Ok(ready
  91                 .and_then(|_| hyper::Server::builder(connections)
  92                     .serve(rest_server)
  93                     .with_graceful_shutdown(server::shutdown_future())
  94                     .map_err(Error::from)
  95                 )
  96                 .map_err(|err| eprintln!("server error: {}", err))
  97                 .map(|_| ())
  98             )
  99         },
 100     );
 101
 102     daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
 103
 104     let init_result: Result<(), Error> = try_block!({
 105         server::create_task_control_socket()?;
 106         server::server_state_init()?;
 107         Ok(())
 108     });
 109
 110     if let Err(err) = init_result {
 111         bail!("unable to start daemon - {}", err);
 112     }
 113
 114     server.await?;
 115     log::info!("done - exit server");
 116
 117     Ok(())
 118 }