-#[macro_use]
-extern crate proxmox_backup;
-
-use proxmox_backup::tools;
-use proxmox_backup::api::router::*;
-use proxmox_backup::api::config::*;
-use proxmox_backup::server::rest::*;
-use proxmox_backup::auth_helpers::*;
+use std::sync::Arc;
use failure::*;
-use lazy_static::lazy_static;
-
-use futures::future::Future;
-use futures::stream::Stream;
-
+use futures::*;
use hyper;
+use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
+
+use proxmox::tools::try_block;
+use proxmox::api::RpcEnvironmentType;
-fn main() {
+use proxmox_backup::configdir;
+use proxmox_backup::buildcfg;
+use proxmox_backup::server;
+use proxmox_backup::config;
+use proxmox_backup::tools::daemon;
+use proxmox_backup::server::{ApiConfig, rest::*};
+use proxmox_backup::auth_helpers::*;
- if let Err(err) = run() {
+#[tokio::main]
+async fn main() {
+ if let Err(err) = run().await {
eprintln!("Error: {}", err);
std::process::exit(-1);
}
}
-fn run() -> Result<(), Error> {
-
+async fn run() -> Result<(), Error> {
if let Err(err) = syslog::init(
syslog::Facility::LOG_DAEMON,
log::LevelFilter::Info,
let _ = public_auth_key(); // load with lazy_static
let _ = csrf_secret(); // load with lazy_static
- lazy_static!{
- static ref ROUTER: Router = proxmox_backup::api2::router();
- }
-
let mut config = ApiConfig::new(
- env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC);
+ buildcfg::JS_DIR, &proxmox_backup::api2::ROUTER, RpcEnvironmentType::PUBLIC);
// add default dirs which includes jquery and bootstrap
// my $base = '/usr/share/libpve-http-server-perl';
config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
+ config.add_alias("css", "/usr/share/javascript/proxmox-backup/css");
+ config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
let rest_server = RestServer::new(config);
- let cert_path = configdir!("/proxy.pfx");
- let raw_cert = tools::file_get_contents(cert_path)?;
-
- let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") {
- Ok(data) => data,
- Err(err) => bail!("unabled to decode pkcs12 identity {} - {}", cert_path, err),
- };
-
- let addr = ([0,0,0,0,0,0,0,0], 8007).into();
- let listener = tokio::net::TcpListener::bind(&addr)?;
- let acceptor = native_tls::TlsAcceptor::new(identity)?;
- let acceptor = std::sync::Arc::new(tokio_tls::TlsAcceptor::from(acceptor));
- let connections = listener
- .incoming()
- .map_err(|e| Error::from(e))
- .and_then(move |sock| acceptor.accept(sock).map_err(|e| e.into()))
- .then(|r| match r {
- // accept()s can fail here with an Err() when eg. the client rejects
- // the cert and closes the connection, so we follow up with mapping
- // it to an option and then filtering None with filter_map
- Ok(c) => Ok::<_, Error>(Some(c)),
- Err(_) => Ok(None),
- })
- .filter_map(|r| {
- // Filter out the Nones
- r
- });
-
- let server = hyper::Server::builder(connections)
- .serve(rest_server)
- .map_err(|e| eprintln!("server error: {}", e));
-
- // Run this server for... forever!
- hyper::rt::run(server);
+ //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
+ let key_path = configdir!("/proxy.key");
+ let cert_path = configdir!("/proxy.pem");
+
+ let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
+ acceptor.set_private_key_file(key_path, SslFiletype::PEM)
+ .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
+ acceptor.set_certificate_chain_file(cert_path)
+ .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
+ acceptor.check_private_key().unwrap();
+
+ let acceptor = Arc::new(acceptor.build());
+
+ let server = daemon::create_daemon(
+ ([0,0,0,0,0,0,0,0], 8007).into(),
+ |listener, ready| {
+ let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener)
+ .map_err(Error::from)
+ .try_filter_map(move |(sock, _addr)| {
+ let acceptor = Arc::clone(&acceptor);
+ async move {
+ sock.set_nodelay(true).unwrap();
+ sock.set_send_buffer_size(1024*1024).unwrap();
+ sock.set_recv_buffer_size(1024*1024).unwrap();
+ Ok(tokio_openssl::accept(&acceptor, sock)
+ .await
+ .ok() // handshake errors aren't be fatal, so return None to filter
+ )
+ }
+ });
+ let connections = proxmox_backup::tools::async_io::HyperAccept(connections);
+
+ Ok(ready
+ .and_then(|_| hyper::Server::builder(connections)
+ .serve(rest_server)
+ .with_graceful_shutdown(server::shutdown_future())
+ .map_err(Error::from)
+ )
+ .map_err(|err| eprintln!("server error: {}", err))
+ .map(|_| ())
+ )
+ },
+ );
+
+ daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
+
+ let init_result: Result<(), Error> = try_block!({
+ server::create_task_control_socket()?;
+ server::server_state_init()?;
+ Ok(())
+ });
+
+ if let Err(err) = init_result {
+ bail!("unable to start daemon - {}", err);
+ }
+
+ server.await?;
+ log::info!("server shutting down, waiting for active workers to complete");
+ proxmox_backup::server::last_worker_future().await?;
+ log::info!("done - exit server");
Ok(())
}