[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs

use std::sync::Arc;

use failure::*;
use futures::*;
use hyper;
use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};

use proxmox::tools::try_block;
use proxmox::api::RpcEnvironmentType;

use proxmox_backup::configdir;
use proxmox_backup::buildcfg;
use proxmox_backup::server;
use proxmox_backup::config;
use proxmox_backup::tools::daemon;
use proxmox_backup::server::{ApiConfig, rest::*};
use proxmox_backup::auth_helpers::*;

#[tokio::main]
async fn main() {
    if let Err(err) = run().await {
        eprintln!("Error: {}", err);
        std::process::exit(-1);
    }
}

async fn run() -> Result<(), Error> {
    if let Err(err) = syslog::init(
        syslog::Facility::LOG_DAEMON,
        log::LevelFilter::Info,
        Some("proxmox-backup-proxy")) {
        bail!("unable to inititialize syslog - {}", err);
    }

    config::update_self_signed_cert(false)?;

    let _ = public_auth_key(); // load with lazy_static
    let _ = csrf_secret(); // load with lazy_static

    let mut config = ApiConfig::new(
        buildcfg::JS_DIR, &proxmox_backup::api2::ROUTER, RpcEnvironmentType::PUBLIC);

    // add default dirs which includes jquery and bootstrap
    // my $base = '/usr/share/libpve-http-server-perl';
    // add_dirs($self->{dirs}, '/css/' => "$base/css/");
    // add_dirs($self->{dirs}, '/js/' => "$base/js/");
    // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
    config.add_alias("novnc", "/usr/share/novnc-pve");
    config.add_alias("extjs", "/usr/share/javascript/extjs");
    config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
    config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
    config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
    config.add_alias("css", "/usr/share/javascript/proxmox-backup/css");
    config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");

    let rest_server = RestServer::new(config);

    //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
    let key_path = configdir!("/proxy.key");
    let cert_path = configdir!("/proxy.pem");

    let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
    acceptor.set_private_key_file(key_path, SslFiletype::PEM)
        .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
    acceptor.set_certificate_chain_file(cert_path)
        .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
    acceptor.check_private_key().unwrap();

    let acceptor = Arc::new(acceptor.build());

    let server = daemon::create_daemon(
        ([0,0,0,0,0,0,0,0], 8007).into(),
        |listener, ready| {
            let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener)
                .map_err(Error::from)
                .try_filter_map(move |(sock, _addr)| {
                    let acceptor = Arc::clone(&acceptor);
                    async move {
                        sock.set_nodelay(true).unwrap();
                        sock.set_send_buffer_size(1024*1024).unwrap();
                        sock.set_recv_buffer_size(1024*1024).unwrap();
                        Ok(tokio_openssl::accept(&acceptor, sock)
                            .await
                            .ok() // handshake errors aren't be fatal, so return None to filter
                        )
                    }
                });
            let connections = proxmox_backup::tools::async_io::HyperAccept(connections);

            Ok(ready
                .and_then(|_| hyper::Server::builder(connections)
                    .serve(rest_server)
                    .with_graceful_shutdown(server::shutdown_future())
                    .map_err(Error::from)
                )
                .map_err(|err| eprintln!("server error: {}", err))
                .map(|_| ())
            )
        },
    );

    daemon::systemd_notify(daemon::SystemdNotify::Ready)?;

    let init_result: Result<(), Error> = try_block!({
        server::create_task_control_socket()?;
        server::server_state_init()?;
        Ok(())
    });

    if let Err(err) = init_result {
        bail!("unable to start daemon - {}", err);
    }

    server.await?;
    log::info!("done - exit server");

    Ok(())
}
Commit	Line	Data
a2479cfa WB	1	use std::sync::Arc;
	2
	3	use failure::*;
	4	use futures::*;
	5	use hyper;
	6	use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
	7
	8	use proxmox::tools::try_block;
	9	use proxmox::api::RpcEnvironmentType;
	10
a2ca7137	11	use proxmox_backup::configdir;
4a7de56e	12	use proxmox_backup::buildcfg;
e3f41f21	13	use proxmox_backup::server;
f8fd5095	14	use proxmox_backup::config;
a690ecac	15	use proxmox_backup::tools::daemon;
e57e1cd8	16	use proxmox_backup::server::{ApiConfig, rest::*};
d01e2420	17	use proxmox_backup::auth_helpers::*;
02c7a755	18
fda5797b WB	19	#[tokio::main]
	20	async fn main() {
	21	if let Err(err) = run().await {
4223d9f8 DM	22	eprintln!("Error: {}", err);
	23	std::process::exit(-1);
	24	}
	25	}
	26
fda5797b	27	async fn run() -> Result<(), Error> {
02c7a755 DM	28	if let Err(err) = syslog::init(
	29	syslog::Facility::LOG_DAEMON,
	30	log::LevelFilter::Info,
	31	Some("proxmox-backup-proxy")) {
4223d9f8	32	bail!("unable to inititialize syslog - {}", err);
02c7a755 DM	33	}
02c7a755 DM	34
f8fd5095 DM	35	config::update_self_signed_cert(false)?;
f8fd5095 DM	36
d01e2420 DM	37	let _ = public_auth_key(); // load with lazy_static
	38	let _ = csrf_secret(); // load with lazy_static
	39
02c7a755	40	let mut config = ApiConfig::new(
255f378a	41	buildcfg::JS_DIR, &proxmox_backup::api2::ROUTER, RpcEnvironmentType::PUBLIC);
02c7a755 DM	42
	43	// add default dirs which includes jquery and bootstrap
	44	// my $base = '/usr/share/libpve-http-server-perl';
	45	// add_dirs($self->{dirs}, '/css/' => "$base/css/");
	46	// add_dirs($self->{dirs}, '/js/' => "$base/js/");
	47	// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
	48	config.add_alias("novnc", "/usr/share/novnc-pve");
	49	config.add_alias("extjs", "/usr/share/javascript/extjs");
	50	config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
	51	config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
	52	config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
2d694f8f	53	config.add_alias("css", "/usr/share/javascript/proxmox-backup/css");
9c01e73c	54	config.add_alias("docs", "/usr/share/doc/proxmox-backup/html");
02c7a755 DM	55
	56	let rest_server = RestServer::new(config);
	57
6d1f61b2 DM	58	//openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
	59	let key_path = configdir!("/proxy.key");
	60	let cert_path = configdir!("/proxy.pem");
	61
	62	let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
	63	acceptor.set_private_key_file(key_path, SslFiletype::PEM)
	64	.map_err(\|err\| format_err!("unable to read proxy key {} - {}", key_path, err))?;
	65	acceptor.set_certificate_chain_file(cert_path)
	66	.map_err(\|err\| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
	67	acceptor.check_private_key().unwrap();
	68
	69	let acceptor = Arc::new(acceptor.build());
0d176f36	70
a690ecac WB	71	let server = daemon::create_daemon(
a690ecac WB	72	([0,0,0,0,0,0,0,0], 8007).into(),
083ff3fd	73	\|listener, ready\| {
db0cb9ce	74	let connections = proxmox_backup::tools::async_io::StaticIncoming::from(listener)
a690ecac	75	.map_err(Error::from)
db0cb9ce	76	.try_filter_map(move \|(sock, _addr)\| {
fda5797b WB	77	let acceptor = Arc::clone(&acceptor);
	78	async move {
	79	sock.set_nodelay(true).unwrap();
	80	sock.set_send_buffer_size(1024*1024).unwrap();
	81	sock.set_recv_buffer_size(1024*1024).unwrap();
	82	Ok(tokio_openssl::accept(&acceptor, sock)
	83	.await
	84	.ok() // handshake errors aren't be fatal, so return None to filter
	85	)
a690ecac	86	}
a690ecac	87	});
db0cb9ce	88	let connections = proxmox_backup::tools::async_io::HyperAccept(connections);
083ff3fd WB	89
	90	Ok(ready
	91	.and_then(\|_\| hyper::Server::builder(connections)
	92	.serve(rest_server)
	93	.with_graceful_shutdown(server::shutdown_future())
	94	.map_err(Error::from)
	95	)
	96	.map_err(\|err\| eprintln!("server error: {}", err))
	97	.map(\|_\| ())
a690ecac	98	)
a2ca7137	99	},
083ff3fd	100	);
a2ca7137	101
d98c9a7a WB	102	daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
d98c9a7a WB	103
fda5797b WB	104	let init_result: Result<(), Error> = try_block!({
	105	server::create_task_control_socket()?;
	106	server::server_state_init()?;
	107	Ok(())
	108	});
d607b886	109
fda5797b WB	110	if let Err(err) = init_result {
	111	bail!("unable to start daemon - {}", err);
	112	}
e3f41f21	113
083ff3fd	114	server.await?;
fda5797b	115	log::info!("done - exit server");
e3f41f21	116
4223d9f8	117	Ok(())
02c7a755	118	}