[proxmox-backup.git] / src / bin / proxmox-backup-proxy.rs

use proxmox_backup::configdir;
use proxmox_backup::server;
use proxmox_backup::tools::daemon;
use proxmox_backup::api_schema::router::*;
use proxmox_backup::api_schema::config::*;
use proxmox_backup::server::rest::*;
use proxmox_backup::auth_helpers::*;

use failure::*;
use proxmox::tools::try_block;
use lazy_static::lazy_static;

use futures::*;
use futures::stream::Stream;

use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
use std::sync::Arc;
use tokio_openssl::SslAcceptorExt;

use hyper;

fn main() {

    if let Err(err) = run() {
        eprintln!("Error: {}", err);
        std::process::exit(-1);
    }
}

fn run() -> Result<(), Error> {
    if let Err(err) = syslog::init(
        syslog::Facility::LOG_DAEMON,
        log::LevelFilter::Info,
        Some("proxmox-backup-proxy")) {
        bail!("unable to inititialize syslog - {}", err);
    }

    let _ = public_auth_key(); // load with lazy_static
    let _ = csrf_secret(); // load with lazy_static

    lazy_static!{
       static ref ROUTER: Router = proxmox_backup::api2::router();
    }

    let mut config = ApiConfig::new(
        env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC);

    // add default dirs which includes jquery and bootstrap
    // my $base = '/usr/share/libpve-http-server-perl';
    // add_dirs($self->{dirs}, '/css/' => "$base/css/");
    // add_dirs($self->{dirs}, '/js/' => "$base/js/");
    // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
    config.add_alias("novnc", "/usr/share/novnc-pve");
    config.add_alias("extjs", "/usr/share/javascript/extjs");
    config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
    config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
    config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");

    let rest_server = RestServer::new(config);

    //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
    let key_path = configdir!("/proxy.key");
    let cert_path = configdir!("/proxy.pem");

    let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
    acceptor.set_private_key_file(key_path, SslFiletype::PEM)
        .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
    acceptor.set_certificate_chain_file(cert_path)
        .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
    acceptor.check_private_key().unwrap();

    let acceptor = Arc::new(acceptor.build());

    let server = daemon::create_daemon(
        ([0,0,0,0,0,0,0,0], 8007).into(),
        |listener| {
            let connections = listener
                .incoming()
                .map_err(Error::from)
                .and_then(move |sock| {
                    sock.set_nodelay(true).unwrap();
                    sock.set_send_buffer_size(1024*1024).unwrap();
                    sock.set_recv_buffer_size(1024*1024).unwrap();
                    acceptor.accept_async(sock).map_err(|e| e.into())
                })
                .then(|r| match r {
                    // accept()s can fail here with an Err() when eg. the client rejects
                    // the cert and closes the connection, so we follow up with mapping
                    // it to an option and then filtering None with filter_map
                    Ok(c) => Ok::<_, Error>(Some(c)),
                    Err(e) => {
                        if let Some(_io) = e.downcast_ref::<std::io::Error>() {
                            // "real" IO errors should not simply be ignored
                            bail!("shutting down...");
                        } else {
                            // handshake errors just get filtered by filter_map() below:
                            Ok(None)
                        }
                    }
                })
                .filter_map(|r| {
                    // Filter out the Nones
                    r
                });

            Ok(hyper::Server::builder(connections)
               .serve(rest_server)
               .with_graceful_shutdown(server::shutdown_future())
               .map_err(|err| eprintln!("server error: {}", err))
            )
        },
    )?;

    daemon::systemd_notify(daemon::SystemdNotify::Ready)?;

    tokio::run(lazy(||  {

        let init_result: Result<(), Error> = try_block!({
            server::create_task_control_socket()?;
            server::server_state_init()?;
            Ok(())
        });

        if let Err(err) = init_result {
            eprintln!("unable to start daemon - {}", err);
        } else {
            tokio::spawn(server.then(|_| {
                log::info!("done - exit server");
                Ok(())
            }));
        }

        Ok(())
    }));

    Ok(())
}
Commit	Line	Data
a2ca7137	1	use proxmox_backup::configdir;
e3f41f21	2	use proxmox_backup::server;
a690ecac	3	use proxmox_backup::tools::daemon;
dc9a007b DM	4	use proxmox_backup::api_schema::router::*;
dc9a007b DM	5	use proxmox_backup::api_schema::config::*;
02c7a755	6	use proxmox_backup::server::rest::*;
d01e2420	7	use proxmox_backup::auth_helpers::*;
02c7a755	8
0d176f36	9	use failure::*;
e18a6c9e	10	use proxmox::tools::try_block;
02c7a755 DM	11	use lazy_static::lazy_static;
02c7a755 DM	12
e3f41f21	13	use futures::*;
0d176f36	14	use futures::stream::Stream;
02c7a755	15
6d1f61b2 DM	16	use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
	17	use std::sync::Arc;
	18	use tokio_openssl::SslAcceptorExt;
	19
02c7a755 DM	20	use hyper;
	21
	22	fn main() {
	23
4223d9f8 DM	24	if let Err(err) = run() {
	25	eprintln!("Error: {}", err);
	26	std::process::exit(-1);
	27	}
	28	}
	29
	30	fn run() -> Result<(), Error> {
02c7a755 DM	31	if let Err(err) = syslog::init(
	32	syslog::Facility::LOG_DAEMON,
	33	log::LevelFilter::Info,
	34	Some("proxmox-backup-proxy")) {
4223d9f8	35	bail!("unable to inititialize syslog - {}", err);
02c7a755 DM	36	}
02c7a755 DM	37
d01e2420 DM	38	let _ = public_auth_key(); // load with lazy_static
	39	let _ = csrf_secret(); // load with lazy_static
	40
02c7a755 DM	41	lazy_static!{
	42	static ref ROUTER: Router = proxmox_backup::api2::router();
	43	}
	44
	45	let mut config = ApiConfig::new(
6285b251	46	env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC);
02c7a755 DM	47
	48	// add default dirs which includes jquery and bootstrap
	49	// my $base = '/usr/share/libpve-http-server-perl';
	50	// add_dirs($self->{dirs}, '/css/' => "$base/css/");
	51	// add_dirs($self->{dirs}, '/js/' => "$base/js/");
	52	// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
	53	config.add_alias("novnc", "/usr/share/novnc-pve");
	54	config.add_alias("extjs", "/usr/share/javascript/extjs");
	55	config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
	56	config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
	57	config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
	58
	59	let rest_server = RestServer::new(config);
	60
6d1f61b2 DM	61	//openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
	62	let key_path = configdir!("/proxy.key");
	63	let cert_path = configdir!("/proxy.pem");
	64
	65	let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
	66	acceptor.set_private_key_file(key_path, SslFiletype::PEM)
	67	.map_err(\|err\| format_err!("unable to read proxy key {} - {}", key_path, err))?;
	68	acceptor.set_certificate_chain_file(cert_path)
	69	.map_err(\|err\| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
	70	acceptor.check_private_key().unwrap();
	71
	72	let acceptor = Arc::new(acceptor.build());
0d176f36	73
a690ecac WB	74	let server = daemon::create_daemon(
	75	([0,0,0,0,0,0,0,0], 8007).into(),
	76	\|listener\| {
a690ecac WB	77	let connections = listener
	78	.incoming()
	79	.map_err(Error::from)
74d0a6bc DM	80	.and_then(move \|sock\| {
	81	sock.set_nodelay(true).unwrap();
	82	sock.set_send_buffer_size(1024*1024).unwrap();
	83	sock.set_recv_buffer_size(1024*1024).unwrap();
6d1f61b2	84	acceptor.accept_async(sock).map_err(\|e\| e.into())
74d0a6bc	85	})
a690ecac WB	86	.then(\|r\| match r {
	87	// accept()s can fail here with an Err() when eg. the client rejects
	88	// the cert and closes the connection, so we follow up with mapping
	89	// it to an option and then filtering None with filter_map
	90	Ok(c) => Ok::<_, Error>(Some(c)),
	91	Err(e) => {
	92	if let Some(_io) = e.downcast_ref::<std::io::Error>() {
	93	// "real" IO errors should not simply be ignored
	94	bail!("shutting down...");
	95	} else {
	96	// handshake errors just get filtered by filter_map() below:
	97	Ok(None)
	98	}
	99	}
	100	})
	101	.filter_map(\|r\| {
	102	// Filter out the Nones
	103	r
	104	});
5f550fd9	105
a690ecac	106	Ok(hyper::Server::builder(connections)
5f550fd9 DM	107	.serve(rest_server)
	108	.with_graceful_shutdown(server::shutdown_future())
	109	.map_err(\|err\| eprintln!("server error: {}", err))
a690ecac	110	)
a2ca7137 WB	111	},
a2ca7137 WB	112	)?;
a2ca7137	113
d98c9a7a WB	114	daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
d98c9a7a WB	115
e3f41f21 DM	116	tokio::run(lazy(\|\| {
e3f41f21 DM	117
d607b886 DM	118	let init_result: Result<(), Error> = try_block!({
	119	server::create_task_control_socket()?;
	120	server::server_state_init()?;
	121	Ok(())
	122	});
	123
	124	if let Err(err) = init_result {
e3f41f21 DM	125	eprintln!("unable to start daemon - {}", err);
e3f41f21 DM	126	} else {
5f550fd9 DM	127	tokio::spawn(server.then(\|_\| {
	128	log::info!("done - exit server");
	129	Ok(())
	130	}));
e3f41f21 DM	131	}
	132
	133	Ok(())
	134	}));
	135
4223d9f8	136	Ok(())
02c7a755	137	}