]>
Commit | Line | Data |
---|---|---|
a2ca7137 | 1 | use proxmox_backup::configdir; |
e3f41f21 | 2 | use proxmox_backup::server; |
a690ecac | 3 | use proxmox_backup::tools::daemon; |
dc9a007b DM |
4 | use proxmox_backup::api_schema::router::*; |
5 | use proxmox_backup::api_schema::config::*; | |
02c7a755 | 6 | use proxmox_backup::server::rest::*; |
d01e2420 | 7 | use proxmox_backup::auth_helpers::*; |
02c7a755 | 8 | |
0d176f36 | 9 | use failure::*; |
e18a6c9e | 10 | use proxmox::tools::try_block; |
02c7a755 DM |
11 | use lazy_static::lazy_static; |
12 | ||
e3f41f21 | 13 | use futures::*; |
0d176f36 | 14 | use futures::stream::Stream; |
02c7a755 | 15 | |
6d1f61b2 DM |
16 | use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype}; |
17 | use std::sync::Arc; | |
18 | use tokio_openssl::SslAcceptorExt; | |
19 | ||
02c7a755 DM |
20 | use hyper; |
21 | ||
22 | fn main() { | |
23 | ||
4223d9f8 DM |
24 | if let Err(err) = run() { |
25 | eprintln!("Error: {}", err); | |
26 | std::process::exit(-1); | |
27 | } | |
28 | } | |
29 | ||
30 | fn run() -> Result<(), Error> { | |
02c7a755 DM |
31 | if let Err(err) = syslog::init( |
32 | syslog::Facility::LOG_DAEMON, | |
33 | log::LevelFilter::Info, | |
34 | Some("proxmox-backup-proxy")) { | |
4223d9f8 | 35 | bail!("unable to inititialize syslog - {}", err); |
02c7a755 DM |
36 | } |
37 | ||
d01e2420 DM |
38 | let _ = public_auth_key(); // load with lazy_static |
39 | let _ = csrf_secret(); // load with lazy_static | |
40 | ||
02c7a755 DM |
41 | lazy_static!{ |
42 | static ref ROUTER: Router = proxmox_backup::api2::router(); | |
43 | } | |
44 | ||
45 | let mut config = ApiConfig::new( | |
6285b251 | 46 | env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC); |
02c7a755 DM |
47 | |
48 | // add default dirs which includes jquery and bootstrap | |
49 | // my $base = '/usr/share/libpve-http-server-perl'; | |
50 | // add_dirs($self->{dirs}, '/css/' => "$base/css/"); | |
51 | // add_dirs($self->{dirs}, '/js/' => "$base/js/"); | |
52 | // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/"); | |
53 | config.add_alias("novnc", "/usr/share/novnc-pve"); | |
54 | config.add_alias("extjs", "/usr/share/javascript/extjs"); | |
55 | config.add_alias("fontawesome", "/usr/share/fonts-font-awesome"); | |
56 | config.add_alias("xtermjs", "/usr/share/pve-xtermjs"); | |
57 | config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit"); | |
58 | ||
59 | let rest_server = RestServer::new(config); | |
60 | ||
6d1f61b2 DM |
61 | //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes |
62 | let key_path = configdir!("/proxy.key"); | |
63 | let cert_path = configdir!("/proxy.pem"); | |
64 | ||
65 | let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap(); | |
66 | acceptor.set_private_key_file(key_path, SslFiletype::PEM) | |
67 | .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?; | |
68 | acceptor.set_certificate_chain_file(cert_path) | |
69 | .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?; | |
70 | acceptor.check_private_key().unwrap(); | |
71 | ||
72 | let acceptor = Arc::new(acceptor.build()); | |
0d176f36 | 73 | |
a690ecac WB |
74 | let server = daemon::create_daemon( |
75 | ([0,0,0,0,0,0,0,0], 8007).into(), | |
76 | |listener| { | |
a690ecac WB |
77 | let connections = listener |
78 | .incoming() | |
79 | .map_err(Error::from) | |
74d0a6bc DM |
80 | .and_then(move |sock| { |
81 | sock.set_nodelay(true).unwrap(); | |
82 | sock.set_send_buffer_size(1024*1024).unwrap(); | |
83 | sock.set_recv_buffer_size(1024*1024).unwrap(); | |
6d1f61b2 | 84 | acceptor.accept_async(sock).map_err(|e| e.into()) |
74d0a6bc | 85 | }) |
a690ecac WB |
86 | .then(|r| match r { |
87 | // accept()s can fail here with an Err() when eg. the client rejects | |
88 | // the cert and closes the connection, so we follow up with mapping | |
89 | // it to an option and then filtering None with filter_map | |
90 | Ok(c) => Ok::<_, Error>(Some(c)), | |
91 | Err(e) => { | |
92 | if let Some(_io) = e.downcast_ref::<std::io::Error>() { | |
93 | // "real" IO errors should not simply be ignored | |
94 | bail!("shutting down..."); | |
95 | } else { | |
96 | // handshake errors just get filtered by filter_map() below: | |
97 | Ok(None) | |
98 | } | |
99 | } | |
100 | }) | |
101 | .filter_map(|r| { | |
102 | // Filter out the Nones | |
103 | r | |
104 | }); | |
5f550fd9 | 105 | |
a690ecac | 106 | Ok(hyper::Server::builder(connections) |
5f550fd9 DM |
107 | .serve(rest_server) |
108 | .with_graceful_shutdown(server::shutdown_future()) | |
109 | .map_err(|err| eprintln!("server error: {}", err)) | |
a690ecac | 110 | ) |
a2ca7137 WB |
111 | }, |
112 | )?; | |
a2ca7137 | 113 | |
d98c9a7a WB |
114 | daemon::systemd_notify(daemon::SystemdNotify::Ready)?; |
115 | ||
e3f41f21 DM |
116 | tokio::run(lazy(|| { |
117 | ||
d607b886 DM |
118 | let init_result: Result<(), Error> = try_block!({ |
119 | server::create_task_control_socket()?; | |
120 | server::server_state_init()?; | |
121 | Ok(()) | |
122 | }); | |
123 | ||
124 | if let Err(err) = init_result { | |
e3f41f21 DM |
125 | eprintln!("unable to start daemon - {}", err); |
126 | } else { | |
5f550fd9 DM |
127 | tokio::spawn(server.then(|_| { |
128 | log::info!("done - exit server"); | |
129 | Ok(()) | |
130 | })); | |
e3f41f21 DM |
131 | } |
132 | ||
133 | Ok(()) | |
134 | })); | |
135 | ||
4223d9f8 | 136 | Ok(()) |
02c7a755 | 137 | } |