src/bin/proxmox-backup-proxy.rs

   1 use proxmox_backup::try_block;
   2 use proxmox_backup::configdir;
   3 use proxmox_backup::server;
   4 use proxmox_backup::tools::daemon;
   5 use proxmox_backup::api_schema::router::*;
   6 use proxmox_backup::api_schema::config::*;
   7 use proxmox_backup::server::rest::*;
   8 use proxmox_backup::auth_helpers::*;
   9
  10 use failure::*;
  11 use lazy_static::lazy_static;
  12
  13 use futures::*;
  14 use futures::stream::Stream;
  15
  16 use openssl::ssl::{SslMethod, SslAcceptor, SslFiletype};
  17 use std::sync::Arc;
  18 use tokio_openssl::SslAcceptorExt;
  19
  20 use hyper;
  21
  22 fn main() {
  23
  24     if let Err(err) = run() {
  25         eprintln!("Error: {}", err);
  26         std::process::exit(-1);
  27     }
  28 }
  29
  30 fn run() -> Result<(), Error> {
  31     if let Err(err) = syslog::init(
  32         syslog::Facility::LOG_DAEMON,
  33         log::LevelFilter::Info,
  34         Some("proxmox-backup-proxy")) {
  35         bail!("unable to inititialize syslog - {}", err);
  36     }
  37
  38     let _ = public_auth_key(); // load with lazy_static
  39     let _ = csrf_secret(); // load with lazy_static
  40
  41     lazy_static!{
  42        static ref ROUTER: Router = proxmox_backup::api2::router();
  43     }
  44
  45     let mut config = ApiConfig::new(
  46         env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC);
  47
  48     // add default dirs which includes jquery and bootstrap
  49     // my $base = '/usr/share/libpve-http-server-perl';
  50     // add_dirs($self->{dirs}, '/css/' => "$base/css/");
  51     // add_dirs($self->{dirs}, '/js/' => "$base/js/");
  52     // add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
  53     config.add_alias("novnc", "/usr/share/novnc-pve");
  54     config.add_alias("extjs", "/usr/share/javascript/extjs");
  55     config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
  56     config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
  57     config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
  58
  59     let rest_server = RestServer::new(config);
  60
  61     //openssl req -x509 -newkey rsa:4096 -keyout /etc/proxmox-backup/proxy.key -out /etc/proxmox-backup/proxy.pem -nodes
  62     let key_path = configdir!("/proxy.key");
  63     let cert_path = configdir!("/proxy.pem");
  64
  65     let mut acceptor = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
  66     acceptor.set_private_key_file(key_path, SslFiletype::PEM)
  67         .map_err(|err| format_err!("unable to read proxy key {} - {}", key_path, err))?;
  68     acceptor.set_certificate_chain_file(cert_path)
  69         .map_err(|err| format_err!("unable to read proxy cert {} - {}", cert_path, err))?;
  70     acceptor.check_private_key().unwrap();
  71
  72     let acceptor = Arc::new(acceptor.build());
  73
  74     let server = daemon::create_daemon(
  75         ([0,0,0,0,0,0,0,0], 8007).into(),
  76         |listener| {
  77             let connections = listener
  78                 .incoming()
  79                 .map_err(Error::from)
  80                 .and_then(move |sock| {
  81                     sock.set_nodelay(true).unwrap();
  82                     sock.set_send_buffer_size(1024*1024).unwrap();
  83                     sock.set_recv_buffer_size(1024*1024).unwrap();
  84                     acceptor.accept_async(sock).map_err(|e| e.into())
  85                 })
  86                 .then(|r| match r {
  87                     // accept()s can fail here with an Err() when eg. the client rejects
  88                     // the cert and closes the connection, so we follow up with mapping
  89                     // it to an option and then filtering None with filter_map
  90                     Ok(c) => Ok::<_, Error>(Some(c)),
  91                     Err(e) => {
  92                         if let Some(_io) = e.downcast_ref::<std::io::Error>() {
  93                             // "real" IO errors should not simply be ignored
  94                             bail!("shutting down...");
  95                         } else {
  96                             // handshake errors just get filtered by filter_map() below:
  97                             Ok(None)
  98                         }
  99                     }
 100                 })
 101                 .filter_map(|r| {
 102                     // Filter out the Nones
 103                     r
 104                 });
 105
 106             Ok(hyper::Server::builder(connections)
 107                .serve(rest_server)
 108                .with_graceful_shutdown(server::shutdown_future())
 109                .map_err(|err| eprintln!("server error: {}", err))
 110             )
 111         },
 112     )?;
 113
 114     daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
 115
 116     tokio::run(lazy(||  {
 117
 118         let init_result: Result<(), Error> = try_block!({
 119             server::create_task_control_socket()?;
 120             server::server_state_init()?;
 121             Ok(())
 122         });
 123
 124         if let Err(err) = init_result {
 125             eprintln!("unable to start daemon - {}", err);
 126         } else {
 127             tokio::spawn(server.then(|_| {
 128                 log::info!("done - exit server");
 129                 Ok(())
 130             }));
 131         }
 132
 133         Ok(())
 134     }));
 135
 136     Ok(())
 137 }