2019-04-26 08:44:41 +00:00
|
|
|
use std::io;
|
|
|
|
use std::path::Path;
|
|
|
|
|
2019-04-09 10:15:06 +00:00
|
|
|
use proxmox_backup::try_block;
|
2019-03-11 08:38:35 +00:00
|
|
|
use proxmox_backup::configdir;
|
2019-02-11 13:43:26 +00:00
|
|
|
use proxmox_backup::tools;
|
2019-04-08 12:00:23 +00:00
|
|
|
use proxmox_backup::server;
|
2019-03-18 13:13:44 +00:00
|
|
|
use proxmox_backup::tools::daemon;
|
2019-02-17 08:59:20 +00:00
|
|
|
use proxmox_backup::api_schema::router::*;
|
|
|
|
use proxmox_backup::api_schema::config::*;
|
2019-01-28 12:17:03 +00:00
|
|
|
use proxmox_backup::server::rest::*;
|
2019-01-29 16:21:58 +00:00
|
|
|
use proxmox_backup::auth_helpers::*;
|
2019-01-28 12:17:03 +00:00
|
|
|
|
2019-02-04 13:56:07 +00:00
|
|
|
use failure::*;
|
2019-01-28 12:17:03 +00:00
|
|
|
use lazy_static::lazy_static;
|
|
|
|
|
2019-04-08 12:00:23 +00:00
|
|
|
use futures::*;
|
2019-02-04 13:56:07 +00:00
|
|
|
use futures::stream::Stream;
|
2019-01-28 12:17:03 +00:00
|
|
|
|
|
|
|
use hyper;
|
|
|
|
|
|
|
|
fn main() {
|
|
|
|
|
2019-02-11 13:43:26 +00:00
|
|
|
if let Err(err) = run() {
|
|
|
|
eprintln!("Error: {}", err);
|
|
|
|
std::process::exit(-1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-26 08:44:41 +00:00
|
|
|
fn load_certificate<T: AsRef<Path>, U: AsRef<Path>>(
|
|
|
|
key: T,
|
|
|
|
cert: U,
|
|
|
|
) -> Result<openssl::pkcs12::Pkcs12, Error> {
|
|
|
|
let key = tools::file_get_contents(key)?;
|
|
|
|
let cert = tools::file_get_contents(cert)?;
|
|
|
|
|
|
|
|
let key = openssl::pkey::PKey::private_key_from_pem(&key)?;
|
|
|
|
let cert = openssl::x509::X509::from_pem(&cert)?;
|
|
|
|
|
|
|
|
Ok(openssl::pkcs12::Pkcs12::builder()
|
|
|
|
.build("", "", &key, &cert)?)
|
|
|
|
}
|
|
|
|
|
2019-02-11 13:43:26 +00:00
|
|
|
fn run() -> Result<(), Error> {
|
2019-01-28 12:17:03 +00:00
|
|
|
if let Err(err) = syslog::init(
|
|
|
|
syslog::Facility::LOG_DAEMON,
|
|
|
|
log::LevelFilter::Info,
|
|
|
|
Some("proxmox-backup-proxy")) {
|
2019-02-11 13:43:26 +00:00
|
|
|
bail!("unable to inititialize syslog - {}", err);
|
2019-01-28 12:17:03 +00:00
|
|
|
}
|
|
|
|
|
2019-01-29 16:21:58 +00:00
|
|
|
let _ = public_auth_key(); // load with lazy_static
|
|
|
|
let _ = csrf_secret(); // load with lazy_static
|
|
|
|
|
2019-01-28 12:17:03 +00:00
|
|
|
lazy_static!{
|
|
|
|
static ref ROUTER: Router = proxmox_backup::api2::router();
|
|
|
|
}
|
|
|
|
|
|
|
|
let mut config = ApiConfig::new(
|
2019-01-31 12:43:09 +00:00
|
|
|
env!("PROXMOX_JSDIR"), &ROUTER, RpcEnvironmentType::PUBLIC);
|
2019-01-28 12:17:03 +00:00
|
|
|
|
|
|
|
// add default dirs which includes jquery and bootstrap
|
|
|
|
// my $base = '/usr/share/libpve-http-server-perl';
|
|
|
|
// add_dirs($self->{dirs}, '/css/' => "$base/css/");
|
|
|
|
// add_dirs($self->{dirs}, '/js/' => "$base/js/");
|
|
|
|
// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
|
|
|
|
config.add_alias("novnc", "/usr/share/novnc-pve");
|
|
|
|
config.add_alias("extjs", "/usr/share/javascript/extjs");
|
|
|
|
config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
|
|
|
|
config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
|
|
|
|
config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
|
|
|
|
|
|
|
|
let rest_server = RestServer::new(config);
|
|
|
|
|
2019-02-11 13:43:26 +00:00
|
|
|
let cert_path = configdir!("/proxy.pfx");
|
2019-04-26 08:44:41 +00:00
|
|
|
let raw_cert = match std::fs::read(cert_path) {
|
|
|
|
Ok(pfx) => pfx,
|
|
|
|
Err(ref err) if err.kind() == io::ErrorKind::NotFound => {
|
|
|
|
let pkcs12 = load_certificate(configdir!("/proxy.key"), configdir!("/proxy.pem"))?;
|
|
|
|
pkcs12.to_der()?
|
|
|
|
}
|
|
|
|
Err(err) => bail!("unable to read certificate file {} - {}", cert_path, err),
|
|
|
|
};
|
2019-02-11 13:43:26 +00:00
|
|
|
|
|
|
|
let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") {
|
|
|
|
Ok(data) => data,
|
2019-05-29 13:43:34 +00:00
|
|
|
Err(err) => bail!("unable to decode pkcs12 identity {} - {}", cert_path, err),
|
2019-02-11 13:43:26 +00:00
|
|
|
};
|
2019-02-04 13:56:07 +00:00
|
|
|
|
2019-03-18 13:13:44 +00:00
|
|
|
let server = daemon::create_daemon(
|
|
|
|
([0,0,0,0,0,0,0,0], 8007).into(),
|
|
|
|
|listener| {
|
|
|
|
let acceptor = native_tls::TlsAcceptor::new(identity)?;
|
|
|
|
let acceptor = std::sync::Arc::new(tokio_tls::TlsAcceptor::from(acceptor));
|
|
|
|
let connections = listener
|
|
|
|
.incoming()
|
|
|
|
.map_err(Error::from)
|
2019-07-02 08:48:58 +00:00
|
|
|
.and_then(move |sock| {
|
|
|
|
sock.set_nodelay(true).unwrap();
|
|
|
|
sock.set_send_buffer_size(1024*1024).unwrap();
|
|
|
|
sock.set_recv_buffer_size(1024*1024).unwrap();
|
|
|
|
acceptor.accept(sock).map_err(|e| e.into())
|
|
|
|
})
|
2019-03-18 13:13:44 +00:00
|
|
|
.then(|r| match r {
|
|
|
|
// accept()s can fail here with an Err() when eg. the client rejects
|
|
|
|
// the cert and closes the connection, so we follow up with mapping
|
|
|
|
// it to an option and then filtering None with filter_map
|
|
|
|
Ok(c) => Ok::<_, Error>(Some(c)),
|
|
|
|
Err(e) => {
|
|
|
|
if let Some(_io) = e.downcast_ref::<std::io::Error>() {
|
|
|
|
// "real" IO errors should not simply be ignored
|
|
|
|
bail!("shutting down...");
|
|
|
|
} else {
|
|
|
|
// handshake errors just get filtered by filter_map() below:
|
|
|
|
Ok(None)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
.filter_map(|r| {
|
|
|
|
// Filter out the Nones
|
|
|
|
r
|
|
|
|
});
|
2019-04-10 06:24:32 +00:00
|
|
|
|
2019-03-18 13:13:44 +00:00
|
|
|
Ok(hyper::Server::builder(connections)
|
2019-04-10 06:24:32 +00:00
|
|
|
.serve(rest_server)
|
|
|
|
.with_graceful_shutdown(server::shutdown_future())
|
|
|
|
.map_err(|err| eprintln!("server error: {}", err))
|
2019-03-18 13:13:44 +00:00
|
|
|
)
|
2019-03-11 08:38:35 +00:00
|
|
|
},
|
|
|
|
)?;
|
|
|
|
|
2019-04-25 08:38:26 +00:00
|
|
|
daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
|
|
|
|
|
2019-04-08 12:00:23 +00:00
|
|
|
tokio::run(lazy(|| {
|
|
|
|
|
2019-04-09 10:15:06 +00:00
|
|
|
let init_result: Result<(), Error> = try_block!({
|
|
|
|
server::create_task_control_socket()?;
|
|
|
|
server::server_state_init()?;
|
|
|
|
Ok(())
|
|
|
|
});
|
|
|
|
|
|
|
|
if let Err(err) = init_result {
|
2019-04-08 12:00:23 +00:00
|
|
|
eprintln!("unable to start daemon - {}", err);
|
|
|
|
} else {
|
2019-04-10 06:24:32 +00:00
|
|
|
tokio::spawn(server.then(|_| {
|
|
|
|
log::info!("done - exit server");
|
|
|
|
Ok(())
|
|
|
|
}));
|
2019-04-08 12:00:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}));
|
|
|
|
|
2019-02-11 13:43:26 +00:00
|
|
|
Ok(())
|
2019-01-28 12:17:03 +00:00
|
|
|
}
|