src/bin/proxmox-backup-proxy.rs: implement unpriviledged server
We want to run the public server as user www-data. Requests needing root priviledges needs to be proxied to the proxmox-backup.service, which now listens to 127.0.0.1:82.
This commit is contained in:
parent
48849593ee
commit
02c7a75520
1
debian/install
vendored
1
debian/install
vendored
@ -1,4 +1,5 @@
|
||||
target/release/proxmox-backup-api /usr/sbin
|
||||
target/release/proxmox-backup-proxy /usr/bin
|
||||
target/release/proxmox-backup-manager /usr/sbin
|
||||
target/release/proxmox-backup-client /usr/sbin
|
||||
target/release/catar /usr/sbin
|
||||
|
16
debian/proxmox-backup-proxy.service
vendored
Normal file
16
debian/proxmox-backup-proxy.service
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
[Unit]
|
||||
Description=Proxmox API Proxy Server
|
||||
ConditionPathExists=/usr/bin/proxmox-backup-proxy
|
||||
Wants=proxmox-backup.service
|
||||
After=syslog.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=www-data
|
||||
Group=www-data
|
||||
ExecStart=/usr/bin/proxmox-backup-proxy start
|
||||
Type=simple
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
4
debian/rules
vendored
4
debian/rules
vendored
@ -7,3 +7,7 @@
|
||||
%:
|
||||
dh $@ --with=systemd --with=bash-completion
|
||||
|
||||
|
||||
override_dh_installinit:
|
||||
dh_installinit
|
||||
dh_installinit --name proxmox-backup-proxy
|
||||
|
@ -9,15 +9,17 @@ pub struct ApiConfig {
|
||||
basedir: PathBuf,
|
||||
router: &'static Router,
|
||||
aliases: HashMap<String, PathBuf>,
|
||||
env_type: RpcEnvironmentType,
|
||||
}
|
||||
|
||||
impl ApiConfig {
|
||||
|
||||
pub fn new<B: Into<PathBuf>>(basedir: B, router: &'static Router) -> Self {
|
||||
pub fn new<B: Into<PathBuf>>(basedir: B, router: &'static Router, env_type: RpcEnvironmentType) -> Self {
|
||||
Self {
|
||||
basedir: basedir.into(),
|
||||
router: router,
|
||||
aliases: HashMap::new(),
|
||||
env_type,
|
||||
}
|
||||
}
|
||||
|
||||
@ -58,4 +60,8 @@ impl ApiConfig {
|
||||
{
|
||||
self.aliases.insert(alias.into(), path.into());
|
||||
}
|
||||
|
||||
pub fn env_type(&self) -> RpcEnvironmentType {
|
||||
self.env_type
|
||||
}
|
||||
}
|
||||
|
@ -72,24 +72,14 @@ fn main() {
|
||||
},
|
||||
}
|
||||
|
||||
let addr = ([0,0,0,0,0,0,0,0], 8007).into();
|
||||
let addr = ([127,0,0,1], 82).into();
|
||||
|
||||
lazy_static!{
|
||||
static ref ROUTER: Router = proxmox_backup::api2::router();
|
||||
}
|
||||
|
||||
let mut config = ApiConfig::new("/usr/share/javascript/proxmox-backup", &ROUTER);
|
||||
|
||||
// add default dirs which includes jquery and bootstrap
|
||||
// my $base = '/usr/share/libpve-http-server-perl';
|
||||
// add_dirs($self->{dirs}, '/css/' => "$base/css/");
|
||||
// add_dirs($self->{dirs}, '/js/' => "$base/js/");
|
||||
// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
|
||||
config.add_alias("novnc", "/usr/share/novnc-pve");
|
||||
config.add_alias("extjs", "/usr/share/javascript/extjs");
|
||||
config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
|
||||
config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
|
||||
config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
|
||||
let config = ApiConfig::new(
|
||||
"/usr/share/javascript/proxmox-backup", &ROUTER, RpcEnvironmentType::PRIVILEDGED);
|
||||
|
||||
let rest_server = RestServer::new(config);
|
||||
|
||||
|
104
src/bin/proxmox-backup-proxy.rs
Normal file
104
src/bin/proxmox-backup-proxy.rs
Normal file
@ -0,0 +1,104 @@
|
||||
extern crate proxmox_backup;
|
||||
|
||||
use std::sync::Arc;
|
||||
|
||||
use proxmox_backup::api::schema::*;
|
||||
use proxmox_backup::api::router::*;
|
||||
use proxmox_backup::api::config::*;
|
||||
use proxmox_backup::server::rest::*;
|
||||
use proxmox_backup::getopts;
|
||||
|
||||
//use failure::*;
|
||||
use lazy_static::lazy_static;
|
||||
|
||||
use futures::future::Future;
|
||||
|
||||
use hyper;
|
||||
|
||||
fn main() {
|
||||
|
||||
if let Err(err) = syslog::init(
|
||||
syslog::Facility::LOG_DAEMON,
|
||||
log::LevelFilter::Info,
|
||||
Some("proxmox-backup-proxy")) {
|
||||
eprintln!("unable to inititialize syslog: {}", err);
|
||||
std::process::exit(-1);
|
||||
}
|
||||
|
||||
let command : Arc<Schema> = StringSchema::new("Command.")
|
||||
.format(Arc::new(ApiStringFormat::Enum(vec![
|
||||
"start".into(),
|
||||
"status".into(),
|
||||
"stop".into()
|
||||
])))
|
||||
.into();
|
||||
|
||||
let schema = ObjectSchema::new("Parameters.")
|
||||
.required("command", command);
|
||||
|
||||
let args: Vec<String> = std::env::args().skip(1).collect();
|
||||
|
||||
let options = match getopts::parse_arguments(&args, &vec!["command"], &schema) {
|
||||
Ok((options, rest)) => {
|
||||
if !rest.is_empty() {
|
||||
eprintln!("Error: got additional arguments: {:?}", rest);
|
||||
std::process::exit(-1);
|
||||
}
|
||||
options
|
||||
}
|
||||
Err(err) => {
|
||||
eprintln!("Error: unable to parse arguments:\n{}", err);
|
||||
std::process::exit(-1);
|
||||
}
|
||||
};
|
||||
|
||||
let command = options["command"].as_str().unwrap();
|
||||
|
||||
match command {
|
||||
"start" => {
|
||||
println!("Starting server.");
|
||||
},
|
||||
"stop" => {
|
||||
println!("Stopping server.");
|
||||
std::process::exit(0);
|
||||
},
|
||||
"status" => {
|
||||
println!("Server status.");
|
||||
std::process::exit(0);
|
||||
},
|
||||
_ => {
|
||||
eprintln!("got unexpected command {}", command);
|
||||
std::process::exit(-1);
|
||||
},
|
||||
}
|
||||
|
||||
let addr = ([0,0,0,0,0,0,0,0], 8007).into();
|
||||
|
||||
lazy_static!{
|
||||
static ref ROUTER: Router = proxmox_backup::api2::router();
|
||||
}
|
||||
|
||||
let mut config = ApiConfig::new(
|
||||
"/usr/share/javascript/proxmox-backup", &ROUTER, RpcEnvironmentType::PUBLIC);
|
||||
|
||||
// add default dirs which includes jquery and bootstrap
|
||||
// my $base = '/usr/share/libpve-http-server-perl';
|
||||
// add_dirs($self->{dirs}, '/css/' => "$base/css/");
|
||||
// add_dirs($self->{dirs}, '/js/' => "$base/js/");
|
||||
// add_dirs($self->{dirs}, '/fonts/' => "$base/fonts/");
|
||||
config.add_alias("novnc", "/usr/share/novnc-pve");
|
||||
config.add_alias("extjs", "/usr/share/javascript/extjs");
|
||||
config.add_alias("fontawesome", "/usr/share/fonts-font-awesome");
|
||||
config.add_alias("xtermjs", "/usr/share/pve-xtermjs");
|
||||
config.add_alias("widgettoolkit", "/usr/share/javascript/proxmox-widget-toolkit");
|
||||
|
||||
let rest_server = RestServer::new(config);
|
||||
|
||||
let server = hyper::Server::bind(&addr)
|
||||
.serve(rest_server)
|
||||
.map_err(|e| eprintln!("server error: {}", e));
|
||||
|
||||
|
||||
// Run this server for... forever!
|
||||
hyper::rt::run(server);
|
||||
}
|
@ -397,7 +397,7 @@ pub fn handle_request(api: Arc<ApiConfig>, req: Request<Body>) -> BoxFut {
|
||||
println!("REQUEST {} {}", method, path);
|
||||
println!("COMPO {:?}", components);
|
||||
|
||||
let mut rpcenv = RestEnvironment::new(RpcEnvironmentType::PRIVILEDGED);
|
||||
let mut rpcenv = RestEnvironment::new(api.env_type());
|
||||
|
||||
if comp_len >= 1 && components[0] == "api2" {
|
||||
println!("GOT API REQUEST");
|
||||
|
Loading…
Reference in New Issue
Block a user