proxy: use TLS via tokio-tls
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
parent
b369f720f5
commit
0d176f3681
|
@ -19,6 +19,8 @@ url = "1.7"
|
||||||
futures = "0.1"
|
futures = "0.1"
|
||||||
tokio-threadpool = "0.1"
|
tokio-threadpool = "0.1"
|
||||||
tokio = "0.1"
|
tokio = "0.1"
|
||||||
|
tokio-tls = "0.2.1"
|
||||||
|
native-tls = "0.2.2"
|
||||||
http = "0.1"
|
http = "0.1"
|
||||||
hyper = "0.12"
|
hyper = "0.12"
|
||||||
lazy_static = "1.1"
|
lazy_static = "1.1"
|
||||||
|
@ -35,4 +37,4 @@ walkdir = "2"
|
||||||
md5 = "0.6"
|
md5 = "0.6"
|
||||||
base64 = "0.10"
|
base64 = "0.10"
|
||||||
pam-sys = "0.5"
|
pam-sys = "0.5"
|
||||||
pam-auth = "0.5"
|
pam-auth = "0.5"
|
||||||
|
|
|
@ -5,10 +5,11 @@ use proxmox_backup::api::config::*;
|
||||||
use proxmox_backup::server::rest::*;
|
use proxmox_backup::server::rest::*;
|
||||||
use proxmox_backup::auth_helpers::*;
|
use proxmox_backup::auth_helpers::*;
|
||||||
|
|
||||||
//use failure::*;
|
use failure::*;
|
||||||
use lazy_static::lazy_static;
|
use lazy_static::lazy_static;
|
||||||
|
|
||||||
use futures::future::Future;
|
use futures::future::Future;
|
||||||
|
use futures::stream::Stream;
|
||||||
|
|
||||||
use hyper;
|
use hyper;
|
||||||
|
|
||||||
|
@ -25,8 +26,6 @@ fn main() {
|
||||||
let _ = public_auth_key(); // load with lazy_static
|
let _ = public_auth_key(); // load with lazy_static
|
||||||
let _ = csrf_secret(); // load with lazy_static
|
let _ = csrf_secret(); // load with lazy_static
|
||||||
|
|
||||||
let addr = ([0,0,0,0,0,0,0,0], 8007).into();
|
|
||||||
|
|
||||||
lazy_static!{
|
lazy_static!{
|
||||||
static ref ROUTER: Router = proxmox_backup::api2::router();
|
static ref ROUTER: Router = proxmox_backup::api2::router();
|
||||||
}
|
}
|
||||||
|
@ -47,7 +46,33 @@ fn main() {
|
||||||
|
|
||||||
let rest_server = RestServer::new(config);
|
let rest_server = RestServer::new(config);
|
||||||
|
|
||||||
let server = hyper::Server::bind(&addr)
|
let identity =
|
||||||
|
native_tls::Identity::from_pkcs12(
|
||||||
|
&std::fs::read("server.pfx").unwrap(),
|
||||||
|
"",
|
||||||
|
).unwrap();
|
||||||
|
|
||||||
|
let addr = ([0,0,0,0,0,0,0,0], 8007).into();
|
||||||
|
let listener = tokio::net::TcpListener::bind(&addr).unwrap();
|
||||||
|
let acceptor = native_tls::TlsAcceptor::new(identity).unwrap();
|
||||||
|
let acceptor = std::sync::Arc::new(tokio_tls::TlsAcceptor::from(acceptor));
|
||||||
|
let connections = listener
|
||||||
|
.incoming()
|
||||||
|
.map_err(|e| Error::from(e))
|
||||||
|
.and_then(move |sock| acceptor.accept(sock).map_err(|e| e.into()))
|
||||||
|
.then(|r| match r {
|
||||||
|
// accept()s can fail here with an Err() when eg. the client rejects
|
||||||
|
// the cert and closes the connection, so we follow up with mapping
|
||||||
|
// it to an option and then filtering None with filter_map
|
||||||
|
Ok(c) => Ok::<_, Error>(Some(c)),
|
||||||
|
Err(_) => Ok(None),
|
||||||
|
})
|
||||||
|
.filter_map(|r| {
|
||||||
|
// Filter out the Nones
|
||||||
|
r
|
||||||
|
});
|
||||||
|
|
||||||
|
let server = hyper::Server::builder(connections)
|
||||||
.serve(rest_server)
|
.serve(rest_server)
|
||||||
.map_err(|e| eprintln!("server error: {}", e));
|
.map_err(|e| eprintln!("server error: {}", e));
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue