From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <m.carrara@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id A3DB79891C
 for <pbs-devel@lists.proxmox.com>; Wed, 15 Nov 2023 16:23:17 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 8787B8FA8
 for <pbs-devel@lists.proxmox.com>; Wed, 15 Nov 2023 16:22:47 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pbs-devel@lists.proxmox.com>; Wed, 15 Nov 2023 16:22:46 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B710043288
 for <pbs-devel@lists.proxmox.com>; Wed, 15 Nov 2023 16:22:46 +0100 (CET)
Message-ID: <a7a4e9a1-bd50-48ee-b193-0b1f6aadf54b@proxmox.com>
Date: Wed, 15 Nov 2023 16:22:45 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Wolfgang Bumiller <w.bumiller@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
References: <20231031184705.1142244-1-m.carrara@proxmox.com>
 <20231031184705.1142244-4-m.carrara@proxmox.com>
 <mjqsjpddx44w5jyejl3wxw6opskvcl5sef2hch22bsuwekkjrz@vmrhvriijtxl>
From: Max Carrara <m.carrara@proxmox.com>
In-Reply-To: <mjqsjpddx44w5jyejl3wxw6opskvcl5sef2hch22bsuwekkjrz@vmrhvriijtxl>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.070 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: Re: [pbs-devel] [PATCH v3 proxmox-backup 3/3] proxy: redirect HTTP
 requests to HTTPS
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2023 15:23:17 -0000

On 11/3/23 11:24, Wolfgang Bumiller wrote:
> On Tue, Oct 31, 2023 at 07:47:05PM +0100, Max Carrara wrote:
>> Signed-off-by: Max Carrara <m.carrara@proxmox.com>
>> ---
>>  Changes v1 --> v2:
>>   * Incorporate changes of the previous two patches correspondingly
>>
>>  Changes v2 --> v3:
>>   * None
>>
>>  src/bin/proxmox-backup-proxy.rs | 46 ++++++++++++++++++++++++++++-----
>>  1 file changed, 39 insertions(+), 7 deletions(-)
>>
>> diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
>> index f38a02bd..f69f5bfc 100644
>> --- a/src/bin/proxmox-backup-proxy.rs
>> +++ b/src/bin/proxmox-backup-proxy.rs
>> @@ -23,8 +23,8 @@ use proxmox_sys::{task_log, task_warn};
>>  use pbs_datastore::DataStore;
>>  
>>  use proxmox_rest_server::{
>> -    cleanup_old_tasks, cookie_from_header, rotate_task_log_archive, ApiConfig, RestEnvironment,
>> -    RestServer, WorkerTask,
>> +    cleanup_old_tasks, cookie_from_header, rotate_task_log_archive, ApiConfig, Redirector,
>> +    RestEnvironment, RestServer, WorkerTask,
>>  };
>>  
>>  use proxmox_backup::rrd_cache::{
>> @@ -253,6 +253,7 @@ async fn run() -> Result<(), Error> {
>>          )?;
>>  
>>      let rest_server = RestServer::new(config);
>> +    let redirector = Redirector::new();
>>      proxmox_rest_server::init_worker_tasks(
>>          pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(),
>>          file_opts.clone(),
>> @@ -288,23 +289,54 @@ async fn run() -> Result<(), Error> {
>>          Ok(Value::Null)
>>      })?;
>>  
>> -    let connections = proxmox_rest_server::connection::AcceptBuilder::with_acceptor(acceptor)
>> +    let connections = proxmox_rest_server::connection::AcceptBuilder::new()
>>          .debug(debug)
>>          .rate_limiter_lookup(Arc::new(lookup_rate_limiter))
>>          .tcp_keepalive_time(PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
>> +
>>      let server = daemon::create_daemon(
>>          ([0, 0, 0, 0, 0, 0, 0, 0], 8007).into(),
>>          move |listener| {
>> -            let connections = connections.accept(listener);
>> +            let (secure_connections, insecure_connections) =
>> +                connections.accept_tls_optional(listener, acceptor);
>>  
>>              Ok(async {
>>                  daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
>>  
>> -                hyper::Server::builder(connections)
>> +                let secure_server = hyper::Server::builder(secure_connections)
>>                      .serve(rest_server)
>>                      .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
>> -                    .map_err(Error::from)
>> -                    .await
>> +                    .map_err(Error::from);
>> +
>> +                let insecure_server = hyper::Server::builder(insecure_connections)
>> +                    .serve(redirector)
>> +                    .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
>> +                    .map_err(Error::from);
>> +
>> +                let handles = vec![tokio::spawn(secure_server), tokio::spawn(insecure_server)];
> 
> Maybe we should just detach the redirection-handler and potentially give
> it a retry logic and finally fail it with a log message.
> 

Did you have anything in particular in mind for the retry logic? I agree with
detaching the redirection-handler, but I don't quite understand what needs
to be retried; if something goes wrong, the entire daemon probably would need
to be recreated, AFAIU.

> Otherwise, this shouldn't need to be a Vec, a regular array should work,
> skips the extra allocation.
> 
>> +
>> +                let mut results: Vec<Result<(), Error>> = vec![];
>> +
>> +                for res_handle in futures::future::join_all(handles).await.into_iter() {
>> +                    let flattened_res = match res_handle {
>> +                        Ok(inner) => inner,
>> +                        Err(err) => Err(format_err!(err)),
>> +                    };
>> +
>> +                    results.push(flattened_res);
>> +                }
>> +
>> +                if results.iter().any(Result::is_err) {
>> +                    let cat_errors = results
>> +                        .into_iter()
>> +                        .filter_map(|res| res.err().map(|err| err.to_string()))
>> +                        .collect::<Vec<_>>()
>> +                        .join("\n");
>> +
>> +                    return Err(format_err!(cat_errors));
>> +                }
>> +
>> +                Ok(())
>>              })
>>          },
>>          Some(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN),
>> -- 
>> 2.39.2