From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id AA8FE9B8B3 for ; Tue, 21 Nov 2023 11:08:53 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8C8EE60FE for ; Tue, 21 Nov 2023 11:08:53 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 21 Nov 2023 11:08:52 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id B819A40D10 for ; Tue, 21 Nov 2023 11:08:52 +0100 (CET) From: Max Carrara To: pbs-devel@lists.proxmox.com Date: Tue, 21 Nov 2023 11:08:46 +0100 Message-Id: <20231121100846.216207-4-m.carrara@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231121100846.216207-1-m.carrara@proxmox.com> References: <20231121100846.216207-1-m.carrara@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.068 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pbs-devel] [PATCH v4 proxmox-backup 3/3] proxy: redirect HTTP requests to HTTPS X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2023 10:08:53 -0000 Signed-off-by: Max Carrara --- Changes v1 --> v2: * Incorporate changes of the previous two patches correspondingly Changes v2 --> v3: * None Changes v3 --> v4: * Use `try_join!` instead of allocating the tasks' handles in a `Vec` and iterating over them src/bin/proxmox-backup-proxy.rs | 41 ++++++++++++++++++++++++++------- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index f38a02bd..16520bd9 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -1,7 +1,7 @@ use std::path::{Path, PathBuf}; use std::sync::{Arc, Mutex}; -use anyhow::{bail, format_err, Error}; +use anyhow::{bail, format_err, Context, Error}; use futures::*; use http::request::Parts; use http::Response; @@ -23,8 +23,8 @@ use proxmox_sys::{task_log, task_warn}; use pbs_datastore::DataStore; use proxmox_rest_server::{ - cleanup_old_tasks, cookie_from_header, rotate_task_log_archive, ApiConfig, RestEnvironment, - RestServer, WorkerTask, + cleanup_old_tasks, cookie_from_header, rotate_task_log_archive, ApiConfig, Redirector, + RestEnvironment, RestServer, WorkerTask, }; use proxmox_backup::rrd_cache::{ @@ -253,6 +253,7 @@ async fn run() -> Result<(), Error> { )?; let rest_server = RestServer::new(config); + let redirector = Redirector::new(); proxmox_rest_server::init_worker_tasks( pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(), file_opts.clone(), @@ -288,23 +289,47 @@ async fn run() -> Result<(), Error> { Ok(Value::Null) })?; - let connections = proxmox_rest_server::connection::AcceptBuilder::with_acceptor(acceptor) + let connections = proxmox_rest_server::connection::AcceptBuilder::new() .debug(debug) .rate_limiter_lookup(Arc::new(lookup_rate_limiter)) .tcp_keepalive_time(PROXMOX_BACKUP_TCP_KEEPALIVE_TIME); + let server = daemon::create_daemon( ([0, 0, 0, 0, 0, 0, 0, 0], 8007).into(), move |listener| { - let connections = connections.accept(listener); + let (secure_connections, insecure_connections) = + connections.accept_tls_optional(listener, acceptor); Ok(async { daemon::systemd_notify(daemon::SystemdNotify::Ready)?; - hyper::Server::builder(connections) + let secure_server = hyper::Server::builder(secure_connections) .serve(rest_server) .with_graceful_shutdown(proxmox_rest_server::shutdown_future()) - .map_err(Error::from) - .await + .map_err(Error::from); + + let insecure_server = hyper::Server::builder(insecure_connections) + .serve(redirector) + .with_graceful_shutdown(proxmox_rest_server::shutdown_future()) + .map_err(Error::from); + + let (secure_res, insecure_res) = + try_join!(tokio::spawn(secure_server), tokio::spawn(insecure_server)) + .context("failed to complete REST server task")?; + + let results = [secure_res, insecure_res]; + + if results.iter().any(Result::is_err) { + let cat_errors = results + .into_iter() + .filter_map(|res| res.err().map(|err| err.to_string())) + .collect::>() + .join("\n"); + + bail!(cat_errors); + } + + Ok(()) }) }, Some(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN), -- 2.39.2