From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 154221FF170 for ; Thu, 7 Aug 2025 17:40:45 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 23911337FD; Thu, 7 Aug 2025 17:42:18 +0200 (CEST) From: Christian Ebner To: pbs-devel@lists.proxmox.com Date: Thu, 7 Aug 2025 17:41:30 +0200 Message-ID: <20250807154130.130646-1-c.ebner@proxmox.com> X-Mailer: git-send-email 2.47.2 MIME-Version: 1.0 X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1754581281745 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.044 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [RFC proxmox-backup] proxy: avoid exiting connection acceptor loop in error case X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" The proxy waits for incoming connections passed along from the REST server inside a loop. If the REST server api_service call however failed with error, the loop was incorrectly exited. Therefore no further connections could be accepted. To fix this, handle the error case gracefully and avoid exiting the loop. The error case can be easily triggered by a HAProxy health check using the following backend config. ``` backend pbs server pbs :8007 check ssl verify none ``` Fixes: https://forum.proxmox.com/threads/169313/ Co-Developed-by: Stefan Hanreich Signed-off-by: Christian Ebner Tested-by: Stefan Hanreich --- Sending this as RFC as it is a rather critical issue and therefore warrants some more feedback. Also, it is not totally clear to me if this fixes all the issues as repoted by the users in the community forum. src/bin/proxmox-backup-proxy.rs | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index 22b545571..cfd93f928 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -306,11 +306,15 @@ async fn run() -> Result<(), Error> { Some(conn) = secure_connections.next() => { match conn { Ok(conn) => { - let api_service = rest_server.api_service(&conn)?; - let watcher = graceful.watcher(); - tokio::spawn(async move { - api_service.serve(conn, Some(watcher)).await - }); + match rest_server.api_service(&conn) { + Ok(api_service) => { + let watcher = graceful.watcher(); + tokio::spawn(async move { + api_service.serve(conn, Some(watcher)).await + }); + } + Err(err) => log::warn!("Failed to get api service: {err:?}"), + } }, Err(err) => { log::warn!("Failed to accept secure connection: {err:?}"); } } -- 2.47.2 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel