public inbox for pbs-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Max Carrara <m.carrara@proxmox.com>
Cc: pbs-devel@lists.proxmox.com
Subject: Re: [pbs-devel] [PATCH v3 proxmox-backup 3/3] proxy: redirect HTTP requests to HTTPS
Date: Fri, 3 Nov 2023 11:24:25 +0100	[thread overview]
Message-ID: <mjqsjpddx44w5jyejl3wxw6opskvcl5sef2hch22bsuwekkjrz@vmrhvriijtxl> (raw)
In-Reply-To: <20231031184705.1142244-4-m.carrara@proxmox.com>

On Tue, Oct 31, 2023 at 07:47:05PM +0100, Max Carrara wrote:
> Signed-off-by: Max Carrara <m.carrara@proxmox.com>
> ---
>  Changes v1 --> v2:
>   * Incorporate changes of the previous two patches correspondingly
> 
>  Changes v2 --> v3:
>   * None
> 
>  src/bin/proxmox-backup-proxy.rs | 46 ++++++++++++++++++++++++++++-----
>  1 file changed, 39 insertions(+), 7 deletions(-)
> 
> diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
> index f38a02bd..f69f5bfc 100644
> --- a/src/bin/proxmox-backup-proxy.rs
> +++ b/src/bin/proxmox-backup-proxy.rs
> @@ -23,8 +23,8 @@ use proxmox_sys::{task_log, task_warn};
>  use pbs_datastore::DataStore;
>  
>  use proxmox_rest_server::{
> -    cleanup_old_tasks, cookie_from_header, rotate_task_log_archive, ApiConfig, RestEnvironment,
> -    RestServer, WorkerTask,
> +    cleanup_old_tasks, cookie_from_header, rotate_task_log_archive, ApiConfig, Redirector,
> +    RestEnvironment, RestServer, WorkerTask,
>  };
>  
>  use proxmox_backup::rrd_cache::{
> @@ -253,6 +253,7 @@ async fn run() -> Result<(), Error> {
>          )?;
>  
>      let rest_server = RestServer::new(config);
> +    let redirector = Redirector::new();
>      proxmox_rest_server::init_worker_tasks(
>          pbs_buildcfg::PROXMOX_BACKUP_LOG_DIR_M!().into(),
>          file_opts.clone(),
> @@ -288,23 +289,54 @@ async fn run() -> Result<(), Error> {
>          Ok(Value::Null)
>      })?;
>  
> -    let connections = proxmox_rest_server::connection::AcceptBuilder::with_acceptor(acceptor)
> +    let connections = proxmox_rest_server::connection::AcceptBuilder::new()
>          .debug(debug)
>          .rate_limiter_lookup(Arc::new(lookup_rate_limiter))
>          .tcp_keepalive_time(PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
> +
>      let server = daemon::create_daemon(
>          ([0, 0, 0, 0, 0, 0, 0, 0], 8007).into(),
>          move |listener| {
> -            let connections = connections.accept(listener);
> +            let (secure_connections, insecure_connections) =
> +                connections.accept_tls_optional(listener, acceptor);
>  
>              Ok(async {
>                  daemon::systemd_notify(daemon::SystemdNotify::Ready)?;
>  
> -                hyper::Server::builder(connections)
> +                let secure_server = hyper::Server::builder(secure_connections)
>                      .serve(rest_server)
>                      .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
> -                    .map_err(Error::from)
> -                    .await
> +                    .map_err(Error::from);
> +
> +                let insecure_server = hyper::Server::builder(insecure_connections)
> +                    .serve(redirector)
> +                    .with_graceful_shutdown(proxmox_rest_server::shutdown_future())
> +                    .map_err(Error::from);
> +
> +                let handles = vec![tokio::spawn(secure_server), tokio::spawn(insecure_server)];

Maybe we should just detach the redirection-handler and potentially give
it a retry logic and finally fail it with a log message.

Otherwise, this shouldn't need to be a Vec, a regular array should work,
skips the extra allocation.

> +
> +                let mut results: Vec<Result<(), Error>> = vec![];
> +
> +                for res_handle in futures::future::join_all(handles).await.into_iter() {
> +                    let flattened_res = match res_handle {
> +                        Ok(inner) => inner,
> +                        Err(err) => Err(format_err!(err)),
> +                    };
> +
> +                    results.push(flattened_res);
> +                }
> +
> +                if results.iter().any(Result::is_err) {
> +                    let cat_errors = results
> +                        .into_iter()
> +                        .filter_map(|res| res.err().map(|err| err.to_string()))
> +                        .collect::<Vec<_>>()
> +                        .join("\n");
> +
> +                    return Err(format_err!(cat_errors));
> +                }
> +
> +                Ok(())
>              })
>          },
>          Some(pbs_buildcfg::PROXMOX_BACKUP_PROXY_PID_FN),
> -- 
> 2.39.2




  reply	other threads:[~2023-11-03 10:25 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-31 18:47 [pbs-devel] [PATCH v3 proxmox, proxmox-backup 0/3] Add support for HTTP to HTTPS redirection Max Carrara
2023-10-31 18:47 ` [pbs-devel] [PATCH v3 proxmox 1/3] rest-server: Refactor `AcceptBuilder`, provide support for optional TLS Max Carrara
2023-11-16  7:35   ` Wolfgang Bumiller
2023-10-31 18:47 ` [pbs-devel] [PATCH v3 proxmox 2/3] rest-server: Add `Redirector` Max Carrara
2023-11-03 10:17   ` Wolfgang Bumiller
2023-10-31 18:47 ` [pbs-devel] [PATCH v3 proxmox-backup 3/3] proxy: redirect HTTP requests to HTTPS Max Carrara
2023-11-03 10:24   ` Wolfgang Bumiller [this message]
2023-11-15 15:22     ` Max Carrara
2023-11-16  7:35       ` Wolfgang Bumiller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=mjqsjpddx44w5jyejl3wxw6opskvcl5sef2hch22bsuwekkjrz@vmrhvriijtxl \
    --to=w.bumiller@proxmox.com \
    --cc=m.carrara@proxmox.com \
    --cc=pbs-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal