Add default service config

.build/DEB/postinst

@@ -2,8 +2,19 @@
 
 set -e
 
+# Create rpxy user if it doesn't exist
+if ! id rpxy >/dev/null 2>&1; then
+    useradd --system --no-create-home --shell /usr/sbin/nologin rpxy
+fi
+
+# Set correct user for config directory
+if [ -d /etc/rpxy ]; then
+    chown -R rpxy:rpxy /etc/rpxy
+fi
+
+# Reload systemd, enable and start the service
 systemctl daemon-reload
 systemctl enable rpxy
 systemctl start rpxy
 
-exit 0
+exit 0

.build/DEB/postrm

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+# Remove the rpxy user and configuration directory only if purging the package
+if [ "$1" = "purge" ]; then
+    if id rpxy >/dev/null 2>&1; then
+        userdel rpxy
+    fi
+
+    # Remove config directory
+    if [ -d /etc/rpxy ]; then
+        rm -rf /etc/rpxy
+    fi
+fi
+
+exit 0

.build/DEB/prerm

@@ -2,7 +2,9 @@
 
 set -e
 
+# Stop and disable the service before removing
 systemctl stop rpxy || true
 systemctl disable rpxy || true
+systemctl daemon-reload
 
-exit 0
+exit 0

.build/Jenkinsfile

@@ -63,11 +63,12 @@ pipeline {
                         mv rust-rpxy/.build/DEB/prerm .
                         mv rust-rpxy/.build/RPM/rpxy.spec .
                         mv rust-rpxy/.build/rpxy-start.sh .
+                        mv rust-rpxy/.build/config.toml .
                         mv rust-rpxy/.build/rpxy.service .
                         '''
                         stash includes: "control, postinst, prerm, rpxy-start.sh", name: "deb-control"
                         stash includes: "rpxy.spec", name: "rpm-spec"
-                        stash includes: "rpxy.service", name: "service-file"
+                        stash includes: "rpxy.service, config.toml", name: "service-file"
 
                         // Stash LICENSE and README.md
                         sh 'mv rust-rpxy/LICENSE .'
@@ -113,7 +114,7 @@ pipeline {
                         sh """
                         mkdir -p rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
                         mkdir -p rpxy-${env.BUILD_VERSION}
-                        mv rpxy rpxy.service LICENSE README.md rpxy-${env.BUILD_VERSION}/
+                        mv rpxy rpxy.service LICENSE README.md config.toml rpxy-${env.BUILD_VERSION}/
                         tar -czf rpmbuild/SOURCES/rpxy-${env.BUILD_VERSION}.tar.gz rpxy-${env.BUILD_VERSION}/
                         rm -rf rpxy-${env.BUILD_VERSION}
                         """
@@ -171,6 +172,7 @@ pipeline {
                         mkdir -p rpxy_${env.BUILD_VERSION}-1_amd64/usr/local/bin
                         mkdir -p rpxy_${env.BUILD_VERSION}-1_amd64/etc/systemd/system
                         mkdir -p rpxy_${env.BUILD_VERSION}-1_amd64/usr/share/doc/rpxy
+                        mkdir -p rpxy_${env.BUILD_VERSION}-1_amd64/etc/rpxy
                         mkdir -p rpxy_${env.BUILD_VERSION}-1_amd64/DEBIAN
                         """
 
@@ -184,11 +186,12 @@ pipeline {
                         chmod 0755 rpxy_${env.BUILD_VERSION}-1_amd64/usr/local/bin/rpxy-start.sh
                         """
 
-                        // Move binary, service file, control file, LICENSE, and README.md
+                        // Move binary, service, control and config file, LICENSE, and README.md
                         sh """
                         mv rpxy rpxy_${env.BUILD_VERSION}-1_amd64/usr/bin/
                         mv rpxy.service rpxy_${env.BUILD_VERSION}-1_amd64/etc/systemd/system/
                         mv LICENSE README.md rpxy_${env.BUILD_VERSION}-1_amd64/usr/share/doc/rpxy/
+                        mv config.toml rpxy_${env.BUILD_VERSION}-1_amd64/etc/rpxy/
                         mv control rpxy_${env.BUILD_VERSION}-1_amd64/DEBIAN/
                         """
 

.build/RPM/rpxy.spec

@@ -18,10 +18,16 @@ This rpm installs rpxy into /usr/bin and sets up a systemd service.
 
 %install
 rm -rf %{buildroot}
+# Copy binary
 mkdir -p %{buildroot}%{_bindir}
 cp rpxy %{buildroot}%{_bindir}/
+# Create systemd service
 mkdir -p %{buildroot}%{_sysconfdir}/systemd/system
 cp rpxy.service %{buildroot}%{_sysconfdir}/systemd/system/
+# Create config directory
+mkdir -p %{buildroot}%{_sysconfdir}/rpxy/acme_registry
+cp config.toml %{buildroot}%{_sysconfdir}/rpxy/
+# Copy documentation
 mkdir -p %{buildroot}%{_docdir}/rpxy
 cp LICENSE %{buildroot}%{_docdir}/rpxy/
 cp README.md %{buildroot}%{_docdir}/rpxy/
@@ -29,18 +35,52 @@ cp README.md %{buildroot}%{_docdir}/rpxy/
 %clean
 rm -rf %{buildroot}
 
+%pre
+# Create the rpxy user if it does not exist
+if ! id rpxy >/dev/null 2>&1; then
+    /usr/sbin/useradd -r -s /bin/false -d / -c "rpxy system user" rpxy
+fi
+
+%post
+# Set ownership of config file to rpxy user
+chown -R rpxy:rpxy %{_sysconfdir}/rpxy
+
+# Reload systemd, enable and start rpxy service
+systemctl daemon-reload
+systemctl enable rpxy
+if [ $1 -eq 1 ]; then
+    systemctl start rpxy
+fi
+
+%preun
+# Stop the service on uninstall or upgrade
+if [ $1 -eq 0 ]; then
+    systemctl stop rpxy
+fi
+
+%postun
+# On uninstall, disable the service and reload systemd
+if [ $1 -eq 0 ]; then
+    systemctl disable rpxy
+    systemctl daemon-reload
+fi
+
+# Remove rpxy user only if package is being completely removed (not upgraded)
+if [ $1 -eq 0 ]; then
+    # Check if the rpxy user exists before attempting to delete
+    if id rpxy >/dev/null 2>&1; then
+        /usr/sbin/userdel rpxy
+    fi
+
+    # Remove the configuration directory if it exists and is empty
+    if [ -d %{_sysconfdir}/rpxy ]; then
+        rm -rf %{_sysconfdir}/rpxy
+    fi
+fi
+
 %files
 %license %{_docdir}/rpxy/LICENSE
 %doc %{_docdir}/rpxy/README.md
-%{_bindir}/rpxy
 %{_sysconfdir}/systemd/system/rpxy.service
-
+%attr(-, rpxy, rpxy) %{_bindir}/rpxy
-%post
+%attr(-, rpxy, rpxy) %config(noreplace) %{_sysconfdir}/rpxy/config.toml
-systemctl daemon-reload
-systemctl enable rpxy
-
-%preun
-systemctl stop rpxy
-
-%postun
-systemctl disable rpxy

.build/config.toml

@@ -0,0 +1,86 @@
+########################################
+#                                      #
+#       rust-rxpy configuration        #
+#                                      #
+########################################
+###################################
+#         Global settings         #
+###################################
+# Both or either one of http/https ports must be specified
+listen_port = 80
+listen_port_tls = 443
+
+# Optional for h2 and http1.1
+tcp_listen_backlog = 1024
+
+# Optional for h2 and http1.1
+max_concurrent_streams = 100
+
+# Optional. Counted in total for http1.1, 2, 3
+max_clients = 512
+
+# Optional: Listen [::]
+listen_ipv6 = false
+
+# Optional: App that serves all plaintext http request by referring to HOSTS or request header
+# execpt for configured application.
+# Note that this is only for http.
+# Note that nothing is served for requests via https since secure channel cannot be
+# established for unconfigured server_name, and they are always rejected by checking SNI.
+# default_app = 'another_localhost'
+
+###################################
+#         Backend settings        #
+###################################
+[apps]
+
+######################################################################
+## Registering a backend app served by a domain name "localhost"
+#[apps.localhost]
+#server_name = 'localhost' # Domain name
+
+# Optional: TLS setting. if https_port is specified and tls is true above, either of this must be given.
+#tls = { https_redirection = true, tls_cert_path = '/certs/server.crt', tls_cert_key_path = '/certs/server.key' }
+#tls = { https_redirection = true, acme = true }
+
+############################################
+# For more settings check:                 #
+# https://github.com/junkurihara/rust-rpxy #
+############################################
+
+###################################
+#      Experimantal settings      #
+###################################
+[experimental]
+# Higly recommend not to be true. If true, you ignore RFC. if not specified, it is always false.
+# This might be required to be true when a certificate is used by multiple backend hosts, especially in case where a TLS connection is re-used.
+# We should note that this strongly depends on the client implementation.
+ignore_sni_consistency = false
+
+# Force connection handling timeout regardless of the connection status, i.e., idle or not.
+# 0 represents an infinite timeout. [default: 0]
+# Note that idel and header read timeouts are always specified independently of this.
+connection_handling_timeout = 0 # sec
+
+# If this specified, h3 is enabled
+[experimental.h3]
+alt_svc_max_age = 3600             # sec
+request_max_body_size = 65536      # bytes
+max_concurrent_connections = 10000
+max_concurrent_bidistream = 100
+max_concurrent_unistream = 100
+max_idle_timeout = 10              # secs. 0 represents an infinite timeout.
+# WARNING: If a peer or its network path malfunctions or acts maliciously, an infinite idle timeout can result in permanently hung futures!
+
+# If this specified, file cache feature is enabled
+[experimental.cache]
+cache_dir = '/tmp/rpxy/.cache'                # optional. default is "./cache" relative to the current working directory
+max_cache_entry = 1000               # optional. default is 1k
+max_cache_each_size = 65535          # optional. default is 64k
+max_cache_each_size_on_memory = 4096 # optional. default is 4k if 0, it is always file cache.
+
+# ACME settings. Unless specified, ACME is disabled.
+[experimental.acme]
+dir_url = "https://acme-v02.api.letsencrypt.org/directory"
+email = "test@example.com"
+registry_path = "/etc/rpxy/acme_registry"

.build/rpxy-start.sh

@@ -1,10 +1,29 @@
 #!/bin/bash
 
+# Ensure the cache directory exists as it could get deleted on system restart
+if [ ! -d /tmp/rpxy/.cache ]; then
+    # Create the temporary directory for rpxy
+    mkdir -p /tmp/rpxy/.cache
+    chown -R rpxy:rpxy /tmp/rpxy
+    chmod 700 /tmp/rpxy/.cache
+fi
+
 # Check if rpxy-webui is installed
 if dpkg-query -W -f='${Status}' rpxy-webui 2>/dev/null | grep -q "install ok installed"; then
     echo "rpxy-webui is installed. Starting rpxy with rpxy-webui"
-    exec /usr/local/bin/rpxy --enable-webui
+    exec /usr/local/bin/rpxy -w -c /var/www/rpxy-webui/storage/app/config.toml
 else
     echo "rpxy-webui is not installed. Starting with default config"
-    exec /usr/local/bin/rpxy
+    
+    # Ensure the /etc/rpxy directory exists
+    if [ ! -d /etc/rpxy ]; then
+        mkdir -p /etc/rpxy
+    fi
+    
+    # Create the config file if it doesn't exist
+    if [ ! -f /etc/rpxy/config.toml ]; then
+        echo "# Default rpxy config file" > /etc/rpxy/config.toml
+    fi
+    
+    exec /usr/local/bin/rpxy -c /etc/rpxy/config.toml
 fi

.build/rpxy.service

@@ -5,7 +5,8 @@ After=network.target
 [Service]
 ExecStart=/usr/local/bin/rpxy-start.sh
 Restart=always
-User=nobody
+User=rpxy
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy=multi-user.target