wip: started to integrate rpxy-certs to rpxy-lib

2024-05-28 20:03:46 +09:00 · 2024-05-28 20:03:46 +09:00 · 2f9f0a1122
commit 2f9f0a1122
parent 7632b1fdeb
8 changed files with 81 additions and 32 deletions
--- a/rpxy-bin/src/cert_file_reader.rs
+++ b/rpxy-bin/src/cert_file_reader.rs
@ -69,12 +69,10 @@ fn read_certs_and_keys(

  let certs: Vec<_> = {
    let certs_path_str = cert_path.display().to_string();
-    let mut reader = BufReader::new(File::open(cert_path).map_err(|e| {
-      io::Error::new(
-        e.kind(),
-        format!("Unable to load the certificates [{certs_path_str}]: {e}"),
-      )
-    })?);
+    let mut reader = BufReader::new(
+      File::open(cert_path)
+        .map_err(|e| io::Error::new(e.kind(), format!("Unable to load the certificates [{certs_path_str}]: {e}")))?,
+    );
    rustls_pemfile::certs(&mut reader)
      .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "Unable to parse the certificates"))?
  }
--- a/rpxy-bin/src/config/parse.rs
+++ b/rpxy-bin/src/config/parse.rs
@ -97,13 +97,16 @@ pub fn build_settings(config: &ConfigToml) -> std::result::Result<(ProxyConfig,
 pub async fn build_cert_manager(
  config: &ConfigToml,
 ) -> Result<
-  (
+  Option<(
    ReloaderService<CryptoReloader, ServerCryptoBase>,
    ReloaderReceiver<ServerCryptoBase>,
-  ),
+  )>,
  anyhow::Error,
 > {
  let apps = config.apps.as_ref().ok_or(anyhow!("No apps"))?;
+  if config.listen_port_tls.is_none() {
+    return Ok(None);
+  }
  let mut crypto_source_map = HashMap::default();
  for app in apps.0.values() {
    if let Some(tls) = app.tls.as_ref() {
@ -118,5 +121,5 @@ pub async fn build_cert_manager(
    }
  }
  let res = build_cert_reloader(&crypto_source_map, None).await?;
-  Ok(res)
+  Ok(Some(res))
 }
--- a/rpxy-bin/src/main.rs
+++ b/rpxy-bin/src/main.rs
@ -66,20 +66,14 @@ async fn rpxy_service_without_watcher(
  info!("Start rpxy service");
  let config_toml = ConfigToml::new(config_file_path).map_err(|e| anyhow!("Invalid toml file: {e}"))?;
  let (proxy_conf, app_conf) = build_settings(&config_toml).map_err(|e| anyhow!("Invalid configuration: {e}"))?;
-  let (cert_service, cert_rx) = build_cert_manager(&config_toml)
+
+  let cert_service_and_rx = build_cert_manager(&config_toml)
    .await
    .map_err(|e| anyhow!("Invalid cert configuration: {e}"))?;

-  tokio::select! {
-    rpxy_res = entrypoint(&proxy_conf, &app_conf, &runtime_handle, None) => {
-      error!("rpxy entrypoint exited");
-      rpxy_res.map_err(|e| anyhow!(e))
-    }
-    cert_res = cert_service.start() => {
-      error!("cert reloader service exited");
-      cert_res.map_err(|e| anyhow!(e))
-    }
-  }
+  rpxy_entrypoint(&proxy_conf, &app_conf, cert_service_and_rx.as_ref(), &runtime_handle, None)
+    .await
+    .map_err(|e| anyhow!(e))
 }

 async fn rpxy_service_with_watcher(
@ -95,7 +89,7 @@ async fn rpxy_service_with_watcher(
    .ok_or(anyhow!("Something wrong in config reloader receiver"))?;
  let (mut proxy_conf, mut app_conf) = build_settings(&config_toml).map_err(|e| anyhow!("Invalid configuration: {e}"))?;

-  let (mut cert_service, mut cert_rx) = build_cert_manager(&config_toml)
+  let mut cert_service_and_rx = build_cert_manager(&config_toml)
    .await
    .map_err(|e| anyhow!("Invalid cert configuration: {e}"))?;

@ -105,8 +99,8 @@ async fn rpxy_service_with_watcher(
  // Continuous monitoring
  loop {
    tokio::select! {
-      rpxy_res = entrypoint(&proxy_conf, &app_conf, &runtime_handle, Some(term_notify.clone())) => {
-        error!("rpxy entrypoint exited");
+      rpxy_res = rpxy_entrypoint(&proxy_conf, &app_conf, cert_service_and_rx.as_ref(), &runtime_handle, Some(term_notify.clone())) => {
+        error!("rpxy entrypoint or cert service exited");
        return rpxy_res.map_err(|e| anyhow!(e));
      }
      _ = config_rx.changed() => {
@ -124,8 +118,8 @@ async fn rpxy_service_with_watcher(
          }
        };
        match build_cert_manager(&config_toml).await {
-          Ok((c, r)) => {
-            (cert_service, cert_rx) = (c, r)
+          Ok(c) => {
+            cert_service_and_rx = c;
          },
          Err(e) => {
            error!("Invalid cert configuration. Configuration does not updated: {e}");
@ -137,13 +131,38 @@ async fn rpxy_service_with_watcher(
        term_notify.notify_waiters();
        // tokio::time::sleep(tokio::time::Duration::from_secs(1)).await;
      }
-      cert_res = cert_service.start() => {
-        error!("cert reloader service exited");
-        return cert_res.map_err(|e| anyhow!(e));
-      }
      else => break
    }
  }

  Ok(())
 }
+
+/// Wrapper of entry point for rpxy service with certificate management service
+async fn rpxy_entrypoint(
+  proxy_config: &rpxy_lib::ProxyConfig,
+  app_config_list: &rpxy_lib::AppConfigList<cert_file_reader::CryptoFileSource>,
+  cert_service_and_rx: Option<&(
+    ReloaderService<rpxy_certs::CryptoReloader, rpxy_certs::ServerCryptoBase>,
+    ReloaderReceiver<rpxy_certs::ServerCryptoBase>,
+  )>, // TODO:
+  runtime_handle: &tokio::runtime::Handle,
+  term_notify: Option<std::sync::Arc<tokio::sync::Notify>>,
+) -> Result<(), anyhow::Error> {
+  if let Some((cert_service, cert_rx)) = cert_service_and_rx {
+    tokio::select! {
+      rpxy_res = entrypoint(proxy_config, app_config_list, Some(cert_rx), runtime_handle, term_notify) => {
+        error!("rpxy entrypoint exited");
+        rpxy_res.map_err(|e| anyhow!(e))
+      }
+      cert_res = cert_service.start() => {
+        error!("cert reloader service exited");
+        cert_res.map_err(|e| anyhow!(e))
+      }
+    }
+  } else {
+    entrypoint(proxy_config, app_config_list, None, runtime_handle, term_notify)
+      .await
+      .map_err(|e| anyhow!(e))
+  }
+}