From acda890be30fb8ffd97dd1587882ba73eabd4636 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sat, 2 Sep 2023 16:43:22 +0900 Subject: [PATCH 1/8] deps --- rpxy-bin/Cargo.toml | 4 ++-- rpxy-lib/Cargo.toml | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 99ee25f..e82657b 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -24,7 +24,7 @@ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [ anyhow = "1.0.75" rustc-hash = "1.1.0" -serde = { version = "1.0.186", default-features = false, features = ["derive"] } +serde = { version = "1.0.188", default-features = false, features = ["derive"] } derive_builder = "0.12.0" tokio = { version = "1.32.0", default-features = false, features = [ "net", @@ -38,7 +38,7 @@ rustls-pemfile = "1.0.3" mimalloc = { version = "*", default-features = false } # config -clap = { version = "4.3.24", features = ["std", "cargo", "wrap_help"] } +clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] } toml = { version = "0.7.6", default-features = false, features = ["parse"] } hot_reload = "0.1.4" diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index 8dc7c8f..ca40df2 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -53,8 +53,8 @@ hyper-rustls = { version = "0.24.1", default-features = false, features = [ "http2", ] } tokio-rustls = { version = "0.24.1", features = ["early-data"] } -rustls = { version = "0.21.6", default-features = false } -webpki = "0.22.0" +rustls = { version = "0.21.7", default-features = false } +webpki = "0.22.1" x509-parser = "0.15.1" # logging @@ -79,12 +79,12 @@ http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", opt lru = { version = "0.11.0", optional = true } # cookie handling for sticky cookie -chrono = { version = "0.4.26", default-features = false, features = [ +chrono = { version = "0.4.28", default-features = false, features = [ "unstable-locales", "alloc", "clock", ], optional = true } -base64 = { version = "0.21.2", optional = true } +base64 = { version = "0.21.3", optional = true } sha2 = { version = "0.10.7", default-features = false, optional = true } From e5554ed02a6309b1eff58213ef124c18443ddf1d Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Tue, 5 Sep 2023 12:50:35 +0900 Subject: [PATCH 2/8] update checkout@v4 --- .github/workflows/docker_build_push.yml | 14 +++++++------- Cargo.toml | 1 + submodules/quinn | 2 +- submodules/s2n-quic | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/docker_build_push.yml b/.github/workflows/docker_build_push.yml index f7cea2b..4b15d10 100644 --- a/.github/workflows/docker_build_push.yml +++ b/.github/workflows/docker_build_push.yml @@ -53,7 +53,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive @@ -69,6 +69,12 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: @@ -76,12 +82,6 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Nightly build test on amd64 for pull requests if: ${{ github.event_name == 'pull_request' }} uses: docker/build-push-action@v4 diff --git a/Cargo.toml b/Cargo.toml index 29e2277..c512b18 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -2,6 +2,7 @@ members = ["rpxy-bin", "rpxy-lib"] exclude = ["submodules"] +resolver = "2" [profile.release] codegen-units = 1 diff --git a/submodules/quinn b/submodules/quinn index 7f26029..307d80b 160000 --- a/submodules/quinn +++ b/submodules/quinn @@ -1 +1 @@ -Subproject commit 7f260292848a93d615eb43e6e88114a97e64daf1 +Subproject commit 307d80b9398d4e1e305c0131f2c3989090ec9432 diff --git a/submodules/s2n-quic b/submodules/s2n-quic index e6402b7..047f695 160000 --- a/submodules/s2n-quic +++ b/submodules/s2n-quic @@ -1 +1 @@ -Subproject commit e6402b7f8649bc9d90b69aedc83c387b0372bc94 +Subproject commit 047f695aeb6219fc2bde54b95cd1915d73d1c92b From a1fd0271bca643fa1712117c5f4c75edb6b3ce6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 04:15:20 +0000 Subject: [PATCH 3/8] chore(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/shift_left.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f77314c..b578d4b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: recursive - name: Run unit tests diff --git a/.github/workflows/shift_left.yml b/.github/workflows/shift_left.yml index ac66d0a..32f526c 100644 --- a/.github/workflows/shift_left.yml +++ b/.github/workflows/shift_left.yml @@ -6,7 +6,7 @@ jobs: Scan-Build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Perform ShiftLeft Scan uses: ShiftLeftSecurity/scan-action@master From ac9451e5e9b11617f6958adc50bb84daaa638d1e Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sun, 10 Sep 2023 00:32:00 +0900 Subject: [PATCH 4/8] fix: fix a "watch" bug due to docker limitation --- .gitignore | 3 ++- README.md | 4 +++- docker/Dockerfile | 4 +++- docker/Dockerfile-slim | 4 +++- docker/docker-compose-slim.yml | 8 ++++++-- docker/docker-compose.yml | 6 +++++- docker/entrypoint.sh | 20 +++++++++++++++++++- rpxy-bin/Cargo.toml | 2 +- rpxy-lib/Cargo.toml | 8 ++++---- 9 files changed, 46 insertions(+), 13 deletions(-) diff --git a/.gitignore b/.gitignore index 6797716..9122944 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,8 @@ .vscode .private docker/log - +docker/cache +docker/config # Generated by Cargo # will have compiled files and executables diff --git a/README.md b/README.md index 5561511..b714fa5 100644 --- a/README.md +++ b/README.md @@ -247,7 +247,9 @@ There are only several docker-specific environment variables. - `LOG_TO_FILE=true|false`: Enable logging to the log file `/rpxy/log/rpxy.log` using `logrotate`. You should mount `/rpxy/log` via docker volume option if enabled. The log dir and file will be owned by the `HOST_USER` with `HOST_UID:HOST_GID` on the host machine. Hence, `HOST_USER`, `HOST_UID` and `HOST_GID` should be the same as ones of the user who executes the `rpxy` docker container on the host. - `WATCH=true|false` (default: `false`): Activate continuous watching of the config file if true. -Other than them, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container. +Then, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. **If `WATCH=true`, You need to mount a directory, e.g., `./rpxy-config/`, including `rpxy.toml` on `/rpxy/config` instead of a file to correctly track file changes**. This is a docker limitation. Even if `WATCH=false`, you can mount the dir onto `/rpxy/config` rather than `/etc/rpxy.toml`. A file mounted on `/etc/rpxy` is prioritized over a dir mounted on `/rpxy/config`. + +See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container. ## Example diff --git a/docker/Dockerfile b/docker/Dockerfile index 8888814..bbc68b6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -57,7 +57,9 @@ RUN apt-get update && \ find / -type d -path /proc -prune -o -type f -perm /u+s -ignore_readdir_race -exec chmod u-s {} \; && \ find / -type d -path /proc -prune -o -type f -perm /g+s -ignore_readdir_race -exec chmod g-s {} \; && \ mkdir -p /rpxy/bin &&\ - mkdir -p /rpxy/log + mkdir -p /rpxy/log &&\ + mkdir -p /rpxy/cache &&\ + mkdir -p /rpxy/config COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy COPY ./docker/run.sh /rpxy diff --git a/docker/Dockerfile-slim b/docker/Dockerfile-slim index 1d77b78..46afe57 100644 --- a/docker/Dockerfile-slim +++ b/docker/Dockerfile-slim @@ -38,7 +38,9 @@ RUN apk add --no-cache ${RUNTIME_DEPS} && \ find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \ find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \ mkdir -p /rpxy/bin &&\ - mkdir -p /rpxy/log + mkdir -p /rpxy/log &&\ + mkdir -p /rpxy/cache &&\ + mkdir -p /rpxy/config COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy COPY ./docker/run.sh /rpxy diff --git a/docker/docker-compose-slim.yml b/docker/docker-compose-slim.yml index 8dcba55..e981bb5 100644 --- a/docker/docker-compose-slim.yml +++ b/docker/docker-compose-slim.yml @@ -28,7 +28,11 @@ services: tty: false privileged: true volumes: - - ./log:/rpxy/log + - ./log:/rpxy/log:rw + - ./cache:/rpxy/cache:rw - ../example-certs/server.crt:/certs/server.crt:ro - ../example-certs/server.key:/certs/server.key:ro - - ../config-example.toml:/etc/rpxy.toml:ro + - ../config-example.toml:/etc/rpxy/rpxy.toml:ro + # NOTE: To correctly enable "watch" in docker, + # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker ** + # e.g, - ./rpxy-config:/rpxy/config diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index bf56ace..063ce82 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -28,7 +28,11 @@ services: tty: false privileged: true volumes: - - ./log:/rpxy/log + - ./log:/rpxy/log:rw + - ./cache:/rpxy/cache:rw - ../example-certs/server.crt:/certs/server.crt:ro - ../example-certs/server.key:/certs/server.key:ro - ../config-example.toml:/etc/rpxy.toml:ro + # NOTE: To correctly enable "watch" in docker, + # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker ** + # e.g, - ./rpxy-config:/rpxy/config diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 63e997b..5058f8b 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -9,6 +9,10 @@ USER=${HOST_USER:-rpxy} USER_ID=${HOST_UID:-900} GROUP_ID=${HOST_GID:-900} +CONFIG_FILE=/etc/rpxy.toml +CONFIG_DIR=/rpxy/config +CONFIG_FILE_IN_DIR=${CONFIG_FILENAME:-rpxy.toml} + ####################################### # Setup logrotate function setup_logrotate () { @@ -132,9 +136,23 @@ if [ $(id -u ${USER}) -ne ${USER_ID} -a $(id -g ${USER}) -ne ${GROUP_ID} ]; then fi # Change permission according to the given user -chown -R ${USER_ID}:${USER_ID} /rpxy +# except for the config dir that possibly get mounted with read-only +find /rpxy -path ${CONFIG_DIR} -prune -o -exec chown ${USER_ID}:${USER_ID} {} + + +# Check the config file existence +if [[ ! -f ${CONFIG_FILE} ]]; then + if [[ ! -f ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ]]; then + echo "No config file is given. Mount a config dir or file." + exit 1 + fi + echo "rpxy: config file: ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR}" + ln -s ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ${CONFIG_FILE} +else + echo "rpxy: config file: ${CONFIG_FILE}" +fi # Run rpxy +cd /rpxy echo "rpxy: Start with user: ${USER} (${USER_ID}:${GROUP_ID})" if "${LOGGING}"; then echo "rpxy: Start with writing log file" diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index e82657b..41d0996 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -39,7 +39,7 @@ mimalloc = { version = "*", default-features = false } # config clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] } -toml = { version = "0.7.6", default-features = false, features = ["parse"] } +toml = { version = "0.7.8", default-features = false, features = ["parse"] } hot_reload = "0.1.4" # logging diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index ca40df2..fc1074a 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -21,7 +21,7 @@ cache = ["http-cache-semantics", "lru"] [dependencies] rand = "0.8.5" rustc-hash = "1.1.0" -bytes = "1.4.0" +bytes = "1.5.0" derive_builder = "0.12.0" futures = { version = "0.3.28", features = ["alloc", "async-await"] } tokio = { version = "1.32.0", default-features = false, features = [ @@ -37,7 +37,7 @@ hot_reload = "0.1.4" # reloading certs # Error handling anyhow = "1.0.75" -thiserror = "1.0.47" +thiserror = "1.0.48" # http and tls hyper = { version = "0.14.27", default-features = false, features = [ @@ -76,10 +76,10 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio # cache http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true } -lru = { version = "0.11.0", optional = true } +lru = { version = "0.11.1", optional = true } # cookie handling for sticky cookie -chrono = { version = "0.4.28", default-features = false, features = [ +chrono = { version = "0.4.30", default-features = false, features = [ "unstable-locales", "alloc", "clock", From 026fb40ab6337cee8b57606719a713164a9138e4 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sun, 10 Sep 2023 00:35:48 +0900 Subject: [PATCH 5/8] update changelog --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f094cf8..a7c171f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ ## 0.7.0 (unreleased) +## 0.6.1 + +### Bugfix + +- Fix: fix a "watch" bug for docker. Due to a docker limitation, we need to mount a dir, e.g, `/rpxy/config`, instead of a file, `rpxy.toml`, to track changes of the configuration file. We thus updated a start up script in docker container for the case "WATCH=true". + ## 0.6.0 ### Improvement From a42acc473ad464a79fda155ba6561b69a24dd0a7 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sun, 10 Sep 2023 00:38:08 +0900 Subject: [PATCH 6/8] fix: docker-compose.slim.yaml, typo --- docker/docker-compose-slim.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker-compose-slim.yml b/docker/docker-compose-slim.yml index e981bb5..9d1e271 100644 --- a/docker/docker-compose-slim.yml +++ b/docker/docker-compose-slim.yml @@ -32,7 +32,7 @@ services: - ./cache:/rpxy/cache:rw - ../example-certs/server.crt:/certs/server.crt:ro - ../example-certs/server.key:/certs/server.key:ro - - ../config-example.toml:/etc/rpxy/rpxy.toml:ro + - ../config-example.toml:/etc/rpxy.toml:ro # NOTE: To correctly enable "watch" in docker, # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker ** # e.g, - ./rpxy-config:/rpxy/config From 011bea62dd5175dab5195fbed133d78e3def68d9 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sun, 10 Sep 2023 00:40:27 +0900 Subject: [PATCH 7/8] submodule --- submodules/quinn | 2 +- submodules/s2n-quic | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/submodules/quinn b/submodules/quinn index 307d80b..5d4d583 160000 --- a/submodules/quinn +++ b/submodules/quinn @@ -1 +1 @@ -Subproject commit 307d80b9398d4e1e305c0131f2c3989090ec9432 +Subproject commit 5d4d58387d77db952c47168ed2185b6a38b8717a diff --git a/submodules/s2n-quic b/submodules/s2n-quic index 047f695..9fd762a 160000 --- a/submodules/s2n-quic +++ b/submodules/s2n-quic @@ -1 +1 @@ -Subproject commit 047f695aeb6219fc2bde54b95cd1915d73d1c92b +Subproject commit 9fd762a538924f943c4c8ae0aae95337635fb485 From 5467edb1cc972c059dab38f8109ecb419c24324a Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Sun, 10 Sep 2023 01:20:31 +0900 Subject: [PATCH 8/8] 0.6.1 --- rpxy-bin/Cargo.toml | 2 +- rpxy-lib/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml index 41d0996..c162a9c 100644 --- a/rpxy-bin/Cargo.toml +++ b/rpxy-bin/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rpxy" -version = "0.6.0" +version = "0.6.1" authors = ["Jun Kurihara"] homepage = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy" diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml index fc1074a..4ca6822 100644 --- a/rpxy-lib/Cargo.toml +++ b/rpxy-lib/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rpxy-lib" -version = "0.6.0" +version = "0.6.1" authors = ["Jun Kurihara"] homepage = "https://github.com/junkurihara/rust-rpxy" repository = "https://github.com/junkurihara/rust-rpxy"