Merge pull request #86 from junkurihara/develop

0.6.1

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         submodules: recursive
     - name: Run unit tests

.github/workflows/docker_build_push.yml

@@ -53,7 +53,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
 
@@ -69,6 +69,12 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
         with:
@@ -76,12 +82,6 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
       - name: Nightly build test on amd64 for pull requests
         if: ${{ github.event_name == 'pull_request' }}
         uses: docker/build-push-action@v4

.github/workflows/shift_left.yml

@@ -6,7 +6,7 @@ jobs:
   Scan-Build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Perform ShiftLeft Scan
         uses: ShiftLeftSecurity/scan-action@master

.gitignore

@@ -1,7 +1,8 @@
 .vscode
 .private
 docker/log
-
+docker/cache
+docker/config
 
 # Generated by Cargo
 # will have compiled files and executables

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## 0.7.0  (unreleased)
 
+## 0.6.1
+
+### Bugfix
+
+- Fix: fix a "watch" bug for docker. Due to a docker limitation, we need to mount a dir, e.g, `/rpxy/config`, instead of a file, `rpxy.toml`, to track changes of the configuration file. We thus updated a start up script in docker container for the case "WATCH=true".
+
 ## 0.6.0
 
 ### Improvement

Cargo.toml

@@ -2,6 +2,7 @@
 
 members = ["rpxy-bin", "rpxy-lib"]
 exclude = ["submodules"]
+resolver = "2"
 
 [profile.release]
 codegen-units = 1

README.md

@@ -247,7 +247,9 @@ There are only several docker-specific environment variables.
 - `LOG_TO_FILE=true|false`: Enable logging to the log file `/rpxy/log/rpxy.log` using `logrotate`. You should mount `/rpxy/log` via docker volume option if enabled. The log dir and file will be owned by the `HOST_USER` with `HOST_UID:HOST_GID` on the host machine. Hence, `HOST_USER`, `HOST_UID` and `HOST_GID` should be the same as ones of the user who executes the `rpxy` docker container on the host.
 - `WATCH=true|false` (default: `false`): Activate continuous watching of the config file if true.
 
-Other than them, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.
+Then, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. **If `WATCH=true`, You need to mount a directory, e.g., `./rpxy-config/`, including `rpxy.toml` on `/rpxy/config` instead of a file to correctly track file changes**. This is a docker limitation. Even if `WATCH=false`, you can mount the dir onto `/rpxy/config` rather than `/etc/rpxy.toml`. A file mounted on `/etc/rpxy` is prioritized over a dir mounted on `/rpxy/config`.
+
+See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.
 
 ## Example
 

docker/Dockerfile

@@ -57,7 +57,9 @@ RUN apt-get update && \
   find / -type d -path /proc -prune -o -type f -perm /u+s -ignore_readdir_race -exec chmod u-s {} \; && \
   find / -type d -path /proc -prune -o -type f -perm /g+s -ignore_readdir_race -exec chmod g-s {} \; && \
   mkdir -p /rpxy/bin &&\
-  mkdir -p /rpxy/log
+  mkdir -p /rpxy/log &&\
+  mkdir -p /rpxy/cache &&\
+  mkdir -p /rpxy/config
 
 COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy
 COPY ./docker/run.sh /rpxy

docker/Dockerfile-slim

@@ -38,7 +38,9 @@ RUN apk add --no-cache ${RUNTIME_DEPS} && \
   find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \
   find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \
   mkdir -p /rpxy/bin &&\
-  mkdir -p /rpxy/log
+  mkdir -p /rpxy/log &&\
+  mkdir -p /rpxy/cache &&\
+  mkdir -p /rpxy/config
 
 COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy
 COPY ./docker/run.sh /rpxy

docker/docker-compose-slim.yml

@@ -28,7 +28,11 @@ services:
     tty: false
     privileged: true
     volumes:
-      - ./log:/rpxy/log
+      - ./log:/rpxy/log:rw
+      - ./cache:/rpxy/cache:rw
       - ../example-certs/server.crt:/certs/server.crt:ro
       - ../example-certs/server.key:/certs/server.key:ro
       - ../config-example.toml:/etc/rpxy.toml:ro
+      # NOTE: To correctly enable "watch" in docker,
+      # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker **
+      # e.g, - ./rpxy-config:/rpxy/config

docker/docker-compose.yml

@@ -28,7 +28,11 @@ services:
     tty: false
     privileged: true
     volumes:
-      - ./log:/rpxy/log
+      - ./log:/rpxy/log:rw
+      - ./cache:/rpxy/cache:rw
       - ../example-certs/server.crt:/certs/server.crt:ro
       - ../example-certs/server.key:/certs/server.key:ro
       - ../config-example.toml:/etc/rpxy.toml:ro
+      # NOTE: To correctly enable "watch" in docker,
+      # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker **
+      # e.g, - ./rpxy-config:/rpxy/config

docker/entrypoint.sh

@@ -9,6 +9,10 @@ USER=${HOST_USER:-rpxy}
 USER_ID=${HOST_UID:-900}
 GROUP_ID=${HOST_GID:-900}
 
+CONFIG_FILE=/etc/rpxy.toml
+CONFIG_DIR=/rpxy/config
+CONFIG_FILE_IN_DIR=${CONFIG_FILENAME:-rpxy.toml}
+
 #######################################
 # Setup logrotate
 function setup_logrotate () {
@@ -132,9 +136,23 @@ if [ $(id -u ${USER}) -ne ${USER_ID} -a $(id -g ${USER}) -ne ${GROUP_ID} ]; then
 fi
 
 # Change permission according to the given user
-chown -R ${USER_ID}:${USER_ID} /rpxy
+# except for the config dir that possibly get mounted with read-only
+find /rpxy -path ${CONFIG_DIR} -prune -o -exec chown ${USER_ID}:${USER_ID} {} +
+
+# Check the config file existence
+if [[ ! -f ${CONFIG_FILE} ]]; then
+  if [[ ! -f ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ]]; then
+    echo "No config file is given. Mount a config dir or file."
+    exit 1
+  fi
+  echo "rpxy: config file: ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR}"
+  ln -s ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ${CONFIG_FILE}
+else
+  echo "rpxy: config file: ${CONFIG_FILE}"
+fi
 
 # Run rpxy
+cd /rpxy
 echo "rpxy: Start with user: ${USER} (${USER_ID}:${GROUP_ID})"
 if "${LOGGING}"; then
   echo "rpxy: Start with writing log file"

rpxy-bin/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rpxy"
-version = "0.6.0"
+version = "0.6.1"
 authors = ["Jun Kurihara"]
 homepage = "https://github.com/junkurihara/rust-rpxy"
 repository = "https://github.com/junkurihara/rust-rpxy"
@@ -24,7 +24,7 @@ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [
 
 anyhow = "1.0.75"
 rustc-hash = "1.1.0"
-serde = { version = "1.0.186", default-features = false, features = ["derive"] }
+serde = { version = "1.0.188", default-features = false, features = ["derive"] }
 derive_builder = "0.12.0"
 tokio = { version = "1.32.0", default-features = false, features = [
   "net",
@@ -38,8 +38,8 @@ rustls-pemfile = "1.0.3"
 mimalloc = { version = "*", default-features = false }
 
 # config
-clap = { version = "4.3.24", features = ["std", "cargo", "wrap_help"] }
+clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] }
-toml = { version = "0.7.6", default-features = false, features = ["parse"] }
+toml = { version = "0.7.8", default-features = false, features = ["parse"] }
 hot_reload = "0.1.4"
 
 # logging

rpxy-lib/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rpxy-lib"
-version = "0.6.0"
+version = "0.6.1"
 authors = ["Jun Kurihara"]
 homepage = "https://github.com/junkurihara/rust-rpxy"
 repository = "https://github.com/junkurihara/rust-rpxy"
@@ -21,7 +21,7 @@ cache = ["http-cache-semantics", "lru"]
 [dependencies]
 rand = "0.8.5"
 rustc-hash = "1.1.0"
-bytes = "1.4.0"
+bytes = "1.5.0"
 derive_builder = "0.12.0"
 futures = { version = "0.3.28", features = ["alloc", "async-await"] }
 tokio = { version = "1.32.0", default-features = false, features = [
@@ -37,7 +37,7 @@ hot_reload = "0.1.4" # reloading certs
 
 # Error handling
 anyhow = "1.0.75"
-thiserror = "1.0.47"
+thiserror = "1.0.48"
 
 # http and tls
 hyper = { version = "0.14.27", default-features = false, features = [
@@ -53,8 +53,8 @@ hyper-rustls = { version = "0.24.1", default-features = false, features = [
   "http2",
 ] }
 tokio-rustls = { version = "0.24.1", features = ["early-data"] }
-rustls = { version = "0.21.6", default-features = false }
+rustls = { version = "0.21.7", default-features = false }
-webpki = "0.22.0"
+webpki = "0.22.1"
 x509-parser = "0.15.1"
 
 # logging
@@ -76,15 +76,15 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio
 
 # cache
 http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true }
-lru = { version = "0.11.0", optional = true }
+lru = { version = "0.11.1", optional = true }
 
 # cookie handling for sticky cookie
-chrono = { version = "0.4.26", default-features = false, features = [
+chrono = { version = "0.4.30", default-features = false, features = [
   "unstable-locales",
   "alloc",
   "clock",
 ], optional = true }
-base64 = { version = "0.21.2", optional = true }
+base64 = { version = "0.21.3", optional = true }
 sha2 = { version = "0.10.7", default-features = false, optional = true }
 
 

submodules/quinn

@@ -1 +1 @@
-Subproject commit 7f260292848a93d615eb43e6e88114a97e64daf1
+Subproject commit 5d4d58387d77db952c47168ed2185b6a38b8717a

submodules/s2n-quic

@@ -1 +1 @@
-Subproject commit e6402b7f8649bc9d90b69aedc83c387b0372bc94
+Subproject commit 9fd762a538924f943c4c8ae0aae95337635fb485