Merge pull request #86 from junkurihara/develop

0.6.1
2023-09-10 01:23:46 +09:00 · 2023-09-10 01:23:46 +09:00 · 4783446ed4
commit 4783446ed4
parent f8e0517c89 805c5eb145
16 changed files with 70 additions and 30 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -15,7 +15,7 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
      with:
        submodules: recursive
    - name: Run unit tests
--- a/.github/workflows/docker_build_push.yml
+++ b/.github/workflows/docker_build_push.yml
@ -53,7 +53,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
        with:
          submodules: recursive

@ -69,6 +69,12 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
@ -76,12 +82,6 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
      - name: Nightly build test on amd64 for pull requests
        if: ${{ github.event_name == 'pull_request' }}
        uses: docker/build-push-action@v4
--- a/.github/workflows/shift_left.yml
+++ b/.github/workflows/shift_left.yml
@ -6,7 +6,7 @@ jobs:
  Scan-Build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

      - name: Perform ShiftLeft Scan
        uses: ShiftLeftSecurity/scan-action@master
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,8 @@
 .vscode
 .private
 docker/log
-
+docker/cache
+docker/config

 # Generated by Cargo
 # will have compiled files and executables
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,12 @@

 ## 0.7.0  (unreleased)

+## 0.6.1
+
+### Bugfix
+
+- Fix: fix a "watch" bug for docker. Due to a docker limitation, we need to mount a dir, e.g, `/rpxy/config`, instead of a file, `rpxy.toml`, to track changes of the configuration file. We thus updated a start up script in docker container for the case "WATCH=true".
+
 ## 0.6.0

 ### Improvement
--- a/Cargo.toml
+++ b/Cargo.toml
@ -2,6 +2,7 @@

 members = ["rpxy-bin", "rpxy-lib"]
 exclude = ["submodules"]
+resolver = "2"

 [profile.release]
 codegen-units = 1
--- a/README.md
+++ b/README.md
@ -247,7 +247,9 @@ There are only several docker-specific environment variables.
 - `LOG_TO_FILE=true|false`: Enable logging to the log file `/rpxy/log/rpxy.log` using `logrotate`. You should mount `/rpxy/log` via docker volume option if enabled. The log dir and file will be owned by the `HOST_USER` with `HOST_UID:HOST_GID` on the host machine. Hence, `HOST_USER`, `HOST_UID` and `HOST_GID` should be the same as ones of the user who executes the `rpxy` docker container on the host.
 - `WATCH=true|false` (default: `false`): Activate continuous watching of the config file if true.

-Other than them, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.
+Then, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. **If `WATCH=true`, You need to mount a directory, e.g., `./rpxy-config/`, including `rpxy.toml` on `/rpxy/config` instead of a file to correctly track file changes**. This is a docker limitation. Even if `WATCH=false`, you can mount the dir onto `/rpxy/config` rather than `/etc/rpxy.toml`. A file mounted on `/etc/rpxy` is prioritized over a dir mounted on `/rpxy/config`.
+
+See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.

 ## Example

--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -57,7 +57,9 @@ RUN apt-get update && \
  find / -type d -path /proc -prune -o -type f -perm /u+s -ignore_readdir_race -exec chmod u-s {} \; && \
  find / -type d -path /proc -prune -o -type f -perm /g+s -ignore_readdir_race -exec chmod g-s {} \; && \
  mkdir -p /rpxy/bin &&\
-  mkdir -p /rpxy/log
+  mkdir -p /rpxy/log &&\
+  mkdir -p /rpxy/cache &&\
+  mkdir -p /rpxy/config

 COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy
 COPY ./docker/run.sh /rpxy
--- a/docker/Dockerfile-slim
+++ b/docker/Dockerfile-slim
@ -38,7 +38,9 @@ RUN apk add --no-cache ${RUNTIME_DEPS} && \
  find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \
  find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \
  mkdir -p /rpxy/bin &&\
-  mkdir -p /rpxy/log
+  mkdir -p /rpxy/log &&\
+  mkdir -p /rpxy/cache &&\
+  mkdir -p /rpxy/config

 COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy
 COPY ./docker/run.sh /rpxy
--- a/docker/docker-compose-slim.yml
+++ b/docker/docker-compose-slim.yml
@ -28,7 +28,11 @@ services:
    tty: false
    privileged: true
    volumes:
-      - ./log:/rpxy/log
+      - ./log:/rpxy/log:rw
+      - ./cache:/rpxy/cache:rw
      - ../example-certs/server.crt:/certs/server.crt:ro
      - ../example-certs/server.key:/certs/server.key:ro
      - ../config-example.toml:/etc/rpxy.toml:ro
+      # NOTE: To correctly enable "watch" in docker,
+      # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker **
+      # e.g, - ./rpxy-config:/rpxy/config
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -28,7 +28,11 @@ services:
    tty: false
    privileged: true
    volumes:
-      - ./log:/rpxy/log
+      - ./log:/rpxy/log:rw
+      - ./cache:/rpxy/cache:rw
      - ../example-certs/server.crt:/certs/server.crt:ro
      - ../example-certs/server.key:/certs/server.key:ro
      - ../config-example.toml:/etc/rpxy.toml:ro
+      # NOTE: To correctly enable "watch" in docker,
+      # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker **
+      # e.g, - ./rpxy-config:/rpxy/config
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -9,6 +9,10 @@ USER=${HOST_USER:-rpxy}
 USER_ID=${HOST_UID:-900}
 GROUP_ID=${HOST_GID:-900}

+CONFIG_FILE=/etc/rpxy.toml
+CONFIG_DIR=/rpxy/config
+CONFIG_FILE_IN_DIR=${CONFIG_FILENAME:-rpxy.toml}
+
 #######################################
 # Setup logrotate
 function setup_logrotate () {
@ -132,9 +136,23 @@ if [ $(id -u ${USER}) -ne ${USER_ID} -a $(id -g ${USER}) -ne ${GROUP_ID} ]; then
 fi

 # Change permission according to the given user
-chown -R ${USER_ID}:${USER_ID} /rpxy
+# except for the config dir that possibly get mounted with read-only
+find /rpxy -path ${CONFIG_DIR} -prune -o -exec chown ${USER_ID}:${USER_ID} {} +
+
+# Check the config file existence
+if [[ ! -f ${CONFIG_FILE} ]]; then
+  if [[ ! -f ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ]]; then
+    echo "No config file is given. Mount a config dir or file."
+    exit 1
+  fi
+  echo "rpxy: config file: ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR}"
+  ln -s ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ${CONFIG_FILE}
+else
+  echo "rpxy: config file: ${CONFIG_FILE}"
+fi

 # Run rpxy
+cd /rpxy
 echo "rpxy: Start with user: ${USER} (${USER_ID}:${GROUP_ID})"
 if "${LOGGING}"; then
  echo "rpxy: Start with writing log file"
--- a/rpxy-bin/Cargo.toml
+++ b/rpxy-bin/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "rpxy"
-version = "0.6.0"
+version = "0.6.1"
 authors = ["Jun Kurihara"]
 homepage = "https://github.com/junkurihara/rust-rpxy"
 repository = "https://github.com/junkurihara/rust-rpxy"
@ -24,7 +24,7 @@ rpxy-lib = { path = "../rpxy-lib/", default-features = false, features = [

 anyhow = "1.0.75"
 rustc-hash = "1.1.0"
-serde = { version = "1.0.186", default-features = false, features = ["derive"] }
+serde = { version = "1.0.188", default-features = false, features = ["derive"] }
 derive_builder = "0.12.0"
 tokio = { version = "1.32.0", default-features = false, features = [
  "net",
@ -38,8 +38,8 @@ rustls-pemfile = "1.0.3"
 mimalloc = { version = "*", default-features = false }

 # config
-clap = { version = "4.3.24", features = ["std", "cargo", "wrap_help"] }
-toml = { version = "0.7.6", default-features = false, features = ["parse"] }
+clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] }
+toml = { version = "0.7.8", default-features = false, features = ["parse"] }
 hot_reload = "0.1.4"

 # logging
--- a/rpxy-lib/Cargo.toml
+++ b/rpxy-lib/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "rpxy-lib"
-version = "0.6.0"
+version = "0.6.1"
 authors = ["Jun Kurihara"]
 homepage = "https://github.com/junkurihara/rust-rpxy"
 repository = "https://github.com/junkurihara/rust-rpxy"
@ -21,7 +21,7 @@ cache = ["http-cache-semantics", "lru"]
 [dependencies]
 rand = "0.8.5"
 rustc-hash = "1.1.0"
-bytes = "1.4.0"
+bytes = "1.5.0"
 derive_builder = "0.12.0"
 futures = { version = "0.3.28", features = ["alloc", "async-await"] }
 tokio = { version = "1.32.0", default-features = false, features = [
@ -37,7 +37,7 @@ hot_reload = "0.1.4" # reloading certs

 # Error handling
 anyhow = "1.0.75"
-thiserror = "1.0.47"
+thiserror = "1.0.48"

 # http and tls
 hyper = { version = "0.14.27", default-features = false, features = [
@ -53,8 +53,8 @@ hyper-rustls = { version = "0.24.1", default-features = false, features = [
  "http2",
 ] }
 tokio-rustls = { version = "0.24.1", features = ["early-data"] }
-rustls = { version = "0.21.6", default-features = false }
-webpki = "0.22.0"
+rustls = { version = "0.21.7", default-features = false }
+webpki = "0.22.1"
 x509-parser = "0.15.1"

 # logging
@ -76,15 +76,15 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio

 # cache
 http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true }
-lru = { version = "0.11.0", optional = true }
+lru = { version = "0.11.1", optional = true }

 # cookie handling for sticky cookie
-chrono = { version = "0.4.26", default-features = false, features = [
+chrono = { version = "0.4.30", default-features = false, features = [
  "unstable-locales",
  "alloc",
  "clock",
 ], optional = true }
-base64 = { version = "0.21.2", optional = true }
+base64 = { version = "0.21.3", optional = true }
 sha2 = { version = "0.10.7", default-features = false, optional = true }


--- a/submodules/quinn
+++ b/submodules/quinn
@ -1 +1 @@
-Subproject commit 7f260292848a93d615eb43e6e88114a97e64daf1
+Subproject commit 5d4d58387d77db952c47168ed2185b6a38b8717a
--- a/submodules/s2n-quic
+++ b/submodules/s2n-quic
@ -1 +1 @@
-Subproject commit e6402b7f8649bc9d90b69aedc83c387b0372bc94
+Subproject commit 9fd762a538924f943c4c8ae0aae95337635fb485