feat: hot-reloading of config file

2023-07-23 01:42:39 +09:00 · 2023-07-23 01:42:39 +09:00 · 58e22d33af
commit 58e22d33af
parent 5e76c2b055
16 changed files with 213 additions and 58 deletions
--- a/rpxy-lib/Cargo.toml
+++ b/rpxy-lib/Cargo.toml
@ -30,7 +30,7 @@ tokio = { version = "1.29.1", default-features = false, features = [
  "macros",
 ] }
 async-trait = "0.1.72"
-hot_reload = "0.1.2" # reloading certs
+hot_reload = "0.1.4" # reloading certs

 # Error handling
 anyhow = "1.0.72"
@ -63,6 +63,8 @@ quinn = { path = "../quinn/quinn", optional = true } # Tentative to support rust
 h3 = { path = "../h3/h3/", optional = true }
 # h3-quinn = { path = "./h3/h3-quinn/", optional = true }
 h3-quinn = { path = "../h3-quinn/", optional = true } # Tentative to support rustls-0.21
+# for UDP socket wit SO_REUSEADDR
+socket2 = { version = "0.5.3", features = ["all"] }

 # cookie handling for sticky cookie
 chrono = { version = "0.4.26", default-features = false, features = [
--- a/rpxy-lib/src/constants.rs
+++ b/rpxy-lib/src/constants.rs
@ -1,5 +1,6 @@
 // pub const LISTEN_ADDRESSES_V4: &[&str] = &["0.0.0.0"];
 // pub const LISTEN_ADDRESSES_V6: &[&str] = &["[::]"];
+pub const TCP_LISTEN_BACKLOG: u32 = 1024;
 // pub const HTTP_LISTEN_PORT: u16 = 8080;
 // pub const HTTPS_LISTEN_PORT: u16 = 8443;
 pub const PROXY_TIMEOUT_SEC: u64 = 60;
--- a/rpxy-lib/src/globals.rs
+++ b/rpxy-lib/src/globals.rs
@ -36,11 +36,12 @@ where
 }

 /// Configuration parameters for proxy transport and request handlers
-#[derive(PartialEq, Eq)]
+#[derive(PartialEq, Eq, Clone)]
 pub struct ProxyConfig {
  pub listen_sockets: Vec<SocketAddr>, // when instantiate server
  pub http_port: Option<u16>,          // when instantiate server
  pub https_port: Option<u16>,         // when instantiate server
+  pub tcp_listen_backlog: u32,         // when instantiate server

  pub proxy_timeout: Duration,    // when serving requests at Proxy
  pub upstream_timeout: Duration, // when serving requests at Handler
@ -74,6 +75,7 @@ impl Default for ProxyConfig {
      listen_sockets: Vec::new(),
      http_port: None,
      https_port: None,
+      tcp_listen_backlog: TCP_LISTEN_BACKLOG,

      // TODO: Reconsider each timeout values
      proxy_timeout: Duration::from_secs(PROXY_TIMEOUT_SEC),
@ -104,7 +106,7 @@ impl Default for ProxyConfig {
 }

 /// Configuration parameters for backend applications
-#[derive(PartialEq, Eq)]
+#[derive(PartialEq, Eq, Clone)]
 pub struct AppConfigList<T>
 where
  T: CryptoSource,
@ -152,7 +154,7 @@ where
 }

 /// Configuration parameters for single backend application
-#[derive(PartialEq, Eq)]
+#[derive(PartialEq, Eq, Clone)]
 pub struct AppConfig<T>
 where
  T: CryptoSource,
@ -234,7 +236,7 @@ where
 }

 /// Configuration parameters for single reverse proxy corresponding to the path
-#[derive(PartialEq, Eq)]
+#[derive(PartialEq, Eq, Clone)]
 pub struct ReverseProxyConfig {
  pub path: Option<String>,
  pub replace_path: Option<String>,
@ -244,7 +246,7 @@ pub struct ReverseProxyConfig {
 }

 /// Configuration parameters for single upstream destination from a reverse proxy
-#[derive(PartialEq, Eq)]
+#[derive(PartialEq, Eq, Clone)]
 pub struct UpstreamUri {
  pub inner: hyper::Uri,
 }
@ -259,7 +261,7 @@ impl TryInto<Upstream> for &UpstreamUri {
 }

 /// Configuration parameters on TLS for a single backend application
-#[derive(PartialEq, Eq)]
+#[derive(PartialEq, Eq, Clone)]
 pub struct TlsConfig<T>
 where
  T: CryptoSource,
--- a/rpxy-lib/src/lib.rs
+++ b/rpxy-lib/src/lib.rs
@ -25,19 +25,19 @@ pub mod reexports {

 /// Entrypoint that creates and spawns tasks of reverse proxy services
 pub async fn entrypoint<T>(
-  proxy_config: ProxyConfig,
-  app_config_list: AppConfigList<T>,
-  runtime_handle: tokio::runtime::Handle,
+  proxy_config: &ProxyConfig,
+  app_config_list: &AppConfigList<T>,
+  runtime_handle: &tokio::runtime::Handle,
 ) -> Result<()>
 where
  T: CryptoSource + Clone + Send + Sync + 'static,
 {
  // build global
  let globals = Arc::new(Globals {
-    proxy_config,
-    backends: app_config_list.try_into()?,
+    proxy_config: proxy_config.clone(),
+    backends: app_config_list.clone().try_into()?,
    request_count: Default::default(),
-    runtime_handle,
+    runtime_handle: runtime_handle.clone(),
  });
  // let connector = TrustDnsResolver::default().into_rustls_webpki_https_connector();
  let connector = hyper_rustls::HttpsConnectorBuilder::new()
@ -71,8 +71,8 @@ where
  }));

  // wait for all future
-  if let (Ok(_), _, _) = futures.await {
-    error!("Some proxy services are down");
+  if let (Ok(Err(e)), _, _) = futures.await {
+    error!("Some proxy services are down: {:?}", e);
  };

  Ok(())
--- a/rpxy-lib/src/proxy/mod.rs
+++ b/rpxy-lib/src/proxy/mod.rs
@ -4,5 +4,6 @@ mod proxy_client_cert;
 mod proxy_h3;
 mod proxy_main;
 mod proxy_tls;
+mod socket;

 pub use proxy_main::{Proxy, ProxyBuilder, ProxyBuilderError};
--- a/rpxy-lib/src/proxy/proxy_main.rs
+++ b/rpxy-lib/src/proxy/proxy_main.rs
@ -1,4 +1,4 @@
-// use super::proxy_handler::handle_request;
+use super::socket::bind_tcp_socket;
 use crate::{
  certs::CryptoSource, error::*, globals::Globals, handler::HttpMessageHandler, log::*, utils::ServerNameBytesExp,
 };
@ -7,7 +7,6 @@ use hyper::{client::connect::Connect, server::conn::Http, service::service_fn, B
 use std::{net::SocketAddr, sync::Arc};
 use tokio::{
  io::{AsyncRead, AsyncWrite},
-  net::TcpListener,
  runtime::Handle,
  time::{timeout, Duration},
 };
@ -94,7 +93,9 @@ where

  async fn start_without_tls(self, server: Http<LocalExecutor>) -> Result<()> {
    let listener_service = async {
-      let tcp_listener = TcpListener::bind(&self.listening_on).await?;
+      let tcp_socket = bind_tcp_socket(&self.listening_on)?;
+      let tcp_listener = tcp_socket.listen(self.globals.proxy_config.tcp_listen_backlog)?;
+      // let tcp_listener = TcpListener::bind(&self.listening_on).await?;
      info!("Start TCP proxy serving with HTTP request for configured host names");
      while let Ok((stream, _client_addr)) = tcp_listener.accept().await {
        self.clone().client_serve(stream, server.clone(), _client_addr, None);
--- a/rpxy-lib/src/proxy/proxy_tls.rs
+++ b/rpxy-lib/src/proxy/proxy_tls.rs
@ -1,6 +1,9 @@
+#[cfg(feature = "http3")]
+use super::socket::bind_udp_socket;
 use super::{
  crypto_service::{CryptoReloader, ServerCrypto, ServerCryptoBase, SniServerCryptoMap},
  proxy_main::{LocalExecutor, Proxy},
+  socket::bind_tcp_socket,
 };
 use crate::{certs::CryptoSource, constants::*, error::*, log::*, utils::BytesName};
 use hot_reload::{ReloaderReceiver, ReloaderService};
@ -10,10 +13,7 @@ use quinn::{crypto::rustls::HandshakeData, Endpoint, ServerConfig as QuicServerC
 #[cfg(feature = "http3")]
 use rustls::ServerConfig;
 use std::sync::Arc;
-use tokio::{
-  net::TcpListener,
-  time::{timeout, Duration},
-};
+use tokio::time::{timeout, Duration};

 impl<T, U> Proxy<T, U>
 where
@ -26,7 +26,8 @@ where
    server: Http<LocalExecutor>,
    mut server_crypto_rx: ReloaderReceiver<ServerCryptoBase>,
  ) -> Result<()> {
-    let tcp_listener = TcpListener::bind(&self.listening_on).await?;
+    let tcp_socket = bind_tcp_socket(&self.listening_on)?;
+    let tcp_listener = tcp_socket.listen(self.globals.proxy_config.tcp_listen_backlog)?;
    info!("Start TCP proxy serving with HTTPS request for configured host names");

    let mut server_crypto_map: Option<Arc<SniServerCryptoMap>> = None;
@ -130,7 +131,17 @@ where
    let mut server_config_h3 = QuicServerConfig::with_crypto(Arc::new(rustls_server_config));
    server_config_h3.transport = Arc::new(transport_config_quic);
    server_config_h3.concurrent_connections(self.globals.proxy_config.h3_max_concurrent_connections);
-    let endpoint = Endpoint::server(server_config_h3, self.listening_on)?;
+
+    // To reuse address
+    let udp_socket = bind_udp_socket(&self.listening_on)?;
+    let runtime = quinn::default_runtime()
+      .ok_or_else(|| std::io::Error::new(std::io::ErrorKind::Other, "No async runtime found"))?;
+    let endpoint = Endpoint::new(
+      quinn::EndpointConfig::default(),
+      Some(server_config_h3),
+      udp_socket,
+      runtime,
+    )?;

    let mut server_crypto: Option<Arc<ServerCrypto>> = None;
    loop {
@ -199,10 +210,10 @@ where
    #[cfg(not(feature = "http3"))]
    {
      tokio::select! {
-        _= self.cert_service(tx) => {
+        _= cert_reloader_service.start() => {
          error!("Cert service for TLS exited");
        },
-        _ = self.listener_service(server, rx) => {
+        _ = self.listener_service(server, cert_reloader_rx) => {
          error!("TCP proxy service for TLS exited");
        },
        else => {
--- a/rpxy-lib/src/proxy/socket.rs
+++ b/rpxy-lib/src/proxy/socket.rs
@ -0,0 +1,41 @@
+use crate::{error::*, log::*};
+#[cfg(feature = "http3")]
+use socket2::{Domain, Protocol, Socket, Type};
+use std::net::SocketAddr;
+#[cfg(feature = "http3")]
+use std::net::UdpSocket;
+use tokio::net::TcpSocket;
+
+pub(super) fn bind_tcp_socket(listening_on: &SocketAddr) -> Result<TcpSocket> {
+  let tcp_socket = if listening_on.is_ipv6() {
+    TcpSocket::new_v6()
+  } else {
+    TcpSocket::new_v4()
+  }?;
+  tcp_socket.set_reuseaddr(true)?;
+  tcp_socket.set_reuseport(true)?;
+  if let Err(e) = tcp_socket.bind(*listening_on) {
+    error!("Failed to bind TCP socket: {}", e);
+    return Err(RpxyError::Io(e));
+  };
+  Ok(tcp_socket)
+}
+
+#[cfg(feature = "http3")]
+pub(super) fn bind_udp_socket(listening_on: &SocketAddr) -> Result<UdpSocket> {
+  let socket = if listening_on.is_ipv6() {
+    Socket::new(Domain::IPV6, Type::DGRAM, Some(Protocol::UDP))
+  } else {
+    Socket::new(Domain::IPV4, Type::DGRAM, Some(Protocol::UDP))
+  }?;
+  socket.set_reuse_address(true)?;
+  socket.set_reuse_port(true)?;
+
+  if let Err(e) = socket.bind(&(*listening_on).into()) {
+    error!("Failed to bind UDP socket: {}", e);
+    return Err(RpxyError::Io(e));
+  };
+  let udp_socket: UdpSocket = socket.into();
+
+  Ok(udp_socket)
+}