feat: wip - configuration design
This commit is contained in:
Jun Kurihara
parent
63ee953912
commit
887e6b64b0
13 changed files with 173 additions and 11 deletions
|
|
@ -3,7 +3,10 @@ mod service;
|
|||
mod toml;
|
||||
|
||||
pub use {
|
||||
self::toml::ConfigToml,
|
||||
parse::{build_cert_manager, build_settings, parse_opts},
|
||||
service::ConfigTomlReloader,
|
||||
toml::ConfigToml,
|
||||
};
|
||||
|
||||
#[cfg(feature = "acme")]
|
||||
pub use parse::build_acme_manager;
|
||||
|
|
|
|||
|
|
@ -6,6 +6,9 @@ use rpxy_certs::{build_cert_reloader, CryptoFileSourceBuilder, CryptoReloader, S
|
|||
use rpxy_lib::{AppConfig, AppConfigList, ProxyConfig};
|
||||
use rustc_hash::FxHashMap as HashMap;
|
||||
|
||||
#[cfg(feature = "acme")]
|
||||
use rpxy_acme::{AcmeTargets, ACME_CERTIFICATE_FILE_NAME, ACME_PRIVATE_KEY_FILE_NAME, ACME_REGISTRY_PATH};
|
||||
|
||||
/// Parsed options
|
||||
pub struct Opts {
|
||||
pub config_file_path: String,
|
||||
|
|
@ -103,11 +106,34 @@ pub async fn build_cert_manager(
|
|||
if config.listen_port_tls.is_none() {
|
||||
return Ok(None);
|
||||
}
|
||||
|
||||
#[cfg(feature = "acme")]
|
||||
let acme_option = config.experimental.as_ref().and_then(|v| v.acme.clone());
|
||||
#[cfg(feature = "acme")]
|
||||
let registry_path = acme_option
|
||||
.as_ref()
|
||||
.and_then(|v| v.registry_path.as_deref())
|
||||
.unwrap_or(ACME_REGISTRY_PATH);
|
||||
|
||||
let mut crypto_source_map = HashMap::default();
|
||||
for app in apps.0.values() {
|
||||
if let Some(tls) = app.tls.as_ref() {
|
||||
ensure!(tls.tls_cert_key_path.is_some() && tls.tls_cert_path.is_some());
|
||||
let server_name = app.server_name.as_ref().ok_or(anyhow!("No server name"))?;
|
||||
|
||||
#[cfg(not(feature = "acme"))]
|
||||
ensure!(tls.tls_cert_key_path.is_some() && tls.tls_cert_path.is_some());
|
||||
|
||||
#[cfg(feature = "acme")]
|
||||
let tls = {
|
||||
let mut tls = tls.clone();
|
||||
if let Some(true) = tls.acme {
|
||||
ensure!(acme_option.is_some() && tls.tls_cert_key_path.is_none() && tls.tls_cert_path.is_none());
|
||||
tls.tls_cert_key_path = Some(format!("{registry_path}/{server_name}/{ACME_CERTIFICATE_FILE_NAME}"));
|
||||
tls.tls_cert_path = Some(format!("{registry_path}/{server_name}/{ACME_PRIVATE_KEY_FILE_NAME}"));
|
||||
}
|
||||
tls
|
||||
};
|
||||
|
||||
let crypto_file_source = CryptoFileSourceBuilder::default()
|
||||
.tls_cert_path(tls.tls_cert_path.as_ref().unwrap())
|
||||
.tls_cert_key_path(tls.tls_cert_key_path.as_ref().unwrap())
|
||||
|
|
@ -119,3 +145,33 @@ pub async fn build_cert_manager(
|
|||
let res = build_cert_reloader(&crypto_source_map, None).await?;
|
||||
Ok(Some(res))
|
||||
}
|
||||
|
||||
/* ----------------------- */
|
||||
#[cfg(feature = "acme")]
|
||||
/// Build acme manager and dummy cert and key as initial states if not exists
|
||||
/// TODO: CURRENTLY NOT IMPLEMENTED, UNDER DESIGNING
|
||||
pub async fn build_acme_manager(config: &ConfigToml) -> Result<(), anyhow::Error> {
|
||||
let acme_option = config.experimental.as_ref().and_then(|v| v.acme.clone());
|
||||
if acme_option.is_none() {
|
||||
return Ok(());
|
||||
}
|
||||
let acme_option = acme_option.unwrap();
|
||||
let mut acme_targets = AcmeTargets::try_new(
|
||||
acme_option.email.as_ref(),
|
||||
acme_option.dir_url.as_deref(),
|
||||
acme_option.registry_path.as_deref(),
|
||||
)
|
||||
.map_err(|e| anyhow!("Invalid acme configuration: {e}"))?;
|
||||
|
||||
let apps = config.apps.as_ref().unwrap();
|
||||
for app in apps.0.values() {
|
||||
if let Some(tls) = app.tls.as_ref() {
|
||||
if tls.acme.unwrap_or(false) {
|
||||
acme_targets.add_target(app.server_name.as_ref().unwrap())?;
|
||||
}
|
||||
}
|
||||
}
|
||||
// TODO: remove later
|
||||
println!("ACME targets: {:#?}", acme_targets);
|
||||
Ok(())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,12 +41,25 @@ pub struct CacheOption {
|
|||
pub max_cache_each_size_on_memory: Option<usize>,
|
||||
}
|
||||
|
||||
#[cfg(feature = "acme")]
|
||||
#[derive(Deserialize, Debug, Default, PartialEq, Eq, Clone)]
|
||||
pub struct AcmeOption {
|
||||
pub dir_url: Option<String>,
|
||||
pub email: String,
|
||||
pub registry_path: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug, Default, PartialEq, Eq, Clone)]
|
||||
pub struct Experimental {
|
||||
#[cfg(any(feature = "http3-quinn", feature = "http3-s2n"))]
|
||||
pub h3: Option<Http3Option>,
|
||||
|
||||
#[cfg(feature = "cache")]
|
||||
pub cache: Option<CacheOption>,
|
||||
|
||||
#[cfg(feature = "acme")]
|
||||
pub acme: Option<AcmeOption>,
|
||||
|
||||
pub ignore_sni_consistency: Option<bool>,
|
||||
pub connection_handling_timeout: Option<u64>,
|
||||
}
|
||||
|
|
@ -67,6 +80,8 @@ pub struct TlsOption {
|
|||
pub tls_cert_key_path: Option<String>,
|
||||
pub https_redirection: Option<bool>,
|
||||
pub client_ca_cert_path: Option<String>,
|
||||
#[cfg(feature = "acme")]
|
||||
pub acme: Option<bool>,
|
||||
}
|
||||
|
||||
#[derive(Deserialize, Debug, Default, PartialEq, Eq, Clone)]
|
||||
|
|
@ -222,8 +237,19 @@ impl Application {
|
|||
// tls settings
|
||||
let tls_config = if self.tls.is_some() {
|
||||
let tls = self.tls.as_ref().unwrap();
|
||||
|
||||
#[cfg(not(feature = "acme"))]
|
||||
ensure!(tls.tls_cert_key_path.is_some() && tls.tls_cert_path.is_some());
|
||||
|
||||
#[cfg(feature = "acme")]
|
||||
{
|
||||
if tls.acme.unwrap_or(false) {
|
||||
ensure!(tls.tls_cert_key_path.is_none() && tls.tls_cert_path.is_none());
|
||||
} else {
|
||||
ensure!(tls.tls_cert_key_path.is_some() && tls.tls_cert_path.is_some());
|
||||
}
|
||||
}
|
||||
|
||||
let https_redirection = if tls.https_redirection.is_none() {
|
||||
true // Default true
|
||||
} else {
|
||||
|
|
@ -233,6 +259,8 @@ impl Application {
|
|||
Some(TlsConfig {
|
||||
mutual_tls: tls.client_ca_cert_path.is_some(),
|
||||
https_redirection,
|
||||
#[cfg(feature = "acme")]
|
||||
acme: tls.acme.unwrap_or(false),
|
||||
})
|
||||
} else {
|
||||
None
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ mod constants;
|
|||
mod error;
|
||||
mod log;
|
||||
|
||||
#[cfg(feature = "acme")]
|
||||
use crate::config::build_acme_manager;
|
||||
use crate::{
|
||||
config::{build_cert_manager, build_settings, parse_opts, ConfigToml, ConfigTomlReloader},
|
||||
constants::CONFIG_WATCH_DELAY_SECS,
|
||||
|
|
@ -66,6 +68,9 @@ async fn rpxy_service_without_watcher(
|
|||
let config_toml = ConfigToml::new(config_file_path).map_err(|e| anyhow!("Invalid toml file: {e}"))?;
|
||||
let (proxy_conf, app_conf) = build_settings(&config_toml).map_err(|e| anyhow!("Invalid configuration: {e}"))?;
|
||||
|
||||
#[cfg(feature = "acme")] // TODO: CURRENTLY NOT IMPLEMENTED, UNDER DESIGNING
|
||||
let acme_manager = build_acme_manager(&config_toml).await;
|
||||
|
||||
let cert_service_and_rx = build_cert_manager(&config_toml)
|
||||
.await
|
||||
.map_err(|e| anyhow!("Invalid cert configuration: {e}"))?;
|
||||
|
|
@ -88,6 +93,9 @@ async fn rpxy_service_with_watcher(
|
|||
.ok_or(anyhow!("Something wrong in config reloader receiver"))?;
|
||||
let (mut proxy_conf, mut app_conf) = build_settings(&config_toml).map_err(|e| anyhow!("Invalid configuration: {e}"))?;
|
||||
|
||||
#[cfg(feature = "acme")] // TODO: CURRENTLY NOT IMPLEMENTED, UNDER DESIGNING
|
||||
let acme_manager = build_acme_manager(&config_toml).await;
|
||||
|
||||
let mut cert_service_and_rx = build_cert_manager(&config_toml)
|
||||
.await
|
||||
.map_err(|e| anyhow!("Invalid cert configuration: {e}"))?;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue