Merge pull request #84 from junkurihara/fix/docker-watch

Fix/docker watch
This commit is contained in:
Jun Kurihara 2023-09-10 00:56:29 +09:00 committed by GitHub
commit 903e2d6bc5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 53 additions and 14 deletions

3
.gitignore vendored
View file

@ -1,7 +1,8 @@
.vscode .vscode
.private .private
docker/log docker/log
docker/cache
docker/config
# Generated by Cargo # Generated by Cargo
# will have compiled files and executables # will have compiled files and executables

View file

@ -2,6 +2,12 @@
## 0.7.0 (unreleased) ## 0.7.0 (unreleased)
## 0.6.1
### Bugfix
- Fix: fix a "watch" bug for docker. Due to a docker limitation, we need to mount a dir, e.g, `/rpxy/config`, instead of a file, `rpxy.toml`, to track changes of the configuration file. We thus updated a start up script in docker container for the case "WATCH=true".
## 0.6.0 ## 0.6.0
### Improvement ### Improvement

View file

@ -247,7 +247,9 @@ There are only several docker-specific environment variables.
- `LOG_TO_FILE=true|false`: Enable logging to the log file `/rpxy/log/rpxy.log` using `logrotate`. You should mount `/rpxy/log` via docker volume option if enabled. The log dir and file will be owned by the `HOST_USER` with `HOST_UID:HOST_GID` on the host machine. Hence, `HOST_USER`, `HOST_UID` and `HOST_GID` should be the same as ones of the user who executes the `rpxy` docker container on the host. - `LOG_TO_FILE=true|false`: Enable logging to the log file `/rpxy/log/rpxy.log` using `logrotate`. You should mount `/rpxy/log` via docker volume option if enabled. The log dir and file will be owned by the `HOST_USER` with `HOST_UID:HOST_GID` on the host machine. Hence, `HOST_USER`, `HOST_UID` and `HOST_GID` should be the same as ones of the user who executes the `rpxy` docker container on the host.
- `WATCH=true|false` (default: `false`): Activate continuous watching of the config file if true. - `WATCH=true|false` (default: `false`): Activate continuous watching of the config file if true.
Other than them, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container. Then, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. **If `WATCH=true`, You need to mount a directory, e.g., `./rpxy-config/`, including `rpxy.toml` on `/rpxy/config` instead of a file to correctly track file changes**. This is a docker limitation. Even if `WATCH=false`, you can mount the dir onto `/rpxy/config` rather than `/etc/rpxy.toml`. A file mounted on `/etc/rpxy` is prioritized over a dir mounted on `/rpxy/config`.
See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.
## Example ## Example

View file

@ -57,7 +57,9 @@ RUN apt-get update && \
find / -type d -path /proc -prune -o -type f -perm /u+s -ignore_readdir_race -exec chmod u-s {} \; && \ find / -type d -path /proc -prune -o -type f -perm /u+s -ignore_readdir_race -exec chmod u-s {} \; && \
find / -type d -path /proc -prune -o -type f -perm /g+s -ignore_readdir_race -exec chmod g-s {} \; && \ find / -type d -path /proc -prune -o -type f -perm /g+s -ignore_readdir_race -exec chmod g-s {} \; && \
mkdir -p /rpxy/bin &&\ mkdir -p /rpxy/bin &&\
mkdir -p /rpxy/log mkdir -p /rpxy/log &&\
mkdir -p /rpxy/cache &&\
mkdir -p /rpxy/config
COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy
COPY ./docker/run.sh /rpxy COPY ./docker/run.sh /rpxy

View file

@ -38,7 +38,9 @@ RUN apk add --no-cache ${RUNTIME_DEPS} && \
find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \ find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \
find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \ find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \
mkdir -p /rpxy/bin &&\ mkdir -p /rpxy/bin &&\
mkdir -p /rpxy/log mkdir -p /rpxy/log &&\
mkdir -p /rpxy/cache &&\
mkdir -p /rpxy/config
COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy
COPY ./docker/run.sh /rpxy COPY ./docker/run.sh /rpxy

View file

@ -28,7 +28,11 @@ services:
tty: false tty: false
privileged: true privileged: true
volumes: volumes:
- ./log:/rpxy/log - ./log:/rpxy/log:rw
- ./cache:/rpxy/cache:rw
- ../example-certs/server.crt:/certs/server.crt:ro - ../example-certs/server.crt:/certs/server.crt:ro
- ../example-certs/server.key:/certs/server.key:ro - ../example-certs/server.key:/certs/server.key:ro
- ../config-example.toml:/etc/rpxy.toml:ro - ../config-example.toml:/etc/rpxy.toml:ro
# NOTE: To correctly enable "watch" in docker,
# ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker **
# e.g, - ./rpxy-config:/rpxy/config

View file

@ -28,7 +28,11 @@ services:
tty: false tty: false
privileged: true privileged: true
volumes: volumes:
- ./log:/rpxy/log - ./log:/rpxy/log:rw
- ./cache:/rpxy/cache:rw
- ../example-certs/server.crt:/certs/server.crt:ro - ../example-certs/server.crt:/certs/server.crt:ro
- ../example-certs/server.key:/certs/server.key:ro - ../example-certs/server.key:/certs/server.key:ro
- ../config-example.toml:/etc/rpxy.toml:ro - ../config-example.toml:/etc/rpxy.toml:ro
# NOTE: To correctly enable "watch" in docker,
# ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker **
# e.g, - ./rpxy-config:/rpxy/config

View file

@ -9,6 +9,10 @@ USER=${HOST_USER:-rpxy}
USER_ID=${HOST_UID:-900} USER_ID=${HOST_UID:-900}
GROUP_ID=${HOST_GID:-900} GROUP_ID=${HOST_GID:-900}
CONFIG_FILE=/etc/rpxy.toml
CONFIG_DIR=/rpxy/config
CONFIG_FILE_IN_DIR=${CONFIG_FILENAME:-rpxy.toml}
####################################### #######################################
# Setup logrotate # Setup logrotate
function setup_logrotate () { function setup_logrotate () {
@ -132,9 +136,23 @@ if [ $(id -u ${USER}) -ne ${USER_ID} -a $(id -g ${USER}) -ne ${GROUP_ID} ]; then
fi fi
# Change permission according to the given user # Change permission according to the given user
chown -R ${USER_ID}:${USER_ID} /rpxy # except for the config dir that possibly get mounted with read-only
find /rpxy -path ${CONFIG_DIR} -prune -o -exec chown ${USER_ID}:${USER_ID} {} +
# Check the config file existence
if [[ ! -f ${CONFIG_FILE} ]]; then
if [[ ! -f ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ]]; then
echo "No config file is given. Mount a config dir or file."
exit 1
fi
echo "rpxy: config file: ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR}"
ln -s ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ${CONFIG_FILE}
else
echo "rpxy: config file: ${CONFIG_FILE}"
fi
# Run rpxy # Run rpxy
cd /rpxy
echo "rpxy: Start with user: ${USER} (${USER_ID}:${GROUP_ID})" echo "rpxy: Start with user: ${USER} (${USER_ID}:${GROUP_ID})"
if "${LOGGING}"; then if "${LOGGING}"; then
echo "rpxy: Start with writing log file" echo "rpxy: Start with writing log file"

View file

@ -39,7 +39,7 @@ mimalloc = { version = "*", default-features = false }
# config # config
clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] } clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] }
toml = { version = "0.7.6", default-features = false, features = ["parse"] } toml = { version = "0.7.8", default-features = false, features = ["parse"] }
hot_reload = "0.1.4" hot_reload = "0.1.4"
# logging # logging

View file

@ -21,7 +21,7 @@ cache = ["http-cache-semantics", "lru"]
[dependencies] [dependencies]
rand = "0.8.5" rand = "0.8.5"
rustc-hash = "1.1.0" rustc-hash = "1.1.0"
bytes = "1.4.0" bytes = "1.5.0"
derive_builder = "0.12.0" derive_builder = "0.12.0"
futures = { version = "0.3.28", features = ["alloc", "async-await"] } futures = { version = "0.3.28", features = ["alloc", "async-await"] }
tokio = { version = "1.32.0", default-features = false, features = [ tokio = { version = "1.32.0", default-features = false, features = [
@ -37,7 +37,7 @@ hot_reload = "0.1.4" # reloading certs
# Error handling # Error handling
anyhow = "1.0.75" anyhow = "1.0.75"
thiserror = "1.0.47" thiserror = "1.0.48"
# http and tls # http and tls
hyper = { version = "0.14.27", default-features = false, features = [ hyper = { version = "0.14.27", default-features = false, features = [
@ -76,10 +76,10 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio
# cache # cache
http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true } http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true }
lru = { version = "0.11.0", optional = true } lru = { version = "0.11.1", optional = true }
# cookie handling for sticky cookie # cookie handling for sticky cookie
chrono = { version = "0.4.28", default-features = false, features = [ chrono = { version = "0.4.30", default-features = false, features = [
"unstable-locales", "unstable-locales",
"alloc", "alloc",
"clock", "clock",

@ -1 +1 @@
Subproject commit 307d80b9398d4e1e305c0131f2c3989090ec9432 Subproject commit 5d4d58387d77db952c47168ed2185b6a38b8717a

@ -1 +1 @@
Subproject commit 047f695aeb6219fc2bde54b95cd1915d73d1c92b Subproject commit 9fd762a538924f943c4c8ae0aae95337635fb485