fix: fix a "watch" bug due to docker limitation

2023-09-10 00:32:00 +09:00 · 2023-09-10 00:32:00 +09:00 · ac9451e5e9
commit ac9451e5e9
parent 3f78a39b40
9 changed files with 46 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,8 @@
 .vscode
 .private
 docker/log
-
+docker/cache
+docker/config

 # Generated by Cargo
 # will have compiled files and executables
--- a/README.md
+++ b/README.md
@ -247,7 +247,9 @@ There are only several docker-specific environment variables.
 - `LOG_TO_FILE=true|false`: Enable logging to the log file `/rpxy/log/rpxy.log` using `logrotate`. You should mount `/rpxy/log` via docker volume option if enabled. The log dir and file will be owned by the `HOST_USER` with `HOST_UID:HOST_GID` on the host machine. Hence, `HOST_USER`, `HOST_UID` and `HOST_GID` should be the same as ones of the user who executes the `rpxy` docker container on the host.
 - `WATCH=true|false` (default: `false`): Activate continuous watching of the config file if true.

-Other than them, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.
+Then, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. **If `WATCH=true`, You need to mount a directory, e.g., `./rpxy-config/`, including `rpxy.toml` on `/rpxy/config` instead of a file to correctly track file changes**. This is a docker limitation. Even if `WATCH=false`, you can mount the dir onto `/rpxy/config` rather than `/etc/rpxy.toml`. A file mounted on `/etc/rpxy` is prioritized over a dir mounted on `/rpxy/config`.
+
+See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container.

 ## Example

--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -57,7 +57,9 @@ RUN apt-get update && \
  find / -type d -path /proc -prune -o -type f -perm /u+s -ignore_readdir_race -exec chmod u-s {} \; && \
  find / -type d -path /proc -prune -o -type f -perm /g+s -ignore_readdir_race -exec chmod g-s {} \; && \
  mkdir -p /rpxy/bin &&\
-  mkdir -p /rpxy/log
+  mkdir -p /rpxy/log &&\
+  mkdir -p /rpxy/cache &&\
+  mkdir -p /rpxy/config

 COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy
 COPY ./docker/run.sh /rpxy
--- a/docker/Dockerfile-slim
+++ b/docker/Dockerfile-slim
@ -38,7 +38,9 @@ RUN apk add --no-cache ${RUNTIME_DEPS} && \
  find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \
  find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \
  mkdir -p /rpxy/bin &&\
-  mkdir -p /rpxy/log
+  mkdir -p /rpxy/log &&\
+  mkdir -p /rpxy/cache &&\
+  mkdir -p /rpxy/config

 COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy
 COPY ./docker/run.sh /rpxy
--- a/docker/docker-compose-slim.yml
+++ b/docker/docker-compose-slim.yml
@ -28,7 +28,11 @@ services:
    tty: false
    privileged: true
    volumes:
-      - ./log:/rpxy/log
+      - ./log:/rpxy/log:rw
+      - ./cache:/rpxy/cache:rw
      - ../example-certs/server.crt:/certs/server.crt:ro
      - ../example-certs/server.key:/certs/server.key:ro
-      - ../config-example.toml:/etc/rpxy.toml:ro
+      - ../config-example.toml:/etc/rpxy/rpxy.toml:ro
+      # NOTE: To correctly enable "watch" in docker,
+      # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker **
+      # e.g, - ./rpxy-config:/rpxy/config
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@ -28,7 +28,11 @@ services:
    tty: false
    privileged: true
    volumes:
-      - ./log:/rpxy/log
+      - ./log:/rpxy/log:rw
+      - ./cache:/rpxy/cache:rw
      - ../example-certs/server.crt:/certs/server.crt:ro
      - ../example-certs/server.key:/certs/server.key:ro
      - ../config-example.toml:/etc/rpxy.toml:ro
+      # NOTE: To correctly enable "watch" in docker,
+      # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker **
+      # e.g, - ./rpxy-config:/rpxy/config
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -9,6 +9,10 @@ USER=${HOST_USER:-rpxy}
 USER_ID=${HOST_UID:-900}
 GROUP_ID=${HOST_GID:-900}

+CONFIG_FILE=/etc/rpxy.toml
+CONFIG_DIR=/rpxy/config
+CONFIG_FILE_IN_DIR=${CONFIG_FILENAME:-rpxy.toml}
+
 #######################################
 # Setup logrotate
 function setup_logrotate () {
@ -132,9 +136,23 @@ if [ $(id -u ${USER}) -ne ${USER_ID} -a $(id -g ${USER}) -ne ${GROUP_ID} ]; then
 fi

 # Change permission according to the given user
-chown -R ${USER_ID}:${USER_ID} /rpxy
+# except for the config dir that possibly get mounted with read-only
+find /rpxy -path ${CONFIG_DIR} -prune -o -exec chown ${USER_ID}:${USER_ID} {} +
+
+# Check the config file existence
+if [[ ! -f ${CONFIG_FILE} ]]; then
+  if [[ ! -f ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ]]; then
+    echo "No config file is given. Mount a config dir or file."
+    exit 1
+  fi
+  echo "rpxy: config file: ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR}"
+  ln -s ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ${CONFIG_FILE}
+else
+  echo "rpxy: config file: ${CONFIG_FILE}"
+fi

 # Run rpxy
+cd /rpxy
 echo "rpxy: Start with user: ${USER} (${USER_ID}:${GROUP_ID})"
 if "${LOGGING}"; then
  echo "rpxy: Start with writing log file"
--- a/rpxy-bin/Cargo.toml
+++ b/rpxy-bin/Cargo.toml
@ -39,7 +39,7 @@ mimalloc = { version = "*", default-features = false }

 # config
 clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] }
-toml = { version = "0.7.6", default-features = false, features = ["parse"] }
+toml = { version = "0.7.8", default-features = false, features = ["parse"] }
 hot_reload = "0.1.4"

 # logging
--- a/rpxy-lib/Cargo.toml
+++ b/rpxy-lib/Cargo.toml
@ -21,7 +21,7 @@ cache = ["http-cache-semantics", "lru"]
 [dependencies]
 rand = "0.8.5"
 rustc-hash = "1.1.0"
-bytes = "1.4.0"
+bytes = "1.5.0"
 derive_builder = "0.12.0"
 futures = { version = "0.3.28", features = ["alloc", "async-await"] }
 tokio = { version = "1.32.0", default-features = false, features = [
@ -37,7 +37,7 @@ hot_reload = "0.1.4" # reloading certs

 # Error handling
 anyhow = "1.0.75"
-thiserror = "1.0.47"
+thiserror = "1.0.48"

 # http and tls
 hyper = { version = "0.14.27", default-features = false, features = [
@ -76,10 +76,10 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio

 # cache
 http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true }
-lru = { version = "0.11.0", optional = true }
+lru = { version = "0.11.1", optional = true }

 # cookie handling for sticky cookie
-chrono = { version = "0.4.28", default-features = false, features = [
+chrono = { version = "0.4.30", default-features = false, features = [
  "unstable-locales",
  "alloc",
  "clock",