fix: fix a "watch" bug due to docker limitation
This commit is contained in:
		
					parent
					
						
							
								3f78a39b40
							
						
					
				
			
			
				commit
				
					
						ac9451e5e9
					
				
			
		
					 9 changed files with 46 additions and 13 deletions
				
			
		
							
								
								
									
										3
									
								
								.gitignore
									
										
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.gitignore
									
										
									
									
										vendored
									
									
								
							|  | @ -1,7 +1,8 @@ | ||||||
| .vscode | .vscode | ||||||
| .private | .private | ||||||
| docker/log | docker/log | ||||||
| 
 | docker/cache | ||||||
|  | docker/config | ||||||
| 
 | 
 | ||||||
| # Generated by Cargo | # Generated by Cargo | ||||||
| # will have compiled files and executables | # will have compiled files and executables | ||||||
|  |  | ||||||
|  | @ -247,7 +247,9 @@ There are only several docker-specific environment variables. | ||||||
| - `LOG_TO_FILE=true|false`: Enable logging to the log file `/rpxy/log/rpxy.log` using `logrotate`. You should mount `/rpxy/log` via docker volume option if enabled. The log dir and file will be owned by the `HOST_USER` with `HOST_UID:HOST_GID` on the host machine. Hence, `HOST_USER`, `HOST_UID` and `HOST_GID` should be the same as ones of the user who executes the `rpxy` docker container on the host. | - `LOG_TO_FILE=true|false`: Enable logging to the log file `/rpxy/log/rpxy.log` using `logrotate`. You should mount `/rpxy/log` via docker volume option if enabled. The log dir and file will be owned by the `HOST_USER` with `HOST_UID:HOST_GID` on the host machine. Hence, `HOST_USER`, `HOST_UID` and `HOST_GID` should be the same as ones of the user who executes the `rpxy` docker container on the host. | ||||||
| - `WATCH=true|false` (default: `false`): Activate continuous watching of the config file if true. | - `WATCH=true|false` (default: `false`): Activate continuous watching of the config file if true. | ||||||
| 
 | 
 | ||||||
| Other than them, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container. | Then, all you need is to mount your `config.toml` as `/etc/rpxy.toml` and certificates/private keys as you like through the docker volume option. **If `WATCH=true`, You need to mount a directory, e.g., `./rpxy-config/`, including `rpxy.toml` on `/rpxy/config` instead of a file to correctly track file changes**. This is a docker limitation. Even if `WATCH=false`, you can mount the dir onto `/rpxy/config` rather than `/etc/rpxy.toml`. A file mounted on `/etc/rpxy` is prioritized over a dir mounted on `/rpxy/config`. | ||||||
|  | 
 | ||||||
|  | See [`docker/docker-compose.yml`](./docker/docker-compose.yml) for the detailed configuration. Note that the file path of keys and certificates must be ones in your docker container. | ||||||
| 
 | 
 | ||||||
| ## Example | ## Example | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -57,7 +57,9 @@ RUN apt-get update && \ | ||||||
|   find / -type d -path /proc -prune -o -type f -perm /u+s -ignore_readdir_race -exec chmod u-s {} \; && \ |   find / -type d -path /proc -prune -o -type f -perm /u+s -ignore_readdir_race -exec chmod u-s {} \; && \ | ||||||
|   find / -type d -path /proc -prune -o -type f -perm /g+s -ignore_readdir_race -exec chmod g-s {} \; && \ |   find / -type d -path /proc -prune -o -type f -perm /g+s -ignore_readdir_race -exec chmod g-s {} \; && \ | ||||||
|   mkdir -p /rpxy/bin &&\ |   mkdir -p /rpxy/bin &&\ | ||||||
|   mkdir -p /rpxy/log |   mkdir -p /rpxy/log &&\ | ||||||
|  |   mkdir -p /rpxy/cache &&\ | ||||||
|  |   mkdir -p /rpxy/config | ||||||
| 
 | 
 | ||||||
| COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy | COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy | ||||||
| COPY ./docker/run.sh /rpxy | COPY ./docker/run.sh /rpxy | ||||||
|  |  | ||||||
|  | @ -38,7 +38,9 @@ RUN apk add --no-cache ${RUNTIME_DEPS} && \ | ||||||
|   find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \ |   find / -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; && \ | ||||||
|   find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \ |   find / -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; && \ | ||||||
|   mkdir -p /rpxy/bin &&\ |   mkdir -p /rpxy/bin &&\ | ||||||
|   mkdir -p /rpxy/log |   mkdir -p /rpxy/log &&\ | ||||||
|  |   mkdir -p /rpxy/cache &&\ | ||||||
|  |   mkdir -p /rpxy/config | ||||||
| 
 | 
 | ||||||
| COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy | COPY --from=builder /tmp/target/release/rpxy /rpxy/bin/rpxy | ||||||
| COPY ./docker/run.sh /rpxy | COPY ./docker/run.sh /rpxy | ||||||
|  |  | ||||||
|  | @ -28,7 +28,11 @@ services: | ||||||
|     tty: false |     tty: false | ||||||
|     privileged: true |     privileged: true | ||||||
|     volumes: |     volumes: | ||||||
|       - ./log:/rpxy/log |       - ./log:/rpxy/log:rw | ||||||
|  |       - ./cache:/rpxy/cache:rw | ||||||
|       - ../example-certs/server.crt:/certs/server.crt:ro |       - ../example-certs/server.crt:/certs/server.crt:ro | ||||||
|       - ../example-certs/server.key:/certs/server.key:ro |       - ../example-certs/server.key:/certs/server.key:ro | ||||||
|       - ../config-example.toml:/etc/rpxy.toml:ro |       - ../config-example.toml:/etc/rpxy/rpxy.toml:ro | ||||||
|  |       # NOTE: To correctly enable "watch" in docker, | ||||||
|  |       # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker ** | ||||||
|  |       # e.g, - ./rpxy-config:/rpxy/config | ||||||
|  |  | ||||||
|  | @ -28,7 +28,11 @@ services: | ||||||
|     tty: false |     tty: false | ||||||
|     privileged: true |     privileged: true | ||||||
|     volumes: |     volumes: | ||||||
|       - ./log:/rpxy/log |       - ./log:/rpxy/log:rw | ||||||
|  |       - ./cache:/rpxy/cache:rw | ||||||
|       - ../example-certs/server.crt:/certs/server.crt:ro |       - ../example-certs/server.crt:/certs/server.crt:ro | ||||||
|       - ../example-certs/server.key:/certs/server.key:ro |       - ../example-certs/server.key:/certs/server.key:ro | ||||||
|       - ../config-example.toml:/etc/rpxy.toml:ro |       - ../config-example.toml:/etc/rpxy.toml:ro | ||||||
|  |       # NOTE: To correctly enable "watch" in docker, | ||||||
|  |       # ** you should mount not a file but a dir mapped to /rpxy/config including "rpxy.toml" due to the limitation of docker ** | ||||||
|  |       # e.g, - ./rpxy-config:/rpxy/config | ||||||
|  |  | ||||||
|  | @ -9,6 +9,10 @@ USER=${HOST_USER:-rpxy} | ||||||
| USER_ID=${HOST_UID:-900} | USER_ID=${HOST_UID:-900} | ||||||
| GROUP_ID=${HOST_GID:-900} | GROUP_ID=${HOST_GID:-900} | ||||||
| 
 | 
 | ||||||
|  | CONFIG_FILE=/etc/rpxy.toml | ||||||
|  | CONFIG_DIR=/rpxy/config | ||||||
|  | CONFIG_FILE_IN_DIR=${CONFIG_FILENAME:-rpxy.toml} | ||||||
|  | 
 | ||||||
| ####################################### | ####################################### | ||||||
| # Setup logrotate | # Setup logrotate | ||||||
| function setup_logrotate () { | function setup_logrotate () { | ||||||
|  | @ -132,9 +136,23 @@ if [ $(id -u ${USER}) -ne ${USER_ID} -a $(id -g ${USER}) -ne ${GROUP_ID} ]; then | ||||||
| fi | fi | ||||||
| 
 | 
 | ||||||
| # Change permission according to the given user | # Change permission according to the given user | ||||||
| chown -R ${USER_ID}:${USER_ID} /rpxy | # except for the config dir that possibly get mounted with read-only | ||||||
|  | find /rpxy -path ${CONFIG_DIR} -prune -o -exec chown ${USER_ID}:${USER_ID} {} + | ||||||
|  | 
 | ||||||
|  | # Check the config file existence | ||||||
|  | if [[ ! -f ${CONFIG_FILE} ]]; then | ||||||
|  |   if [[ ! -f ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ]]; then | ||||||
|  |     echo "No config file is given. Mount a config dir or file." | ||||||
|  |     exit 1 | ||||||
|  |   fi | ||||||
|  |   echo "rpxy: config file: ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR}" | ||||||
|  |   ln -s ${CONFIG_DIR}/${CONFIG_FILE_IN_DIR} ${CONFIG_FILE} | ||||||
|  | else | ||||||
|  |   echo "rpxy: config file: ${CONFIG_FILE}" | ||||||
|  | fi | ||||||
| 
 | 
 | ||||||
| # Run rpxy | # Run rpxy | ||||||
|  | cd /rpxy | ||||||
| echo "rpxy: Start with user: ${USER} (${USER_ID}:${GROUP_ID})" | echo "rpxy: Start with user: ${USER} (${USER_ID}:${GROUP_ID})" | ||||||
| if "${LOGGING}"; then | if "${LOGGING}"; then | ||||||
|   echo "rpxy: Start with writing log file" |   echo "rpxy: Start with writing log file" | ||||||
|  |  | ||||||
|  | @ -39,7 +39,7 @@ mimalloc = { version = "*", default-features = false } | ||||||
| 
 | 
 | ||||||
| # config | # config | ||||||
| clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] } | clap = { version = "4.4.2", features = ["std", "cargo", "wrap_help"] } | ||||||
| toml = { version = "0.7.6", default-features = false, features = ["parse"] } | toml = { version = "0.7.8", default-features = false, features = ["parse"] } | ||||||
| hot_reload = "0.1.4" | hot_reload = "0.1.4" | ||||||
| 
 | 
 | ||||||
| # logging | # logging | ||||||
|  |  | ||||||
|  | @ -21,7 +21,7 @@ cache = ["http-cache-semantics", "lru"] | ||||||
| [dependencies] | [dependencies] | ||||||
| rand = "0.8.5" | rand = "0.8.5" | ||||||
| rustc-hash = "1.1.0" | rustc-hash = "1.1.0" | ||||||
| bytes = "1.4.0" | bytes = "1.5.0" | ||||||
| derive_builder = "0.12.0" | derive_builder = "0.12.0" | ||||||
| futures = { version = "0.3.28", features = ["alloc", "async-await"] } | futures = { version = "0.3.28", features = ["alloc", "async-await"] } | ||||||
| tokio = { version = "1.32.0", default-features = false, features = [ | tokio = { version = "1.32.0", default-features = false, features = [ | ||||||
|  | @ -37,7 +37,7 @@ hot_reload = "0.1.4" # reloading certs | ||||||
| 
 | 
 | ||||||
| # Error handling | # Error handling | ||||||
| anyhow = "1.0.75" | anyhow = "1.0.75" | ||||||
| thiserror = "1.0.47" | thiserror = "1.0.48" | ||||||
| 
 | 
 | ||||||
| # http and tls | # http and tls | ||||||
| hyper = { version = "0.14.27", default-features = false, features = [ | hyper = { version = "0.14.27", default-features = false, features = [ | ||||||
|  | @ -76,10 +76,10 @@ s2n-quic-rustls = { path = "../submodules/s2n-quic/quic/s2n-quic-rustls/", optio | ||||||
| 
 | 
 | ||||||
| # cache | # cache | ||||||
| http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true } | http-cache-semantics = { path = "../submodules/rusty-http-cache-semantics/", optional = true } | ||||||
| lru = { version = "0.11.0", optional = true } | lru = { version = "0.11.1", optional = true } | ||||||
| 
 | 
 | ||||||
| # cookie handling for sticky cookie | # cookie handling for sticky cookie | ||||||
| chrono = { version = "0.4.28", default-features = false, features = [ | chrono = { version = "0.4.30", default-features = false, features = [ | ||||||
|   "unstable-locales", |   "unstable-locales", | ||||||
|   "alloc", |   "alloc", | ||||||
|   "clock", |   "clock", | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Jun Kurihara
				Jun Kurihara