Compare commits

..

7 commits

10 changed files with 2367 additions and 1556 deletions

View file

@ -1,9 +1,10 @@
--- when:
kind: pipeline event:
name: default - push
- pull_request
node: - tag
nix-daemon: 1 - cron
- manual
steps: steps:
- name: check formatting - name: check formatting
@ -23,18 +24,3 @@ steps:
commands: commands:
- nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#test.x86_64-linux.tricot - nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#test.x86_64-linux.tricot
- ./result-bin/bin/tricot-* - ./result-bin/bin/tricot-*
trigger:
event:
- custom
- push
- pull_request
- tag
- cron
---
kind: signature
hmac: 49cde53ec25364cc3b3f041092c8e658fe9252342253757d86814ca12d5cb0f7
...

1341
Cargo.lock generated

File diff suppressed because it is too large Load diff

2405
Cargo.nix

File diff suppressed because it is too large Load diff

View file

@ -38,9 +38,11 @@ opentelemetry = "0.20"
opentelemetry-prometheus = "0.13" opentelemetry-prometheus = "0.13"
prometheus = "0.13" prometheus = "0.13"
df-consul = "0.3.5" df-consul = "0.3.5"
tikv-jemallocator = { version = "0.5", features = ["profiling"] }
tikv-jemalloc-ctl = "0.5" dhat = { version = "0.3", optional = true }
common-mem-prof = { git = "https://github.com/GreptimeTeam/greptimedb", rev = "fcff66e03904d80aacb91b8edd4e15240161d264" }
[profile.release] [profile.release]
debug = 1 debug = 1
[features]
dhat-heap = [ "dhat" ]

View file

@ -1,6 +1,6 @@
# Tricot # Tricot
[![Build Status](https://drone.deuxfleurs.fr/api/badges/Deuxfleurs/tricot/status.svg)](https://drone.deuxfleurs.fr/Deuxfleurs/tricot) [![status-badge](https://woodpecker.deuxfleurs.fr/api/badges/36/status.svg)](https://woodpecker.deuxfleurs.fr/repos/36)
Tricot is a reverse-proxy for exposing your services via TLS that integrates well with Consul and Nomad. Tricot is a reverse-proxy for exposing your services via TLS that integrates well with Consul and Nomad.

View file

@ -10,17 +10,17 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1666087781, "lastModified": 1713199118,
"narHash": "sha256-trKVdjMZ8mNkGfLcY5LsJJGtdV3xJDZnMVrkFjErlcs=", "narHash": "sha256-MlLdAvk+zXCFUy280sY6LqtykqWXIkKVXo72J7a6HlU=",
"owner": "Alexis211", "owner": "cargo2nix",
"repo": "cargo2nix", "repo": "cargo2nix",
"rev": "a7a61179b66054904ef6a195d8da736eaaa06c36", "rev": "1efb03f2f794ad5eed17e807e858c4da001dbc3e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Alexis211", "owner": "cargo2nix",
"repo": "cargo2nix", "repo": "cargo2nix",
"rev": "a7a61179b66054904ef6a195d8da736eaaa06c36", "rev": "1efb03f2f794ad5eed17e807e858c4da001dbc3e",
"type": "github" "type": "github"
} }
}, },
@ -55,93 +55,47 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1696234590, "lastModified": 1731094700,
"narHash": "sha256-mgOzQYTvaTT4bFopVOadlndy2RPwLy60rDjIWOGujwo=", "narHash": "sha256-lSiVjHP7sgnCt2hZabnq+tCLmBerDKmAdd2CS6BrBjw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f902cb49892d300ff15cb237e48aa1cad79d68c3", "rev": "551ba0fa7653afb9d590db225c3bcbccf68931c0",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1665657542,
"narHash": "sha256-mojxNyzbvmp8NtVtxqiHGhRfjCALLfk9i/Uup68Y5q8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a3073c49bc0163fea6a121c276f526837672b555",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a3073c49bc0163fea6a121c276f526837672b555", "rev": "551ba0fa7653afb9d590db225c3bcbccf68931c0",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"cargo2nix": "cargo2nix", "cargo2nix": "cargo2nix",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "nixpkgs": [
"nixpkgs": "nixpkgs" "cargo2nix",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1682389182, "lastModified": 1731032894,
"narHash": "sha256-8t2nmFnH+8V48+IJsf8AK51ebXNlVbOSVYOpiqJKvJE=", "narHash": "sha256-dQSyYPmrQiPr+PGEd+K8038rubFGz7G/dNXVeaGWE0w=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "74f1a64dd28faeeb85ef081f32cad2989850322c", "rev": "d52f2a4c103a0acf09ded857b9e2519ae2360e59",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"type": "github" "rev": "d52f2a4c103a0acf09ded857b9e2519ae2360e59",
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github" "type": "github"
} }
} }

View file

@ -1,31 +1,43 @@
{ {
description = "A very basic flake"; description = "Tricot, a reverse proxy with consul integration";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/a3073c49bc0163fea6a121c276f526837672b555"; # Nixpkgs 24.05 as of 2024-11-08, has rustc v1.77.2
inputs.nixpkgs.url =
"github:NixOS/nixpkgs/551ba0fa7653afb9d590db225c3bcbccf68931c0";
inputs.cargo2nix = { inputs.cargo2nix = {
# As of 2022-10-18: two small patches over unstable branch, one for clippy and one to fix feature detection # cargo2nix as of 2024-04-25
url = "github:Alexis211/cargo2nix/a7a61179b66054904ef6a195d8da736eaaa06c36"; # NB: upgrading to a more recent commit of cargo2nix will not work (as of 2024-11-08),
# because the patch making openssl-sys cross-compilation work has been reverted.
# (patch: https://github.com/cargo2nix/cargo2nix/pull/237,
# revert: https://github.com/cargo2nix/cargo2nix/commit/cfd086deb565314f3a11b5bb25807a3ce17315d4)
url = "github:cargo2nix/cargo2nix/1efb03f2f794ad5eed17e807e858c4da001dbc3e";
# Rust overlay as of 2023-04-25 # Rust overlay as of 2024-11-08
inputs.rust-overlay.url = inputs.rust-overlay.url =
"github:oxalica/rust-overlay/74f1a64dd28faeeb85ef081f32cad2989850322c"; "github:oxalica/rust-overlay/d52f2a4c103a0acf09ded857b9e2519ae2360e59";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, cargo2nix }: outputs = { self, nixpkgs, cargo2nix }:
let let
targetHost = "x86_64-unknown-linux-musl";
pkgs = import nixpkgs { pkgs = import nixpkgs {
system = "x86_64-linux"; system = "x86_64-linux";
crossSystem = {
config = targetHost;
isStatic = true;
};
overlays = [ cargo2nix.overlays.default ]; overlays = [ cargo2nix.overlays.default ];
}; };
packageFun = import ./Cargo.nix; packageFun = import ./Cargo.nix;
rustVersion = "1.68.0"; rustVersion = "1.77.2";
compile = args: compileMode: compile = args: compileMode:
let let
packageSet = pkgs.rustBuilder.makePackageSet ({ packageSet = pkgs.rustBuilder.makePackageSet ({
inherit packageFun rustVersion; inherit packageFun rustVersion;
target = targetHost;
} // args); } // args);
in in
packageSet.workspace.tricot { packageSet.workspace.tricot {
@ -37,5 +49,13 @@
debug.x86_64-linux.tricot = compile { release = false; } "build"; debug.x86_64-linux.tricot = compile { release = false; } "build";
packages.x86_64-linux.tricot = compile { release = true; } "build"; packages.x86_64-linux.tricot = compile { release = true; } "build";
packages.x86_64-linux.default = self.packages.x86_64-linux.tricot; packages.x86_64-linux.default = self.packages.x86_64-linux.tricot;
docker = pkgs.dockerTools.buildImage {
name = "tricot";
config = {
contents = [ pkgs.cacert ];
Cmd = [ "${self.packages.x86_64-linux.default}/bin/tricot" ];
};
};
}; };
} }

View file

@ -371,8 +371,8 @@ async fn do_proxy(
reverse_proxy::call(remote_addr.ip(), &to_addr, req).await? reverse_proxy::call(remote_addr.ip(), &to_addr, req).await?
}; };
if response.status().is_success() { if response.status().is_success() || response.status().is_redirection() {
// (TODO: maybe we want to add these headers even if it's not a success?) // (TODO: maybe we want to add these headers even if it's not a success or redirection?)
for (header, value) in proxy_to.add_headers.iter() { for (header, value) in proxy_to.add_headers.iter() {
response.headers_mut().insert( response.headers_mut().insert(
HeaderName::from_bytes(header.as_bytes())?, HeaderName::from_bytes(header.as_bytes())?,

View file

@ -24,12 +24,9 @@ mod tls_util;
pub use df_consul as consul; pub use df_consul as consul;
use proxy_config::ProxyConfig; use proxy_config::ProxyConfig;
#[cfg(not(target_env = "msvc"))] #[cfg(feature = "dhat-heap")]
use tikv_jemallocator::Jemalloc;
#[cfg(not(target_env = "msvc"))]
#[global_allocator] #[global_allocator]
static GLOBAL: Jemalloc = Jemalloc; static ALLOC: dhat::Alloc = dhat::Alloc;
#[derive(StructOpt, Debug)] #[derive(StructOpt, Debug)]
#[structopt(name = "tricot")] #[structopt(name = "tricot")]
@ -113,7 +110,6 @@ struct Opt {
pub warmup_cert_memory_store: bool, pub warmup_cert_memory_store: bool,
} }
#[tokio::main(flavor = "multi_thread", worker_threads = 10)] #[tokio::main(flavor = "multi_thread", worker_threads = 10)]
async fn main() { async fn main() {
#[cfg(feature = "dhat-heap")] #[cfg(feature = "dhat-heap")]
@ -136,6 +132,7 @@ async fn main() {
let opt = Opt::from_args(); let opt = Opt::from_args();
info!("Starting Tricot"); info!("Starting Tricot");
println!("Starting Tricot");
let (exit_signal, provoke_exit) = watch_ctrl_c(); let (exit_signal, provoke_exit) = watch_ctrl_c();
let exit_on_err = move |err: anyhow::Error| { let exit_on_err = move |err: anyhow::Error| {
@ -216,7 +213,6 @@ async fn main() {
let dump_task = tokio::spawn(dump_config_on_change(rx_proxy_config, exit_signal.clone())); let dump_task = tokio::spawn(dump_config_on_change(rx_proxy_config, exit_signal.clone()));
metrics_task.await.expect("Tokio task await failure"); metrics_task.await.expect("Tokio task await failure");
http_task.await.expect("Tokio task await failure"); http_task.await.expect("Tokio task await failure");
https_task.await.expect("Tokio task await failure"); https_task.await.expect("Tokio task await failure");

View file

@ -70,11 +70,6 @@ impl MetricsServer {
debug!("{} {}", req.method(), req.uri()); debug!("{} {}", req.method(), req.uri());
let response = match (req.method(), req.uri().path()) { let response = match (req.method(), req.uri().path()) {
(&Method::GET, "/hprof") => {
let buff = common_mem_prof::dump_profile().await.unwrap();
tokio::fs::write("memdump.hprof", buff).await.unwrap();
Response::builder().status(204).body(Body::from(vec![])).unwrap()
},
(&Method::GET, "/metrics") => { (&Method::GET, "/metrics") => {
let mut buffer = vec![]; let mut buffer = vec![];
let encoder = TextEncoder::new(); let encoder = TextEncoder::new();