forked from Deuxfleurs/tricot
Compare commits
7 commits
do-not-mer
...
main
Author | SHA1 | Date | |
---|---|---|---|
2a679f97b6 | |||
|
e89f3b67bd | ||
7540b03cf6 | |||
|
408c77d5b9 | ||
|
d20f819582 | ||
9bb505d977 | |||
dff06115cc |
10 changed files with 2367 additions and 1556 deletions
|
@ -1,9 +1,10 @@
|
||||||
---
|
when:
|
||||||
kind: pipeline
|
event:
|
||||||
name: default
|
- push
|
||||||
|
- pull_request
|
||||||
node:
|
- tag
|
||||||
nix-daemon: 1
|
- cron
|
||||||
|
- manual
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: check formatting
|
- name: check formatting
|
||||||
|
@ -23,18 +24,3 @@ steps:
|
||||||
commands:
|
commands:
|
||||||
- nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#test.x86_64-linux.tricot
|
- nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#test.x86_64-linux.tricot
|
||||||
- ./result-bin/bin/tricot-*
|
- ./result-bin/bin/tricot-*
|
||||||
|
|
||||||
trigger:
|
|
||||||
event:
|
|
||||||
- custom
|
|
||||||
- push
|
|
||||||
- pull_request
|
|
||||||
- tag
|
|
||||||
- cron
|
|
||||||
|
|
||||||
|
|
||||||
---
|
|
||||||
kind: signature
|
|
||||||
hmac: 49cde53ec25364cc3b3f041092c8e658fe9252342253757d86814ca12d5cb0f7
|
|
||||||
|
|
||||||
...
|
|
1341
Cargo.lock
generated
1341
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
|
@ -38,9 +38,11 @@ opentelemetry = "0.20"
|
||||||
opentelemetry-prometheus = "0.13"
|
opentelemetry-prometheus = "0.13"
|
||||||
prometheus = "0.13"
|
prometheus = "0.13"
|
||||||
df-consul = "0.3.5"
|
df-consul = "0.3.5"
|
||||||
tikv-jemallocator = { version = "0.5", features = ["profiling"] }
|
|
||||||
tikv-jemalloc-ctl = "0.5"
|
dhat = { version = "0.3", optional = true }
|
||||||
common-mem-prof = { git = "https://github.com/GreptimeTeam/greptimedb", rev = "fcff66e03904d80aacb91b8edd4e15240161d264" }
|
|
||||||
|
|
||||||
[profile.release]
|
[profile.release]
|
||||||
debug = 1
|
debug = 1
|
||||||
|
|
||||||
|
[features]
|
||||||
|
dhat-heap = [ "dhat" ]
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Tricot
|
# Tricot
|
||||||
|
|
||||||
[![Build Status](https://drone.deuxfleurs.fr/api/badges/Deuxfleurs/tricot/status.svg)](https://drone.deuxfleurs.fr/Deuxfleurs/tricot)
|
[![status-badge](https://woodpecker.deuxfleurs.fr/api/badges/36/status.svg)](https://woodpecker.deuxfleurs.fr/repos/36)
|
||||||
|
|
||||||
Tricot is a reverse-proxy for exposing your services via TLS that integrates well with Consul and Nomad.
|
Tricot is a reverse-proxy for exposing your services via TLS that integrates well with Consul and Nomad.
|
||||||
|
|
||||||
|
|
84
flake.lock
84
flake.lock
|
@ -10,17 +10,17 @@
|
||||||
"rust-overlay": "rust-overlay"
|
"rust-overlay": "rust-overlay"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1666087781,
|
"lastModified": 1713199118,
|
||||||
"narHash": "sha256-trKVdjMZ8mNkGfLcY5LsJJGtdV3xJDZnMVrkFjErlcs=",
|
"narHash": "sha256-MlLdAvk+zXCFUy280sY6LqtykqWXIkKVXo72J7a6HlU=",
|
||||||
"owner": "Alexis211",
|
"owner": "cargo2nix",
|
||||||
"repo": "cargo2nix",
|
"repo": "cargo2nix",
|
||||||
"rev": "a7a61179b66054904ef6a195d8da736eaaa06c36",
|
"rev": "1efb03f2f794ad5eed17e807e858c4da001dbc3e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "Alexis211",
|
"owner": "cargo2nix",
|
||||||
"repo": "cargo2nix",
|
"repo": "cargo2nix",
|
||||||
"rev": "a7a61179b66054904ef6a195d8da736eaaa06c36",
|
"rev": "1efb03f2f794ad5eed17e807e858c4da001dbc3e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -55,93 +55,47 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_2": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1694529238,
|
|
||||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696234590,
|
"lastModified": 1731094700,
|
||||||
"narHash": "sha256-mgOzQYTvaTT4bFopVOadlndy2RPwLy60rDjIWOGujwo=",
|
"narHash": "sha256-lSiVjHP7sgnCt2hZabnq+tCLmBerDKmAdd2CS6BrBjw=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "f902cb49892d300ff15cb237e48aa1cad79d68c3",
|
"rev": "551ba0fa7653afb9d590db225c3bcbccf68931c0",
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixpkgs-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1665657542,
|
|
||||||
"narHash": "sha256-mojxNyzbvmp8NtVtxqiHGhRfjCALLfk9i/Uup68Y5q8=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "a3073c49bc0163fea6a121c276f526837672b555",
|
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a3073c49bc0163fea6a121c276f526837672b555",
|
"rev": "551ba0fa7653afb9d590db225c3bcbccf68931c0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"cargo2nix": "cargo2nix",
|
"cargo2nix": "cargo2nix",
|
||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": "nixpkgs"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"rust-overlay": {
|
"rust-overlay": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_2",
|
"nixpkgs": [
|
||||||
"nixpkgs": "nixpkgs"
|
"cargo2nix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682389182,
|
"lastModified": 1731032894,
|
||||||
"narHash": "sha256-8t2nmFnH+8V48+IJsf8AK51ebXNlVbOSVYOpiqJKvJE=",
|
"narHash": "sha256-dQSyYPmrQiPr+PGEd+K8038rubFGz7G/dNXVeaGWE0w=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "74f1a64dd28faeeb85ef081f32cad2989850322c",
|
"rev": "d52f2a4c103a0acf09ded857b9e2519ae2360e59",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"type": "github"
|
"rev": "d52f2a4c103a0acf09ded857b9e2519ae2360e59",
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
34
flake.nix
34
flake.nix
|
@ -1,31 +1,43 @@
|
||||||
{
|
{
|
||||||
description = "A very basic flake";
|
description = "Tricot, a reverse proxy with consul integration";
|
||||||
|
|
||||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/a3073c49bc0163fea6a121c276f526837672b555";
|
# Nixpkgs 24.05 as of 2024-11-08, has rustc v1.77.2
|
||||||
|
inputs.nixpkgs.url =
|
||||||
|
"github:NixOS/nixpkgs/551ba0fa7653afb9d590db225c3bcbccf68931c0";
|
||||||
inputs.cargo2nix = {
|
inputs.cargo2nix = {
|
||||||
# As of 2022-10-18: two small patches over unstable branch, one for clippy and one to fix feature detection
|
# cargo2nix as of 2024-04-25
|
||||||
url = "github:Alexis211/cargo2nix/a7a61179b66054904ef6a195d8da736eaaa06c36";
|
# NB: upgrading to a more recent commit of cargo2nix will not work (as of 2024-11-08),
|
||||||
|
# because the patch making openssl-sys cross-compilation work has been reverted.
|
||||||
|
# (patch: https://github.com/cargo2nix/cargo2nix/pull/237,
|
||||||
|
# revert: https://github.com/cargo2nix/cargo2nix/commit/cfd086deb565314f3a11b5bb25807a3ce17315d4)
|
||||||
|
url = "github:cargo2nix/cargo2nix/1efb03f2f794ad5eed17e807e858c4da001dbc3e";
|
||||||
|
|
||||||
# Rust overlay as of 2023-04-25
|
# Rust overlay as of 2024-11-08
|
||||||
inputs.rust-overlay.url =
|
inputs.rust-overlay.url =
|
||||||
"github:oxalica/rust-overlay/74f1a64dd28faeeb85ef081f32cad2989850322c";
|
"github:oxalica/rust-overlay/d52f2a4c103a0acf09ded857b9e2519ae2360e59";
|
||||||
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, cargo2nix }:
|
outputs = { self, nixpkgs, cargo2nix }:
|
||||||
let
|
let
|
||||||
|
targetHost = "x86_64-unknown-linux-musl";
|
||||||
pkgs = import nixpkgs {
|
pkgs = import nixpkgs {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
crossSystem = {
|
||||||
|
config = targetHost;
|
||||||
|
isStatic = true;
|
||||||
|
};
|
||||||
overlays = [ cargo2nix.overlays.default ];
|
overlays = [ cargo2nix.overlays.default ];
|
||||||
};
|
};
|
||||||
packageFun = import ./Cargo.nix;
|
packageFun = import ./Cargo.nix;
|
||||||
rustVersion = "1.68.0";
|
rustVersion = "1.77.2";
|
||||||
|
|
||||||
compile = args: compileMode:
|
compile = args: compileMode:
|
||||||
let
|
let
|
||||||
packageSet = pkgs.rustBuilder.makePackageSet ({
|
packageSet = pkgs.rustBuilder.makePackageSet ({
|
||||||
inherit packageFun rustVersion;
|
inherit packageFun rustVersion;
|
||||||
|
target = targetHost;
|
||||||
} // args);
|
} // args);
|
||||||
in
|
in
|
||||||
packageSet.workspace.tricot {
|
packageSet.workspace.tricot {
|
||||||
|
@ -37,5 +49,13 @@
|
||||||
debug.x86_64-linux.tricot = compile { release = false; } "build";
|
debug.x86_64-linux.tricot = compile { release = false; } "build";
|
||||||
packages.x86_64-linux.tricot = compile { release = true; } "build";
|
packages.x86_64-linux.tricot = compile { release = true; } "build";
|
||||||
packages.x86_64-linux.default = self.packages.x86_64-linux.tricot;
|
packages.x86_64-linux.default = self.packages.x86_64-linux.tricot;
|
||||||
|
|
||||||
|
docker = pkgs.dockerTools.buildImage {
|
||||||
|
name = "tricot";
|
||||||
|
config = {
|
||||||
|
contents = [ pkgs.cacert ];
|
||||||
|
Cmd = [ "${self.packages.x86_64-linux.default}/bin/tricot" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -371,8 +371,8 @@ async fn do_proxy(
|
||||||
reverse_proxy::call(remote_addr.ip(), &to_addr, req).await?
|
reverse_proxy::call(remote_addr.ip(), &to_addr, req).await?
|
||||||
};
|
};
|
||||||
|
|
||||||
if response.status().is_success() {
|
if response.status().is_success() || response.status().is_redirection() {
|
||||||
// (TODO: maybe we want to add these headers even if it's not a success?)
|
// (TODO: maybe we want to add these headers even if it's not a success or redirection?)
|
||||||
for (header, value) in proxy_to.add_headers.iter() {
|
for (header, value) in proxy_to.add_headers.iter() {
|
||||||
response.headers_mut().insert(
|
response.headers_mut().insert(
|
||||||
HeaderName::from_bytes(header.as_bytes())?,
|
HeaderName::from_bytes(header.as_bytes())?,
|
||||||
|
|
12
src/main.rs
12
src/main.rs
|
@ -24,12 +24,9 @@ mod tls_util;
|
||||||
pub use df_consul as consul;
|
pub use df_consul as consul;
|
||||||
use proxy_config::ProxyConfig;
|
use proxy_config::ProxyConfig;
|
||||||
|
|
||||||
#[cfg(not(target_env = "msvc"))]
|
#[cfg(feature = "dhat-heap")]
|
||||||
use tikv_jemallocator::Jemalloc;
|
|
||||||
|
|
||||||
#[cfg(not(target_env = "msvc"))]
|
|
||||||
#[global_allocator]
|
#[global_allocator]
|
||||||
static GLOBAL: Jemalloc = Jemalloc;
|
static ALLOC: dhat::Alloc = dhat::Alloc;
|
||||||
|
|
||||||
#[derive(StructOpt, Debug)]
|
#[derive(StructOpt, Debug)]
|
||||||
#[structopt(name = "tricot")]
|
#[structopt(name = "tricot")]
|
||||||
|
@ -113,7 +110,6 @@ struct Opt {
|
||||||
pub warmup_cert_memory_store: bool,
|
pub warmup_cert_memory_store: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#[tokio::main(flavor = "multi_thread", worker_threads = 10)]
|
#[tokio::main(flavor = "multi_thread", worker_threads = 10)]
|
||||||
async fn main() {
|
async fn main() {
|
||||||
#[cfg(feature = "dhat-heap")]
|
#[cfg(feature = "dhat-heap")]
|
||||||
|
@ -136,6 +132,7 @@ async fn main() {
|
||||||
let opt = Opt::from_args();
|
let opt = Opt::from_args();
|
||||||
|
|
||||||
info!("Starting Tricot");
|
info!("Starting Tricot");
|
||||||
|
println!("Starting Tricot");
|
||||||
|
|
||||||
let (exit_signal, provoke_exit) = watch_ctrl_c();
|
let (exit_signal, provoke_exit) = watch_ctrl_c();
|
||||||
let exit_on_err = move |err: anyhow::Error| {
|
let exit_on_err = move |err: anyhow::Error| {
|
||||||
|
@ -214,8 +211,7 @@ async fn main() {
|
||||||
.then(|_| async { info!("HTTPS server exited") }),
|
.then(|_| async { info!("HTTPS server exited") }),
|
||||||
);
|
);
|
||||||
|
|
||||||
let dump_task = tokio::spawn(dump_config_on_change(rx_proxy_config, exit_signal.clone()));
|
let dump_task = tokio::spawn(dump_config_on_change(rx_proxy_config, exit_signal.clone()));
|
||||||
|
|
||||||
|
|
||||||
metrics_task.await.expect("Tokio task await failure");
|
metrics_task.await.expect("Tokio task await failure");
|
||||||
http_task.await.expect("Tokio task await failure");
|
http_task.await.expect("Tokio task await failure");
|
||||||
|
|
|
@ -70,11 +70,6 @@ impl MetricsServer {
|
||||||
debug!("{} {}", req.method(), req.uri());
|
debug!("{} {}", req.method(), req.uri());
|
||||||
|
|
||||||
let response = match (req.method(), req.uri().path()) {
|
let response = match (req.method(), req.uri().path()) {
|
||||||
(&Method::GET, "/hprof") => {
|
|
||||||
let buff = common_mem_prof::dump_profile().await.unwrap();
|
|
||||||
tokio::fs::write("memdump.hprof", buff).await.unwrap();
|
|
||||||
Response::builder().status(204).body(Body::from(vec![])).unwrap()
|
|
||||||
},
|
|
||||||
(&Method::GET, "/metrics") => {
|
(&Method::GET, "/metrics") => {
|
||||||
let mut buffer = vec![];
|
let mut buffer = vec![];
|
||||||
let encoder = TextEncoder::new();
|
let encoder = TextEncoder::new();
|
||||||
|
|
Loading…
Reference in a new issue