fix: allow https and http addresses to be provided via configuration

luizfonseca · Jan 4, 2025 · bb52d17 · bb52d17
1 parent 6e11bc9
commit bb52d17
Show file tree

Hide file tree

Showing 7 changed files with 130 additions and 42 deletions.
diff --git a/crates/proksi/src/config/mod.rs b/crates/proksi/src/config/mod.rs
@@ -484,6 +484,27 @@ impl Default for AutoReload {
     }
 }
 
+#[derive(Debug, Serialize, Deserialize, Parser)]
+pub struct ServerConfig {
+    /// The address to bind the HTTPS server to.
+    #[arg(
+        long = "server.https_address",
+        required = false,
+        value_parser,
+        default_value = "0.0.0.0:443"
+    )]
+    pub https_address: Option<Cow<'static, str>>,
+
+    /// The address used to solve challenges (only HTTP)
+    #[arg(
+        long = "server.http_address",
+        required = false,
+        value_parser,
+        default_value = "0.0.0.0:80"
+    )]
+    pub http_address: Option<Cow<'static, str>>,
+}
+
 /// The main configuration struct.
 /// A configuration file (YAML, TOML or through ENV) will be parsed into this struct.
 /// Example:
@@ -535,6 +556,9 @@ pub(crate) struct Config {
     #[clap(short, long, default_value = "proksi")]
     pub service_name: Cow<'static, str>,
 
+    #[command(flatten)]
+    pub server: ServerConfig,
+
     /// Runs the service in the background (daemon mode)
     #[clap(short, long, default_value = "false")]
     pub daemon: bool,
@@ -588,6 +612,10 @@ impl Default for Config {
         Config {
             config_path: Cow::Borrowed("/etc/proksi/config"),
             service_name: Cow::Borrowed("proksi"),
+            server: ServerConfig {
+                https_address: Some(Cow::Borrowed("0.0.0.0:443")),
+                http_address: Some(Cow::Borrowed("0.0.0.0:80")),
+            },
             worker_threads: Some(2),
             upgrade: false,
             daemon: false,
@@ -969,6 +997,12 @@ mod tests {
                 r#"
                 service_name = "hcl-service"
                 worker_threads = 8
+
+                server {
+                    address = "0.0.0.0:443"
+                    http_address = "0.0.0.0:80"
+                }
+
                 docker {
                     enabled = true
                     interval_secs = 30
@@ -989,6 +1023,16 @@ mod tests {
             let proxy_config = config.unwrap();
 
             assert_eq!(proxy_config.service_name, "hcl-service");
+
+            assert_eq!(
+                proxy_config.server.https_address,
+                Some(Cow::Borrowed("0.0.0.0:443"))
+            );
+            assert_eq!(
+                proxy_config.server.http_address,
+                Some(Cow::Borrowed("0.0.0.0:80"))
+            );
+
             assert_eq!(proxy_config.worker_threads, Some(8));
             assert_eq!(proxy_config.docker.enabled, Some(true));
             assert_eq!(proxy_config.docker.interval_secs, Some(30));

diff --git a/crates/proksi/src/main.rs b/crates/proksi/src/main.rs
@@ -64,12 +64,18 @@ fn main() -> Result<(), anyhow::Error> {
     let proxy_config =
         Arc::new(load("/etc/proksi/configs").expect("Failed to load configuration: "));
 
+    let https_address = proxy_config
+        .server
+        .https_address
+        .clone()
+        .unwrap_or_default();
+    let http_address = proxy_config.server.http_address.clone().unwrap_or_default();
+
     // Logging channel
     let (log_sender, log_receiver) = tokio::sync::mpsc::unbounded_channel::<Vec<u8>>();
 
     // Receiver channel for Routes/Certificates/etc
     let (sender, mut _receiver) = tokio::sync::broadcast::channel::<MsgProxy>(10);
-    // let (appender, _guard) = get_non_blocking_writer(&proxy_config);
     let appender = services::logger::ProxyLog::new(
         log_sender,
         proxy_config.logging.enabled,
@@ -118,7 +124,7 @@ fn main() -> Result<(), anyhow::Error> {
     // The router will also handle health checks and failover in case of upstream failure
     let router = proxy_server::https_proxy::Router {};
     let mut https_secure_service = http_proxy_service(&pingora_server.configuration, router);
-    http_public_service.add_tcp("0.0.0.0:80");
+    http_public_service.add_tcp(&http_address);
 
     // Worker threads per configuration
     https_secure_service.threads = proxy_config.worker_threads;
@@ -138,7 +144,7 @@ fn main() -> Result<(), anyhow::Error> {
     tls_settings.set_max_proto_version(Some(pingora::tls::ssl::SslVersion::TLS1_3))?;
 
     // Add TLS settings to the HTTPS service
-    https_secure_service.add_tls_with_settings("0.0.0.0:443", None, tls_settings);
+    https_secure_service.add_tls_with_settings(&https_address, None, tls_settings);
 
     // Add Prometheus service
     // let mut prometheus_service_http = Service::prometheus_http_service();
@@ -155,10 +161,14 @@ fn main() -> Result<(), anyhow::Error> {
     pingora_server.add_service(http_public_service);
     pingora_server.add_service(https_secure_service);
 
+    let server_info = format!(
+        "running HTTPS service on {} and HTTP service on {}",
+        &http_address, &https_address
+    );
     tracing::info!(
         version = crate_version!(),
         workers = proxy_config.worker_threads,
-        "running on :443 and :80"
+        server_info,
     );
 
     pingora_server.run_forever();

diff --git a/examples/example.hcl b/examples/example.hcl
@@ -16,6 +16,20 @@ service_name = "proksi"
 # (and other background services) is single threaded.
 worker_threads = 4
 
+
+# The server block specifies the settings for the HTTP/HTTPS server.
+server {
+  # The address that the server will listen on while serving HTTPS.
+  # This can be a TCP address or a Unix socket.
+  # The default value is "0.0.0.0:443".
+  https_address = "0.0.0.0:443"
+
+  # The address that the server will listen on for HTTP requests.
+  # This can be a TCP address or a Unix socket.
+  # The default value is "0.0.0.0:80".
+  http_address = "0.0.0.0:80"
+}
+
 docker {
   # Whether the Docker integration is enabled
   # (the background service will run and listen for Docker events).
@@ -121,7 +135,7 @@ routes = [
         # network = "public"
         port = 443
 
-        # The SNI attribute specifies the server name that the proxy will use to connect to the upstream. 
+        # The SNI attribute specifies the server name that the proxy will use to connect to the upstream.
         # This is used to verify the identity of the upstream server (that supports TLS).
         sni = "google.com"
 
@@ -132,11 +146,11 @@ routes = [
         }
       },
 
-      
-      # New upstream record, meaning any request coming to `example.com` 
+
+      # New upstream record, meaning any request coming to `example.com`
       # will be routed to the upstream server at `10.1.2.23/24` on port `3000`
       # with the `Host: example.com` header added.
-      # Via loadbalancing (round-robin) 
+      # Via loadbalancing (round-robin)
       {
         ip = "10.1.2.23/24"
         network = "shared"

diff --git a/examples/example.yaml b/examples/example.yaml
@@ -21,6 +21,18 @@ service_name: "proksi"
 # (and other background services) is single threaded.
 worker_threads: 4
 
+# The configuration for the HTTPS & HTTP service.
+server:
+  # The address that the server will listen on while serving HTTPS.
+  # This can be a TCP address or a Unix socket.
+  # The default value is "0.0.0.0:443".
+  https_address: "0.0.0.0:443"
+
+  # The address that the server will listen on for HTTP requests.
+  # This can be a TCP address or a Unix socket.
+  # The default value is "0.0.0.0:80".
+  http_address: "0.0.0.0:80"
+
 # The configuration for the Docker integration
 docker:
   # Whether the Docker integration is enabled
@@ -49,7 +61,6 @@ docker:
 
 # The configuration for the Let's Encrypt integration.
 lets_encrypt:
-
   # Whether the Let's Encrypt integration is enabled
   # (the background service will run and issue certificates for your routes).
   enabled: true
@@ -88,17 +99,14 @@ logging:
 # The paths for the TLS certificates, challenges, orders, and account credentials.
 # You can override any, these are the current defaults.
 paths:
-
   # The path where the TLS certificates will be stored.
   # If the path doesn't exist, it will be created if the binary has the right permissions.
   lets_encrypt: "/etc/proksi/letsencrypt"
 
-
 # The list of routes that the server will use to route incoming requests
 # to different upstream servers.
 # Each route is an item in the list and it has the following attributes:
 routes:
-
   # The host attribute specifies the hostname that the route will match.
   # This is normally the domain, subdomain that you want to route to a particular server/ip.
   # This can be a domain name or an IP address. For IP address, no certificate will be issued.
@@ -140,29 +148,28 @@ routes:
       self_signed_on_failure: true
 
       # object_storage:
-        # The object_storage attribute specifies the object storage
-        # that will be used to store the certificates.
-        # This can be "s3" or "gcs".
-        # s3:
-          # The s3 attribute specifies the configuration for the S3 object storage.
-          # The configuration includes the bucket name, region, access key, and secret key.
-          # bucket: "proksi-letsencrypt"
-          # region: "us-east-1"
-          # access_key: "<access_key>"
-          # secret_key: "<secret_key>"
+      # The object_storage attribute specifies the object storage
+      # that will be used to store the certificates.
+      # This can be "s3" or "gcs".
+      # s3:
+      # The s3 attribute specifies the configuration for the S3 object storage.
+      # The configuration includes the bucket name, region, access key, and secret key.
+      # bucket: "proksi-letsencrypt"
+      # region: "us-east-1"
+      # access_key: "<access_key>"
+      # secret_key: "<secret_key>"
 
       # path:
-        # The certificate attribute specifies the path to the certificate file.
-        # This is the certificate that will be used to secure the connection.
-        # The certificate file should be in PEM format.
-        # In the near future you will be able to pass a s3 link or any other storage link.
-        # crt: "/etc/proksi/letsencrypt/certs/example.com/cert.pem"
-
-        # The key attribute specifies the path to the private key file.
-        # This is the private key that will be used to secure the connection.
-        # The private key file should be in PEM format.
-        # key: "/etc/proksi/letsencrypt/certs/example.com/privkey.pem"
-
+      # The certificate attribute specifies the path to the certificate file.
+      # This is the certificate that will be used to secure the connection.
+      # The certificate file should be in PEM format.
+      # In the near future you will be able to pass a s3 link or any other storage link.
+      # crt: "/etc/proksi/letsencrypt/certs/example.com/cert.pem"
+
+      # The key attribute specifies the path to the private key file.
+      # This is the private key that will be used to secure the connection.
+      # The private key file should be in PEM format.
+      # key: "/etc/proksi/letsencrypt/certs/example.com/privkey.pem"
 
     # The headers attribute specifies the headers that will
     # be added or removed at the end of the response

diff --git a/gitbook/configuration/hcl/README.md b/gitbook/configuration/hcl/README.md
@@ -15,6 +15,10 @@ touch proksi.hcl
 ```hcl
 worker_threads = env("WORKER_THREADS")
 
+server {
+  https_address = "0.0.0.0:5143"
+}
+
 lets_encrypt {
   enabled = true
   email = env("LETS_ENCRYPT_EMAIL")
@@ -53,6 +57,3 @@ routes = [
   }
 ]
 ```
-
-
-
diff --git a/gitbook/configuration/yaml.md b/gitbook/configuration/yaml.md
@@ -15,8 +15,8 @@ Below you can find a file with the current defaults and&#x20;
 ```yaml
 # Description: Example configuration file for Proksi
 #
-# Proksi is a reverse proxy server that can be used to route incoming requests 
-# to different upstream servers based on the request's host, path, headers, and 
+# Proksi is a reverse proxy server that can be used to route incoming requests
+# to different upstream servers based on the request's host, path, headers, and
 # other attributes.
 #
 # This configuration file specifies the following settings:
@@ -31,13 +31,26 @@ service_name: "proksi"
 # This can be adjusted based on the number of CPU cores available on the server.
 # The default value is 1.
 #
-# Note: Increasing the number of threads can improve the performance of the server, 
+# Note: Increasing the number of threads can improve the performance of the server,
 # but it can also increase the memory usage.
 #
 # Note 2: This only affect the HTTPS service, the HTTP service
 # (and other background services) is single threaded.
 worker_threads: 4
 
+# The configuration for the HTTPS & HTTP service.
+server:
+  # The address that the server will listen on while serving HTTPS.
+  # This can be a TCP address or a Unix socket.
+  # The default value is "0.0.0.0:443".
+  https_address: "0.0.0.0:443"
+
+  # The address that the server will listen on for HTTP requests.
+  # This can be a TCP address or a Unix socket.
+  # The default value is "0.0.0.0:80".
+  http_address: "0.0.0.0:80"
+
+
 # The configuration for the Let's Encrypt integration.
 lets_encrypt:
 

diff --git a/release-please-config.json b/release-please-config.json
@@ -7,7 +7,7 @@
       "release-type": "rust",
       "bump-minor-pre-major": false,
       "initial-version": "0.4.8",
-      "separate-pull-requests": true,
+      "separate-pull-requests": false,
       "bump-patch-for-minor-pre-major": false,
       "draft": false,
       "prerelease": false
@@ -21,8 +21,7 @@
       "draft": false,
       "prerelease": false,
       "separate-pull-requests": true
-
     }
   },
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
-}
+}