spiceproxy 2.73 KB
Newer Older
1
#!/usr/bin/perl -T
Dietmar Maurer's avatar
Dietmar Maurer committed
2

3 4 5
# Note: In theory, all this can be done by 'pveproxy' daemon. But some 
# API call still have blocking code, so we use a separate daemon to avoid 
# that the console gets blocked.
6

Dietmar Maurer's avatar
Dietmar Maurer committed
7 8 9 10 11
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};  

use strict;
12
use warnings;
13

Dietmar Maurer's avatar
Dietmar Maurer committed
14
use PVE::SafeSyslog;
15
use PVE::Daemon;
Dietmar Maurer's avatar
Dietmar Maurer committed
16
use PVE::API2Tools;
17
use PVE::API2;
Dietmar Maurer's avatar
Dietmar Maurer committed
18
use PVE::HTTPServer;
Dietmar Maurer's avatar
Dietmar Maurer committed
19

20
use base qw(PVE::Daemon);
Dietmar Maurer's avatar
Dietmar Maurer committed
21

22 23 24 25 26 27 28 29 30
$SIG{'__WARN__'} = sub {
    my $err = $@;
    my $t = $_[0];
    chomp $t;
    print STDERR "$t\n";
    syslog('warning', "%s", $t);
    $@ = $err;
};

31
my $cmdline = [$0, @ARGV];
Dietmar Maurer's avatar
Dietmar Maurer committed
32

33
my %daemon_options = (
34
    max_workers => 1, # todo: do we need more?
35
    restart_on_error => 5, 
36 37
    stop_wait_time => 15,
    leave_children_open_on_reload => 1,
38 39
    setuid => 'www-data',
    setgid => 'www-data',
40
    pidfile => '/var/run/pveproxy/spiceproxy.pid',
41
);
Dietmar Maurer's avatar
Dietmar Maurer committed
42

43
my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options); 
Dietmar Maurer's avatar
Dietmar Maurer committed
44

45 46 47 48
sub init {
    my ($self) = @_;

    # we use same ALLOW/DENY/POLICY as pveproxy
Dietmar Maurer's avatar
Dietmar Maurer committed
49
    my $proxyconf = PVE::API2Tools::read_proxy_config();
50

51 52 53 54 55
    my $accept_lock_fn = "/var/lock/spiceproxy.lck";

    my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
	die "unable to open lock file '${accept_lock_fn}' - $!\n";

56
    my $socket = $self->create_reusable_socket(3128);
57 58

    $self->{server_config} = {
59
	base_handler_class => 'PVE::API2',
Dietmar Maurer's avatar
Dietmar Maurer committed
60 61
	keep_alive => 0,
	max_conn => 500,
62 63 64
	lockfile => $accept_lock_fn,
	socket => $socket,
	lockfh => $lockfh,
65
	debug => $self->{debug},
Dietmar Maurer's avatar
Dietmar Maurer committed
66
	spiceproxy => 1,
67
	trusted_env => 0,
68
	logfile => '/var/log/pveproxy/access.log',
69 70 71
	allow_from => $proxyconf->{ALLOW_FROM},
	deny_from => $proxyconf->{DENY_FROM},
	policy => $proxyconf->{POLICY},
72
    };
73
}
Dietmar Maurer's avatar
Dietmar Maurer committed
74

75 76
sub run {
    my ($self) = @_;
77 78 79

    my $server = PVE::HTTPServer->new(%{$self->{server_config}});
    $server->run();
80
}
Dietmar Maurer's avatar
Dietmar Maurer committed
81

82
$daemon->register_start_command();
83
$daemon->register_restart_command(1);
84 85
$daemon->register_stop_command();
$daemon->register_status_command();
86 87 88 89 90 91 92

my $cmddef = {
    start => [ __PACKAGE__, 'start', []],
    restart => [ __PACKAGE__, 'restart', []],
    stop => [ __PACKAGE__, 'stop', []],
    status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
};
Dietmar Maurer's avatar
Dietmar Maurer committed
93

94
my $cmd = shift;
Dietmar Maurer's avatar
Dietmar Maurer committed
95

96
PVE::CLIHandler::handle_cmd($cmddef, $0, $cmd, \@ARGV, undef, $0);
Dietmar Maurer's avatar
Dietmar Maurer committed
97 98 99 100 101 102 103 104 105 106 107

exit (0);

__END__

=head1 NAME
                                          
spiceproxy - SPICE proxy server for Proxmox VE

=head1 SYNOPSIS

108
=include synopsis
Dietmar Maurer's avatar
Dietmar Maurer committed
109 110 111 112 113

=head1 DESCRIPTION

SPICE proxy server for Proxmox VE. Listens on port 3128.

114 115 116 117 118 119 120 121 122
=head1 Host based access control

It is possible to configure apache2 like access control lists. Values are read 
from file /etc/default/pveproxy (see 'pveproxy' for details).

=head1 FILES

 /etc/default/pveproxy

123
=include pve_copyright