From 20ec40ffeede747042c1f7e1335c167e100d8429 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Wed, 11 Oct 2023 15:28:14 +0900 Subject: [PATCH] feat: add docker build options for forwarder with native root store --- .github/workflows/docker_build_push.yml | 37 +++++++++++++++++++++++++ docker/Dockerfile-slim | 4 ++- docker/docker-compose-slim.yml | 20 +++++++------ docker/docker-compose.yml | 20 +++++++------ rpxy-lib/src/handler/forwarder.rs | 4 +-- 5 files changed, 63 insertions(+), 22 deletions(-) diff --git a/.github/workflows/docker_build_push.yml b/.github/workflows/docker_build_push.yml index 46775924..c158cbe7 100644 --- a/.github/workflows/docker_build_push.yml +++ b/.github/workflows/docker_build_push.yml @@ -51,6 +51,43 @@ jobs: jqtype/rpxy:s2n ghcr.io/junkurihara/rust-rpxy:s2n + - target: "native-roots" + dockerfile: ./docker/Dockerfile + platforms: linux/amd64,linux/arm64 + build-args: | + "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots" + tags-suffix: "-native-roots" + # Aliases must be used only for release builds + aliases: | + jqtype/rpxy:native-roots + ghcr.io/junkurihara/rust-rpxy:native-roots + + - target: "slim-native-roots" + dockerfile: ./docker/Dockerfile-slim + build-args: | + "CARGO_FEATURES=--no-default-features --features=http3-quinn,cache,native-roots" + build-contexts: | + messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl + messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl + platforms: linux/amd64,linux/arm64 + tags-suffix: "-slim-native-roots" + # Aliases must be used only for release builds + aliases: | + jqtype/rpxy:slim-native-roots + ghcr.io/junkurihara/rust-rpxy:slim-native-roots + + - target: "s2n-native-roots" + dockerfile: ./docker/Dockerfile + build-args: | + "CARGO_FEATURES=--no-default-features --features=http3-s2n,cache,native-roots" + "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" + platforms: linux/amd64,linux/arm64 + tags-suffix: "-s2n-native-roots" + # Aliases must be used only for release builds + aliases: | + jqtype/rpxy:s2n-native-roots + ghcr.io/junkurihara/rust-rpxy:s2n-native-roots + steps: - name: Checkout uses: actions/checkout@v4 diff --git a/docker/Dockerfile-slim b/docker/Dockerfile-slim index 46afe578..0aa69cc4 100644 --- a/docker/Dockerfile-slim +++ b/docker/Dockerfile-slim @@ -4,6 +4,8 @@ FROM --platform=$BUILDPLATFORM messense/rust-musl-cross:${TARGETARCH}-musl AS bu LABEL maintainer="Jun Kurihara" ARG TARGETARCH +ARG CARGO_FEATURES +ENV CARGO_FEATURES ${CARGO_FEATURES} RUN if [ $TARGETARCH = "amd64" ]; then \ echo "x86_64" > /arch; \ @@ -23,7 +25,7 @@ COPY . /tmp/ ENV RUSTFLAGS "-C link-arg=-s" RUN echo "Building rpxy from source" && \ - cargo build --release --target $(cat /arch)-unknown-linux-musl && \ + cargo build --release --target $(cat /arch)-unknown-linux-musl ${CARGO_FEATURES} && \ musl-strip --strip-all /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy && \ cp /tmp/target/$(cat /arch)-unknown-linux-musl/release/rpxy /tmp/target/release/rpxy diff --git a/docker/docker-compose-slim.yml b/docker/docker-compose-slim.yml index 9d1e2713..90f5e769 100644 --- a/docker/docker-compose-slim.yml +++ b/docker/docker-compose-slim.yml @@ -9,15 +9,17 @@ services: - 127.0.0.1:8080:8080/tcp - 127.0.0.1:8443:8443/udp - 127.0.0.1:8443:8443/tcp - # build: # Uncomment if you build yourself - # context: ../ - # additional_contexts: - # - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl - # - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl - # dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl - # platforms: # Choose your platforms - # - "linux/amd64" - # # - "linux/arm64" + build: # Uncomment if you build yourself + context: ../ + additional_contexts: + - messense/rust-musl-cross:amd64-musl=docker-image://messense/rust-musl-cross:x86_64-musl + - messense/rust-musl-cross:arm64-musl=docker-image://messense/rust-musl-cross:aarch64-musl + # args: # Uncomment when build with native cert store + # - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots" + dockerfile: ./docker/Dockerfile-slim # based on alpine and build x86_64-unknown-linux-musl + platforms: # Choose your platforms + # - "linux/amd64" + - "linux/arm64" environment: - LOG_LEVEL=debug - LOG_TO_FILE=true diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 063ce821..bac5957b 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -9,15 +9,17 @@ services: - 127.0.0.1:8080:8080/tcp - 127.0.0.1:8443:8443/udp - 127.0.0.1:8443:8443/tcp - # build: # Uncomment if you build yourself - # context: ../ - # args: # Uncomment when build quic-s2n version - # - "CARGO_FEATURES=--no-default-features --features http3-s2n" - # - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" - # dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu - # platforms: # Choose your platforms - # - "linux/amd64" - # # - "linux/arm64" + build: # Uncomment if you build yourself + context: ../ + # args: # Uncomment when build quic-s2n version + # - "CARGO_FEATURES=--no-default-features --features=http3-s2n" + # - "ADDITIONAL_DEPS=pkg-config libssl-dev cmake libclang1 gcc g++" + # args: # Uncomment when build with native cert store + # - "CARGO_FEATURES=--no-default-features --features=http3-quinn,native-roots" + dockerfile: ./docker/Dockerfile # based on ubuntu 22.04 and build x86_64-unknown-linux-gnu + platforms: # Choose your platforms + # - "linux/amd64" + - "linux/arm64" environment: - LOG_LEVEL=debug - LOG_TO_FILE=true diff --git a/rpxy-lib/src/handler/forwarder.rs b/rpxy-lib/src/handler/forwarder.rs index 369ba564..4764d369 100644 --- a/rpxy-lib/src/handler/forwarder.rs +++ b/rpxy-lib/src/handler/forwarder.rs @@ -1,8 +1,6 @@ #[cfg(feature = "cache")] use super::cache::{get_policy_if_cacheable, RpxyCache}; -#[cfg(feature = "cache")] -use crate::log::*; -use crate::{error::RpxyError, globals::Globals, CryptoSource}; +use crate::{error::RpxyError, globals::Globals, log::*, CryptoSource}; use async_trait::async_trait; #[cfg(feature = "cache")] use bytes::Buf;