From a07ab02d92653fbb1a26803f7c3f2eda5407f1de Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 13 Nov 2025 17:45:15 +0100 Subject: [PATCH 1/4] fix: detect tls keys/certs are empty --- crates/rproxy/src/server/proxy/config/tls.rs | 23 +++++++++++++++----- 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/crates/rproxy/src/server/proxy/config/tls.rs b/crates/rproxy/src/server/proxy/config/tls.rs index 4aadf0c..b12c7e8 100644 --- a/crates/rproxy/src/server/proxy/config/tls.rs +++ b/crates/rproxy/src/server/proxy/config/tls.rs @@ -49,7 +49,7 @@ impl ConfigTls { let mut errs: Vec = vec![]; let mut cert: Option> = None; - let key: Option = None; + let mut key: Option = None; // certificate { @@ -93,6 +93,12 @@ impl ConfigTls { } Ok(res) => { + if res.is_empty() { + errs.push(ConfigTlsError::InvalidCertificate { + path: self.certificate.clone(), + err: String::from("the certificate is missing"), + }); + } cert = Some(res); } } @@ -134,8 +140,7 @@ impl ConfigTls { let mut reader = Cursor::new(raw); - match rustls_pemfile::certs(&mut reader).collect::, _>>() - { + match rustls_pemfile::private_key(&mut reader) { Err(err) => { errs.push(ConfigTlsError::InvalidKey { path: self.certificate.clone(), @@ -144,7 +149,13 @@ impl ConfigTls { } Ok(res) => { - cert = Some(res); + if res.is_none() { + errs.push(ConfigTlsError::InvalidKey { + path: self.certificate.clone(), + err: String::from("the key is missing"), + }); + } + key = res; } } } @@ -222,7 +233,7 @@ impl ConfigTls { #[derive(Debug, Clone, Error)] pub(crate) enum ConfigTlsError { - #[error("invalid tls certificate at '{path}': {err}")] + #[error("invalid tls certificate in '{path}': {err}")] InvalidCertificate { path: String, err: String }, #[error("invalid tls certificate file '{path}': {err}")] @@ -231,7 +242,7 @@ pub(crate) enum ConfigTlsError { #[error("path to tls certificate is missing")] MissingCertificate, - #[error("invalid tls key at '{path}': {err}")] + #[error("invalid tls key in '{path}': {err}")] InvalidKey { path: String, err: String }, #[error("invalid tls key file '{path}': {err}")] From ecffc1e082603e3a7b97524ce75dfd38d1aa0c5d Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Thu, 13 Nov 2025 17:45:52 +0100 Subject: [PATCH 2/4] chore: bump version --- Cargo.lock | 2 +- crates/rproxy/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2971df2..692159b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3079,7 +3079,7 @@ dependencies = [ [[package]] name = "rproxy" -version = "0.0.6" +version = "0.0.7" dependencies = [ "actix", "actix-http", diff --git a/crates/rproxy/Cargo.toml b/crates/rproxy/Cargo.toml index 41d7572..214a538 100644 --- a/crates/rproxy/Cargo.toml +++ b/crates/rproxy/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rproxy" -version = "0.0.6" +version = "0.0.7" edition = "2024" default-run = "rproxy" From a600646f79afa8332845620906cd249f9705769f Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 14 Nov 2025 10:18:47 +0100 Subject: [PATCH 3/4] fix: correct the copy-typo --- crates/rproxy/src/server/metrics.rs | 2 +- crates/rproxy/src/server/proxy/ws/proxy.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/rproxy/src/server/metrics.rs b/crates/rproxy/src/server/metrics.rs index 01303be..2b36637 100644 --- a/crates/rproxy/src/server/metrics.rs +++ b/crates/rproxy/src/server/metrics.rs @@ -222,7 +222,7 @@ impl Metrics { this.registry.register_with_unit( "ws_latency_client", - "round-trip-time of websocket pings to backend divided by 2", + "round-trip-time of websocket pings to client divided by 2", Unit::Other(String::from("nanoseconds")), this.ws_latency_client.clone(), ); diff --git a/crates/rproxy/src/server/proxy/ws/proxy.rs b/crates/rproxy/src/server/proxy/ws/proxy.rs index 1bc8085..06190eb 100644 --- a/crates/rproxy/src/server/proxy/ws/proxy.rs +++ b/crates/rproxy/src/server/proxy/ws/proxy.rs @@ -697,7 +697,7 @@ where .ws_latency_client .get_or_create(&LabelsProxyWs { proxy: P::name(), - destination: WS_LABEL_BKND, + destination: WS_LABEL_CLNT, }) .record( (1000000.0 * (timestamp - pong.timestamp).as_seconds_f64() / From 8f444d183963ad90335047def495b0b23354b47a Mon Sep 17 00:00:00 2001 From: Anton Bronnikov Date: Fri, 14 Nov 2025 10:21:35 +0100 Subject: [PATCH 4/4] chore: update readme --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 6dfe36b..cf78ba0 100644 --- a/readme.md +++ b/readme.md @@ -440,7 +440,7 @@ tls: # TYPE rproxy_ws_latency_backend_nanoseconds gauge # UNIT rproxy_ws_latency_backend_nanoseconds nanoseconds -# HELP rproxy_ws_latency_client_nanoseconds round-trip-time of websocket pings to backend divided by 2. +# HELP rproxy_ws_latency_client_nanoseconds round-trip-time of websocket pings to client divided by 2. # TYPE rproxy_ws_latency_client_nanoseconds gauge # UNIT rproxy_ws_latency_client_nanoseconds nanoseconds