refactor(iroh-net)!: Rework relay-server binary, more configurable, reverse-proxy support #2341
Conversation
|
Related issue for reference: #2179 |
still a lot of cleanup and some bug fixing
There it's also available to other code
The server itself doesn't need this, only the Let's Encrypt config. So push it into there and remove the need for it otherwise.
an empty join_set will return None right away. but this set will be empty most of the time
|
@Arqu probably time for you to give some feedback on the config file changes I'm proposing. Check src/bin/iroh-relay.rs' |
|
@link2xt I think this is in a reasonable shape now. For you the important changes are probably also described in the (can't seem to ask you as reviewer :( ) |
Just went over this, the changes are nice and I'm fine with this moving forward. Once this lands I'll update the configuration files for the deployments. |
dignifiedquire
changed the title
| fn key_path(&self) -> PathBuf { | ||
| self.manual_key_path | ||
| .clone() | ||
| .unwrap_or_else(|| self.cert_dir().join("default.key")) |
There was a problem hiding this comment.
should these file names be constants?
There was a problem hiding this comment.
They used to use the hostname field. But it seemed weird to require the hostname for manual TLS, it was only used to pick up a default name here. I think a constant default is fine, I honestly expect this to be customised most of the time.
| @@ -320,13 +378,17 @@ impl ServerState { | |||
| } | |||
| } | |||
| } | |||
| if let Some(server) = server { | |||
| // TODO: if the task this is running in is aborted this server is not shut | |||
There was a problem hiding this comment.
what about this todo?
There was a problem hiding this comment.
I decided to leave that in because I felt like if I had to turn all of the relay server actors into structured concurrency the rabbit hole was too deep. This is basically the status quo so not a regression. It would be nice to do this, but as a separate PR probably.
Plus, would need to decide on how much I like tokio-graceful-shutdown possibly :)
…everse-proxy support (n0-computer#2341) ## Description This re-architects the relay-server binary. There is now a struct with detailed configuration which runs the entire server and aborts the server on drop. This simplifies running the server in various situations, including tests. The configuration is now done using a declarative struct, which supports more control over how it runs so it can be more easily used behind a reverse proxy, without TLS etc. This is aiming to fix n0-computer#2177, n0-computer#2179 and n0-computer#2178. ## Breaking Changes The configuration file format has changed, deployments will need to updated. For the full format see `struct Config` in `iroh-net/src/bin/iroh-relay.rs`. Here a summary: - The 3 parts of the server now have an independent enable setting: `enable_relay`, `enable_stun` and `enable_metrics`. If omitted they default to `true`. - The way to specify which addresses the server listens on has changed: `http_bind_addr` is for the relay server, `stun_bind_addr` for the STUN server, `metrics_bind_addr` is for the optional metrics server and `tls.https_bind_addr` is for when TLS is enabled. Note these are now all full socket addresses. All have sensible defaults if omitted. - There are new options in `tls.cert_path` and `tls.key_path` which allow more control over where the manual TLS keys are to be read from. - `iroh_net::defaults::DEFAULT_RELAY_STUN_PORT` has been renamed to `iroh_net::defaults::DEFAULT_STUN_PORT`. TBD: some APIs changed as well. Why are they not all private? ## Notes & open questions * The `iroh_net::relay::iroh_relay` crate name is a bit weird. But `iroh_net::relay::server` is already taken. Maybe `iroh_net::relay::bin` could work, but that would be weird when using it from code in other places. * The `ServerConfig` struct is a declarative way of controlling the new server interface. It's kind of nice to use. Bu it is a public API that will be a breaking change every time it changes, and it will change. Maybe it's worth creating a builder API for this. But maybe that's something to only tackle when it is a real demand. I feel like the `iroh_net::relay::server` builders are an attempt at doing this earlier than needed. ## Change checklist - [x] Self-review. - [x] Documentation updates if relevant. - [x] Tests if relevant. - [x] All breaking changes documented.
Description
This re-architects the relay-server binary. There is now a struct with detailed configuration which runs the entire server and aborts the server on drop. This simplifies running the server in various situations, including tests. The configuration is now done using a declarative struct, which supports more control over how it runs so it can be more easily used behind a reverse proxy, without TLS etc.
This is aiming to fix #2177, #2179 and #2178.
Breaking Changes
The configuration file format has changed, deployments will need to updated. For the full format see
struct Configiniroh-net/src/bin/iroh-relay.rs. Here a summary:enable_relay,enable_stunandenable_metrics. If omitted they default totrue.http_bind_addris for the relay server,stun_bind_addrfor the STUN server,metrics_bind_addris for the optional metrics server andtls.https_bind_addris for when TLS is enabled. Note these are now all full socket addresses. All have sensible defaults if omitted.tls.cert_pathandtls.key_pathwhich allow more control over where the manual TLS keys are to be read from.iroh_net::defaults::DEFAULT_RELAY_STUN_PORThas been renamed toiroh_net::defaults::DEFAULT_STUN_PORT.TBD: some APIs changed as well. Why are they not all private?
Notes & open questions
iroh_net::relay::iroh_relaycrate name is a bit weird. Butiroh_net::relay::serveris already taken. Maybeiroh_net::relay::bincould work, but that would be weird when using it from code in other places.ServerConfigstruct is a declarative way of controlling the new server interface. It's kind of nice to use. Bu it is a public API that will be a breaking change every time it changes, and it will change. Maybe it's worth creating a builder API for this. But maybe that's something to only tackle when it is a real demand. I feel like theiroh_net::relay::serverbuilders are an attempt at doing this earlier than needed.Change checklist