refactor domain resolving a bit, add API domains

dfinity · Jun 12, 2024 · 83463fc · 83463fc
1 parent ead9526
commit 83463fc
Show file tree

Hide file tree

Showing 11 changed files with 253 additions and 229 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,7 +10,10 @@ env:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: bazel-runner-small
+    container:
+      image: ghcr.io/catthehacker/ubuntu:full-22.04
+
     permissions:
       contents: write
 

diff --git a/src/cli.rs b/src/cli.rs
@@ -190,6 +190,10 @@ pub struct Domain {
     #[clap(env, long, value_delimiter = ',')]
     pub domain: Vec<FQDN>,
 
+    /// List of domains that will serve only IC API (no HTTP)
+    #[clap(env, long, value_delimiter = ',')]
+    pub domain_api: Vec<FQDN>,
+
     /// List of domains that we serve system subnets from. This enables domain-canister matching for these domains & adds them to the list of served domains above, do not list them there separately.
     /// Requires --domain-app.
     #[clap(env, long, requires = "domain_app", value_delimiter = ',')]

diff --git a/src/core.rs b/src/core.rs
@@ -23,15 +23,16 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
     let mut domains = cli.domain.domain.clone();
     domains.extend_from_slice(&cli.domain.domain_system);
     domains.extend_from_slice(&cli.domain.domain_app);
+    domains.extend_from_slice(&cli.domain.domain_api);
 
     if domains.is_empty() {
         return Err(anyhow!(
-            "No domains to serve specified (use --domain/--domain-system/--domain-app)"
+            "No domains to serve specified (use --domain* args)"
         ));
     }
 
     // Leave only unique domains
-    domains = domains.into_iter().unique().collect::<Vec<_>>();
+    domains = domains.into_iter().unique().collect();
 
     warn!(
         "Running with domains: {:?}",
@@ -86,7 +87,6 @@ pub async fn main(cli: &Cli) -> Result<(), Error> {
     // Create routers
     let https_router = routing::setup_router(
         cli,
-        domains,
         custom_domain_providers,
         &mut tasks,
         http_client.clone(),

diff --git a/src/http/mod.rs b/src/http/mod.rs
@@ -21,7 +21,7 @@ pub use server::{ConnInfo, Server};
 
 pub const ALPN_H1: &[u8] = b"http/1.1";
 pub const ALPN_H2: &[u8] = b"h2";
-pub const ACME_TLS_ALPN_NAME: &[u8] = b"acme-tls/1";
+pub const ALPN_ACME: &[u8] = b"acme-tls/1";
 
 // Calculate very approximate HTTP request/response headers size in bytes.
 // More or less accurate only for http/1.1 since in h2 headers are in HPACK-compressed.

diff --git a/src/http/server.rs b/src/http/server.rs
@@ -33,7 +33,7 @@ use tower_service::Service;
 use tracing::{debug, warn};
 use uuid::Uuid;
 
-use super::{AsyncCounter, Stats, ACME_TLS_ALPN_NAME};
+use super::{AsyncCounter, Stats, ALPN_ACME};
 
 pub const CONN_DURATION_BUCKETS: &[f64] = &[1.0, 8.0, 32.0, 64.0, 256.0, 512.0, 1024.0];
 pub const CONN_REQUESTS: &[f64] = &[1.0, 4.0, 8.0, 16.0, 32.0, 64.0, 256.0];
@@ -298,7 +298,7 @@ impl Conn {
             if tls_info
                 .alpn
                 .as_ref()
-                .map(|x| x.as_bytes() == ACME_TLS_ALPN_NAME)
+                .map(|x| x.as_bytes() == ALPN_ACME)
                 .unwrap_or(false)
             {
                 debug!("{}: ACME ALPN - closing connection", self);

diff --git a/src/metrics/mod.rs b/src/metrics/mod.rs
@@ -35,7 +35,7 @@ use crate::{
     log::clickhouse::{Clickhouse, Row},
     routing::{
         error_cause::ErrorCause, ic::IcResponseStatus, middleware::request_id::RequestId,
-        RequestCtx,
+        CanisterId, RequestCtx,
     },
     tasks::{Run, TaskManager},
     tls::sessions,
@@ -320,6 +320,7 @@ pub async fn middleware(
     let duration = start.elapsed();
 
     let ctx = response.extensions().get::<Arc<RequestCtx>>().cloned();
+    let canister_id = response.extensions().get::<CanisterId>().cloned();
     let error_cause = response.extensions().get::<ErrorCause>().cloned();
     let ic_status = response.extensions().get::<IcResponseStatus>().cloned();
     let status = response.status().as_u16();
@@ -382,9 +383,8 @@ pub async fn middleware(
 
         let host = uri.host().unwrap_or("");
         let path = uri.path();
-        let canister_id = ctx
-            .as_ref()
-            .and_then(|x| x.domain.canister_id.map(|v| v.to_string()))
+        let canister_id = canister_id
+            .map(|x| x.0.to_string())
             .unwrap_or_else(|| "unknown".into());
 
         let conn_rcvd = conn_info.traffic.rcvd();