aws-samples · hansonchar · Sep 30, 2022 · Sep 21, 2022
diff --git a/docker/README.md b/docker/README.md
@@ -18,25 +18,25 @@ This is an outline of how to build a docker image for `xks-proxy`, including inf
 1. Adjust [Dockerfile](Dockerfile) as needed.
 1. Build a docker image for `xks-proxy`:
 
-        docker build -t xks-proxy:v2.0.1 .
+        docker build -t xks-proxy:v3.0.0 .
 1. Save the image to a tar file, if it needs to be exported/shared:
 
-        docker save -o xks-proxy-docker-v2.0.1.tar xks-proxy:v2.0.1
-1. Compress `xks-proxy-docker-v2.0.1.tar` into `xks-proxy-docker-v2.0.1.tar.xz` if necessary:
+        docker save -o xks-proxy-docker-v3.0.0.tar xks-proxy:v3.0.0
+1. Compress `xks-proxy-docker-v3.0.0.tar` into `xks-proxy-docker-v3.0.0.tar.xz` if necessary:
 
-        xz -z -0 xks-proxy-docker-v2.0.1.tar
+        xz -z -0 xks-proxy-docker-v3.0.0.tar
 
 ## How to run `xks-proxy` in a docker container?
 
-1. Decompress `xks-proxy-docker-v2.0.1.tar.xz` to `xks-proxy-docker-v2.0.1.tar` if necessary:
+1. Decompress `xks-proxy-docker-v3.0.0.tar.xz` to `xks-proxy-docker-v3.0.0.tar` if necessary:
 
-       xz -d xks-proxy-docker-v2.0.1.tar.xz
+       xz -d xks-proxy-docker-v3.0.0.tar.xz
 1. Load the docker image if necessary:
 
-       docker load -i xks-proxy-docker-v2.0.1.tar
+       docker load -i xks-proxy-docker-v3.0.0.tar
 1. Run `xks-proxy` in a docker container exposing port `80` (of the container) as port `80` on the running host:
 
-        docker run --name xks-proxy -d -p 0.0.0.0:80:80 xks-proxy:v2.0.1
+        docker run --name xks-proxy -d -p 0.0.0.0:80:80 xks-proxy:v3.0.0
 1. Now you can access it at
 `http://<your hostname>/example/uri/path/prefix/kms/xks/v1`
 or whatever URI path you've configured in `settings.toml`.
@@ -45,7 +45,7 @@ or whatever URI path you've configured in `settings.toml`.
 
 * Remove the `xks-proxy` docker image:
 
-        docker rmi xks-proxy:v2.0.1
+        docker rmi xks-proxy:v3.0.0
 * Exec into the `xks-proxy` docker container:
 
         docker exec -it xks-proxy bash
@@ -57,7 +57,7 @@ or whatever URI path you've configured in `settings.toml`.
         docker container ls
 * Ping `xks-proxy` running in docker container
 
-        # should get back a "pong from xks-proxy v2.0.1" response
+        # should get back a "pong from xks-proxy v3.0.0" response
         curl http://localhost/ping
 * Follow the log of the running `xks-proxy` in the docker container
 

diff --git a/rpmspec/xks-proxy.spec b/rpmspec/xks-proxy.spec
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 Name:           xks-proxy
-Version:        2.0.1
+Version:        3.0.0
 
 Release:        0%{?dist}
 Summary:        AWS External Keystore (XKS) Proxy Service
@@ -45,6 +45,8 @@ systemctl disable xks-proxy.service
 systemctl disable xks-proxy_cleanlogs.timer
 
 %changelog
+* Sun Sep 21 2022 Hanson Char <hchar@amazon.com> - 3.0.0
+- Support full configurable of TCP keepalive probes
 * Sun Sep 11 2022 Hanson Char <hchar@amazon.com> - 2.0.1
 - Support configurable interval to send TCP keepalive probes
 * Thu Sep 08 2022 Hanson Char <hchar@amazon.com> - 2.0.0

diff --git a/xks-axum/Cargo.toml b/xks-axum/Cargo.toml
@@ -3,7 +3,7 @@
 
 [package]
 name = "xks-proxy"
-version = "2.0.1"
+version = "3.0.0"
 edition = "2018"
 publish = false
 
@@ -65,6 +65,10 @@ serial_test_derive = "0.9"
 # https://github.com/mheese/rust-pkcs11/issues/50
 pkcs11 = { path = "rust-pkcs11" }
 
+# Patch to enable configuration of full TCP keepalive parameters
+hyper = { git = "https://github.com/hyperium/hyper.git", branch = "0.14.x" }
+axum-server = { path = "axum-server" }
+
 [profile.dev]
 panic = "abort"
 

diff --git a/xks-axum/axum-server/.gitignore b/xks-axum/axum-server/.gitignore
@@ -0,0 +1,2 @@
+/target
+Cargo.lock
diff --git a/xks-axum/axum-server/CHANGELOG.md b/xks-axum/axum-server/CHANGELOG.md
@@ -0,0 +1,115 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog], and this project adheres to
+[Semantic Versioning].
+
+# Unreleased
+
+None.
+
+# 0.4.2 (5. August 2022)
+
+- **added:** Added `Server::from_tcp`, `axum_server::from_tcp` and
+  `axum_server::from_tcp_rustls` methods to create `Server` from
+  `std::net::TcpListener`.
+
+# 0.4.1 (29. July 2022)
+
+- **added:** Added `map`, `get` and `get_mut` methods to access the acceptor
+  of `Server`.
+
+# 0.4.0 (18. April 2022)
+
+- Added TLS handshake timeout(10 seconds).
+- In `RustlsConfig`: `from_pem` and `from_pem_file` methods now accept EC
+  keys.
+- **added:** Added `AddrIncomingConfig` to allow configuration of
+  `hyper::server::conn::AddrIncoming`.
+- **added:** Added `HttpConfig::http1_header_read_timeout`.
+- **breaking:** Changed `Handle::listening` return type to
+  `Option<SocketAddr>`. If binding fails, `Option::None` will be returned.
+
+# 0.3.2 (17. November 2021)
+
+- **added:** Added `HttpConfig` to allow more configuration.
+
+# 0.3.1 (10. November 2021)
+
+- **fixed:** `tls-rustls` feature doesn't compile if `fs` feature in `tokio`
+  is not enabled.
+
+# 0.3.0 (10. November 2021)
+
+- **Total rewrite of source code.**
+- **Major api changes:**
+  - **breaking:** Removed `bind_rustls`, `certificate`, `certificate_file`,
+    `loader`, `new`, `private_key`, `private_key_file`, `serve_and_record`,
+    `tls_config` methods from `Server`.
+  - **breaking:** Removed `tls` module.
+  - **breaking:** Removed `record` module and feature.
+  - **breaking:** Removed `Handle::listening_addrs` method.
+  - **breaking:** `Server::bind` method doesn't take `self` anymore and
+    creates an `Server`.
+  - **breaking:** `bind` method now takes a `SocketAddr`.
+  - **breaking:** `bind_rustls` method now takes a `SocketAddr` and an
+    `tls_rustls::RustlsConfig`.
+  - **breaking:** `Server::serve` method now takes a `MakeService`.
+  - **breaking:** `Handle::listening` method now returns `SocketAddr`.
+  - **added:** Added `Handle::connection_count` that can be used to get alive
+    connection count.
+  - **added:** Added `service` module.
+  - **added:** Added `service::MakeServiceRef` and `service::SendService`
+    traits aliases for convenience.
+  - **added:** Added `accept` module.
+  - **added:** Added `accept::Accept` trait that can be implemented to modify
+    io stream and service.
+  - **added:** Added `accept::DefaultAcceptor` struct that implements
+    `accept::Accept` to be used as a default 'Accept' for 'Server'.
+  - **added:** Added `Server::acceptor` method that can be used to provide a
+    custom `accept::Accept`.
+  - **added:** Added `tls_rustls` module.
+  - **added:** Added `tls_rustls::RustlsAcceptor` that can be used with
+    `Server::acceptor` to make a tls `Server`.
+  - **added:** Added `tls_rustls::RustlsConfig` to create rustls utilities and
+    to provide reload functionality.
+  - **added:** Added `tls_rustls::bind_rustls` which is same as `bind_rustls`
+    function.
+
+# 0.2.5 (5. October 2021)
+
+- Compile on rust `1.51`.
+
+# 0.2.4 (17. September 2021)
+
+- Reduced `futures-util` features to improve compile times.
+
+# 0.2.3 (14. September 2021)
+
+- Fixed `bind` and `bind_rustls` not working on some types.
+
+# 0.2.2 (6. September 2021)
+
+- Added uri `Scheme` in `Request` extensions.
+- Fixed memory leak that happens as connections are accepted.
+
+# 0.2.1 (30. August 2021)
+
+- Fixed `serve_and_record` not recording independently for each connection.
+
+# 0.2.0 (29. August 2021)
+
+- Added `TlsLoader` to reload tls configuration.
+- Added `Handle` to provide additional utilities for server.
+
+# 0.1.2 (24. August 2021)
+
+- Fixed an import issue when using `tls-rustls` feature.
+
+# 0.1.0 (23. August 2021)
+
+- Initial release.
+
+[Keep a Changelog]: https://keepachangelog.com/en/1.0.0/
+[Semantic Versioning]: https://semver.org/spec/v2.0.0.html
diff --git a/xks-axum/axum-server/Cargo.toml b/xks-axum/axum-server/Cargo.toml
@@ -0,0 +1,67 @@
+[package]
+authors = ["Programatik <programatik29@gmail.com>"]
+categories = ["asynchronous", "network-programming", "web-programming"]
+description = "High level server designed to be used with axum framework."
+edition = "2018"
+homepage = "https://github.com/programatik29/axum-server"
+keywords = ["http", "https", "web", "server"]
+license = "MIT"
+name = "axum-server"
+readme = "README.md"
+repository = "https://github.com/programatik29/axum-server"
+version = "0.4.2"
+
+[features]
+default = []
+tls-rustls = ["arc-swap", "pin-project-lite", "rustls", "rustls-pemfile", "tokio/fs", "tokio/time", "tokio-rustls"]
+
+[dependencies]
+bytes = "1"
+futures-util = { version = "0.3", default-features = false, features = ["alloc"] }
+http = "0.2"
+http-body = "0.4"
+hyper = { version = "0.14.16", features = ["http1", "http2", "server", "runtime"] }
+tokio = { version = "1", features = ["macros", "net", "sync"] }
+tower-service = "0.3"
+
+# optional dependencies
+arc-swap = { version = "1", optional = true }
+pin-project-lite = { version = "0.2", optional = true }
+rustls = { version = "0.20", features = ["dangerous_configuration"], optional = true }
+rustls-pemfile = { version = "1", optional = true }
+tokio-rustls = { version = "0.23", optional = true }
+
+[dev-dependencies]
+axum = "0.5"
+hyper = { version = "0.14", features = ["full"] }
+tokio = { version = "1", features = ["full"] }
+tower = { version = "0.4", features = ["util"] }
+tower-http = { version = "0.3", features = ["add-extension"] }
+
+[package.metadata.docs.rs]
+all-features = true
+cargo-args = ["-Zunstable-options", "-Zrustdoc-scrape-examples=examples"]
+rustdoc-args = ["--cfg", "docsrs"]
+
+[[example]]
+name = "from_std_listener_rustls"
+required-features = ["tls-rustls"]
+
+[[example]]
+name = "http_and_https"
+required-features = ["tls-rustls"]
+
+[[example]]
+name = "rustls_reload"
+required-features = ["tls-rustls"]
+
+[[example]]
+name = "rustls_server"
+required-features = ["tls-rustls"]
+
+[[example]]
+name = "rustls_session"
+required-features = ["tls-rustls"]
+
+[patch.crates-io]
+hyper = { git = "https://github.com/hyperium/hyper", branch = "0.14.x" }
diff --git a/xks-axum/axum-server/LICENSE b/xks-axum/axum-server/LICENSE
@@ -0,0 +1,19 @@
+Copyright 2021 Axum Server Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/xks-axum/axum-server/README.md b/xks-axum/axum-server/README.md
@@ -0,0 +1,58 @@
+[![License](https://img.shields.io/crates/l/axum-server)](https://choosealicense.com/licenses/mit/)
+[![Crates.io](https://img.shields.io/crates/v/axum-server)](https://crates.io/crates/axum-server)
+[![Docs - Master](https://img.shields.io/badge/docs-master-blue)](https://programatik29.github.io/axum-server/axum_server/)
+[![Docs - Stable](https://img.shields.io/crates/v/axum-server?color=blue&label=docs)](https://docs.rs/axum-server/)
+
+# axum-server
+
+axum-server is a [hyper] server implementation designed to be used with [axum] framework.
+
+This project is maintained by community independently from [axum].
+
+## Features
+
+- HTTP/1 and HTTP/2
+- HTTPS through [rustls].
+- High performance through [hyper].
+- Using [tower] make service API.
+- Very good [axum] compatibility. Likely to work with future [axum] releases.
+
+## Usage Example
+
+A simple hello world application can be served like:
+
+```rust
+use axum::{routing::get, Router};
+use std::net::SocketAddr;
+
+#[tokio::main]
+async fn main() {
+    let app = Router::new().route("/", get(|| async { "Hello, world!" }));
+
+    let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
+    println!("listening on {}", addr);
+    axum_server::bind(addr)
+        .serve(app.into_make_service())
+        .await
+        .unwrap();
+}
+```
+
+You can find more examples [here](/examples).
+
+## Minimum Supported Rust Version
+
+axum-server's MSRV is `1.49`.
+
+## Safety
+
+This crate uses `#![forbid(unsafe_code)]` to ensure everything is implemented in 100% safe Rust.
+
+## License
+
+This project is licensed under the [MIT license](LICENSE).
+
+[axum]: https://crates.io/crates/axum
+[hyper]: https://crates.io/crates/hyper
+[rustls]: https://crates.io/crates/rustls
+[tower]: https://crates.io/crates/tower
diff --git a/xks-axum/axum-server/examples/configure_addr_incoming.rs b/xks-axum/axum-server/examples/configure_addr_incoming.rs
@@ -0,0 +1,29 @@
+//! Run with `cargo run --example configure_http` command.
+//!
+//! To connect through browser, navigate to "http://localhost:3000" url.
+
+use axum::{routing::get, Router};
+use axum_server::AddrIncomingConfig;
+use std::net::SocketAddr;
+use std::time::Duration;
+
+#[tokio::main]
+async fn main() {
+    let app = Router::new().route("/", get(|| async { "Hello, world!" }));
+
+    let config = AddrIncomingConfig::new()
+        .tcp_nodelay(true)
+        .tcp_sleep_on_accept_errors(true)
+        .tcp_keepalive(Some(Duration::from_secs(32)))
+        .tcp_keepalive_interval(Some(Duration::from_secs(1)))
+        .tcp_keepalive_retries(Some(1))
+        .build();
+
+    let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
+    println!("listening on {}", addr);
+    axum_server::bind(addr)
+        .addr_incoming_config(config)
+        .serve(app.into_make_service())
+        .await
+        .unwrap();
+}