thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-20 00:30:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
Konstantin Bogdanov 2024-07-10 14:04:54 +02:00
parent 31354923dc
commit b41bfad9e1
No known key found for this signature in database
7 changed files with 25 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
programs/server/Server.cpp
View File

@ -2488,23 +2488,6 @@ void Server::createServers(
{
const char * port_name;
/// File System
port_name = "file_system.port";
createServer(config, listen_host, port_name, listen_try, start_servers, servers, [&](UInt16 port) -> ProtocolServerAdapter
{
Poco::Net::ServerSocket socket;
auto address = socketBindListen(config, socket, listen_host, port);
socket.setReceiveTimeout(settings.http_receive_timeout);
socket.setSendTimeout(settings.http_send_timeout);
return ProtocolServerAdapter(
listen_host,
port_name,
"http://" + address.toString(),
std::make_unique<HTTPServer>(
httpContext(), createHandlerFactory(*this, config, async_metrics, "FilesHTTPHandler-factory"), server_pool, socket, http_params));
});
if (server_type.shouldStart(ServerType::Type::HTTP))
{
/// HTTP

13
programs/server/config.xml
View File

@ -139,16 +139,7 @@
This interface is also used by ODBC and JDBC drivers (DataGrip, Dbeaver, ...)
and by most of web interfaces (embedded UI, Grafana, Redash, ...).
-->
<!-- <https_port>8443</https_port> -->
<!-- Setting that allows to download files from directory.
It is essentially used for completing HTTP-01 challenge and fetching
certificates from Let's Encrypt. (Port should be equal to 80)
-->
<file_system>
<port>8124</port>
<base_directory>/etc/clickhouse-server/export</base_directory>
</file_system>
<http_port>8123</http_port>
<!-- Port for interaction by native protocol with:
- clickhouse-client and other native ClickHouse tools (clickhouse-benchmark);
@ -188,7 +179,7 @@
You have to configure certificate to enable this interface.
See the openSSL section below.
-->
<https_port>8443</https_port>
<!-- <https_port>8443</https_port> -->
<!-- Native interface with TLS.
You have to configure certificate to enable this interface.

27
src/Server/CertificateReloader.cpp
View File

@ -8,7 +8,6 @@
#include <Poco/Net/Context.h>
#include <Poco/Net/SSLManager.h>
#include <Poco/Net/Utility.h>
#include <Common/logger_useful.h>
namespace DB
@ -27,11 +26,6 @@ int callSetCertificate(SSL * ssl, void * arg)
return CertificateReloader::instance().setCertificate(ssl, pdata);
}
void callReloadCertificates()
{
return CertificateReloader::instance().reloadCertificates();
}
}
/// This is callback for OpenSSL. It will be called on every connection to obtain a certificate and private key.
@ -45,14 +39,11 @@ int CertificateReloader::setCertificate(SSL * ssl, const CertificateReloader::Mu
if (current->certs_chain.empty())
return -1;
auto letsencrypt_configuration = let_encrypt_configuration_data.get();
if (letsencrypt_configuration
&& current->cert.expiresOn().timestamp()
<= Poco::Timestamp() + Poco::Timespan(3600ll * letsencrypt_configuration->reissue_hours_before, 0))
CertificateIssuer::instance().UpdateCertificates(*letsencrypt_configuration, callReloadCertificates);
SSL_use_certificate(ssl, const_cast<X509 *>(current->cert.certificate()));
SSL_use_PrivateKey(ssl, const_cast<EVP_PKEY *>(static_cast<const EVP_PKEY *>(current->key)));
// auto letsencrypt_configuration = let_encrypt_configuration_data.get();
// if (letsencrypt_configuration
// && current->certs_chain.expiresOn().timestamp()
// <= Poco::Timestamp() + Poco::Timespan(3600ll * letsencrypt_configuration->reissue_hours_before, 0))
// CertificateIssuer::instance().UpdateCertificates(*letsencrypt_configuration, callReloadCertificates);
if (auto err = SSL_clear_chain_certs(ssl); err != 1)
{
@ -137,7 +128,7 @@ void CertificateReloader::tryLoadImpl(const Poco::Util::AbstractConfiguration &
// Fetching configuration for possible reissuing let's encrypt certificates
if (config.getBool("LetsEncrypt.enableAutomaticIssue", false))
let_encrypt_configuration_data.set(std::make_unique<const CertificateIssuer::LetsEncryptConfigurationData>(config));
let_encrypt_configuration_data.set(std::make_unique<const LetsEncryptConfigurationData>(config));
/// For empty paths (that means, that user doesn't want to use certificates)
/// no processing required
@ -178,9 +169,9 @@ void CertificateReloader::tryLoadImpl(const Poco::Util::AbstractConfiguration &
void CertificateReloader::reloadCertificates()
{
LOG_DEBUG(log, "Reloading certificate ({}) and key ({}).", cert_file.path, key_file.path);
data.set(std::make_unique<const Data>(cert_file.path, key_file.path, ""));
LOG_INFO(log, "Reloaded certificate ({}) and key ({}).", cert_file.path, key_file.path);
// LOG_DEBUG(log, "Reloading certificate ({}) and key ({}).", cert_file.path, key_file.path);
// data.set(std::make_unique<const Data>(cert_file.path, key_file.path, ""));
// LOG_INFO(log, "Reloaded certificate ({}) and key ({}).", cert_file.path, key_file.path);
}

16
src/Server/CertificateReloader.h
View File

@ -96,12 +96,24 @@ public:
/// A callback for OpenSSL
int setCertificate(SSL * ssl, const MultiData * pdata);
// struct LetsEncryptConfigurationData
// {
// bool is_issuing_enabled;
// int reissue_hours_before;
//
// LetsEncryptConfigurationData(bool is_issuing_enabled_, int reissue_hours_before_);
// };
struct LetsEncryptConfigurationData
{
bool is_issuing_enabled;
int reissue_hours_before;
std::string domain_name;
std::string account_private_key;
std::string export_directory_path;
LetsEncryptConfigurationData(bool is_issuing_enabled_, int reissue_hours_before_);
std::string certificate_private_key_path;
std::string certificate_path;
explicit LetsEncryptConfigurationData(const Poco::Util::AbstractConfiguration & config);
};
bool init_was_not_made = true;

47
src/Server/FileRequestHandler.cpp
View File

@ -1,47 +0,0 @@
#include "FileRequestHandler.h"
#include "IServer.h"
#include <Poco/Net/HTTPServerRequest.h>
#include <Poco/Net/HTTPServerResponse.h>
#include <Poco/Util/LayeredConfiguration.h>
#include <Common/getResource.h>
#include <IO/copyData.h>
#include <IO/HTTPCommon.h>
#include <IO/ReadBufferFromFile.h>
#include <IO/WriteBufferFromString.h>
#include <re2/re2.h>
namespace DB
{
FileRequestHandler::FileRequestHandler(IServer & server_, const std::string & base_directory_path_)
: server(server_), base_directory_path(base_directory_path_)
{
}
void FileRequestHandler::handleRequest(HTTPServerRequest & request, HTTPServerResponse & response)
{
auto keep_alive_timeout = server.config().getUInt("keep_alive_timeout", 10);
response.setContentType("application/octet-stream");
if (request.getVersion() == HTTPServerRequest::HTTP_1_1)
response.setChunkedTransferEncoding(true);
setResponseDefaultHeaders(response, keep_alive_timeout);
std::string file_response;
DB::WriteBufferFromString out_buffer(file_response);
DB::ReadBufferFromFile in_buffer(base_directory_path + request.getURI());
DB::copyData(in_buffer, out_buffer);
response.setStatusAndReason(Poco::Net::HTTPResponse::HTTP_OK);
*response.send() << file_response;
}
}

23
src/Server/FileRequestHandler.h
View File

@ -1,23 +0,0 @@
#pragma once
#include <Server/HTTP/HTTPRequestHandler.h>
namespace DB
{
class IServer;
/// Response with file to user.
class FileRequestHandler : public HTTPRequestHandler
{
private:
IServer & server;
const std::string & base_directory_path;
public:
FileRequestHandler(IServer & server_, const std::string & base_directory_path_);
void handleRequest(HTTPServerRequest & request, HTTPServerResponse & response) override;
};
}

22
src/Server/HTTPHandlerFactory.cpp
View File

@ -10,7 +10,6 @@
#include "HTTPHandler.h"
#include "StaticRequestHandler.h"
#include "ReplicasStatusHandler.h"
#include "FileRequestHandler.h"
#include "InterserverIOHTTPHandler.h"
#include "WebUIRequestHandler.h"
@ -67,11 +66,6 @@ static void addDefaultHandlersFactory(
IServer & server,
const Poco::Util::AbstractConfiguration & config,
AsynchronousMetrics & async_metrics);
static void addFileSystemHandlerFactory(
HTTPRequestHandlerFactoryMain & factory,
IServer & server,
const Poco::Util::AbstractConfiguration & config
);
static auto createPingHandlerFactory(IServer & server)
{
@ -198,14 +192,6 @@ static inline HTTPRequestHandlerFactoryPtr createInterserverHTTPHandlerFactory(I
return factory;
}
static inline HTTPRequestHandlerFactoryPtr createFileSystemHTTPHandlerFactory(IServer & server, const Poco::Util::AbstractConfiguration & config, const std::string & name)
{
auto factory = std::make_shared<HTTPRequestHandlerFactoryMain>(name);
addFileSystemHandlerFactory(*factory, server, config);
return factory;
}
HTTPRequestHandlerFactoryPtr createHandlerFactory(IServer & server, const Poco::Util::AbstractConfiguration & config, AsynchronousMetrics & async_metrics, const std::string & name)
{
if (name == "HTTPHandler-factory" || name == "HTTPSHandler-factory")
@ -268,14 +254,6 @@ void addCommonDefaultHandlersFactory(HTTPRequestHandlerFactoryMain & factory, IS
factory.addHandler(js_handler);
}
void addFileSystemHandlerFactory(HTTPRequestHandlerFactoryMain & factory, IServer & server, const Poco::Util::AbstractConfiguration & config)
{
auto files_handler = std::make_shared<HandlingRuleHTTPHandlerFactory<FileRequestHandler>>(server, config.getString("file_system.base_directory", "/"));
files_handler->attachNonStrictPath("/");
files_handler->allowGetAndHeadRequest();
factory.addHandler(files_handler);
}
void addDefaultHandlersFactory(
HTTPRequestHandlerFactoryMain & factory,
IServer & server,