Merge pull request #15842 from rgacogne/ddist20-backport-15823

dnsdist-2.0.x: Backport 15823 - Bring back listening on multiple web server addresses

Author: rgacogne

pdns/dnsdistdist/dnsdist-configuration-yaml.cc

@@ -803,15 +803,15 @@ static void loadBinds(const ::rust::Vec<dnsdist::rust::settings::BindConfigurati
 
 static void loadWebServer(const dnsdist::rust::settings::WebserverConfiguration& webConfig)
 {
-  ComboAddress local;
-  try {
-    local = ComboAddress{std::string(webConfig.listen_address)};
-  }
-  catch (const PDNSException& e) {
-    throw std::runtime_error(std::string("Error parsing the bind address for the webserver: ") + e.reason);
-  }
-  dnsdist::configuration::updateRuntimeConfiguration([local, &webConfig](dnsdist::configuration::RuntimeConfiguration& config) {
-    config.d_webServerAddress = local;
+  dnsdist::configuration::updateRuntimeConfiguration([&webConfig](dnsdist::configuration::RuntimeConfiguration& config) {
+    for (const auto& address : webConfig.listen_addresses) {
+      try {
+        config.d_webServerAddresses.emplace(ComboAddress(std::string(address)));
+      }
+      catch (const PDNSException& exp) {
+        throw std::runtime_error(std::string("Error parsing bind address for the webserver: ") + exp.reason);
+      }
+    }
     if (!webConfig.password.empty()) {
       auto holder = std::make_shared<CredentialsHolder>(std::string(webConfig.password), webConfig.hash_plaintext_credentials);
       if (!holder->wasHashed() && holder->isHashingAvailable()) {
@@ -1088,7 +1088,7 @@ bool loadConfigurationFromFile(const std::string& fileName, [[maybe_unused]] boo
     }
 #endif /* DISABLE_CARBON */
 
-    if (!globalConfig.webserver.listen_address.empty()) {
+    if (!globalConfig.webserver.listen_addresses.empty()) {
       const auto& webConfig = globalConfig.webserver;
       loadWebServer(webConfig);
     }

pdns/dnsdistdist/dnsdist-configuration.hh

@@ -127,7 +127,7 @@ struct RuntimeConfiguration
   NetmaskGroup d_proxyProtocolACL;
   NetmaskGroup d_consoleACL;
   NetmaskGroup d_webServerACL;
-  std::optional<ComboAddress> d_webServerAddress{std::nullopt};
+  std::set<ComboAddress> d_webServerAddresses;
   dnsdist::QueryCount::Configuration d_queryCountConfig;
   ComboAddress d_consoleServerAddress{"127.0.0.1:5199"};
   std::string d_consoleKey;

pdns/dnsdistdist/dnsdist-lua.cc

@@ -1069,15 +1069,15 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
     }
 
     dnsdist::configuration::updateRuntimeConfiguration([local](dnsdist::configuration::RuntimeConfiguration& config) {
-      config.d_webServerAddress = local;
+      config.d_webServerAddresses.emplace(local);
     });
 
     if (dnsdist::configuration::isImmutableConfigurationDone()) {
       try {
         auto sock = Socket(local.sin4.sin_family, SOCK_STREAM, 0);
         sock.bind(local, true);
         sock.listen(5);
-        thread thr(dnsdist::webserver::WebserverThread, std::move(sock));
+        thread thr(dnsdist::webserver::WebserverThread, local, std::move(sock));
         thr.detach();
       }
       catch (const std::exception& e) {

pdns/dnsdistdist/dnsdist-settings-definitions.yml

@@ -407,10 +407,10 @@ key_value_stores:
 
 webserver:
   parameters:
-    - name: "listen_address"
-      type: "String"
+    - name: "listen_addresses"
+      type: "Vec<String>"
       default: ""
-      description: "IP address and port to listen on"
+      description: "IP addresses and ports to listen on"
     - name: "password"
       type: "String"
       default: ""

pdns/dnsdistdist/dnsdist-web.cc

@@ -1914,23 +1914,22 @@ void setMaxConcurrentConnections(size_t max)
   s_connManager.setMaxConcurrentConnections(max);
 }
 
-void WebserverThread(Socket sock)
+void WebserverThread(ComboAddress listeningAddress, Socket sock)
 {
   setThreadName("dnsdist/webserv");
   // coverity[auto_causes_copy]
-  const auto local = *dnsdist::configuration::getCurrentRuntimeConfiguration().d_webServerAddress;
-  infolog("Webserver launched on %s", local.toStringWithPort());
+  infolog("Webserver launched on %s", listeningAddress.toStringWithPort());
 
   {
     const auto& config = dnsdist::configuration::getCurrentRuntimeConfiguration();
     if (!config.d_webPassword && config.d_dashboardRequiresAuthentication) {
-      warnlog("Webserver launched on %s without a password set!", local.toStringWithPort());
+      warnlog("Webserver launched on %s without a password set!", listeningAddress.toStringWithPort());
     }
   }
 
   for (;;) {
     try {
-      ComboAddress remote(local);
+      ComboAddress remote(listeningAddress);
       int fileDesc = SAccept(sock.getHandle(), remote);
 
       if (!isClientAllowedByACL(remote)) {

pdns/dnsdistdist/dnsdist-web.hh

@@ -6,7 +6,7 @@
 
 namespace dnsdist::webserver
 {
-void WebserverThread(Socket sock);
+void WebserverThread(ComboAddress listeningAddress, Socket sock);
 void setMaxConcurrentConnections(size_t max);
 void registerBuiltInWebHandlers();
 void clearWebHandlers();

pdns/dnsdistdist/dnsdist.cc

@@ -3305,7 +3305,7 @@ static void startFrontends()
 struct ListeningSockets
 {
   Socket d_consoleSocket{-1};
-  Socket d_webServerSocket{-1};
+  std::vector<std::pair<ComboAddress, Socket>> d_webServerSockets;
 };
 
 static ListeningSockets initListeningSockets()
@@ -3325,12 +3325,12 @@ static ListeningSockets initListeningSockets()
     }
   }
 
-  if (currentConfig.d_webServerAddress) {
-    const auto& local = *currentConfig.d_webServerAddress;
+  for (const auto& local : currentConfig.d_webServerAddresses) {
     try {
-      result.d_webServerSocket = Socket(local.sin4.sin_family, SOCK_STREAM, 0);
-      result.d_webServerSocket.bind(local, true);
-      result.d_webServerSocket.listen(5);
+      auto webServerSocket = Socket(local.sin4.sin_family, SOCK_STREAM, 0);
+      webServerSocket.bind(local, true);
+      webServerSocket.listen(5);
+      result.d_webServerSockets.emplace_back(local, std::move(webServerSocket));
     }
     catch (const std::exception& exp) {
       errlog("Unable to bind to web server socket on %s: %s", local.toStringWithPort(), exp.what());
@@ -3603,8 +3603,8 @@ int main(int argc, char** argv)
       std::thread consoleControlThread(dnsdist::console::controlThread, std::move(listeningSockets.d_consoleSocket));
       consoleControlThread.detach();
     }
-    if (dnsdist::configuration::getCurrentRuntimeConfiguration().d_webServerAddress) {
-      std::thread webServerThread(dnsdist::webserver::WebserverThread, std::move(listeningSockets.d_webServerSocket));
+    for (auto& [listeningAddress, socket] : listeningSockets.d_webServerSockets) {
+      std::thread webServerThread(dnsdist::webserver::WebserverThread, listeningAddress, std::move(socket));
       webServerThread.detach();
     }
 

regression-tests.dnsdist/test_API.py

@@ -434,11 +434,12 @@ def testServerDownNoLatencyLocalhost(self):
 class TestAPIWritable(APITestsBase):
     __test__ = True
     _APIWriteDir = '/tmp'
-    _config_params = ['_testServerPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed', '_APIWriteDir']
+    _config_params = ['_testServerPort', '_webServerPort', '_webServerPort', '_webServerBasicAuthPasswordHashed', '_webServerAPIKeyHashed', '_APIWriteDir']
     _config_template = """
     setACL({"127.0.0.1/32", "::1/128"})
-    newServer{address="127.0.0.1:%s"}
-    webserver("127.0.0.1:%s")
+    newServer{address="127.0.0.1:%d"}
+    webserver("127.0.0.1:%d")
+    webserver("127.0.0.2:%d")
     setWebserverConfig({password="%s", apiKey="%s"})
     setAPIWritable(true, "%s")
     """

regression-tests.dnsdist/test_OutgoingDOH.py

@@ -370,7 +370,8 @@ class TestOutgoingDOHOpenSSLYaml(DNSDistTest, OutgoingDOHTests):
     health_checks:
       mode: "UP"
 webserver:
-  listen_address: "127.0.0.1:%d"
+  listen_addresses:
+    - "127.0.0.1:%d"
   password: "%s"
   api_key: "%s"
   acl:

regression-tests.dnsdist/test_OutgoingTLS.py

@@ -184,7 +184,8 @@ class TestOutgoingTLSOpenSSLYaml(DNSDistTest, OutgoingTLSTests):
       ca_store: "ca.pem"
       subject_name: "powerdns.com"
 webserver:
-  listen_address: "127.0.0.1:%d"
+  listen_addresses:
+    - "127.0.0.1:%d"
   password: "%s"
   api_key: "%s"
   acl: