75 lines
No EOL
3.2 KiB
Text
75 lines
No EOL
3.2 KiB
Text
LuCId Network Superserver in Lua
|
|
|
|
*** Abstract ***
|
|
LuCId is a network superserver written in Lua based on the nixio POSIX library.
|
|
It supports IPv4, IPv6, TLS, asynchronous and synchronous IO and can be extended
|
|
to handle any kind of IO events on file descriptors. LuCId is also able to
|
|
generate RSA private keys and self-signed certificates on demand if the px5g
|
|
keymaster library is available. Both nixio and px5g are libraries created
|
|
by the LuCI developers.
|
|
|
|
|
|
*** Configuration ***
|
|
LuCId uses the UCI Universal Configuration Interface as configuration backend.
|
|
|
|
There are 4 types of configuration sections and one named section defined:
|
|
The main section of type "lucid" defines the basic framework parameters of LuCId
|
|
These include:
|
|
* pollinterval: Internal polling interval
|
|
* threadlimit: Overall maximum number of child processes
|
|
* daemonize: Whether to daemonize at startup
|
|
* debug: Whether to enable debug output in syslog
|
|
|
|
|
|
The "tcpserver" section type provides the framework for TCP servers:
|
|
Parameters:
|
|
* entrypoint: Lua module entrypoint (provides a prepare_daemon function)
|
|
|
|
The "daemon" sections define instances of servers.
|
|
Parameters may include:
|
|
* slave: Server slave
|
|
* publisher: Publishers to be served by this daemon
|
|
* enabled: Flag (0/1) whether this daemon should be started
|
|
* address: List of ports / addresses to be bound too, if applicable
|
|
* encryption: Flag (disabled/enabled) whether to enforce encryption
|
|
* tls: Reference to the TLS configuration section to use
|
|
|
|
The "...Publisher" sections define services to be published through daemons.
|
|
Publishers definitions should be daemon and protocol independent whenever
|
|
possible. Publishers should also implement access restrictions for certain
|
|
network interfaces and for specified UNIX user accounts.
|
|
Publishers usually define but are not required to use the following Parameters:
|
|
* name: Published Name
|
|
* physical: Physical source path
|
|
* virtual: Virtual resource path
|
|
* domain: Any kind of domain or realm specification
|
|
* read: ACL containing entities allowed to read the given resource
|
|
* write: -"-
|
|
* exec: -"-
|
|
|
|
The "tls" sections describe TLS security specifications for TCP servers.
|
|
Parameters:
|
|
* key: Private Key file
|
|
* cert: Certificate file
|
|
* type: Type of certificate and key files (pem, asn1)
|
|
* generate: Flag (0/1) to determine whether LuCId should generate
|
|
keys and self-signed certificates if the certificate is not available and
|
|
the px5g RSA Keymaster is available
|
|
|
|
|
|
|
|
*** Workflow ***
|
|
In the preparation phase LuCId loads its configuration using the specification
|
|
given above and prepares its servers, daemons and publishers. It also allocates
|
|
resources such as binding sockets or preparing encryption credentials.
|
|
If everything could be setup correctly LuCId will daemonize - if requested. If
|
|
any errors occur in the preparation phase, LuCId will write to the system logger
|
|
and exit.
|
|
|
|
After daemonizing the main process is responsible for keeping a list of
|
|
file descriptors that LuCId is polling regularly to handle incoming data events.
|
|
Data events are for example new TCP connection attempts which could cause the
|
|
superserver to fork a new process and invoke a registered handler.
|
|
|
|
Whenever a sub-process is about to be generate LuCId checks if given resource
|
|
limits are still met. |