| Age | Commit message (Collapse) | Author |
|---|
|
glibc is clearly violating POSIX since they set HOST_NAME_MAX to 64, and
they've known so for years. Unfortunately this means that, despite
using the right interfaces, we have to work around bugs in their libc.
ugh.
Luckily, gmid doesn't need to do DNS, it just needs a define large
enough to store a hostname, but not unlimited, to catch possible
misconfigurations. We don't risk to round-trip this into an interface
that expects smaller strings.
Reported and fix tested by Anna “CyberTailor”,
see <https://codeberg.org/op/gmid/issues/3>.
|
|
Due to a strict interpretation of the spec if "TCP4" is used we
expect two ipv4 addresses (and similar for "TCP6" and ipv6 addresses).
However, the family specified in the proxy header matters only for
the first address (the source), not the destination! After all,
it's not strange to proxy from/to ipv4 and ipv6.
Use getaddrinfo(NI_NUMERICHOST) to parse the IP addresses since
inet_pton() is too strict.
|
|
This is symmetrical to the support for *incoming* requests. The
new regress case uses this to proxy to itself using the proxy-protocol
v1.
Fixes https://github.com/omar-polo/gmid/issues/31
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This allows to use proxies like nginx or haproxy in front of gmid and
still have the correct information about the originating client.
This will need explicit opt-in via the `proxy-v1' listen flag which
will be added in a follow-up commit.
Merges https://github.com/omar-polo/gmid/pull/30
|
|
|
|
|
|
|
|
instead of making things more obscure via gmid_strnvis(), let's
just check for strnvis with -Werror so we can swap the OS broken
implementation with the bundled OpenBSD one.
|
|
|
|
saves a getnameinfo(NI_NUMERICHOST) at runtime, even if it's pretty
cheap.
|
|
|
|
The configtest checks try to open the root directories too, operation
that can fail when they're expected to be inside a chroot.
|
|
|
|
Taking inspiration from acme-client.
|
|
replace its only usage with strncmp(). it's likely faster too.
|
|
|
|
We might end up calling client_close() from start_reply(), but that
will free the fcgi/proxy bufferevent while they're still used on the
stack.
Instead, start_reply() only sets REQUEST_DONE and exits, returning the
error eventually, so callers know when to stop.
|
|
|
|
|
|
|
|
Attempt to do also a few more steps that were previously done only
at runtime. This can help verifying that the keypairs are matching
for example, but also that there are no typos in the path to the
root directories.
Was requested some time ago by Marian Mizik, thanks for the feature
request!
|
|
Was requested ages ago by Karl Jeacle, now that there is some better
support for configuring the logging there's no excuse to add this.
It helps with filtering from syslog.d / syslog.conf.
|
|
|
|
|
|
|
|
add `log style <style>'; The old default is called `legacy' now, a
new default format is added called `condensed', and `common' and
`combined' to mimick Apache httpd and nginx (respectively) are also
added.
|
|
|
|
|
|
|
|
this revamps the syntax in the configuration to better match httpd(8)
(and in general be less weird) and to allow per-location fastcgi
configurations.
the bare `param' is now deprecated, but for compatibility it acts
like `fastcgi param' would do now. Same story for `fastcgi <path>'.
|
|
|
|
|
|
|
|
don't know what i was smoking when I wrote log_request() like that...
|
|
|
|
get rid of check_path(), it's overly complicated. Instead, inline
open_file() in client_read() and rework open_dir() to just use
openat() instead of the complicate dance it was doing.
Simplify open_dir() too in the process: if the directory entry for the
index is not a regular file, pretend it doesn't exist.
|
|
|
|
|
|
|
|
|
|
Listening by default on all the addresses is so bad I don't know
why I haven't changed this before. Anyway.
Add a `listen on $hostname port $port' syntax to the config file
and deprecate the old "port" and "ipv6" global setting. Still try
to honour them when no "listen on" directive is used for backward
compatibily, but this will go away in the next next version hopefully.
At the moment the `listen on' in server context don't filter the
host, i.e. one can still reach a host from a address not specified
in the corresponding `liste on', this will be added later.
|
|
|
|
We dup(1) the ca fd and send it to various processes, so they fail
loading it. Instead, use load_file to get a buffer with the file
content and pass that to load_ca which then loads via BIO.
|
|
it fails bandly at runtime on various linux distros and on freebsd.
Until a fix is found, disable it so I can move forward.
|
