Age | Commit message (Collapse) | Author |
|
|
|
The issue with the test was due to differences in upper/lower cased
letters in the domain names. Normally these don't matter, and when
decoding the IRI we lowercase, BUT the SNI can have upper-case
letters and we preserve them as-is in `c->domain'.
|
|
|
|
|
|
Due to a strict interpretation of the spec if "TCP4" is used we
expect two ipv4 addresses (and similar for "TCP6" and ipv6 addresses).
However, the family specified in the proxy header matters only for
the first address (the source), not the destination! After all,
it's not strange to proxy from/to ipv4 and ipv6.
Use getaddrinfo(NI_NUMERICHOST) to parse the IP addresses since
inet_pton() is too strict.
|
|
This is symmetrical to the support for *incoming* requests. The
new regress case uses this to proxy to itself using the proxy-protocol
v1.
Fixes https://github.com/omar-polo/gmid/issues/31
|
|
|
|
|
|
|
|
|
|
There are only a few functions (so badly designed) that need to
have errno cleared beforehand (hello, strtoll!). read(2) is not
among these.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This allows to use proxies like nginx or haproxy in front of gmid and
still have the correct information about the originating client.
This will need explicit opt-in via the `proxy-v1' listen flag which
will be added in a follow-up commit.
Merges https://github.com/omar-polo/gmid/pull/30
|
|
|
|
|
|
makes up for a nicer error message, and easier troubleshoot.
|
|
|
|
|
|
|
|
When a matching location has a `fastcgi off' directive, we should
honour that and stop searching for further location which may have
a `fastcgi' directive.
Bug reported by Alex // nytpu, thanks!
|
|
saves a getnameinfo(NI_NUMERICHOST) at runtime, even if it's pretty
cheap.
|
|
There are legitimate cases where SNI can't be used, for example
when connecting via an IPv6 address, so don't rejects those requests.
Instead, fill the requested domain with the address (literal) of
the socket they're connected to and attempt to match on it.
This possibly still incur in a "won't proxy" error if the client
then requests a different hostname.
See the github issue https://github.com/omar-polo/gmid/issues/25
|
|
|
|
|
|
Now gmid doesn't touch anymore the internals of the imsg structs.
|
|
The configtest checks try to open the root directories too, operation
that can fail when they're expected to be inside a chroot.
|
|
These connection are not otherwise logged and it could be helpful
to track down the bad ip.
|
|
|
|
We might end up calling client_close() from start_reply(), but that
will free the fcgi/proxy bufferevent while they're still used on the
stack.
Instead, start_reply() only sets REQUEST_DONE and exits, returning the
error eventually, so callers know when to stop.
|
|
|
|
|
|
|
|
this revamps the syntax in the configuration to better match httpd(8)
(and in general be less weird) and to allow per-location fastcgi
configurations.
the bare `param' is now deprecated, but for compatibility it acts
like `fastcgi param' would do now. Same story for `fastcgi <pathÂ>'.
|
|
|
|
don't know what i was smoking when I wrote log_request() like that...
|
|
we already check the validity of the format string, but still avoid a
gratious fatal() at runtime.
|
|
|
|
|
|
get rid of check_path(), it's overly complicated. Instead, inline
open_file() in client_read() and rework open_dir() to just use
openat() instead of the complicate dance it was doing.
Simplify open_dir() too in the process: if the directory entry for the
index is not a regular file, pretend it doesn't exist.
|
|
|
|
|
|
|
|
|
|
|