Compare commits
28 Commits
55f2318b57
...
v4.5
| Author | SHA1 | Date | |
|---|---|---|---|
cd3bc9aa90
|
|||
|
6ab65abec9
|
|||
|
7d6fa4682d
|
|||
|
6f4cbb6e24
|
|||
|
174865b71c
|
|||
|
4a002d6c31
|
|||
|
2a3f74e825
|
|||
|
9eaa644fa1
|
|||
|
ce91fecc80
|
|||
|
15c160a60a
|
|||
|
fd5e2302d4
|
|||
|
8c13eecc51
|
|||
|
ae751925fa
|
|||
|
a1fee3d2ec
|
|||
|
8721f07d00
|
|||
|
81ad3fea3c
|
|||
|
877ee12351
|
|||
|
dfbe3bbb95
|
|||
|
6c13922f2f
|
|||
|
171bca55fa
|
|||
|
fe0cdc9b1a
|
|||
|
930d4db2a2
|
|||
|
b37757fc73
|
|||
|
61c645eca8
|
|||
|
2fd71116ec
|
|||
|
495a3a6aaf
|
|||
|
69dfc562af
|
|||
|
a2383825ed
|
2
Makefile
2
Makefile
@@ -17,7 +17,7 @@ compile:
|
||||
@mkdir -p bin
|
||||
$(CC) src/lib/*.c -o bin/libnecrondaserver.so --shared -fPIC $(CFLAGS) $(LIBS)
|
||||
$(CC) src/necronda-server.c -o bin/necronda-server $(CFLAGS) $(LIBS) \
|
||||
-Lbin -lnecronda-server -Wl,-rpath=$(shell pwd)/bin
|
||||
-Lbin -lnecrondaserver -Wl,-rpath=$(shell pwd)/bin
|
||||
|
||||
compile-prod:
|
||||
@mkdir -p bin
|
||||
|
||||
33
README.md
33
README.md
@@ -5,6 +5,7 @@ Necronda web server
|
||||
## Features
|
||||
|
||||
* Full IPv4 and IPv6 support
|
||||
* TLS Server Name Inspection (SNI)
|
||||
* Serving local files via HTTP and HTTPS
|
||||
* File compression ([gzip](https://www.gzip.org/), [Brotli](https://www.brotli.org/)) and disk cache for compressed files
|
||||
* Reverse proxy for other HTTP and HTTPS servers
|
||||
@@ -22,23 +23,25 @@ See [docs/example.conf](docs/example.conf) for more details.
|
||||
|
||||
### Global directives
|
||||
|
||||
* `certificate` - path to SSL certificate (or certificate chain)
|
||||
* `private_key` - path to SSL private key
|
||||
* `geoip_dir` (optional) - path to a directory containing GeoIP databases
|
||||
* `dns_server` (optional) - address of a DNS server
|
||||
|
||||
|
||||
### Virtual host configuration
|
||||
### Configuration
|
||||
|
||||
* `[<host>]` - begins section for the virtual host `<host>`
|
||||
* Local
|
||||
* `webroot` - path to the root directory
|
||||
* `dir_mode` - specify the behaviour for directories without an `index.html` or `index.php`
|
||||
* `forbidden` - the server will respond with `403 Forbidden`
|
||||
* `info` - try passing *path info* to an upper `.php` file.
|
||||
* `list` - list contents of directory (**not implemented yet**)
|
||||
* Reverse proxy
|
||||
* `hostname` - hostname of server to be reverse proxy of
|
||||
* `port` - port to be used
|
||||
* `http` - use HTTP to communicate with server
|
||||
* `https` - use HTTPS to communicate with server
|
||||
* `[cert <cert-name]` - begins section for a certificate
|
||||
* `certificate` - path to SSL certificate (or certificate chain)
|
||||
* `private_key` - path to SSL private key
|
||||
* `[host <host>]` - begins section for the virtual host `<host>`
|
||||
* `cert` - the name of the certificate to use
|
||||
* Local
|
||||
* `webroot` - path to the root directory
|
||||
* `dir_mode` - specify the behaviour for directories without an `index.html` or `index.php`
|
||||
* `forbidden` - the server will respond with `403 Forbidden`
|
||||
* `info` - try passing *path info* to an upper `.php` file.
|
||||
* `list` - list contents of directory (**not implemented yet**)
|
||||
* Reverse proxy
|
||||
* `hostname` - hostname of server to be reverse proxy of
|
||||
* `port` - port to be used
|
||||
* `http` - use HTTP to communicate with server
|
||||
* `https` - use HTTPS to communicate with server
|
||||
|
||||
133
src/client.c
133
src/client.c
@@ -34,9 +34,13 @@ struct timeval client_timeout;
|
||||
|
||||
host_config *get_host_config(const char *host) {
|
||||
for (int i = 0; i < CONFIG_MAX_HOST_CONFIG; i++) {
|
||||
host_config *hc = &config[i];
|
||||
host_config *hc = &config->hosts[i];
|
||||
if (hc->type == CONFIG_TYPE_UNSET) break;
|
||||
if (strcmp(hc->name, host) == 0) return hc;
|
||||
if (hc->name[0] == '*' && hc->name[1] == '.') {
|
||||
const char *pos = strstr(host, hc->name + 1);
|
||||
if (pos != NULL && strlen(pos) == strlen(hc->name + 1)) return hc;
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@@ -54,26 +58,31 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
|
||||
struct timespec begin, end;
|
||||
long ret;
|
||||
int client_keep_alive;
|
||||
|
||||
char buf0[1024], buf1[1024];
|
||||
char msg_buf[4096], msg_pre_buf[4096], err_msg[256];
|
||||
char msg_buf[8192], msg_pre_buf_1[4096], msg_pre_buf_2[4096], err_msg[256];
|
||||
char msg_content[1024];
|
||||
char buffer[CHUNK_SIZE];
|
||||
err_msg[0] = 0;
|
||||
char host[256], *host_ptr, *hdr_connection;
|
||||
host_config *conf = NULL;
|
||||
long content_length = 0;
|
||||
FILE *file = NULL;
|
||||
|
||||
msg_buf[0] = 0;
|
||||
err_msg[0] = 0;
|
||||
msg_content[0] = 0;
|
||||
|
||||
host_config *conf = NULL;
|
||||
FILE *file = NULL;
|
||||
|
||||
long content_length = 0;
|
||||
int accept_if_modified_since = 0;
|
||||
int use_fastcgi = 0;
|
||||
int use_rev_proxy = 0;
|
||||
int p_len;
|
||||
|
||||
fastcgi_conn fcgi_conn = {.socket = 0, .req_id = 0};
|
||||
http_status custom_status;
|
||||
|
||||
http_res res;
|
||||
sprintf(res.version, "1.1");
|
||||
res.status = http_get_status(501);
|
||||
res.hdr.field_num = 0;
|
||||
http_res res = {.version = "1.1", .status = http_get_status(501), .hdr.field_num = 0};
|
||||
http_status_ctx ctx = {.status = 0, .origin = NONE};
|
||||
|
||||
clock_gettime(CLOCK_MONOTONIC, &begin);
|
||||
|
||||
@@ -413,11 +422,10 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
|
||||
|
||||
ret = fastcgi_header(&fcgi_conn, &res, err_msg);
|
||||
if (ret != 0) {
|
||||
if (ret < 0) {
|
||||
goto abort;
|
||||
}
|
||||
if (ret < 0) goto abort;
|
||||
goto respond;
|
||||
}
|
||||
|
||||
char *status = http_get_header_field(&res.hdr, "Status");
|
||||
if (status != NULL) {
|
||||
int status_code = (int) strtoul(status, NULL, 10);
|
||||
@@ -435,9 +443,29 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
|
||||
}
|
||||
}
|
||||
|
||||
content_length = -1;
|
||||
const char *content_length_f = http_get_header_field(&res.hdr, "Content-Length");
|
||||
content_length = (content_length_f == NULL) ? -1 : strtol(content_length_f, NULL, 10);
|
||||
|
||||
const char *content_type = http_get_header_field(&res.hdr, "Content-Type");
|
||||
const char *content_encoding = http_get_header_field(&res.hdr, "Content-Encoding");
|
||||
if (content_encoding == NULL &&
|
||||
content_type != NULL &&
|
||||
strncmp(content_type, "text/html", 9) == 0 &&
|
||||
content_length != -1 &&
|
||||
content_length <= sizeof(msg_content) - 1)
|
||||
{
|
||||
fastcgi_dump(&fcgi_conn, msg_content, sizeof(msg_content));
|
||||
goto respond;
|
||||
}
|
||||
|
||||
use_fastcgi = 1;
|
||||
|
||||
if (content_length != -1 && content_length < 1024000) {
|
||||
use_fastcgi |= FASTCGI_COMPRESS_HOLD;
|
||||
}
|
||||
|
||||
content_length = -1;
|
||||
|
||||
int http_comp = http_get_compression(&req, &res);
|
||||
if (http_comp & COMPRESS) {
|
||||
if (http_comp & COMPRESS_BR) {
|
||||
@@ -449,6 +477,7 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
|
||||
}
|
||||
http_add_header_field(&res.hdr, "Vary", "Accept-Encoding");
|
||||
http_add_header_field(&res.hdr, "Content-Encoding", buf0);
|
||||
http_remove_header_field(&res.hdr, "Content-Length", HTTP_REMOVE_ALL);
|
||||
}
|
||||
|
||||
if (http_get_header_field(&res.hdr, "Content-Length") == NULL) {
|
||||
@@ -460,9 +489,27 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
|
||||
http_remove_header_field(&res.hdr, "Date", HTTP_REMOVE_ALL);
|
||||
http_remove_header_field(&res.hdr, "Server", HTTP_REMOVE_ALL);
|
||||
|
||||
ret = rev_proxy_init(&req, &res, conf, client, &custom_status, err_msg);
|
||||
ret = rev_proxy_init(&req, &res, &ctx, conf, client, &custom_status, err_msg);
|
||||
use_rev_proxy = (ret == 0);
|
||||
|
||||
// Let 300 be formatted by origin server
|
||||
if (use_rev_proxy && res.status->code >= 301 && res.status->code < 600) {
|
||||
const char *content_type = http_get_header_field(&res.hdr, "Content-Type");
|
||||
const char *content_length_f = http_get_header_field(&res.hdr, "Content-Length");
|
||||
const char *content_encoding = http_get_header_field(&res.hdr, "Content-Encoding");
|
||||
if (content_encoding == NULL && content_type != NULL && content_length_f != NULL &&
|
||||
strncmp(content_type, "text/html", 9) == 0)
|
||||
{
|
||||
long content_len = strtol(content_length_f, NULL, 10);
|
||||
if (content_len <= sizeof(msg_content) - 1) {
|
||||
ctx.status = res.status->code;
|
||||
ctx.origin = res.status->code >= 400 ? SERVER : NONE;
|
||||
use_rev_proxy = 0;
|
||||
rev_proxy_dump(msg_content, content_len);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
char *content_encoding = http_get_header_field(&res.hdr, "Content-Encoding");
|
||||
if (use_rev_proxy && content_encoding == NULL) {
|
||||
@@ -499,25 +546,61 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
|
||||
if (http_get_header_field(&res.hdr, "Accept-Ranges") == NULL) {
|
||||
http_add_header_field(&res.hdr, "Accept-Ranges", "none");
|
||||
}
|
||||
if (!use_fastcgi && !use_rev_proxy && file == NULL &&
|
||||
((res.status->code >= 400 && res.status->code < 600) || err_msg[0] != 0)) {
|
||||
if (!use_fastcgi && file == NULL) {
|
||||
http_remove_header_field(&res.hdr, "Date", HTTP_REMOVE_ALL);
|
||||
http_remove_header_field(&res.hdr, "Server", HTTP_REMOVE_ALL);
|
||||
http_remove_header_field(&res.hdr, "Cache-Control", HTTP_REMOVE_ALL);
|
||||
http_remove_header_field(&res.hdr, "Content-Type", HTTP_REMOVE_ALL);
|
||||
http_remove_header_field(&res.hdr, "Content-Encoding", HTTP_REMOVE_ALL);
|
||||
http_add_header_field(&res.hdr, "Date", http_get_date(buf0, sizeof(buf0)));
|
||||
http_add_header_field(&res.hdr, "Server", SERVER_STR);
|
||||
http_add_header_field(&res.hdr, "Cache-Control", "no-cache");
|
||||
http_add_header_field(&res.hdr, "Content-Type", "text/html; charset=UTF-8");
|
||||
|
||||
// TODO list Locations on 3xx Redirects
|
||||
const http_doc_info *info = http_get_status_info(res.status);
|
||||
const http_status_msg *http_msg = http_get_error_msg(res.status);
|
||||
|
||||
sprintf(msg_pre_buf, info->doc, res.status->code, res.status->msg,
|
||||
if (res.status->code >= 300 && res.status->code < 400 && msg_content[0] == 0) {
|
||||
const char *location = http_get_header_field(&res.hdr, "Location");
|
||||
if (location != NULL) {
|
||||
snprintf(msg_content, sizeof(msg_content),
|
||||
"<ul>\n\t<li><a href=\"%1$s\">%1$s</a></li>\n</ul>\n", location);
|
||||
}
|
||||
}
|
||||
|
||||
char *rev_proxy_doc = "";
|
||||
if (conf != NULL && conf->type == CONFIG_TYPE_REVERSE_PROXY) {
|
||||
const http_status *status = http_get_status(ctx.status);
|
||||
char stat_str[8];
|
||||
sprintf(stat_str, "%03i", ctx.status);
|
||||
sprintf(msg_pre_buf_2, http_rev_proxy_document,
|
||||
" success",
|
||||
(ctx.origin == CLIENT_REQ) ? " error" : " success",
|
||||
(ctx.origin == INTERNAL) ? " error" : " success",
|
||||
(ctx.origin == SERVER_REQ) ? " error" : (ctx.status == 0 ? "" : " success"),
|
||||
(ctx.origin == CLIENT_RES) ? " error" : " success",
|
||||
(ctx.origin == SERVER) ? " error" : (ctx.status == 0 ? "" : " success"),
|
||||
(ctx.origin == SERVER_RES) ? " error" : (ctx.status == 0 ? "" : " success"),
|
||||
(ctx.origin == INTERNAL) ? " error" : " success",
|
||||
(ctx.origin == INTERNAL || ctx.origin == SERVER) ? " error" : " success",
|
||||
res.status->code,
|
||||
res.status->msg,
|
||||
(ctx.status == 0) ? "???" : stat_str,
|
||||
(status != NULL) ? status->msg : "",
|
||||
host);
|
||||
rev_proxy_doc = msg_pre_buf_2;
|
||||
}
|
||||
|
||||
sprintf(msg_pre_buf_1, info->doc, res.status->code, res.status->msg,
|
||||
http_msg != NULL ? http_msg->msg : "", err_msg[0] != 0 ? err_msg : "");
|
||||
content_length = snprintf(msg_buf, sizeof(msg_buf), http_default_document, res.status->code,
|
||||
res.status->msg, msg_pre_buf, info->mode, info->icon, info->color, host);
|
||||
http_add_header_field(&res.hdr, "Content-Type", "text/html; charset=UTF-8");
|
||||
res.status->msg, msg_pre_buf_1, info->mode, info->icon, info->color, host,
|
||||
rev_proxy_doc, msg_content[0] != 0 ? msg_content : "");
|
||||
}
|
||||
if (content_length >= 0) {
|
||||
sprintf(buf0, "%li", content_length);
|
||||
http_remove_header_field(&res.hdr, "Content-Length", HTTP_REMOVE_ALL);
|
||||
http_add_header_field(&res.hdr, "Content-Length", buf0);
|
||||
} else if (http_get_header_field(&res.hdr, "Transfer-Encoding") == NULL) {
|
||||
server_keep_alive = 0;
|
||||
@@ -572,8 +655,8 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
|
||||
char *transfer_encoding = http_get_header_field(&res.hdr, "Transfer-Encoding");
|
||||
int chunked = transfer_encoding != NULL && strcmp(transfer_encoding, "chunked") == 0;
|
||||
|
||||
int flags = (chunked ? FASTCGI_CHUNKED : 0) | (use_fastcgi & FASTCGI_COMPRESS);
|
||||
fastcgi_send(&fcgi_conn, client, flags);
|
||||
int flags = (chunked ? FASTCGI_CHUNKED : 0) | (use_fastcgi & (FASTCGI_COMPRESS | FASTCGI_COMPRESS_HOLD));
|
||||
ret = fastcgi_send(&fcgi_conn, client, flags);
|
||||
} else if (use_rev_proxy) {
|
||||
char *transfer_encoding = http_get_header_field(&res.hdr, "Transfer-Encoding");
|
||||
int chunked = transfer_encoding != NULL && strstr(transfer_encoding, "chunked") != NULL;
|
||||
@@ -585,7 +668,11 @@ int client_request_handler(sock *client, unsigned long client_num, unsigned int
|
||||
}
|
||||
|
||||
int flags = (chunked ? REV_PROXY_CHUNKED : 0) | (use_rev_proxy & REV_PROXY_COMPRESS);
|
||||
rev_proxy_send(client, len_to_send, flags);
|
||||
ret = rev_proxy_send(client, len_to_send, flags);
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
client_keep_alive = 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -103,15 +103,21 @@ int cache_process() {
|
||||
FILE *comp_file_br = NULL;
|
||||
if (compress) {
|
||||
sprintf(buf, "%.*s/.necronda-server", cache[i].webroot_len, cache[i].filename);
|
||||
mkdir(buf, 0755);
|
||||
if (mkdir(buf, 0755) != 0 && errno != EEXIST) {
|
||||
fprintf(stderr, ERR_STR "Unable to create directory %s: %s" CLR_STR "\n", buf, strerror(errno));
|
||||
goto comp_err;
|
||||
}
|
||||
|
||||
sprintf(buf, "%.*s/.necronda-server/cache", cache[i].webroot_len, cache[i].filename);
|
||||
mkdir(buf, 0700);
|
||||
if (mkdir(buf, 0700) != 0 && errno != EEXIST) {
|
||||
fprintf(stderr, ERR_STR "Unable to create directory %s: %s" CLR_STR "\n", buf, strerror(errno));
|
||||
goto comp_err;
|
||||
}
|
||||
|
||||
char *rel_path = cache[i].filename + cache[i].webroot_len + 1;
|
||||
for (int j = 0; j < strlen(rel_path); j++) {
|
||||
char ch = rel_path[j];
|
||||
if (ch == '/') {
|
||||
ch = '_';
|
||||
}
|
||||
if (ch == '/') ch = '_';
|
||||
buf[j] = ch;
|
||||
}
|
||||
buf[strlen(rel_path)] = 0;
|
||||
@@ -123,7 +129,8 @@ int cache_process() {
|
||||
"%.*s/.necronda-server/cache/%s.br",
|
||||
cache[i].webroot_len, cache[i].filename, buf);
|
||||
if (p_len_gz < 0 || p_len_gz >= sizeof(filename_comp_gz) ||
|
||||
p_len_br < 0 || p_len_br >= sizeof(filename_comp_br)) {
|
||||
p_len_br < 0 || p_len_br >= sizeof(filename_comp_br))
|
||||
{
|
||||
fprintf(stderr, ERR_STR "Unable to open cached file: "
|
||||
"File name for compressed file too long" CLR_STR "\n");
|
||||
goto comp_err;
|
||||
|
||||
130
src/lib/config.c
130
src/lib/config.c
@@ -14,11 +14,11 @@
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
host_config *config;
|
||||
char cert_file[256], key_file[256], geoip_dir[256], dns_server[256];
|
||||
t_config *config;
|
||||
char geoip_dir[256], dns_server[256];
|
||||
|
||||
int config_init() {
|
||||
int shm_id = shmget(CONFIG_SHM_KEY, CONFIG_MAX_HOST_CONFIG * sizeof(host_config), IPC_CREAT | IPC_EXCL | 0640);
|
||||
int shm_id = shmget(CONFIG_SHM_KEY, sizeof(t_config), IPC_CREAT | IPC_EXCL | 0640);
|
||||
if (shm_id < 0) {
|
||||
fprintf(stderr, ERR_STR "Unable to create shared memory: %s" CLR_STR "\n", strerror(errno));
|
||||
return -1;
|
||||
@@ -37,7 +37,7 @@ int config_init() {
|
||||
return -3;
|
||||
}
|
||||
config = shm_rw;
|
||||
memset(config, 0, CONFIG_MAX_HOST_CONFIG * sizeof(host_config));
|
||||
memset(config, 0, sizeof(t_config));
|
||||
shmdt(shm_rw);
|
||||
config = shm;
|
||||
return 0;
|
||||
@@ -68,42 +68,82 @@ int config_load(const char *filename) {
|
||||
fseek(file, 0, SEEK_END);
|
||||
unsigned long len = ftell(file);
|
||||
fseek(file, 0, SEEK_SET);
|
||||
char *conf = malloc(len);
|
||||
char *conf = alloca(len + 1);
|
||||
fread(conf, 1, len, file);
|
||||
conf[len] = 0;
|
||||
fclose(file);
|
||||
|
||||
host_config *tmp_config = malloc(CONFIG_MAX_HOST_CONFIG * sizeof(host_config));
|
||||
memset(tmp_config, 0, CONFIG_MAX_HOST_CONFIG * sizeof(host_config));
|
||||
t_config *tmp_config = malloc(sizeof(t_config));
|
||||
memset(tmp_config, 0, sizeof(t_config));
|
||||
|
||||
int i = 0;
|
||||
int j = 0;
|
||||
int line = 0;
|
||||
int mode = 0;
|
||||
char section = 0;
|
||||
char *ptr = NULL;
|
||||
char *source, *target;
|
||||
while ((ptr = strtok(ptr == NULL ? conf : NULL, "\n")) != NULL) {
|
||||
while ((ptr = strsep(&conf, "\r\n")) != NULL) {
|
||||
line++;
|
||||
char *comment = strchr(ptr, '#');
|
||||
if (comment != NULL) comment[0] = 0;
|
||||
|
||||
len = strlen(ptr);
|
||||
char *end_ptr = ptr + len - 1;
|
||||
while (end_ptr[0] == ' ' || end_ptr[0] == '\t') {
|
||||
end_ptr[0] = 0;
|
||||
end_ptr--;
|
||||
}
|
||||
len = strlen(ptr);
|
||||
if (len == 0) continue;
|
||||
|
||||
if (ptr[0] == '[') {
|
||||
if (ptr[len - 1] != ']') goto err;
|
||||
snprintf(tmp_config[i].name, sizeof(tmp_config[i].name), "%.*s", (int) len - 2, ptr + 1);
|
||||
i++;
|
||||
ptr++;
|
||||
int l = 0;
|
||||
if (strncmp(ptr, "host", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
|
||||
ptr += 4;
|
||||
while (ptr[0] == ' ' || ptr[0] == '\t' || ptr[0] == ']') ptr++;
|
||||
while (ptr[l] != ' ' && ptr[l] != '\t' && ptr[l] != ']') l++;
|
||||
if (l == 0) goto err;
|
||||
snprintf(tmp_config->hosts[i].name, sizeof(tmp_config->hosts[i].name), "%.*s", l, ptr);
|
||||
i++;
|
||||
section = 'h';
|
||||
} else if (strncmp(ptr, "cert", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
|
||||
ptr += 4;
|
||||
while (ptr[0] == ' ' || ptr[0] == '\t' || ptr[0] == ']') ptr++;
|
||||
while (ptr[l] != ' ' && ptr[l] != '\t' && ptr[l] != ']') l++;
|
||||
if (l == 0) goto err;
|
||||
snprintf(tmp_config->certs[j].name, sizeof(tmp_config->certs[j].name), "%.*s", l, ptr);
|
||||
j++;
|
||||
section = 'c';
|
||||
} else {
|
||||
goto err;
|
||||
}
|
||||
continue;
|
||||
} else if (i == 0) {
|
||||
if (len > 12 && strncmp(ptr, "certificate", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
|
||||
source = ptr + 11;
|
||||
target = cert_file;
|
||||
} else if (len > 12 && strncmp(ptr, "private_key", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
|
||||
source = ptr + 11;
|
||||
target = key_file;
|
||||
} else if (len > 10 && strncmp(ptr, "geoip_dir", 9) == 0 && (ptr[9] == ' ' || ptr[9] == '\t')) {
|
||||
} else if (section == 0) {
|
||||
if (len > 10 && strncmp(ptr, "geoip_dir", 9) == 0 && (ptr[9] == ' ' || ptr[9] == '\t')) {
|
||||
source = ptr + 9;
|
||||
target = geoip_dir;
|
||||
} else if (len > 11 && strncmp(ptr, "dns_server", 10) == 0 && (ptr[10] == ' ' || ptr[10] == '\t')) {
|
||||
source = ptr + 10;
|
||||
target = dns_server;
|
||||
} else {
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
host_config *hc = &tmp_config[i - 1];
|
||||
} else if (section == 'c') {
|
||||
cert_config *cc = &tmp_config->certs[j - 1];
|
||||
if (len > 12 && strncmp(ptr, "certificate", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
|
||||
source = ptr + 11;
|
||||
target = cc->full_chain;
|
||||
} else if (len > 12 && strncmp(ptr, "private_key", 11) == 0 && (ptr[11] == ' ' || ptr[11] == '\t')) {
|
||||
source = ptr + 11;
|
||||
target = cc->priv_key;
|
||||
} else {
|
||||
goto err;
|
||||
}
|
||||
} else if (section == 'h') {
|
||||
host_config *hc = &tmp_config->hosts[i - 1];
|
||||
if (len > 8 && strncmp(ptr, "webroot", 7) == 0 && (ptr[7] == ' ' || ptr[7] == '\t')) {
|
||||
source = ptr + 7;
|
||||
target = hc->local.webroot;
|
||||
@@ -112,6 +152,9 @@ int config_load(const char *filename) {
|
||||
} else {
|
||||
hc->type = CONFIG_TYPE_LOCAL;
|
||||
}
|
||||
} else if (len > 5 && strncmp(ptr, "cert", 4) == 0 && (ptr[4] == ' ' || ptr[4] == '\t')) {
|
||||
source = ptr + 4;
|
||||
target = hc->cert_name;
|
||||
} else if (len > 9 && strncmp(ptr, "dir_mode", 8) == 0 && (ptr[8] == ' ' || ptr[8] == '\t')) {
|
||||
source = ptr + 8;
|
||||
target = NULL;
|
||||
@@ -154,44 +197,61 @@ int config_load(const char *filename) {
|
||||
hc->rev_proxy.enc = 1;
|
||||
}
|
||||
continue;
|
||||
} else {
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
goto err;
|
||||
}
|
||||
char *end_ptr = source + strlen(source) - 1;
|
||||
|
||||
while (source[0] == ' ' || source[0] == '\t') source++;
|
||||
while (end_ptr[0] == ' ' || end_ptr[0] == '\t') end_ptr--;
|
||||
if (end_ptr <= source) {
|
||||
if (strlen(source) == 0) {
|
||||
err:
|
||||
free(conf);
|
||||
free(tmp_config);
|
||||
fprintf(stderr, ERR_STR "Unable to parse config file" CLR_STR "\n");
|
||||
fprintf(stderr, ERR_STR "Unable to parse config file (line %i)" CLR_STR "\n", line);
|
||||
return -2;
|
||||
}
|
||||
end_ptr[1] = 0;
|
||||
|
||||
if (target != NULL) {
|
||||
strcpy(target, source);
|
||||
} else if (mode == 1) {
|
||||
if (strcmp(source, "forbidden") == 0) {
|
||||
tmp_config[i - 1].local.dir_mode = URI_DIR_MODE_FORBIDDEN;
|
||||
tmp_config->hosts[i - 1].local.dir_mode = URI_DIR_MODE_FORBIDDEN;
|
||||
} else if (strcmp(source, "info") == 0) {
|
||||
tmp_config[i - 1].local.dir_mode = URI_DIR_MODE_INFO;
|
||||
tmp_config->hosts[i - 1].local.dir_mode = URI_DIR_MODE_INFO;
|
||||
} else if (strcmp(source, "list") == 0) {
|
||||
tmp_config[i - 1].local.dir_mode = URI_DIR_MODE_LIST;
|
||||
tmp_config->hosts[i - 1].local.dir_mode = URI_DIR_MODE_LIST;
|
||||
} else {
|
||||
goto err;
|
||||
}
|
||||
} else if (mode == 2) {
|
||||
tmp_config[i - 1].rev_proxy.port = (unsigned short) strtoul(source, NULL, 10);
|
||||
tmp_config->hosts[i - 1].rev_proxy.port = (unsigned short) strtoul(source, NULL, 10);
|
||||
}
|
||||
}
|
||||
free(conf);
|
||||
|
||||
for (int j = 0; j < i; j++) {
|
||||
if (tmp_config[j].type == CONFIG_TYPE_LOCAL) {
|
||||
char *webroot = tmp_config[j].local.webroot;
|
||||
for (int k = 0; k < i; k++) {
|
||||
host_config *hc = &tmp_config->hosts[k];
|
||||
if (hc->type == CONFIG_TYPE_LOCAL) {
|
||||
char *webroot = tmp_config->hosts[k].local.webroot;
|
||||
if (webroot[strlen(webroot) - 1] == '/') {
|
||||
webroot[strlen(webroot) - 1] = 0;
|
||||
}
|
||||
}
|
||||
if (hc->cert_name[0] == 0) goto err2;
|
||||
int found = 0;
|
||||
for (int m = 0; m < j; m++) {
|
||||
if (strcmp(tmp_config->certs[m].name, hc->cert_name) == 0) {
|
||||
hc->cert = m;
|
||||
found = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!found) {
|
||||
err2:
|
||||
free(tmp_config);
|
||||
fprintf(stderr, ERR_STR "Unable to parse config file" CLR_STR "\n");
|
||||
return -2;
|
||||
}
|
||||
}
|
||||
|
||||
int shm_id = shmget(CONFIG_SHM_KEY, 0, 0);
|
||||
@@ -207,7 +267,7 @@ int config_load(const char *filename) {
|
||||
fprintf(stderr, ERR_STR "Unable to attach shared memory (rw): %s" CLR_STR "\n", strerror(errno));
|
||||
return -4;
|
||||
}
|
||||
memcpy(shm_rw, tmp_config, CONFIG_MAX_HOST_CONFIG * sizeof(host_config));
|
||||
memcpy(shm_rw, tmp_config, sizeof(t_config));
|
||||
free(tmp_config);
|
||||
shmdt(shm_rw);
|
||||
return 0;
|
||||
|
||||
@@ -12,6 +12,7 @@
|
||||
|
||||
#define CONFIG_SHM_KEY 255642
|
||||
#define CONFIG_MAX_HOST_CONFIG 64
|
||||
#define CONFIG_MAX_CERT_CONFIG 64
|
||||
|
||||
#define CONFIG_TYPE_UNSET 0
|
||||
#define CONFIG_TYPE_LOCAL 1
|
||||
@@ -25,6 +26,8 @@
|
||||
typedef struct {
|
||||
int type;
|
||||
char name[256];
|
||||
char cert_name[256];
|
||||
int cert;
|
||||
union {
|
||||
struct {
|
||||
char hostname[256];
|
||||
@@ -38,8 +41,19 @@ typedef struct {
|
||||
};
|
||||
} host_config;
|
||||
|
||||
extern host_config *config;
|
||||
extern char cert_file[256], key_file[256], geoip_dir[256], dns_server[256];
|
||||
typedef struct {
|
||||
char name[256];
|
||||
char full_chain[256];
|
||||
char priv_key[256];
|
||||
} cert_config;
|
||||
|
||||
typedef struct {
|
||||
host_config hosts[CONFIG_MAX_HOST_CONFIG];
|
||||
cert_config certs[CONFIG_MAX_CERT_CONFIG];
|
||||
} t_config;
|
||||
|
||||
extern t_config *config;
|
||||
extern char geoip_dir[256], dns_server[256];
|
||||
|
||||
int config_init();
|
||||
|
||||
|
||||
@@ -61,6 +61,7 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
|
||||
conn->req_id = req_id;
|
||||
conn->out_buf = NULL;
|
||||
conn->out_off = 0;
|
||||
conn->webroot = uri->webroot;
|
||||
|
||||
int fcgi_sock = socket(AF_UNIX, SOCK_STREAM, 0);
|
||||
if (fcgi_sock < 0) {
|
||||
@@ -215,7 +216,7 @@ int fastcgi_close_stdin(fastcgi_conn *conn) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int fastcgi_php_error(const char *msg, int msg_len, char *err_msg) {
|
||||
int fastcgi_php_error(const fastcgi_conn *conn, const char *msg, int msg_len, char *err_msg) {
|
||||
char *msg_str = malloc(msg_len + 1);
|
||||
char *ptr0 = msg_str;
|
||||
strncpy(msg_str, msg, msg_len);
|
||||
@@ -262,7 +263,7 @@ int fastcgi_php_error(const char *msg, int msg_len, char *err_msg) {
|
||||
}
|
||||
print("%s%.*s%s", msg_type == 1 ? WRN_STR : msg_type == 2 ? ERR_STR : "", len2, ptr2, CLR_STR);
|
||||
if (msg_type == 2 && ptr2 == ptr0) {
|
||||
sprintf(err_msg, "%.*s", len2, ptr2);
|
||||
strcpy_rem_webroot(err_msg, ptr2, len2, conn->webroot);
|
||||
err = 1;
|
||||
}
|
||||
if (ptr3 == NULL) {
|
||||
@@ -291,12 +292,12 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
|
||||
while (1) {
|
||||
ret = recv(conn->socket, &header, sizeof(header), 0);
|
||||
if (ret < 0) {
|
||||
res->status = http_get_status(502);
|
||||
res->status = http_get_status(500);
|
||||
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
|
||||
return 1;
|
||||
} else if (ret != sizeof(header)) {
|
||||
res->status = http_get_status(502);
|
||||
res->status = http_get_status(500);
|
||||
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
|
||||
print(ERR_STR "Unable to receive from FastCGI socket" CLR_STR);
|
||||
return 1;
|
||||
@@ -306,13 +307,13 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
|
||||
content = malloc(content_len + header.paddingLength);
|
||||
ret = recv(conn->socket, content, content_len + header.paddingLength, 0);
|
||||
if (ret < 0) {
|
||||
res->status = http_get_status(502);
|
||||
res->status = http_get_status(500);
|
||||
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
|
||||
free(content);
|
||||
return 1;
|
||||
} else if (ret != (content_len + header.paddingLength)) {
|
||||
res->status = http_get_status(502);
|
||||
res->status = http_get_status(500);
|
||||
sprintf(err_msg, "Unable to communicate with FastCGI socket.");
|
||||
print(ERR_STR "Unable to receive from FastCGI socket" CLR_STR);
|
||||
free(content);
|
||||
@@ -331,7 +332,7 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
|
||||
print(ERR_STR "FastCGI protocol error: %i" CLR_STR, body->protocolStatus);
|
||||
}
|
||||
if (app_status != 0) {
|
||||
print(ERR_STR "Script terminated with exit code %i" CLR_STR, app_status);
|
||||
print(ERR_STR "FastCGI app terminated with exit code %i" CLR_STR, app_status);
|
||||
}
|
||||
close(conn->socket);
|
||||
conn->socket = 0;
|
||||
@@ -340,7 +341,7 @@ int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg) {
|
||||
} else if (header.type == FCGI_STDERR) {
|
||||
// TODO implement Necronda backend error handling
|
||||
if (conn->mode == FASTCGI_PHP) {
|
||||
err = err || fastcgi_php_error(content, content_len, err_msg);
|
||||
err = err || fastcgi_php_error(conn, content, content_len, err_msg);
|
||||
}
|
||||
} else if (header.type == FCGI_STDOUT) {
|
||||
break;
|
||||
@@ -430,7 +431,8 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
|
||||
return -1;
|
||||
} else if (ret != sizeof(header)) {
|
||||
print(ERR_STR "Unable to receive from FastCGI socket" CLR_STR);
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: received len (%li) != header len (%li)" CLR_STR,
|
||||
ret, sizeof(header));
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -438,15 +440,16 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
|
||||
content_len = (header.contentLengthB1 << 8) | header.contentLengthB0;
|
||||
content = malloc(content_len + header.paddingLength);
|
||||
ptr = content;
|
||||
ret = recv(conn->socket, content, content_len + header.paddingLength, 0);
|
||||
if (ret < 0) {
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
|
||||
free(content);
|
||||
return -1;
|
||||
} else if (ret != (content_len + header.paddingLength)) {
|
||||
print(ERR_STR "Unable to receive from FastCGI socket" CLR_STR);
|
||||
free(content);
|
||||
return -1;
|
||||
|
||||
long rcv_len = 0;
|
||||
while (rcv_len < content_len + header.paddingLength) {
|
||||
ret = recv(conn->socket, content + rcv_len, content_len + header.paddingLength - rcv_len, 0);
|
||||
if (ret < 0) {
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
|
||||
free(content);
|
||||
return -1;
|
||||
}
|
||||
rcv_len += ret;
|
||||
}
|
||||
|
||||
if (header.type == FCGI_END_REQUEST) {
|
||||
@@ -457,7 +460,7 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
|
||||
print(ERR_STR "FastCGI protocol error: %i" CLR_STR, body->protocolStatus);
|
||||
}
|
||||
if (app_status != 0) {
|
||||
print(ERR_STR "Script terminated with exit code %i" CLR_STR, app_status);
|
||||
print(ERR_STR "FastCGI app terminated with exit code %i" CLR_STR, app_status);
|
||||
}
|
||||
close(conn->socket);
|
||||
conn->socket = 0;
|
||||
@@ -479,7 +482,7 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
|
||||
} else if (header.type == FCGI_STDERR) {
|
||||
// TODO implement Necronda backend error handling
|
||||
if (conn->mode == FASTCGI_PHP) {
|
||||
fastcgi_php_error(content, content_len, buf0);
|
||||
fastcgi_php_error(conn, content, content_len, buf0);
|
||||
}
|
||||
} else if (header.type == FCGI_STDOUT) {
|
||||
unsigned long avail_in, avail_out;
|
||||
@@ -510,6 +513,72 @@ int fastcgi_send(fastcgi_conn *conn, sock *client, int flags) {
|
||||
}
|
||||
}
|
||||
|
||||
int fastcgi_dump(fastcgi_conn *conn, char *buf, long len) {
|
||||
FCGI_Header header;
|
||||
long ret;
|
||||
char buf0[256];
|
||||
char *content, *ptr = buf;
|
||||
unsigned short req_id, content_len;
|
||||
|
||||
if (conn->out_buf != NULL && conn->out_len > conn->out_off) {
|
||||
ptr += snprintf(ptr, len, "%.*s", conn->out_len - conn->out_off, conn->out_buf + conn->out_off);
|
||||
}
|
||||
|
||||
while (1) {
|
||||
ret = recv(conn->socket, &header, sizeof(header), 0);
|
||||
if (ret < 0) {
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
|
||||
return -1;
|
||||
} else if (ret != sizeof(header)) {
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: received len (%li) != header len (%li)" CLR_STR,
|
||||
ret, sizeof(header));
|
||||
return -1;
|
||||
}
|
||||
|
||||
req_id = (header.requestIdB1 << 8) | header.requestIdB0;
|
||||
content_len = (header.contentLengthB1 << 8) | header.contentLengthB0;
|
||||
content = malloc(content_len + header.paddingLength);
|
||||
|
||||
long rcv_len = 0;
|
||||
while (rcv_len < content_len + header.paddingLength) {
|
||||
ret = recv(conn->socket, content + rcv_len, content_len + header.paddingLength - rcv_len, 0);
|
||||
if (ret < 0) {
|
||||
print(ERR_STR "Unable to receive from FastCGI socket: %s" CLR_STR, strerror(errno));
|
||||
free(content);
|
||||
return -1;
|
||||
}
|
||||
rcv_len += ret;
|
||||
}
|
||||
|
||||
if (header.type == FCGI_END_REQUEST) {
|
||||
FCGI_EndRequestBody *body = (FCGI_EndRequestBody *) content;
|
||||
int app_status = (body->appStatusB3 << 24) | (body->appStatusB2 << 16) | (body->appStatusB1 << 8) |
|
||||
body->appStatusB0;
|
||||
if (body->protocolStatus != FCGI_REQUEST_COMPLETE) {
|
||||
print(ERR_STR "FastCGI protocol error: %i" CLR_STR, body->protocolStatus);
|
||||
}
|
||||
if (app_status != 0) {
|
||||
print(ERR_STR "FastCGI app terminated with exit code %i" CLR_STR, app_status);
|
||||
}
|
||||
close(conn->socket);
|
||||
conn->socket = 0;
|
||||
free(content);
|
||||
|
||||
return 0;
|
||||
} else if (header.type == FCGI_STDERR) {
|
||||
// TODO implement Necronda backend error handling
|
||||
if (conn->mode == FASTCGI_PHP) {
|
||||
fastcgi_php_error(conn, content, content_len, buf0);
|
||||
}
|
||||
} else if (header.type == FCGI_STDOUT) {
|
||||
ptr += snprintf(ptr, len - (ptr - buf), "%.*s", content_len, content);
|
||||
} else {
|
||||
print(ERR_STR "Unknown FastCGI type: %i" CLR_STR, header.type);
|
||||
}
|
||||
free(content);
|
||||
}
|
||||
}
|
||||
|
||||
int fastcgi_receive(fastcgi_conn *conn, sock *client, unsigned long len) {
|
||||
unsigned long rcv_len = 0;
|
||||
char *buf[16384];
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
#define FASTCGI_COMPRESS_GZ 2
|
||||
#define FASTCGI_COMPRESS_BR 4
|
||||
#define FASTCGI_COMPRESS 6
|
||||
#define FASTCGI_COMPRESS_HOLD 8
|
||||
|
||||
#define FASTCGI_PHP 1
|
||||
#define FASTCGI_NECRONDA 2
|
||||
@@ -31,6 +32,7 @@ typedef struct {
|
||||
int socket;
|
||||
unsigned short req_id;
|
||||
char *out_buf;
|
||||
const char *webroot;
|
||||
unsigned short out_len;
|
||||
unsigned short out_off;
|
||||
} fastcgi_conn;
|
||||
@@ -42,12 +44,14 @@ int fastcgi_init(fastcgi_conn *conn, int mode, unsigned int client_num, unsigned
|
||||
|
||||
int fastcgi_close_stdin(fastcgi_conn *conn);
|
||||
|
||||
int fastcgi_php_error(const char *msg, int msg_len, char *err_msg);
|
||||
int fastcgi_php_error(const fastcgi_conn *conn, const char *msg, int msg_len, char *err_msg);
|
||||
|
||||
int fastcgi_header(fastcgi_conn *conn, http_res *res, char *err_msg);
|
||||
|
||||
int fastcgi_send(fastcgi_conn *conn, sock *client, int flags);
|
||||
|
||||
int fastcgi_dump(fastcgi_conn *conn, char *buf, long len);
|
||||
|
||||
int fastcgi_receive(fastcgi_conn *conn, sock *client, unsigned long len);
|
||||
|
||||
#endif //NECRONDA_SERVER_FASTCGI_H
|
||||
|
||||
@@ -75,12 +75,22 @@ typedef struct {
|
||||
http_hdr hdr;
|
||||
} http_res;
|
||||
|
||||
typedef enum {
|
||||
NONE, INTERNAL, CLIENT_REQ, SERVER_REQ, SERVER, SERVER_RES, CLIENT_RES
|
||||
} http_error_origin;
|
||||
|
||||
typedef struct {
|
||||
unsigned short status;
|
||||
http_error_origin origin;
|
||||
} http_status_ctx;
|
||||
|
||||
extern const http_status http_statuses[];
|
||||
extern const http_status_msg http_status_messages[];
|
||||
extern const int http_statuses_size;
|
||||
extern const int http_status_messages_size;
|
||||
|
||||
extern const char http_default_document[];
|
||||
extern const char http_rev_proxy_document[];
|
||||
extern const char http_error_document[];
|
||||
extern const char http_error_icon[];
|
||||
extern const char http_warning_document[];
|
||||
|
||||
@@ -116,20 +116,85 @@ const char http_default_document[] =
|
||||
"\t<link rel=\"shortcut icon\" type=\"image/x-icon\" href=\"/favicon.ico\"/>\n"
|
||||
"%5$s"
|
||||
"\t<style>\n"
|
||||
"\t\thtml{font-family:\"Arial\",sans-serif;--error:" HTTP_COLOR_ERROR ";--warning:" HTTP_COLOR_WARNING ";--success:" HTTP_COLOR_SUCCESS ";--info:" HTTP_COLOR_INFO ";--color:var(--%4$s);}\n"
|
||||
"\t\thtml{font-family:\"Arial\",sans-serif;--error:" HTTP_COLOR_ERROR ";--warning:" HTTP_COLOR_WARNING ";--success:" HTTP_COLOR_SUCCESS ";--info:" HTTP_COLOR_INFO ";--soft:#808080;--color:var(--%4$s);}\n"
|
||||
"\t\tbody{background-color:#F0F0F0;margin:0;}\n"
|
||||
"\t\tmain{max-width:650px;margin:2em auto;}\n"
|
||||
"\t\tsection{margin:1em;background-color:#FFFFFF;border: 1px solid var(--color);border-radius:4px;padding:1em;}\n"
|
||||
"\t\th1,h2,h3,h4,h5,h6,h7{text-align:center;color:var(--color);font-weight:normal;}\n"
|
||||
"\t\th1{font-size:3em;margin:0.125em 0 0.125em 0;}\n"
|
||||
"\t\tsection{margin:2em 1em;background-color:#FFFFFF;border: 1px solid var(--color);border-radius:4px;padding:1em;}\n"
|
||||
"\t\th1,h2,h3,h4,h5,h6{text-align:center;color:var(--color);font-weight:normal;}\n"
|
||||
"\t\th1{font-size:3em;margin:0.125em 0;}\n"
|
||||
"\t\th2{font-size:1.5em;margin:0.25em 0 1em 0;}\n"
|
||||
"\t\tp{text-align:center;font-size:0.875em;}\n"
|
||||
"\t\tdiv.footer{color:#808080;font-size:0.75em;text-align:center;margin:2em 0 0.5em 0;}\n"
|
||||
"\t\tdiv.footer a{color:#808080;}\n"
|
||||
"\t\tdiv.footer{color:var(--soft);font-size:0.75em;text-align:center;margin:2em 0 0.5em 0;}\n"
|
||||
"\t\tdiv.footer a{color:var(--soft);}\n"
|
||||
"\t\tul,ol{width:fit-content;margin:auto;}\n"
|
||||
"\t\tpre{width:fit-content;margin:2em auto 0 auto;}\n"
|
||||
"\n"
|
||||
"\t\tsection.error-ctx{display:flex;padding:0;border:none;}\n"
|
||||
"\t\tdiv.box{flex:100%% 1 1;border:1px solid var(--info);color:var(--info);position:relative;padding:1em;box-sizing:border-box;text-align:center;}\n"
|
||||
"\t\tdiv.box.error{border-color:var(--error);color:var(--error);}\n"
|
||||
"\t\tdiv.box.success{border-color:var(--success);color:var(--success);}\n"
|
||||
"\t\tdiv.arrow{position:absolute;height:20px;width:30px;z-index:10;background-repeat:no-repeat;background-size:contain;}\n"
|
||||
"\t\tdiv.arrow.response{left:-17.5px;bottom:calc(33.3333%% - 10px);}\n"
|
||||
"\t\tdiv.arrow.request{right:-17.5px;top:calc(33.3333%% - 10px);}\n"
|
||||
"\t\tdiv.border{flex:1px 0 0;background-color:var(--info);}\n"
|
||||
"\t\tdiv.border.error{background-color:var(--error);}\n"
|
||||
"\t\tdiv.border.success{background-color:var(--success);}\n"
|
||||
"\t\tdiv.content>span{display:block;color:var(--soft);font-size:0.75em;}\n"
|
||||
"\t\tdiv.content>img{height:3.75rem;margin:0.75rem auto;display:block;}\n"
|
||||
"\t\th3{font-size:2.25em;margin:0.75rem 0 0 0;color:unset;height:2.5rem;}\n"
|
||||
"\t\th4{font-size:1em;margin:0 0 0.75rem 0;color:unset;height:1.25rem;}\n"
|
||||
"\n"
|
||||
"\t\tdiv.arrow.request.success{background-image:url('data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjRkZG"
|
||||
"RkZGIiBzdHJva2U9IiMwMDgwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}\n"
|
||||
"\t\tdiv.arrow.request.error{background-image:url('data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjRkZG"
|
||||
"RkZGIiBzdHJva2U9IiNDMDAwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}\n"
|
||||
"\t\tdiv.arrow.response.success{background-image:url('data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiNGRkZG"
|
||||
"RkYiIHN0cm9rZT0iIzAwODAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}\n"
|
||||
"\t\tdiv.arrow.response.error{background-image:url('data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiNGRkZG"
|
||||
"RkYiIHN0cm9rZT0iI0MwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}\n"
|
||||
"\n"
|
||||
"\t\t@media(prefers-color-scheme:dark){\n"
|
||||
"\t\t\thtml{color:#FFFFFF;}\n"
|
||||
"\t\t\thtml{color:#FFFFFF;--soft:#404040;}\n"
|
||||
"\t\t\tbody{background-color:#101010;}\n"
|
||||
"\t\t\tsection{background-color:#181818;}\n"
|
||||
"\n"
|
||||
"\t\t\tdiv.arrow.request.success{background-image:url('data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjMTgx"
|
||||
"ODE4IiBzdHJva2U9IiMwMDgwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}\n"
|
||||
"\t\t\tdiv.arrow.request.error{background-image:url('data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTEsMSBMMjUsMSBMMjksMTAgTDI1LDE5IEwxLDE5IiBmaWxsPSIjMTgx"
|
||||
"ODE4IiBzdHJva2U9IiNDMDAwMDAiIHN0cm9rZS13aWR0aD0iMiIvPjwvc3ZnPgo=');}\n"
|
||||
"\t\t\tdiv.arrow.response.success{background-image:url('data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiMxODE4"
|
||||
"MTgiIHN0cm9rZT0iIzAwODAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}\n"
|
||||
"\t\t\tdiv.arrow.response.error{background-image:url('data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMzAiIGhlaWdodD0iMjAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTI5LDE5IEw1LDE5IEwxLDEwIEw1LDEgTDI5LDEiIGZpbGw9IiMxODE4"
|
||||
"MTgiIHN0cm9rZT0iI0MwMDAwMCIgc3Ryb2tlLXdpZHRoPSIyIi8+PC9zdmc+Cg==');}\n"
|
||||
"\t\t}\n"
|
||||
"\t\t@media(min-width:650px){\n"
|
||||
"\t\t\tdiv.box:first-child{border-top-left-radius:4px;border-bottom-left-radius:4px;border-right:none;}\n"
|
||||
"\t\t\tdiv.box:last-child{border-top-right-radius:4px;border-bottom-right-radius:4px;border-left:none;}\n"
|
||||
"\t\t\tdiv.box:not(:last-child):not(:first-child){border-left:none;border-right:none;}\n"
|
||||
"\t\t}\n"
|
||||
"\t\t@media(max-width:650px){\n"
|
||||
"\t\t\tsection.error-ctx{flex-direction:column;height:unset;}\n"
|
||||
"\t\t\tdiv.box:first-child{border-top-left-radius:4px;border-top-right-radius:4px;border-bottom:none;padding-top:1em;}\n"
|
||||
"\t\t\tdiv.box:last-child{border-bottom-right-radius:4px;border-bottom-left-radius:4px;border-top:none;padding-bottom:1em;}\n"
|
||||
"\t\t\tdiv.box:not(:last-child):not(:first-child){border-top:none;border-bottom:none;}\n"
|
||||
"\t\t\tdiv.arrow.response{transform:rotate(90deg);top:-10px;left:calc(33.3333%% - 22.5px);right:unset;}\n"
|
||||
"\t\t\tdiv.arrow.request{transform:rotate(90deg);bottom:-10px;right:calc(33.3333%% - 22.5px);top:unset;}\n"
|
||||
"\t\t}\n"
|
||||
"\t</style>\n"
|
||||
"</head>\n"
|
||||
@@ -137,12 +202,52 @@ const char http_default_document[] =
|
||||
"\t<main>\n"
|
||||
"\t\t<section>\n"
|
||||
"%3$s"
|
||||
"%9$s"
|
||||
"\t\t\t<div class=\"footer\"><a href=\"https://%7$s/\">%7$s</a> - " SERVER_STR_HTML "</div>\n"
|
||||
"\t\t</section>\n"
|
||||
"%8$s"
|
||||
"\t</main>\n"
|
||||
"</body>\n"
|
||||
"</html>\n";
|
||||
|
||||
const char http_rev_proxy_document[] =
|
||||
"\t\t<section class=\"error-ctx\">\n"
|
||||
"\t\t\t<div class=\"box%1$s\">\n"
|
||||
"\t\t\t\t<div class=\"content\">\n"
|
||||
"\t\t\t\t\t<span>Client</span>\n"
|
||||
"\t\t\t\t\t<img src=\"data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iNjQiIGhlaWdodD0iNjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHBhdGggZD0iTTIsMzIgYTMwLDMwLDAsMSwwLDYwLDAgYTMwLDMwLDAsMSwwLC02MCww"
|
||||
"IEw2MiwzMiBNNiwxNiBMNTgsMTYgTTYsNDggTDU4LDQ4IE0zMiwyIEwzMiw2MiBhMTUsMzAsMCwx"
|
||||
"LDAsMCwtNjAgYTE1LDMwLDAsMSwwLDAsNjAgWiIgc3Ryb2tlPSIjMDA4MDAwIiBzdHJva2Utd2lk"
|
||||
"dGg9IjIiIGZpbGw9IiMwMDAwMDAwMCIvPjwvc3ZnPgo=\"/>\n"
|
||||
"\t\t\t\t\t<span>Your Browser</span>\n"
|
||||
"\t\t\t\t</div>\n"
|
||||
"\t\t\t\t<div class=\"arrow request%2$s\"></div>\n"
|
||||
"\t\t\t</div>\n"
|
||||
"\t\t\t<div class=\"border%8$s\"></div>\n"
|
||||
"\t\t\t<div class=\"box%3$s\">\n"
|
||||
"\t\t\t\t<div class=\"content\">\n"
|
||||
"\t\t\t\t\t<span>Reverse Proxy</span>\n"
|
||||
"\t\t\t\t\t<h3>%10$03i</h3>\n"
|
||||
"\t\t\t\t\t<h4>%11$s</h4>\n"
|
||||
"\t\t\t\t\t<span>" SERVER_NAME "</span>\n"
|
||||
"\t\t\t\t</div>\n"
|
||||
"\t\t\t\t<div class=\"arrow request%4$s\"></div>\n"
|
||||
"\t\t\t\t<div class=\"arrow response%5$s\"></div>\n"
|
||||
"\t\t\t</div>\n"
|
||||
"\t\t\t<div class=\"border%9$s\"></div>\n"
|
||||
"\t\t\t<div class=\"box%6$s\">\n"
|
||||
"\t\t\t\t<div class=\"content\">\n"
|
||||
"\t\t\t\t\t<span>Server</span>\n"
|
||||
"\t\t\t\t\t<h3>%12$s</h3>\n"
|
||||
"\t\t\t\t\t<h4>%13$s</h4>\n"
|
||||
"\t\t\t\t\t<span>%14$s</span>\n"
|
||||
"\t\t\t\t</div>\n"
|
||||
"\t\t\t\t<div class=\"arrow response%7$s\"></div>\n"
|
||||
"\t\t\t</div>\n"
|
||||
"\t\t</section>\n";
|
||||
|
||||
const char http_error_document[] =
|
||||
"\t\t\t<h1>%1$i</h1>\n"
|
||||
"\t\t\t<h2>%2$s :(</h2>\n"
|
||||
@@ -158,7 +263,7 @@ const char http_error_icon[] =
|
||||
|
||||
const char http_warning_document[] =
|
||||
"\t\t\t<h1>%1$i</h1>\n"
|
||||
"\t\t\t<h2>%2$s :o</h2>\n"
|
||||
"\t\t\t<h2>%2$s :)</h2>\n"
|
||||
"\t\t\t<p>%3$s</p>\n"
|
||||
"\t\t\t<p>%4$s</p>\n";
|
||||
|
||||
@@ -166,7 +271,7 @@ const char http_warning_icon[] =
|
||||
"\t<link rel=\"alternate icon\" type=\"image/svg+xml\" sizes=\"any\" href=\"data:image/svg+xml;base64,"
|
||||
"PHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw"
|
||||
"L3N2ZyI+PHRleHQgeD0iNCIgeT0iMTIiIGZpbGw9IiNFMEMwMDAiIHN0eWxlPSJmb250LWZhbWls"
|
||||
"eTonQXJpYWwnLHNhbnMtc2VyaWYiPjpvPC90ZXh0Pjwvc3ZnPgo=\"/>\n";
|
||||
"eTonQXJpYWwnLHNhbnMtc2VyaWYiPjopPC90ZXh0Pjwvc3ZnPgo=\"/>\n";
|
||||
|
||||
|
||||
const char http_success_document[] =
|
||||
|
||||
@@ -36,7 +36,7 @@ int rev_proxy_request_header(http_req *req, int enc) {
|
||||
http_add_header_field(&req->hdr, "Connection", "keep-alive");
|
||||
|
||||
char *via = http_get_header_field(&req->hdr, "Via");
|
||||
sprintf(buf1, "HTTP/%s %s", req->version, DEFAULT_HOST);
|
||||
sprintf(buf1, "HTTP/%s %s", req->version, SERVER_NAME);
|
||||
if (via == NULL) {
|
||||
http_add_header_field(&req->hdr, "Via", buf1);
|
||||
} else {
|
||||
@@ -134,7 +134,7 @@ int rev_proxy_response_header(http_req *req, http_res *res) {
|
||||
int p_len;
|
||||
|
||||
char *via = http_get_header_field(&res->hdr, "Via");
|
||||
p_len = snprintf(buf1, sizeof(buf1), "HTTP/%s %s", req->version, DEFAULT_HOST);
|
||||
p_len = snprintf(buf1, sizeof(buf1), "HTTP/%s %s", req->version, SERVER_NAME);
|
||||
if (p_len < 0 || p_len >= sizeof(buf1)) {
|
||||
print(ERR_STR "Appended part of header field 'Via' too long" CLR_STR);
|
||||
return -1;
|
||||
@@ -154,8 +154,8 @@ int rev_proxy_response_header(http_req *req, http_res *res) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client, http_status *custom_status,
|
||||
char *err_msg) {
|
||||
int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_config *conf, sock *client,
|
||||
http_status *custom_status, char *err_msg) {
|
||||
char buffer[CHUNK_SIZE];
|
||||
long ret;
|
||||
int tries = 0;
|
||||
@@ -177,26 +177,23 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
if (rev_proxy.socket < 0) {
|
||||
print(ERR_STR "Unable to create socket: %s" CLR_STR, strerror(errno));
|
||||
res->status = http_get_status(500);
|
||||
ctx->origin = INTERNAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
server_timeout.tv_sec = SERVER_TIMEOUT;
|
||||
server_timeout.tv_sec = SERVER_TIMEOUT_INIT;
|
||||
server_timeout.tv_usec = 0;
|
||||
if (setsockopt(client->socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
|
||||
if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
|
||||
goto rev_proxy_timeout_err;
|
||||
if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
|
||||
goto rev_proxy_timeout_err;
|
||||
if (setsockopt(client->socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0) {
|
||||
rev_proxy_timeout_err:
|
||||
res->status = http_get_status(500);
|
||||
print(ERR_STR "Unable to set timeout for socket: %s" CLR_STR, strerror(errno));
|
||||
sprintf(err_msg, "Unable to set timeout for socket: %s", strerror(errno));
|
||||
goto proxy_err;
|
||||
}
|
||||
|
||||
struct hostent *host_ent = gethostbyname2(conf->rev_proxy.hostname, AF_INET6);
|
||||
if (host_ent == NULL) {
|
||||
host_ent = gethostbyname2(conf->rev_proxy.hostname, AF_INET);
|
||||
if (host_ent == NULL) {
|
||||
res->status = http_get_status(503);
|
||||
ctx->origin = SERVER_REQ;
|
||||
print(ERR_STR "Unable to connect to server: Name or service not known" CLR_STR);
|
||||
sprintf(err_msg, "Unable to connect to server: Name or service not known.");
|
||||
goto proxy_err;
|
||||
@@ -216,18 +213,34 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
|
||||
print(BLUE_STR "Connecting to " BLD_STR "[%s]:%i" CLR_STR BLUE_STR "..." CLR_STR, buffer, conf->rev_proxy.port);
|
||||
if (connect(rev_proxy.socket, (struct sockaddr *) &address, sizeof(address)) < 0) {
|
||||
if (errno == ETIMEDOUT) {
|
||||
if (errno == ETIMEDOUT || errno == EINPROGRESS) {
|
||||
res->status = http_get_status(504);
|
||||
ctx->origin = SERVER_REQ;
|
||||
} else if (errno == ECONNREFUSED) {
|
||||
res->status = http_get_status(503);
|
||||
ctx->origin = SERVER_REQ;
|
||||
} else {
|
||||
res->status = http_get_status(500);
|
||||
ctx->origin = INTERNAL;
|
||||
}
|
||||
print(ERR_STR "Unable to connect to [%s]:%i: %s" CLR_STR, buffer, conf->rev_proxy.port, strerror(errno));
|
||||
sprintf(err_msg, "Unable to connect to server: %s.", strerror(errno));
|
||||
goto proxy_err;
|
||||
}
|
||||
|
||||
server_timeout.tv_sec = SERVER_TIMEOUT;
|
||||
server_timeout.tv_usec = 0;
|
||||
if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
|
||||
goto rev_proxy_timeout_err;
|
||||
if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0) {
|
||||
rev_proxy_timeout_err:
|
||||
res->status = http_get_status(500);
|
||||
ctx->origin = INTERNAL;
|
||||
print(ERR_STR "Unable to set timeout for reverse proxy socket: %s" CLR_STR, strerror(errno));
|
||||
sprintf(err_msg, "Unable to set timeout for reverse proxy socket: %s", strerror(errno));
|
||||
goto proxy_err;
|
||||
}
|
||||
|
||||
if (conf->rev_proxy.enc) {
|
||||
rev_proxy.ssl = SSL_new(rev_proxy.ctx);
|
||||
SSL_set_fd(rev_proxy.ssl, rev_proxy.socket);
|
||||
@@ -240,6 +253,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
rev_proxy.enc = 1;
|
||||
if (ret < 0) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_REQ;
|
||||
print(ERR_STR "Unable to perform handshake: %s" CLR_STR, sock_strerror(&rev_proxy));
|
||||
sprintf(err_msg, "Unable to perform handshake: %s.", sock_strerror(&rev_proxy));
|
||||
goto proxy_err;
|
||||
@@ -253,12 +267,14 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
ret = rev_proxy_request_header(req, (int) client->enc);
|
||||
if (ret != 0) {
|
||||
res->status = http_get_status(500);
|
||||
ctx->origin = INTERNAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
ret = http_send_request(&rev_proxy, req);
|
||||
if (ret < 0) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_REQ;
|
||||
print(ERR_STR "Unable to send request to server (1): %s" CLR_STR, sock_strerror(&rev_proxy));
|
||||
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&rev_proxy));
|
||||
retry = tries < 4;
|
||||
@@ -276,6 +292,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
ret = sock_send(&rev_proxy, client->buf, len, 0);
|
||||
if (ret <= 0) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_REQ;
|
||||
print(ERR_STR "Unable to send request to server (2): %s" CLR_STR, sock_strerror(&rev_proxy));
|
||||
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&rev_proxy));
|
||||
retry = tries < 4;
|
||||
@@ -288,16 +305,19 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
if (ret <= 0) {
|
||||
if (ret == -1) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_REQ;
|
||||
print(ERR_STR "Unable to send request to server (3): %s" CLR_STR, sock_strerror(&rev_proxy));
|
||||
sprintf(err_msg, "Unable to send request to server: %s.", sock_strerror(&rev_proxy));
|
||||
goto proxy_err;
|
||||
} else if (ret == -2) {
|
||||
res->status = http_get_status(400);
|
||||
ctx->origin = CLIENT_REQ;
|
||||
print(ERR_STR "Unable to receive request from client: %s" CLR_STR, sock_strerror(client));
|
||||
sprintf(err_msg, "Unable to receive request from client: %s.", sock_strerror(client));
|
||||
return -1;
|
||||
}
|
||||
res->status = http_get_status(500);
|
||||
ctx->origin = INTERNAL;
|
||||
print(ERR_STR "Unknown Error" CLR_STR);
|
||||
return -1;
|
||||
}
|
||||
@@ -306,7 +326,16 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
|
||||
ret = sock_recv(&rev_proxy, buffer, sizeof(buffer), MSG_PEEK);
|
||||
if (ret <= 0) {
|
||||
res->status = http_get_status(502);
|
||||
int enc_err = sock_enc_error(&rev_proxy);
|
||||
if (errno == EAGAIN || errno == EINPROGRESS || enc_err == SSL_ERROR_WANT_READ ||
|
||||
enc_err == SSL_ERROR_WANT_WRITE)
|
||||
{
|
||||
res->status = http_get_status(504);
|
||||
ctx->origin = SERVER_RES;
|
||||
} else {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_RES;
|
||||
}
|
||||
print(ERR_STR "Unable to receive response from server: %s" CLR_STR, sock_strerror(&rev_proxy));
|
||||
sprintf(err_msg, "Unable to receive response from server: %s.", sock_strerror(&rev_proxy));
|
||||
goto proxy_err;
|
||||
@@ -317,6 +346,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
|
||||
if (header_len <= 0) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_RES;
|
||||
print(ERR_STR "Unable to parse header: End of header not found" CLR_STR);
|
||||
sprintf(err_msg, "Unable to parser header: End of header not found.");
|
||||
goto proxy_err;
|
||||
@@ -325,6 +355,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
for (int i = 0; i < header_len; i++) {
|
||||
if ((buf[i] >= 0x00 && buf[i] <= 0x1F && buf[i] != '\r' && buf[i] != '\n') || buf[i] == 0x7F) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_RES;
|
||||
print(ERR_STR "Unable to parse header: Header contains illegal characters" CLR_STR);
|
||||
sprintf(err_msg, "Unable to parse header: Header contains illegal characters.");
|
||||
goto proxy_err;
|
||||
@@ -336,6 +367,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
char *pos0 = strstr(ptr, "\r\n");
|
||||
if (pos0 == NULL) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_RES;
|
||||
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
|
||||
sprintf(err_msg, "Unable to parse header: Invalid header format.");
|
||||
goto proxy_err;
|
||||
@@ -343,6 +375,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
if (ptr == buf) {
|
||||
if (strncmp(ptr, "HTTP/", 5) != 0) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_RES;
|
||||
print(ERR_STR "Unable to parse header: Invalid header format" CLR_STR);
|
||||
sprintf(err_msg, "Unable to parse header: Invalid header format.");
|
||||
goto proxy_err;
|
||||
@@ -357,6 +390,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
res->status = custom_status;
|
||||
} else if (res->status == NULL) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_RES;
|
||||
print(ERR_STR "Unable to parse header: Invalid or unknown status code" CLR_STR);
|
||||
sprintf(err_msg, "Unable to parse header: Invalid or unknown status code.");
|
||||
goto proxy_err;
|
||||
@@ -365,6 +399,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
ret = http_parse_header_field(&res->hdr, ptr, pos0);
|
||||
if (ret != 0) {
|
||||
res->status = http_get_status(502);
|
||||
ctx->origin = SERVER_RES;
|
||||
print(ERR_STR "Unable to parse header" CLR_STR);
|
||||
sprintf(err_msg, "Unable to parse header.");
|
||||
goto proxy_err;
|
||||
@@ -380,6 +415,7 @@ int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client
|
||||
ret = rev_proxy_response_header(req, res);
|
||||
if (ret != 0) {
|
||||
res->status = http_get_status(500);
|
||||
ctx->origin = INTERNAL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -497,3 +533,9 @@ int rev_proxy_send(sock *client, unsigned long len_to_send, int flags) {
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int rev_proxy_dump(char *buf, long len) {
|
||||
sock_recv(&rev_proxy, buf, len, 0);
|
||||
sock_close(&rev_proxy);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -13,6 +13,10 @@
|
||||
#define REV_PROXY_COMPRESS_BR 4
|
||||
#define REV_PROXY_COMPRESS 6
|
||||
|
||||
#ifndef SERVER_NAME
|
||||
# define SERVER_NAME "revproxy"
|
||||
#endif
|
||||
|
||||
#include "http.h"
|
||||
#include "config.h"
|
||||
|
||||
@@ -24,9 +28,11 @@ int rev_proxy_request_header(http_req *req, int enc);
|
||||
|
||||
int rev_proxy_response_header(http_req *req, http_res *res);
|
||||
|
||||
int rev_proxy_init(http_req *req, http_res *res, host_config *conf, sock *client, http_status *custom_status,
|
||||
char *err_msg);
|
||||
int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_config *conf, sock *client,
|
||||
http_status *custom_status, char *err_msg);
|
||||
|
||||
int rev_proxy_send(sock *client, unsigned long len_to_send, int flags);
|
||||
|
||||
int rev_proxy_dump(char *buf, long len);
|
||||
|
||||
#endif //NECRONDA_SERVER_REV_PROXY_H
|
||||
|
||||
@@ -12,6 +12,10 @@
|
||||
#include <sys/socket.h>
|
||||
#include <unistd.h>
|
||||
|
||||
int sock_enc_error(sock *s) {
|
||||
return (int) s->enc ? SSL_get_error(s->ssl, (int) s->_last_ret) : 0;
|
||||
}
|
||||
|
||||
const char *sock_strerror(sock *s) {
|
||||
if (s->_last_ret == 0) {
|
||||
return "closed";
|
||||
@@ -21,7 +25,7 @@ const char *sock_strerror(sock *s) {
|
||||
}
|
||||
const char *err1 = ERR_reason_error_string(s->_ssl_error);
|
||||
const char *err2 = strerror(errno);
|
||||
switch (SSL_get_error(s->ssl, (int) s->_last_ret)) {
|
||||
switch (sock_enc_error(s)) {
|
||||
case SSL_ERROR_NONE:
|
||||
return NULL;
|
||||
case SSL_ERROR_ZERO_RETURN:
|
||||
|
||||
@@ -23,6 +23,8 @@ typedef struct {
|
||||
unsigned long _ssl_error;
|
||||
} sock;
|
||||
|
||||
int sock_enc_error(sock *s);
|
||||
|
||||
const char *sock_strerror(sock *s);
|
||||
|
||||
long sock_send(sock *s, void *buf, unsigned long len, int flags);
|
||||
|
||||
@@ -128,6 +128,18 @@ int mime_is_compressible(const char *type) {
|
||||
strcmp(type_parsed, "font/eot") == 0 ||
|
||||
strcmp(type_parsed, "font/opentype") == 0 ||
|
||||
strcmp(type_parsed, "image/bmp") == 0 ||
|
||||
strcmp(type_parsed, "image/gif") == 0 ||
|
||||
strcmp(type_parsed, "image/vnd.microsoft.icon") == 0 ||
|
||||
strcmp(type_parsed, "image/vnd.microsoft.iconbinary") == 0 ||
|
||||
strcmp(type_parsed, "image/x-icon") == 0;
|
||||
}
|
||||
|
||||
int strcpy_rem_webroot(char *dst, const char *src, long len, const char *webroot) {
|
||||
strncpy(dst, src, len);
|
||||
if (webroot == NULL) return 0;
|
||||
char *pos;
|
||||
while ((pos = strstr(dst, webroot)) != NULL) {
|
||||
strcpy(pos, pos + strlen(webroot));
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -40,4 +40,6 @@ int url_decode(const char *str, char *dec, long *size);
|
||||
|
||||
int mime_is_compressible(const char *type);
|
||||
|
||||
int strcpy_rem_webroot(char *dst, const char *str, long len, const char *webroot);
|
||||
|
||||
#endif //NECRONDA_SERVER_UTILS_H
|
||||
|
||||
@@ -38,6 +38,7 @@ const char *config_file;
|
||||
int sockets[NUM_SOCKETS];
|
||||
pid_t children[MAX_CHILDREN];
|
||||
MMDB_s mmdbs[MAX_MMDB];
|
||||
SSL_CTX *contexts[CONFIG_MAX_CERT_CONFIG];
|
||||
|
||||
void openssl_init() {
|
||||
SSL_library_init();
|
||||
@@ -46,6 +47,15 @@ void openssl_init() {
|
||||
OpenSSL_add_all_algorithms();
|
||||
}
|
||||
|
||||
static int ssl_servername_cb(SSL *ssl, int *ad, void *arg) {
|
||||
const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
||||
if (servername != NULL) {
|
||||
const host_config *conf = get_host_config(servername);
|
||||
if (conf != NULL) SSL_set_SSL_CTX(ssl, contexts[conf->cert]);
|
||||
}
|
||||
return SSL_TLSEXT_ERR_OK;
|
||||
}
|
||||
|
||||
void destroy() {
|
||||
fprintf(stderr, "\n" ERR_STR "Terminating forcefully!" CLR_STR "\n");
|
||||
int status = 0;
|
||||
@@ -290,29 +300,40 @@ int main(int argc, const char *argv[]) {
|
||||
client.buf = NULL;
|
||||
client.buf_len = 0;
|
||||
client.buf_off = 0;
|
||||
client.ctx = SSL_CTX_new(TLS_server_method());
|
||||
SSL_CTX_set_options(client.ctx, SSL_OP_SINGLE_DH_USE);
|
||||
SSL_CTX_set_verify(client.ctx, SSL_VERIFY_NONE, NULL);
|
||||
SSL_CTX_set_min_proto_version(client.ctx, TLS1_2_VERSION);
|
||||
SSL_CTX_set_mode(client.ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
|
||||
SSL_CTX_set_cipher_list(client.ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
|
||||
SSL_CTX_set_ecdh_auto(client.ctx, 1);
|
||||
|
||||
for (int i = 0; i < CONFIG_MAX_CERT_CONFIG; i++) {
|
||||
const cert_config *conf = &config->certs[i];
|
||||
if (conf->name[0] == 0) break;
|
||||
|
||||
contexts[i] = SSL_CTX_new(TLS_server_method());
|
||||
SSL_CTX *ctx = contexts[i];
|
||||
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
|
||||
SSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION);
|
||||
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
|
||||
SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4");
|
||||
SSL_CTX_set_ecdh_auto(ctx, 1);
|
||||
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
|
||||
|
||||
if (SSL_CTX_use_certificate_chain_file(ctx, conf->full_chain) != 1) {
|
||||
fprintf(stderr, ERR_STR "Unable to load certificate chain file: %s: %s" CLR_STR "\n",
|
||||
ERR_reason_error_string(ERR_get_error()), conf->full_chain);
|
||||
config_unload();
|
||||
return 1;
|
||||
}
|
||||
if (SSL_CTX_use_PrivateKey_file(ctx, conf->priv_key, SSL_FILETYPE_PEM) != 1) {
|
||||
fprintf(stderr, ERR_STR "Unable to load private key file: %s: %s" CLR_STR "\n",
|
||||
ERR_reason_error_string(ERR_get_error()), conf->priv_key);
|
||||
config_unload();
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
client.ctx = contexts[0];
|
||||
|
||||
|
||||
rev_proxy_preload();
|
||||
|
||||
if (SSL_CTX_use_certificate_chain_file(client.ctx, cert_file) != 1) {
|
||||
fprintf(stderr, ERR_STR "Unable to load certificate chain file: %s: %s" CLR_STR "\n",
|
||||
ERR_reason_error_string(ERR_get_error()), cert_file);
|
||||
config_unload();
|
||||
return 1;
|
||||
}
|
||||
if (SSL_CTX_use_PrivateKey_file(client.ctx, key_file, SSL_FILETYPE_PEM) != 1) {
|
||||
fprintf(stderr, ERR_STR "Unable to load private key file: %s: %s" CLR_STR "\n",
|
||||
ERR_reason_error_string(ERR_get_error()), key_file);
|
||||
config_unload();
|
||||
return 1;
|
||||
}
|
||||
|
||||
for (int i = 0; i < NUM_SOCKETS; i++) {
|
||||
if (listen(sockets[i], LISTEN_BACKLOG) < 0) {
|
||||
fprintf(stderr, ERR_STR "Unable to listen on socket %i: %s" CLR_STR "\n", i, strerror(errno));
|
||||
|
||||
@@ -17,14 +17,11 @@
|
||||
#define LISTEN_BACKLOG 16
|
||||
#define REQ_PER_CONNECTION 200
|
||||
#define CLIENT_TIMEOUT 3600
|
||||
#define SERVER_TIMEOUT 4
|
||||
#define SERVER_TIMEOUT_INIT 4
|
||||
#define SERVER_TIMEOUT 3600
|
||||
|
||||
#define CHUNK_SIZE 8192
|
||||
|
||||
#ifndef DEFAULT_HOST
|
||||
# define DEFAULT_HOST "www.necronda.net"
|
||||
#endif
|
||||
|
||||
extern int sockets[NUM_SOCKETS];
|
||||
extern pid_t children[MAX_CHILDREN];
|
||||
extern MMDB_s mmdbs[MAX_MMDB];
|
||||
|
||||
@@ -8,8 +8,16 @@
|
||||
#ifndef NECRONDA_SERVER_NECRONDA_H
|
||||
#define NECRONDA_SERVER_NECRONDA_H
|
||||
|
||||
#define NECRONDA_VERSION "4.4"
|
||||
#define NECRONDA_VERSION "4.5"
|
||||
#define SERVER_STR "Necronda/" NECRONDA_VERSION
|
||||
#define SERVER_STR_HTML "Necronda web server " NECRONDA_VERSION
|
||||
|
||||
#ifndef DEFAULT_HOST
|
||||
# define DEFAULT_HOST "www.necronda.net"
|
||||
#endif
|
||||
|
||||
#ifndef SERVER_NAME
|
||||
# define SERVER_NAME DEFAULT_HOST
|
||||
#endif
|
||||
|
||||
#endif //NECRONDA_SERVER_NECRONDA_H
|
||||
|
||||
Reference in New Issue
Block a user