Commits
- Commit:
b7967bc1f695126e1bf2705bfd486bbc32aaf8b0
- From:
- Omar Polo <op@omarpolo.com>
- Date:
proxy: allow multiple proxy blocks, matching options and validations
as a side effect the order of the content of a server block is relaxed:
options, location or proxy blocks can be put in any order.
- Commit:
593e412b4988ca8b72bb7ef9b1cc663cb1184215
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow to disable TLS when proxying requests
- Commit:
7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify the proxying code
it doesn't make any sense to keep the proxying info per-location:
proxying only one per-vhost. It can't work differently, it doesn't make
sense anyway.
- Commit:
d49093c105e7e9af2638bce945374ac0036b3498
- From:
- Omar Polo <op@omarpolo.com>
- Date:
support optional client certificate for proxy rule
- Commit:
6a6b4a2a98c508d2714eb899c0a23d2087b6e683
- From:
- Omar Polo <op@omarpolo.com>
- Date:
typo
- Commit:
72b033ef18ae3f82922f6f11ce0f5194e95f667d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add ability to proxy requests
Add to gmid the ability to forwad a request to another gemini server and
thus acting like a reverse proxy. The current syntax for the config
file is
server "example.com" {
...
proxy relay-to host:port
}
Further options (like the use of custom certificates) are planned.
cf. github issue #7
- Commit:
52c92ef6803ae5bcf1eca0447b07da2f8ca675fb
- From:
- Omar Polo <op@omarpolo.com>
- Date:
relax the "wont proxy request" check: don't check the port number
Don't refuse to serve the request if the port number doesn't match the
one we're listening on, as initially suggested by Allen Sobot.
Complex setup may have a gmid instance reachable from multiple ports and
the meaning of the check in the first places was to avoid tricking
clients into thinking that we're serving for those domains: the port
number is way less important than the schema or domain name.
In the long run, the best way would probably to add a `listen on'
keyword for the servers blocks, just like OpenBSD' httpd, but gmid can't
listen on multiple ports/interfaces yet
- Commit:
4842c72d9f3f45478cb641e15a3272e541fb8a18
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt
- Commit:
80444938654389aa7970aaa43c4590d63da6844d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
move bufferevent initialization early in handle_handshake
the error path needs an initialized bufferevent too, otherwise it'll
crash when trying to write the response.
This moves the initialisation early, right after the tls_handshake.
Another option would be to initialise it in do_accept, but that may be
too early.
- Commit:
c62a411f4f5c0a9b9ef6a1a474ee976bf5f711af
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't die on ECONNABORTED
ECONNABORTED is returned if a connections gets aborted after being
queued before the accept(2). I had some cases of
accept: Software caused connection abort
on FreeBSD, this should avoid that.
- Commit:
5eb3fc905f5e3bd2f2d586fb1e0ceda879500b3e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't work around a missing -Wno-unused-parameter
It's been there for a long time, and it's frankly annoying to pretend
to use parameters. Most of the time, they're there to satisfy an
interface and nothings more.
- Commit:
207b3e80d867693ff74cf99c84f7dd41386adba1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
Store clients inside a splay tree
From day one we've been using a static array of client struct to hold
the clients data. This has variuos drawbacks, among which:
* reuse of the storage ("shades of heartbleed")
* maximum fixed amount of clients connected at the same time
* bugs are harder to debug
The last point in particular is important because if we mess the client
ids, or try to execute some functions (e.g. the various fcgi_*) after a
client has been disconnected, it's harder to "see" this "use after
free"-tier kind of bug.
Now I'm using a splay tree to hold the data about the live connections.
Each client' data is managed by malloc. If we try to access a client
data after the disconnection we'll probably crash with a SIGSEGV and
find the bug is more easy.
Performance-wise the connection phase should be faster since we don't
have to loop anymore to find an empty spot in the clients array, but
some operations could be slightly slower (compare the O(1) access in an
array with a SPLAY_FIND operation -- still be faster than O(n) thought.)
- Commit:
4cd25209651f224be8c34d6006ef689963ce37d5
- From:
- Omar Polo <op@omarpolo.com>
- Date:
one FastCGI connection per client
FastCGI is designed to multiplex requests over a single connection, so
ideally the server can open only one connection per worker to the
FastCGI application and that's that.
Doing this kind of multiplexing makes the code harder to follow and
easier to break/leak etc on the gmid side however. OpenBSD' httpd
seems to open one connection per client, so why can't we too?
One connection per request is still way better (lighter) than using
CGI, and we can avoid all the pitfalls of the multiplexing (keeping
track of "live ids", properly shut down etc...)
- Commit:
e4daebe44aedd66413f82319252a7e579133945d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
plug a memory leak
c->req is set in client_read but never deallocated
- Commit:
807a80cb9efdf631c3717fdca884bd0119493d45
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt