Commits
- Commit:
32fbc47803fbb51cfff0e5181b78d9050641709c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop the configless mode from gmid; now it's provided by `ge'
- Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
get rid of the CGI support
I really want to get rid of the `executor' process hack for CGI scripts
and its escalation to allow fastcgi and proxying to work on non-OpenBSD.
This drops the CGI support and the `executor' process entirely and is
the first step towards gmid 2.0. It also allows to have more secure
defaults.
On non-OpenBSD systems this means that the sandbox will be deactivated
as soon as fastcgi or proxying are used: you can't open sockets under
FreeBSD' capsicum(4) and I don't want to go thru the pain of making it
work under linux' seccomp/landlock. Patches are always welcome however.
For folks using CGI scripts (hey, I'm one of you!) not all hope is lost:
fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were
FastCGI applications.
fixes for the documentation and to the non-OpenBSD sandboxes will
follow.
- Commit:
a555e0d67baef271ffe4a186326ee5f1c16fff75
- From:
- Omar Polo <op@omarpolo.com>
- Date:
copyright years
- Commit:
18bd83915eab0f06b7e2920d0d71a39108b2d641
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sort the MIME mappings and do a binary search to match
- Commit:
54203115cd0121ee0e44f5e58202a4d8054b9c09
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't load the built-in list when using `types'
- Commit:
d8d170aa5ee1498babee095078b3888f1525a2b3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow add_mime to fail
add_mime nows allocate dinamically copies of the passed strings, so
that we can actually free what we parse from the config file.
This matters a lot especially with lengthy `types' block: strings that
reach the internal mapping are never free'd, so every manual addition
is leaked.
- Commit:
e5d82d9472513ef742dbb0b5ac451337625feb58
- From:
- Omar Polo <op@omarpolo.com>
- Date:
const-ify some tables
matches found with
% grep -R '=[ ]*{' . | fgrep -v const
- Commit:
1cdea97b6c74ec86e202431a208b5c99343f7273
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow using a custom hostname for SNI during proxying
add a `sni' option for the `proxy' block: the given name is used instead
of the one extracted by the `relay-to' rule.
- Commit:
b7967bc1f695126e1bf2705bfd486bbc32aaf8b0
- From:
- Omar Polo <op@omarpolo.com>
- Date:
proxy: allow multiple proxy blocks, matching options and validations
as a side effect the order of the content of a server block is relaxed:
options, location or proxy blocks can be put in any order.
- Commit:
7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
- From:
- Omar Polo <op@omarpolo.com>
- Date:
simplify the proxying code
it doesn't make any sense to keep the proxying info per-location:
proxying only one per-vhost. It can't work differently, it doesn't make
sense anyway.
- Commit:
d49093c105e7e9af2638bce945374ac0036b3498
- From:
- Omar Polo <op@omarpolo.com>
- Date:
support optional client certificate for proxy rule
- Commit:
72b033ef18ae3f82922f6f11ce0f5194e95f667d
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add ability to proxy requests
Add to gmid the ability to forwad a request to another gemini server and
thus acting like a reverse proxy. The current syntax for the config
file is
server "example.com" {
...
proxy relay-to host:port
}
Further options (like the use of custom certificates) are planned.
cf. github issue #7
- Commit:
193380eaa4b4fa001dd773b9ee94e2545eed5efa
- From:
- Omar Polo <op@omarpolo.com>
- Date:
free OCSP path when clearing the config
was forgotten in ff05125eb81e5bbf2cf05b8434d03bce584936e0
- Commit:
7fa6717647863ac5c63126329c52336409712353
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt
- Commit:
ff05125eb81e5bbf2cf05b8434d03bce584936e0
- From:
- Stephen Gregoratto <dev@sgregoratto.me>
- Via:
- omar-polo <op@omarpolo.com>
- Date:
Implement OCSP stapling support
Currently dogfooding this patch at gemini.sgregoratto.me. To test,
run the following command and look for the "OCSP response" header:
openssl s_client -connect "gemini.sgregoratto.me:1965" -status