Commits
- Commit:
cd5826b8ba3b43ed9802309688ae029c0f5c4081
- From:
- Omar Polo <op@omarpolo.com>
- Date:
retire the deprecated `mime' and `map' config options
- Commit:
aa9543b9fd1963d86f63fda13addb356f9039c37
- From:
- Omar Polo <op@omarpolo.com>
- Date:
make the mime types fixed-sized too
- Commit:
7277bb7dc2971fad2a51b7975df85dda1df4c936
- From:
- Omar Polo <op@omarpolo.com>
- Date:
make config fields `chroot' and `user' fixed-size
- Commit:
760009951357d4c36991c4c6a62db973289b32d9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
optionally disable the sandbox on some systems
The FreeBSD and Linux' sandbox can't deal with `fastcgi' and `proxy'
configuration rules: new sockets needs to be opened and it's either
impossible (the former) or a huge pain in the arse (the latter).
The sandbox is still always used in case only static files are served.
- Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
get rid of the CGI support
I really want to get rid of the `executor' process hack for CGI scripts
and its escalation to allow fastcgi and proxying to work on non-OpenBSD.
This drops the CGI support and the `executor' process entirely and is
the first step towards gmid 2.0. It also allows to have more secure
defaults.
On non-OpenBSD systems this means that the sandbox will be deactivated
as soon as fastcgi or proxying are used: you can't open sockets under
FreeBSD' capsicum(4) and I don't want to go thru the pain of making it
work under linux' seccomp/landlock. Patches are always welcome however.
For folks using CGI scripts (hey, I'm one of you!) not all hope is lost:
fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were
FastCGI applications.
fixes for the documentation and to the non-OpenBSD sandboxes will
follow.
- Commit:
54203115cd0121ee0e44f5e58202a4d8054b9c09
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't load the built-in list when using `types'
- Commit:
d8d170aa5ee1498babee095078b3888f1525a2b3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow add_mime to fail
add_mime nows allocate dinamically copies of the passed strings, so
that we can actually free what we parse from the config file.
This matters a lot especially with lengthy `types' block: strings that
reach the internal mapping are never free'd, so every manual addition
is leaked.
- Commit:
6468868fee132f062133ad9a1d373ef213e689f1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
print a deprecation message for the map rule
- Commit:
e5d82d9472513ef742dbb0b5ac451337625feb58
- From:
- Omar Polo <op@omarpolo.com>
- Date:
const-ify some tables
matches found with
% grep -R '=[ ]*{' . | fgrep -v const
- Commit:
ee219d702e4b1db5a985be5087f0e682b567618b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add type { ... } block to define mime types mapping
The `map' rule is powerful but quite annoying to use if you have/need
lots of entries (and clutters the configuration file too.)
The `type' block is blatantly stolen from httpd(8) and allows for a way
more nice usage:
type {
include "/usr/share/misc/mime.types"
}
or even
type {
text/markdown md markdown
text/x-perl pl pm
# ...
}
- Commit:
88971f9a4e71c199c28fac3a1e9ccf39f44279f1
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add missing token include to the list of tokens
- Commit:
1f1f381068ac81bb86177e7d55e75f440522643f
- From:
- Anna “CyberTailor” <cyber@sysrq.in>
- Via:
- Omar Polo <op@omarpolo.com>
- Date:
include gmid.h before other headers to get all the prototypes
> implicit declaration of function 'asprintf'; did you mean 'vsprintf'?
- Commit:
1cdea97b6c74ec86e202431a208b5c99343f7273
- From:
- Omar Polo <op@omarpolo.com>
- Date:
allow using a custom hostname for SNI during proxying
add a `sni' option for the `proxy' block: the given name is used instead
of the one extracted by the `relay-to' rule.
- Commit:
ba94a608a89110740cb24ef098c476c84d371918
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add `require client ca' for proxy blocks
refactor the code that calls validate_against_ca into an helper
function to reuse it in both apply_require_ca and (optionally) in
apply_reverse_proxy.
- Commit:
b7967bc1f695126e1bf2705bfd486bbc32aaf8b0
- From:
- Omar Polo <op@omarpolo.com>
- Date:
proxy: allow multiple proxy blocks, matching options and validations
as a side effect the order of the content of a server block is relaxed:
options, location or proxy blocks can be put in any order.