commit 7bdcc91ec70ddde092ac5d7b4f75d54915e7b221 from: Omar Polo date: Sat Jan 01 17:08:39 2022 UTC simplify the proxying code it doesn't make any sense to keep the proxying info per-location: proxying only one per-vhost. It can't work differently, it doesn't make sense anyway. commit - bd5f79542cf6491ed9e30bca926286e3b9e2600c commit + 7bdcc91ec70ddde092ac5d7b4f75d54915e7b221 blob - b86359b6d2484f209e48c7bb38e7ad3dd899e198 blob + a6e0d1bd0b46a24ebaa2337add20711460cee46a --- gmid.c +++ gmid.c @@ -301,12 +301,7 @@ free_config(void) free((char*)l->index); free((char*)l->block_fmt); free((char*)l->dir); - - free(l->proxy_host); - tls_unload_file(l->proxy_cert, l->proxy_cert_len); - tls_unload_file(l->proxy_key, l->proxy_key_len); - if (l->dirfd != -1) close(l->dirfd); @@ -343,6 +338,10 @@ free_config(void) free((char*)h->cgi); free((char*)h->entrypoint); + free(h->proxy.host); + tls_unload_file(h->proxy.cert, h->proxy.certlen); + tls_unload_file(h->proxy.key, h->proxy.keylen); + TAILQ_REMOVE(&hosts, h, vhosts); free(h); } blob - 1c9b061ee751b4d0f1e2b4163c29328a745490b1 blob + 7da15c2fe0a8d64a86e8e331a6807f6a8dea0f29 --- gmid.h +++ gmid.h @@ -97,6 +97,15 @@ struct fcgi { }; extern struct fcgi fcgi[FCGI_MAX]; +struct proxy { + char *host; + const char *port; + uint8_t *cert; + size_t certlen; + uint8_t *key; + size_t keylen; +}; + TAILQ_HEAD(lochead, location); struct location { const char *match; @@ -111,13 +120,6 @@ struct location { int disable_log; int fcgi; - char *proxy_host; - const char *proxy_port; - uint8_t *proxy_cert; - size_t proxy_cert_len; - uint8_t *proxy_key; - size_t proxy_key_len; - const char *dir; int dirfd; @@ -158,6 +160,7 @@ struct vhost { struct envhead env; struct envhead params; struct aliashead aliases; + struct proxy proxy; }; struct etm { /* extension to mime */ @@ -242,7 +245,6 @@ struct client { struct sockaddr_storage addr; struct vhost *host; /* host they're talking to */ size_t loc; /* location matched */ - struct location *l; SPLAY_ENTRY(client) entry; }; @@ -347,7 +349,6 @@ const char *vhost_default_mime(struct vhost*, const ch const char *vhost_index(struct vhost*, const char*); int vhost_auto_index(struct vhost*, const char*); int vhost_block_return(struct vhost*, const char*, int*, const char**); -struct location *vhost_reverse_proxy(struct vhost *, const char *); int vhost_fastcgi(struct vhost*, const char*); int vhost_dirfd(struct vhost*, const char*, size_t*); int vhost_strip(struct vhost*, const char*); blob - 154e3a5ba32d9397625ac08f91479e7f8e3f36ad blob + db1ebb661db97c3967c7356fbf55ed043ef1bc54 --- parse.y +++ parse.y @@ -278,9 +278,57 @@ servopt : ALIAS string { | PARAM string '=' string { add_param($2, $4, 0); } + | proxy | locopt ; + +proxy : PROXY proxy_opt + | PROXY '{' optnl proxy_opts '}' + ; + +proxy_opts : /* empty */ + | proxy_opts proxy_opt optnl + ; + +proxy_opt : CERT string { + struct proxy *p = &host->proxy; + only_once(p->cert, "proxy cert"); + ensure_absolute_path($2); + p->cert = tls_load_file($2, &p->certlen, NULL); + if (p->cert == NULL) + yyerror("can't load cert %s", $2); + } + | KEY string { + struct proxy *p = &host->proxy; + + only_once(p->key, "proxy key"); + ensure_absolute_path($2); + p->key = tls_load_file($2, &p->keylen, NULL); + if (p->key == NULL) + yyerror("can't load key %s", $2); + } + | RELAY_TO string { + char *at; + const char *errstr; + struct proxy *p = &host->proxy; + + only_once(p->host, "proxy relay-to"); + p->host = $2; + + if ((at = strchr($2, ':')) != NULL) { + *at++ = '\0'; + p->port = at; + } else + p->port = "1965"; + + strtonum(p->port, 1, UINT16_MAX, &errstr); + if (errstr != NULL) + yyerror("proxy port is %s: %s", errstr, + p->port); + } + ; + locations : /* empty */ | locations location optnl ; @@ -330,7 +378,6 @@ locopt : AUTO INDEX bool { loc->auto_index = $3 ? 1 : loc->lang = $2; } | LOG bool { loc->disable_log = !$2; } - | proxy | REQUIRE CLIENT CA string { only_once(loc->reqca, "require client ca"); ensure_absolute_path($4); @@ -345,48 +392,6 @@ locopt : AUTO INDEX bool { loc->auto_index = $3 ? 1 : | STRIP NUM { loc->strip = check_strip_no($2); } ; -proxy : PROXY proxy_opt - | PROXY '{' optnl proxy_opts '}' - ; - -proxy_opts : /* empty */ - | proxy_opts proxy_opt optnl - ; - -proxy_opt : CERT string { - only_once(loc->proxy_cert, "proxy cert"); - ensure_absolute_path($2); - loc->proxy_cert = tls_load_file($2, &loc->proxy_cert_len, NULL); - if (loc->proxy_cert == NULL) - yyerror("can't load cert %s", $2); - } - | KEY string { - only_once(loc->proxy_key, "proxy key"); - ensure_absolute_path($2); - loc->proxy_key = tls_load_file($2, &loc->proxy_key_len, NULL); - if (loc->proxy_key == NULL) - yyerror("can't load key %s", $2); - } - | RELAY_TO string { - char *at; - const char *errstr; - - only_once(loc->proxy_host, "proxy relay-to"); - loc->proxy_host = $2; - - if ((at = strchr($2, ':')) != NULL) { - *at++ = '\0'; - loc->proxy_port = at; - } else - loc->proxy_port = "1965"; - - strtonum(loc->proxy_port, 1, UINT16_MAX, &errstr); - if (errstr != NULL) - yyerror("proxy port is %s: %s", errstr, - loc->proxy_port); - } - ; - fastcgi : SPAWN string { only_oncei(loc->fcgi, "fastcgi"); loc->fcgi = fastcgi_conf(NULL, NULL, $2); blob - 4c5d475f8a799fdfb2b42f9b47cc347825cb72dd blob + 99fd84213f8ac958ba1be3c02189ac5a83d5996a --- proxy.c +++ proxy.c @@ -284,6 +284,7 @@ proxy_handshake(int fd, short event, void *d) int proxy_init(struct client *c) { + struct proxy *p = &c->host->proxy; struct tls_config *conf = NULL; c->type = REQUEST_PROXY; @@ -294,16 +295,14 @@ proxy_init(struct client *c) /* TODO: tls_config_set_protocols here */ tls_config_insecure_noverifycert(conf); - if (c->l->proxy_cert != NULL) { + if (p->cert != NULL) { int r; - r = tls_config_set_cert_mem(conf, c->l->proxy_cert, - c->l->proxy_cert_len); + r = tls_config_set_cert_mem(conf, p->cert, p->certlen); if (r == -1) goto err; - r = tls_config_set_key_mem(conf, c->l->proxy_key, - c->l->proxy_key_len); + r = tls_config_set_key_mem(conf, p->key, p->keylen); if (r == -1) goto err; } blob - 48453c1d9c58a20a12861a40db1f91b9157dc2f5 blob + a0edd85b8b5bdecb779307d2e4aff2b76031cca6 --- server.c +++ server.c @@ -207,27 +207,6 @@ vhost_block_return(struct vhost *v, const char *path, return loc->block_code != 0; } -struct location * -vhost_reverse_proxy(struct vhost *v, const char *path) -{ - struct location *loc; - - if (v == NULL || path == NULL) - return NULL; - - loc = TAILQ_FIRST(&v->locations); - while ((loc = TAILQ_NEXT(loc, locations)) != NULL) { - if (loc->proxy_host != NULL) - if (matches(loc->match, path)) - return loc; - } - - loc = TAILQ_FIRST(&v->locations); - if (loc->proxy_host != NULL) - return loc; - return NULL; -} - int vhost_fastcgi(struct vhost *v, const char *path) { @@ -630,21 +609,20 @@ apply_block_return(struct client *c) static int apply_reverse_proxy(struct client *c) { - struct location *loc; - struct connreq r; + struct proxy *p; + struct connreq r; - if ((loc = vhost_reverse_proxy(c->host, c->iri.path)) == NULL) + p = &c->host->proxy; + if (p->host == NULL) return 0; - c->l = loc; - log_debug(c, "opening proxy connection for %s:%s", - loc->proxy_host, loc->proxy_port); - - strlcpy(r.host, loc->proxy_host, sizeof(r.host)); - strlcpy(r.port, loc->proxy_port, sizeof(r.port)); + p->host, p->port); + + strlcpy(r.host, p->host, sizeof(r.host)); + strlcpy(r.port, p->port, sizeof(r.port)); - strlcpy(c->domain, loc->proxy_host, sizeof(c->domain)); + strlcpy(c->domain, p->host, sizeof(c->domain)); imsg_compose(&exibuf, IMSG_CONN_REQ, c->id, 0, -1, &r, sizeof(r)); imsg_flush(&exibuf);