2012-06-04 16:48:31 +02:00
|
|
|
/*
|
2014-03-30 12:09:21 +02:00
|
|
|
* nghttp2 - HTTP/2 C Library
|
2012-06-04 16:48:31 +02:00
|
|
|
*
|
|
|
|
* Copyright (c) 2012 Tatsuhiro Tsujikawa
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
* a copy of this software and associated documentation files (the
|
|
|
|
* "Software"), to deal in the Software without restriction, including
|
|
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
* the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
* included in all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
|
|
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
|
|
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
|
|
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
#ifndef SHRPX_CONFIG_H
|
|
|
|
#define SHRPX_CONFIG_H
|
|
|
|
|
2012-06-04 20:11:43 +02:00
|
|
|
#include "shrpx.h"
|
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
#include <stdint.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <arpa/inet.h>
|
2013-11-17 15:52:19 +01:00
|
|
|
#include <cstdio>
|
2013-02-06 15:27:05 +01:00
|
|
|
#include <vector>
|
|
|
|
|
2013-09-12 17:25:24 +02:00
|
|
|
#include <event.h>
|
2013-02-06 15:27:05 +01:00
|
|
|
#include <openssl/ssl.h>
|
2012-06-04 16:48:31 +02:00
|
|
|
|
|
|
|
namespace shrpx {
|
|
|
|
|
2013-02-06 15:27:05 +01:00
|
|
|
namespace ssl {
|
|
|
|
|
|
|
|
struct CertLookupTree;
|
|
|
|
|
|
|
|
} // namespace ssl
|
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
extern const char SHRPX_OPT_PRIVATE_KEY_FILE[];
|
2012-12-03 07:33:04 +01:00
|
|
|
extern const char SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE[];
|
2012-08-01 17:06:41 +02:00
|
|
|
extern const char SHRPX_OPT_CERTIFICATE_FILE[];
|
2013-08-30 15:07:42 +02:00
|
|
|
extern const char SHRPX_OPT_DH_PARAM_FILE[];
|
2013-02-06 15:27:05 +01:00
|
|
|
extern const char SHRPX_OPT_SUBCERT[];
|
2012-08-01 17:06:41 +02:00
|
|
|
extern const char SHRPX_OPT_BACKEND[];
|
|
|
|
extern const char SHRPX_OPT_FRONTEND[];
|
|
|
|
extern const char SHRPX_OPT_WORKERS[];
|
2013-11-04 10:14:05 +01:00
|
|
|
extern const char SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS[];
|
2012-08-01 17:06:41 +02:00
|
|
|
extern const char SHRPX_OPT_LOG_LEVEL[];
|
|
|
|
extern const char SHRPX_OPT_DAEMON[];
|
2013-11-04 10:14:05 +01:00
|
|
|
extern const char SHRPX_OPT_HTTP2_PROXY[];
|
|
|
|
extern const char SHRPX_OPT_HTTP2_BRIDGE[];
|
2012-11-21 14:10:35 +01:00
|
|
|
extern const char SHRPX_OPT_CLIENT_PROXY[];
|
2012-08-01 17:06:41 +02:00
|
|
|
extern const char SHRPX_OPT_ADD_X_FORWARDED_FOR[];
|
2013-01-09 14:01:25 +01:00
|
|
|
extern const char SHRPX_OPT_NO_VIA[];
|
2013-11-04 10:14:05 +01:00
|
|
|
extern const char SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT[];
|
2012-08-01 17:06:41 +02:00
|
|
|
extern const char SHRPX_OPT_FRONTEND_READ_TIMEOUT[];
|
|
|
|
extern const char SHRPX_OPT_FRONTEND_WRITE_TIMEOUT[];
|
|
|
|
extern const char SHRPX_OPT_BACKEND_READ_TIMEOUT[];
|
|
|
|
extern const char SHRPX_OPT_BACKEND_WRITE_TIMEOUT[];
|
|
|
|
extern const char SHRPX_OPT_ACCESSLOG[];
|
|
|
|
extern const char SHRPX_OPT_BACKEND_KEEP_ALIVE_TIMEOUT[];
|
2013-11-04 10:14:05 +01:00
|
|
|
extern const char SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS[];
|
|
|
|
extern const char SHRPX_OPT_BACKEND_HTTP2_WINDOW_BITS[];
|
2013-11-20 16:15:17 +01:00
|
|
|
extern const char SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS[];
|
|
|
|
extern const char SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_BITS[];
|
2013-08-03 11:58:14 +02:00
|
|
|
extern const char SHRPX_OPT_FRONTEND_NO_TLS[];
|
|
|
|
extern const char SHRPX_OPT_BACKEND_NO_TLS[];
|
2012-08-01 17:06:41 +02:00
|
|
|
extern const char SHRPX_OPT_PID_FILE[];
|
|
|
|
extern const char SHRPX_OPT_USER[];
|
2012-08-01 18:20:18 +02:00
|
|
|
extern const char SHRPX_OPT_SYSLOG[];
|
|
|
|
extern const char SHRPX_OPT_SYSLOG_FACILITY[];
|
2012-08-01 18:28:59 +02:00
|
|
|
extern const char SHRPX_OPT_BACKLOG[];
|
2012-08-20 14:50:03 +02:00
|
|
|
extern const char SHRPX_OPT_CIPHERS[];
|
2013-04-18 20:25:48 +02:00
|
|
|
extern const char SHRPX_OPT_HONOR_CIPHER_ORDER[];
|
2012-11-21 14:10:35 +01:00
|
|
|
extern const char SHRPX_OPT_CLIENT[];
|
2012-11-22 13:46:15 +01:00
|
|
|
extern const char SHRPX_OPT_INSECURE[];
|
|
|
|
extern const char SHRPX_OPT_CACERT[];
|
2012-11-23 13:11:01 +01:00
|
|
|
extern const char SHRPX_OPT_BACKEND_IPV4[];
|
|
|
|
extern const char SHRPX_OPT_BACKEND_IPV6[];
|
2013-02-09 08:42:01 +01:00
|
|
|
extern const char SHRPX_OPT_BACKEND_HTTP_PROXY_URI[];
|
2013-03-29 14:06:33 +01:00
|
|
|
extern const char SHRPX_OPT_BACKEND_TLS_SNI_FIELD[];
|
2013-09-13 14:23:55 +02:00
|
|
|
extern const char SHRPX_OPT_READ_RATE[];
|
|
|
|
extern const char SHRPX_OPT_READ_BURST[];
|
|
|
|
extern const char SHRPX_OPT_WRITE_RATE[];
|
|
|
|
extern const char SHRPX_OPT_WRITE_BURST[];
|
2014-03-09 06:53:28 +01:00
|
|
|
extern const char SHRPX_OPT_WORKER_READ_RATE[];
|
|
|
|
extern const char SHRPX_OPT_WORKER_READ_BURST[];
|
|
|
|
extern const char SHRPX_OPT_WORKER_WRITE_RATE[];
|
|
|
|
extern const char SHRPX_OPT_WORKER_WRITE_BURST[];
|
2013-09-23 13:55:39 +02:00
|
|
|
extern const char SHRPX_OPT_NPN_LIST[];
|
2014-01-02 03:49:38 +01:00
|
|
|
extern const char SHRPX_OPT_TLS_PROTO_LIST[];
|
2013-11-01 17:10:18 +01:00
|
|
|
extern const char SHRPX_OPT_VERIFY_CLIENT[];
|
2013-11-02 13:30:32 +01:00
|
|
|
extern const char SHRPX_OPT_VERIFY_CLIENT_CACERT[];
|
2013-11-02 14:58:02 +01:00
|
|
|
extern const char SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE[];
|
|
|
|
extern const char SHRPX_OPT_CLIENT_CERT_FILE[];
|
2013-11-17 15:52:19 +01:00
|
|
|
extern const char SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER[];
|
|
|
|
extern const char SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER[];
|
2013-11-17 16:03:55 +01:00
|
|
|
extern const char SHRPX_OPT_HTTP2_NO_COOKIE_CRUMBLING[];
|
2014-02-09 10:47:26 +01:00
|
|
|
extern const char SHRPX_OPT_FRONTEND_FRAME_DEBUG[];
|
2014-02-11 09:23:22 +01:00
|
|
|
extern const char SHRPX_OPT_PADDING[];
|
2012-08-01 17:06:41 +02:00
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
union sockaddr_union {
|
|
|
|
sockaddr sa;
|
|
|
|
sockaddr_storage storage;
|
|
|
|
sockaddr_in6 in6;
|
|
|
|
sockaddr_in in;
|
|
|
|
};
|
|
|
|
|
2013-02-22 13:54:07 +01:00
|
|
|
enum shrpx_proto {
|
2013-11-04 10:15:56 +01:00
|
|
|
PROTO_HTTP2,
|
2013-02-22 13:54:07 +01:00
|
|
|
PROTO_HTTP
|
|
|
|
};
|
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
struct Config {
|
2013-12-06 15:17:38 +01:00
|
|
|
// The list of (private key file, certificate file) pair
|
|
|
|
std::vector<std::pair<std::string, std::string>> subcerts;
|
|
|
|
sockaddr_union downstream_addr;
|
|
|
|
// binary form of http proxy host and port
|
|
|
|
sockaddr_union downstream_http_proxy_addr;
|
|
|
|
timeval http2_upstream_read_timeout;
|
|
|
|
timeval upstream_read_timeout;
|
|
|
|
timeval upstream_write_timeout;
|
|
|
|
timeval downstream_read_timeout;
|
|
|
|
timeval downstream_write_timeout;
|
|
|
|
timeval downstream_idle_read_timeout;
|
2012-08-01 17:06:41 +02:00
|
|
|
char *host;
|
|
|
|
char *private_key_file;
|
2012-12-03 07:33:04 +01:00
|
|
|
char *private_key_passwd;
|
2012-08-01 17:06:41 +02:00
|
|
|
char *cert_file;
|
2013-08-30 15:07:42 +02:00
|
|
|
char *dh_param_file;
|
2013-02-06 15:27:05 +01:00
|
|
|
SSL_CTX *default_ssl_ctx;
|
|
|
|
ssl::CertLookupTree *cert_tree;
|
2012-06-04 16:48:31 +02:00
|
|
|
const char *server_name;
|
2012-08-01 17:06:41 +02:00
|
|
|
char *downstream_host;
|
|
|
|
char *downstream_hostport;
|
2013-12-06 15:17:38 +01:00
|
|
|
char *backend_tls_sni_name;
|
|
|
|
char *pid_file;
|
|
|
|
char *conf_path;
|
|
|
|
char *ciphers;
|
|
|
|
char *cacert;
|
|
|
|
// userinfo in http proxy URI, not percent-encoded form
|
|
|
|
char *downstream_http_proxy_userinfo;
|
|
|
|
// host in http proxy URI
|
|
|
|
char *downstream_http_proxy_host;
|
2014-03-09 06:53:28 +01:00
|
|
|
// Rate limit configuration per connection
|
2013-12-06 15:17:38 +01:00
|
|
|
ev_token_bucket_cfg *rate_limit_cfg;
|
2014-03-09 06:53:28 +01:00
|
|
|
// Rate limit configuration per worker (thread)
|
|
|
|
ev_token_bucket_cfg *worker_rate_limit_cfg;
|
2014-01-01 16:53:07 +01:00
|
|
|
// list of supported NPN/ALPN protocol strings in the order of
|
|
|
|
// preference. The each element of this list is a NULL-terminated
|
|
|
|
// string.
|
2013-12-06 15:17:38 +01:00
|
|
|
char **npn_list;
|
2014-01-02 03:49:38 +01:00
|
|
|
// list of supported SSL/TLS protocol strings. The each element of
|
|
|
|
// this list is a NULL-terminated string.
|
|
|
|
char **tls_proto_list;
|
2013-12-06 15:17:38 +01:00
|
|
|
// Path to file containing CA certificate solely used for client
|
|
|
|
// certificate validation
|
|
|
|
char *verify_client_cacert;
|
|
|
|
char *client_private_key_file;
|
|
|
|
char *client_cert_file;
|
|
|
|
FILE *http2_upstream_dump_request_header;
|
|
|
|
FILE *http2_upstream_dump_response_header;
|
2012-06-04 16:48:31 +02:00
|
|
|
size_t downstream_addrlen;
|
2012-06-05 18:26:04 +02:00
|
|
|
size_t num_worker;
|
2013-11-04 10:14:05 +01:00
|
|
|
size_t http2_max_concurrent_streams;
|
2013-12-06 15:17:38 +01:00
|
|
|
size_t http2_upstream_window_bits;
|
|
|
|
size_t http2_downstream_window_bits;
|
|
|
|
size_t http2_upstream_connection_window_bits;
|
|
|
|
size_t http2_downstream_connection_window_bits;
|
|
|
|
// actual size of downstream_http_proxy_addr
|
|
|
|
size_t downstream_http_proxy_addrlen;
|
|
|
|
size_t read_rate;
|
|
|
|
size_t read_burst;
|
|
|
|
size_t write_rate;
|
|
|
|
size_t write_burst;
|
2014-03-09 06:53:28 +01:00
|
|
|
size_t worker_read_rate;
|
|
|
|
size_t worker_read_burst;
|
|
|
|
size_t worker_write_rate;
|
|
|
|
size_t worker_write_burst;
|
2013-12-06 15:17:38 +01:00
|
|
|
// The number of elements in npn_list
|
|
|
|
size_t npn_list_len;
|
2014-01-02 03:49:38 +01:00
|
|
|
// The number of elements in tls_proto_list
|
|
|
|
size_t tls_proto_list_len;
|
2014-02-11 09:23:22 +01:00
|
|
|
size_t padding;
|
2013-12-06 15:17:38 +01:00
|
|
|
// downstream protocol; this will be determined by given options.
|
|
|
|
shrpx_proto downstream_proto;
|
|
|
|
int syslog_facility;
|
|
|
|
int backlog;
|
|
|
|
uid_t uid;
|
|
|
|
gid_t gid;
|
|
|
|
uint16_t port;
|
|
|
|
uint16_t downstream_port;
|
|
|
|
// port in http proxy URI
|
|
|
|
uint16_t downstream_http_proxy_port;
|
|
|
|
bool verbose;
|
|
|
|
bool daemon;
|
|
|
|
bool verify_client;
|
2013-11-04 10:14:05 +01:00
|
|
|
bool http2_proxy;
|
|
|
|
bool http2_bridge;
|
2012-11-21 14:10:35 +01:00
|
|
|
bool client_proxy;
|
2012-07-12 16:39:11 +02:00
|
|
|
bool add_x_forwarded_for;
|
2013-01-09 14:01:25 +01:00
|
|
|
bool no_via;
|
2012-07-17 18:08:05 +02:00
|
|
|
bool accesslog;
|
2013-08-03 12:01:57 +02:00
|
|
|
bool upstream_no_tls;
|
|
|
|
bool downstream_no_tls;
|
2012-08-01 18:20:18 +02:00
|
|
|
bool syslog;
|
|
|
|
// This member finally decides syslog is used or not
|
|
|
|
bool use_syslog;
|
2013-04-18 20:25:48 +02:00
|
|
|
bool honor_cipher_order;
|
2012-11-21 14:10:35 +01:00
|
|
|
bool client;
|
|
|
|
// true if --client or --client-proxy are enabled.
|
2012-11-18 13:23:13 +01:00
|
|
|
bool client_mode;
|
2012-11-22 13:46:15 +01:00
|
|
|
bool insecure;
|
2012-11-23 13:11:01 +01:00
|
|
|
bool backend_ipv4;
|
|
|
|
bool backend_ipv6;
|
2012-12-09 13:02:48 +01:00
|
|
|
// true if stderr refers to a terminal.
|
|
|
|
bool tty;
|
2013-11-17 16:03:55 +01:00
|
|
|
bool http2_no_cookie_crumbling;
|
2014-02-09 10:47:26 +01:00
|
|
|
bool upstream_frame_debug;
|
2012-06-04 16:48:31 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
const Config* get_config();
|
|
|
|
Config* mod_config();
|
|
|
|
void create_config();
|
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
// Parses option name |opt| and value |optarg|. The results are
|
|
|
|
// stored into statically allocated Config object. This function
|
|
|
|
// returns 0 if it succeeds, or -1.
|
|
|
|
int parse_config(const char *opt, const char *optarg);
|
|
|
|
|
|
|
|
// Loads configurations from |filename| and stores them in statically
|
|
|
|
// allocated Config object. This function returns 0 if it succeeds, or
|
|
|
|
// -1.
|
|
|
|
int load_config(const char *filename);
|
|
|
|
|
2012-12-03 07:33:04 +01:00
|
|
|
// Read passwd from |filename|
|
|
|
|
std::string read_passwd_from_file(const char *filename);
|
|
|
|
|
2014-01-02 03:13:07 +01:00
|
|
|
// Parses comma delimited strings in |s| and returns the array of
|
|
|
|
// pointers, each element points to the each substring in |s|. The
|
|
|
|
// number of elements are stored in |*outlen|. The |s| must be comma
|
|
|
|
// delimited list of strings. The strings must be delimited by a
|
|
|
|
// single comma and any white spaces around it are treated as a part
|
|
|
|
// of protocol strings. This function may modify |s| and the caller
|
|
|
|
// must leave it as is after this call. This function allocates memory
|
|
|
|
// to store the parsed strings and it is caller's responsibility to
|
|
|
|
// deallocate the memory.
|
|
|
|
char** parse_config_str_list(size_t *outlen, const char *s);
|
2013-09-23 13:55:39 +02:00
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
// Copies NULL-terminated string |val| to |*destp|. If |*destp| is not
|
|
|
|
// NULL, it is freed before copying.
|
|
|
|
void set_config_str(char **destp, const char *val);
|
|
|
|
|
2012-08-01 18:20:18 +02:00
|
|
|
// Returns string for syslog |facility|.
|
|
|
|
const char* str_syslog_facility(int facility);
|
|
|
|
|
|
|
|
// Returns integer value of syslog |facility| string.
|
|
|
|
int int_syslog_facility(const char *strfacility);
|
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
} // namespace shrpx
|
|
|
|
|
|
|
|
#endif // SHRPX_CONFIG_H
|