2012-06-04 16:48:31 +02:00
|
|
|
/*
|
2013-07-12 17:19:03 +02:00
|
|
|
* nghttp2 - HTTP/2.0 C Library
|
2012-06-04 16:48:31 +02:00
|
|
|
*
|
|
|
|
* Copyright (c) 2012 Tatsuhiro Tsujikawa
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
* a copy of this software and associated documentation files (the
|
|
|
|
* "Software"), to deal in the Software without restriction, including
|
|
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
* the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
* included in all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
|
|
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
|
|
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
|
|
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
#include "shrpx_config.h"
|
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
#include <pwd.h>
|
|
|
|
#include <netdb.h>
|
2012-08-01 18:20:18 +02:00
|
|
|
#include <syslog.h>
|
2012-12-03 07:33:04 +01:00
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <unistd.h>
|
2012-08-01 17:06:41 +02:00
|
|
|
|
|
|
|
#include <cstring>
|
|
|
|
#include <cerrno>
|
|
|
|
#include <limits>
|
|
|
|
#include <fstream>
|
|
|
|
|
2013-07-12 17:19:03 +02:00
|
|
|
#include <nghttp2/nghttp2.h>
|
2013-02-22 13:54:07 +01:00
|
|
|
|
2013-08-27 19:47:22 +02:00
|
|
|
#include "http-parser/http_parser.h"
|
|
|
|
|
2012-08-01 17:26:24 +02:00
|
|
|
#include "shrpx_log.h"
|
2013-02-06 15:27:05 +01:00
|
|
|
#include "shrpx_ssl.h"
|
2013-02-09 08:42:01 +01:00
|
|
|
#include "shrpx_http.h"
|
2013-08-27 19:47:22 +02:00
|
|
|
#include "http2.h"
|
2012-08-01 17:06:41 +02:00
|
|
|
#include "util.h"
|
|
|
|
|
2013-07-12 17:19:03 +02:00
|
|
|
using namespace nghttp2;
|
2012-08-01 17:06:41 +02:00
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
namespace shrpx {
|
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
const char SHRPX_OPT_PRIVATE_KEY_FILE[] = "private-key-file";
|
2012-12-03 07:33:04 +01:00
|
|
|
const char SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE[] = "private-key-passwd-file";
|
2012-08-01 17:06:41 +02:00
|
|
|
const char SHRPX_OPT_CERTIFICATE_FILE[] = "certificate-file";
|
2013-08-30 15:07:42 +02:00
|
|
|
const char SHRPX_OPT_DH_PARAM_FILE[] = "dh-param-file";
|
2013-02-06 15:27:05 +01:00
|
|
|
const char SHRPX_OPT_SUBCERT[] = "subcert";
|
2012-08-01 17:06:41 +02:00
|
|
|
|
|
|
|
const char SHRPX_OPT_BACKEND[] = "backend";
|
|
|
|
const char SHRPX_OPT_FRONTEND[] = "frontend";
|
|
|
|
const char SHRPX_OPT_WORKERS[] = "workers";
|
|
|
|
const char
|
2013-11-04 10:14:05 +01:00
|
|
|
SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS[] = "http2-max-concurrent-streams";
|
2012-08-01 17:06:41 +02:00
|
|
|
const char SHRPX_OPT_LOG_LEVEL[] = "log-level";
|
|
|
|
const char SHRPX_OPT_DAEMON[] = "daemon";
|
2013-11-04 10:14:05 +01:00
|
|
|
const char SHRPX_OPT_HTTP2_PROXY[] = "http2-proxy";
|
|
|
|
const char SHRPX_OPT_HTTP2_BRIDGE[] = "http2-bridge";
|
2012-11-21 14:10:35 +01:00
|
|
|
const char SHRPX_OPT_CLIENT_PROXY[] = "client-proxy";
|
2012-08-01 17:06:41 +02:00
|
|
|
const char SHRPX_OPT_ADD_X_FORWARDED_FOR[] = "add-x-forwarded-for";
|
2013-01-09 14:01:25 +01:00
|
|
|
const char SHRPX_OPT_NO_VIA[] = "no-via";
|
2012-08-01 17:06:41 +02:00
|
|
|
const char
|
2013-11-04 10:14:05 +01:00
|
|
|
SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT[] = "frontend-http2-read-timeout";
|
2012-08-01 17:06:41 +02:00
|
|
|
const char SHRPX_OPT_FRONTEND_READ_TIMEOUT[] = "frontend-read-timeout";
|
|
|
|
const char SHRPX_OPT_FRONTEND_WRITE_TIMEOUT[] = "frontend-write-timeout";
|
|
|
|
const char SHRPX_OPT_BACKEND_READ_TIMEOUT[] = "backend-read-timeout";
|
|
|
|
const char SHRPX_OPT_BACKEND_WRITE_TIMEOUT[] = "backend-write-timeout";
|
|
|
|
const char SHRPX_OPT_ACCESSLOG[] = "accesslog";
|
|
|
|
const char
|
|
|
|
SHRPX_OPT_BACKEND_KEEP_ALIVE_TIMEOUT[] = "backend-keep-alive-timeout";
|
2013-11-04 10:14:05 +01:00
|
|
|
const char
|
|
|
|
SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS[] = "frontend-http2-window-bits";
|
|
|
|
const char SHRPX_OPT_BACKEND_HTTP2_WINDOW_BITS[] = "backend-http2-window-bits";
|
2013-11-20 16:15:17 +01:00
|
|
|
const char SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS[] =
|
|
|
|
"frontend-http2-connection-window-bits";
|
|
|
|
const char SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_BITS[] =
|
|
|
|
"backend-http2-connection-window-bits";
|
2013-08-03 11:58:14 +02:00
|
|
|
const char SHRPX_OPT_FRONTEND_NO_TLS[] = "frontend-no-tls";
|
|
|
|
const char SHRPX_OPT_BACKEND_NO_TLS[] = "backend-no-tls";
|
2013-03-29 14:06:33 +01:00
|
|
|
const char SHRPX_OPT_BACKEND_TLS_SNI_FIELD[] = "backend-tls-sni-field";
|
2012-08-01 17:06:41 +02:00
|
|
|
const char SHRPX_OPT_PID_FILE[] = "pid-file";
|
|
|
|
const char SHRPX_OPT_USER[] = "user";
|
2012-08-01 18:20:18 +02:00
|
|
|
const char SHRPX_OPT_SYSLOG[] = "syslog";
|
|
|
|
const char SHRPX_OPT_SYSLOG_FACILITY[] = "syslog-facility";
|
2012-08-01 18:28:59 +02:00
|
|
|
const char SHRPX_OPT_BACKLOG[] = "backlog";
|
2012-08-20 14:50:03 +02:00
|
|
|
const char SHRPX_OPT_CIPHERS[] = "ciphers";
|
2013-04-18 20:25:48 +02:00
|
|
|
const char SHRPX_OPT_HONOR_CIPHER_ORDER[] = "honor-cipher-order";
|
2012-11-21 14:10:35 +01:00
|
|
|
const char SHRPX_OPT_CLIENT[] = "client";
|
2012-11-22 13:46:15 +01:00
|
|
|
const char SHRPX_OPT_INSECURE[] = "insecure";
|
|
|
|
const char SHRPX_OPT_CACERT[] = "cacert";
|
2012-11-23 13:11:01 +01:00
|
|
|
const char SHRPX_OPT_BACKEND_IPV4[] = "backend-ipv4";
|
|
|
|
const char SHRPX_OPT_BACKEND_IPV6[] = "backend-ipv6";
|
2013-02-09 08:42:01 +01:00
|
|
|
const char SHRPX_OPT_BACKEND_HTTP_PROXY_URI[] = "backend-http-proxy-uri";
|
2013-09-13 14:23:55 +02:00
|
|
|
const char SHRPX_OPT_READ_RATE[] = "read-rate";
|
|
|
|
const char SHRPX_OPT_READ_BURST[] = "read-burst";
|
|
|
|
const char SHRPX_OPT_WRITE_RATE[] = "write-rate";
|
|
|
|
const char SHRPX_OPT_WRITE_BURST[] = "write-burst";
|
2014-03-09 06:53:28 +01:00
|
|
|
const char SHRPX_OPT_WORKER_READ_RATE[] = "worker-read-rate";
|
|
|
|
const char SHRPX_OPT_WORKER_READ_BURST[] = "worker-read-burst";
|
|
|
|
const char SHRPX_OPT_WORKER_WRITE_RATE[] = "worker-write-rate";
|
|
|
|
const char SHRPX_OPT_WORKER_WRITE_BURST[] = "worker-write-burst";
|
2013-09-23 13:55:39 +02:00
|
|
|
const char SHRPX_OPT_NPN_LIST[] = "npn-list";
|
2014-01-02 03:49:38 +01:00
|
|
|
const char SHRPX_OPT_TLS_PROTO_LIST[] = "tls-proto-list";
|
2013-11-01 17:10:18 +01:00
|
|
|
const char SHRPX_OPT_VERIFY_CLIENT[] = "verify-client";
|
2013-11-02 13:30:32 +01:00
|
|
|
const char SHRPX_OPT_VERIFY_CLIENT_CACERT[] = "verify-client-cacert";
|
2013-11-02 14:58:02 +01:00
|
|
|
const char SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE[] = "client-private-key-file";
|
|
|
|
const char SHRPX_OPT_CLIENT_CERT_FILE[] = "client-cert-file";
|
2013-11-17 15:52:19 +01:00
|
|
|
const char SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER[] =
|
|
|
|
"frontend-http2-dump-request-header";
|
|
|
|
const char SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER[] =
|
|
|
|
"frontend-http2-dump-response-header";
|
2013-11-17 16:03:55 +01:00
|
|
|
const char SHRPX_OPT_HTTP2_NO_COOKIE_CRUMBLING[] = "http2-no-cookie-crumbling";
|
2014-02-09 10:47:26 +01:00
|
|
|
const char SHRPX_OPT_FRONTEND_FRAME_DEBUG[] = "frontend-frame-debug";
|
2014-02-11 09:23:22 +01:00
|
|
|
const char SHRPX_OPT_PADDING[] = "padding";
|
2012-08-01 17:06:41 +02:00
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
namespace {
|
2013-10-02 16:13:25 +02:00
|
|
|
Config *config = nullptr;
|
2012-06-04 16:48:31 +02:00
|
|
|
} // namespace
|
|
|
|
|
|
|
|
const Config* get_config()
|
|
|
|
{
|
|
|
|
return config;
|
|
|
|
}
|
|
|
|
|
|
|
|
Config* mod_config()
|
|
|
|
{
|
|
|
|
return config;
|
|
|
|
}
|
|
|
|
|
|
|
|
void create_config()
|
|
|
|
{
|
|
|
|
config = new Config();
|
|
|
|
}
|
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
namespace {
|
|
|
|
int split_host_port(char *host, size_t hostlen, uint16_t *port_ptr,
|
|
|
|
const char *hostport)
|
|
|
|
{
|
|
|
|
// host and port in |hostport| is separated by single ','.
|
|
|
|
const char *p = strchr(hostport, ',');
|
|
|
|
if(!p) {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(ERROR) << "Invalid host, port: " << hostport;
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
size_t len = p-hostport;
|
|
|
|
if(hostlen < len+1) {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(ERROR) << "Hostname too long: " << hostport;
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
memcpy(host, hostport, len);
|
|
|
|
host[len] = '\0';
|
|
|
|
|
|
|
|
errno = 0;
|
2013-09-13 14:27:29 +02:00
|
|
|
unsigned long d = strtoul(p+1, nullptr, 10);
|
2012-08-01 17:06:41 +02:00
|
|
|
if(errno == 0 && 1 <= d && d <= std::numeric_limits<uint16_t>::max()) {
|
|
|
|
*port_ptr = d;
|
|
|
|
return 0;
|
|
|
|
} else {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(ERROR) << "Port is invalid: " << p+1;
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2012-12-07 15:14:20 +01:00
|
|
|
namespace {
|
2012-12-03 07:33:04 +01:00
|
|
|
bool is_secure(const char *filename)
|
|
|
|
{
|
|
|
|
struct stat buf;
|
|
|
|
int rv = stat(filename, &buf);
|
|
|
|
if (rv == 0) {
|
|
|
|
if ((buf.st_mode & S_IRWXU) &&
|
|
|
|
!(buf.st_mode & S_IRWXG) &&
|
|
|
|
!(buf.st_mode & S_IRWXO)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
2012-12-07 15:14:20 +01:00
|
|
|
} // namespace
|
2012-12-03 07:33:04 +01:00
|
|
|
|
2013-11-17 15:52:19 +01:00
|
|
|
namespace {
|
|
|
|
FILE* open_file_for_write(const char *filename)
|
|
|
|
{
|
|
|
|
auto f = fopen(filename, "wb");
|
|
|
|
if(f == NULL) {
|
|
|
|
LOG(ERROR) << "Failed to open " << filename << " for writing. Cause: "
|
|
|
|
<< strerror(errno);
|
|
|
|
}
|
|
|
|
return f;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2012-12-03 07:33:04 +01:00
|
|
|
std::string read_passwd_from_file(const char *filename)
|
|
|
|
{
|
|
|
|
std::string line;
|
|
|
|
|
|
|
|
if (!is_secure(filename)) {
|
|
|
|
LOG(ERROR) << "Private key passwd file " << filename
|
|
|
|
<< " has insecure mode.";
|
|
|
|
return line;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::ifstream in(filename, std::ios::binary);
|
|
|
|
if(!in) {
|
|
|
|
LOG(ERROR) << "Could not open key passwd file " << filename;
|
|
|
|
return line;
|
|
|
|
}
|
|
|
|
|
|
|
|
std::getline(in, line);
|
|
|
|
return line;
|
|
|
|
}
|
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
void set_config_str(char **destp, const char *val)
|
|
|
|
{
|
|
|
|
if(*destp) {
|
|
|
|
free(*destp);
|
|
|
|
}
|
|
|
|
*destp = strdup(val);
|
|
|
|
}
|
|
|
|
|
2014-01-02 03:13:07 +01:00
|
|
|
char** parse_config_str_list(size_t *outlen, const char *s)
|
2013-09-23 13:55:39 +02:00
|
|
|
{
|
|
|
|
size_t len = 1;
|
|
|
|
for(const char *first = s, *p = nullptr; (p = strchr(first, ','));
|
|
|
|
++len, first = p + 1);
|
|
|
|
auto list = new char*[len];
|
2014-01-02 03:13:07 +01:00
|
|
|
auto first = strdup(s);
|
2013-09-23 13:55:39 +02:00
|
|
|
len = 0;
|
|
|
|
for(;;) {
|
|
|
|
auto p = strchr(first, ',');
|
|
|
|
if(p == nullptr) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
list[len++] = first;
|
|
|
|
*p = '\0';
|
|
|
|
first = p + 1;
|
|
|
|
}
|
|
|
|
list[len++] = first;
|
2014-01-02 03:13:07 +01:00
|
|
|
*outlen = len;
|
|
|
|
return list;
|
2013-09-23 13:55:39 +02:00
|
|
|
}
|
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
int parse_config(const char *opt, const char *optarg)
|
|
|
|
{
|
|
|
|
char host[NI_MAXHOST];
|
|
|
|
uint16_t port;
|
|
|
|
if(util::strieq(opt, SHRPX_OPT_BACKEND)) {
|
|
|
|
if(split_host_port(host, sizeof(host), &port, optarg) == -1) {
|
|
|
|
return -1;
|
|
|
|
} else {
|
|
|
|
set_config_str(&mod_config()->downstream_host, host);
|
|
|
|
mod_config()->downstream_port = port;
|
|
|
|
}
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND)) {
|
|
|
|
if(split_host_port(host, sizeof(host), &port, optarg) == -1) {
|
|
|
|
return -1;
|
|
|
|
} else {
|
|
|
|
set_config_str(&mod_config()->host, host);
|
|
|
|
mod_config()->port = port;
|
|
|
|
}
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_WORKERS)) {
|
2013-09-13 14:27:29 +02:00
|
|
|
mod_config()->num_worker = strtol(optarg, nullptr, 10);
|
2013-11-04 10:14:05 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS)) {
|
|
|
|
mod_config()->http2_max_concurrent_streams = strtol(optarg, nullptr, 10);
|
2012-08-01 17:06:41 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_LOG_LEVEL)) {
|
|
|
|
if(Log::set_severity_level_by_name(optarg) == -1) {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(ERROR) << "Invalid severity level: " << optarg;
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_DAEMON)) {
|
|
|
|
mod_config()->daemon = util::strieq(optarg, "yes");
|
2013-11-04 10:14:05 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_HTTP2_PROXY)) {
|
|
|
|
mod_config()->http2_proxy = util::strieq(optarg, "yes");
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_HTTP2_BRIDGE)) {
|
|
|
|
mod_config()->http2_bridge = util::strieq(optarg, "yes");
|
2012-11-21 14:10:35 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_CLIENT_PROXY)) {
|
|
|
|
mod_config()->client_proxy = util::strieq(optarg, "yes");
|
2012-08-01 17:06:41 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_ADD_X_FORWARDED_FOR)) {
|
|
|
|
mod_config()->add_x_forwarded_for = util::strieq(optarg, "yes");
|
2013-01-09 14:01:25 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_NO_VIA)) {
|
|
|
|
mod_config()->no_via = util::strieq(optarg, "yes");
|
2013-11-04 10:14:05 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT)) {
|
2013-09-13 14:27:29 +02:00
|
|
|
timeval tv = {strtol(optarg, nullptr, 10), 0};
|
2013-11-04 10:14:05 +01:00
|
|
|
mod_config()->http2_upstream_read_timeout = tv;
|
2012-08-01 17:06:41 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_READ_TIMEOUT)) {
|
2013-09-13 14:27:29 +02:00
|
|
|
timeval tv = {strtol(optarg, nullptr, 10), 0};
|
2012-08-01 17:06:41 +02:00
|
|
|
mod_config()->upstream_read_timeout = tv;
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_WRITE_TIMEOUT)) {
|
2013-09-13 14:27:29 +02:00
|
|
|
timeval tv = {strtol(optarg, nullptr, 10), 0};
|
2012-08-01 17:06:41 +02:00
|
|
|
mod_config()->upstream_write_timeout = tv;
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_READ_TIMEOUT)) {
|
2013-09-13 14:27:29 +02:00
|
|
|
timeval tv = {strtol(optarg, nullptr, 10), 0};
|
2012-08-01 17:06:41 +02:00
|
|
|
mod_config()->downstream_read_timeout = tv;
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_WRITE_TIMEOUT)) {
|
2013-09-13 14:27:29 +02:00
|
|
|
timeval tv = {strtol(optarg, nullptr, 10), 0};
|
2012-08-01 17:06:41 +02:00
|
|
|
mod_config()->downstream_write_timeout = tv;
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_ACCESSLOG)) {
|
|
|
|
mod_config()->accesslog = util::strieq(optarg, "yes");
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_KEEP_ALIVE_TIMEOUT)) {
|
2013-09-13 14:27:29 +02:00
|
|
|
timeval tv = {strtol(optarg, nullptr, 10), 0};
|
2012-08-01 17:06:41 +02:00
|
|
|
mod_config()->downstream_idle_read_timeout = tv;
|
2013-11-04 10:14:05 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS) ||
|
|
|
|
util::strieq(opt, SHRPX_OPT_BACKEND_HTTP2_WINDOW_BITS)) {
|
2012-11-21 15:47:48 +01:00
|
|
|
size_t *resp;
|
|
|
|
const char *optname;
|
2013-11-04 10:14:05 +01:00
|
|
|
if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS)) {
|
|
|
|
resp = &mod_config()->http2_upstream_window_bits;
|
|
|
|
optname = SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS;
|
2012-11-21 15:47:48 +01:00
|
|
|
} else {
|
2013-11-04 10:14:05 +01:00
|
|
|
resp = &mod_config()->http2_downstream_window_bits;
|
|
|
|
optname = SHRPX_OPT_BACKEND_HTTP2_WINDOW_BITS;
|
2012-11-21 15:47:48 +01:00
|
|
|
}
|
2012-08-01 17:06:41 +02:00
|
|
|
errno = 0;
|
2013-09-13 14:27:29 +02:00
|
|
|
unsigned long int n = strtoul(optarg, nullptr, 10);
|
2012-08-01 17:06:41 +02:00
|
|
|
if(errno == 0 && n < 31) {
|
2012-11-21 15:47:48 +01:00
|
|
|
*resp = n;
|
2012-08-01 17:06:41 +02:00
|
|
|
} else {
|
2012-11-21 15:47:48 +01:00
|
|
|
LOG(ERROR) << "--" << optname
|
|
|
|
<< " specify the integer in the range [0, 30], inclusive";
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
2013-11-20 16:15:17 +01:00
|
|
|
} else if(util::strieq(opt,
|
|
|
|
SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS) ||
|
|
|
|
util::strieq(opt,
|
|
|
|
SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_BITS)) {
|
|
|
|
size_t *resp;
|
|
|
|
const char *optname;
|
|
|
|
if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS)) {
|
|
|
|
resp = &mod_config()->http2_upstream_connection_window_bits;
|
|
|
|
optname = SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS;
|
|
|
|
} else {
|
|
|
|
resp = &mod_config()->http2_downstream_connection_window_bits;
|
|
|
|
optname = SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_BITS;
|
|
|
|
}
|
|
|
|
errno = 0;
|
|
|
|
unsigned long int n = strtoul(optarg, 0, 10);
|
|
|
|
if(errno == 0 && n >= 16 && n < 31) {
|
|
|
|
*resp = n;
|
|
|
|
} else {
|
|
|
|
LOG(ERROR) << "--" << optname
|
|
|
|
<< " specify the integer in the range [16, 30], inclusive";
|
|
|
|
return -1;
|
|
|
|
}
|
2013-08-03 11:58:14 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_NO_TLS)) {
|
2013-08-03 12:01:57 +02:00
|
|
|
mod_config()->upstream_no_tls = util::strieq(optarg, "yes");
|
2013-08-03 11:58:14 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_NO_TLS)) {
|
2013-08-03 12:01:57 +02:00
|
|
|
mod_config()->downstream_no_tls = util::strieq(optarg, "yes");
|
2013-03-29 14:06:33 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_TLS_SNI_FIELD)) {
|
|
|
|
set_config_str(&mod_config()->backend_tls_sni_name, optarg);
|
2012-08-01 17:06:41 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_PID_FILE)) {
|
|
|
|
set_config_str(&mod_config()->pid_file, optarg);
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_USER)) {
|
2013-10-02 16:13:25 +02:00
|
|
|
auto pwd = getpwnam(optarg);
|
|
|
|
if(!pwd) {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(ERROR) << "--user: failed to get uid from " << optarg
|
|
|
|
<< ": " << strerror(errno);
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
mod_config()->uid = pwd->pw_uid;
|
|
|
|
mod_config()->gid = pwd->pw_gid;
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_PRIVATE_KEY_FILE)) {
|
|
|
|
set_config_str(&mod_config()->private_key_file, optarg);
|
2012-12-03 07:33:04 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE)) {
|
2013-10-02 16:13:25 +02:00
|
|
|
auto passwd = read_passwd_from_file(optarg);
|
2012-12-03 07:33:04 +01:00
|
|
|
if (passwd.empty()) {
|
|
|
|
LOG(ERROR) << "Couldn't read key file's passwd from " << optarg;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
set_config_str(&mod_config()->private_key_passwd, passwd.c_str());
|
2012-08-01 17:06:41 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_CERTIFICATE_FILE)) {
|
|
|
|
set_config_str(&mod_config()->cert_file, optarg);
|
2013-08-30 15:07:42 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_DH_PARAM_FILE)) {
|
|
|
|
set_config_str(&mod_config()->dh_param_file, optarg);
|
2013-02-06 15:27:05 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_SUBCERT)) {
|
|
|
|
// Private Key file and certificate file separated by ':'.
|
|
|
|
const char *sp = strchr(optarg, ':');
|
|
|
|
if(sp) {
|
|
|
|
std::string keyfile(optarg, sp);
|
|
|
|
// TODO Do we need private key for subcert?
|
2013-11-01 17:10:18 +01:00
|
|
|
mod_config()->subcerts.emplace_back(keyfile, sp+1);
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
2012-08-01 18:20:18 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_SYSLOG)) {
|
|
|
|
mod_config()->syslog = util::strieq(optarg, "yes");
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_SYSLOG_FACILITY)) {
|
|
|
|
int facility = int_syslog_facility(optarg);
|
|
|
|
if(facility == -1) {
|
|
|
|
LOG(ERROR) << "Unknown syslog facility: " << optarg;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
mod_config()->syslog_facility = facility;
|
2012-08-01 18:28:59 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKLOG)) {
|
2013-09-13 14:27:29 +02:00
|
|
|
mod_config()->backlog = strtol(optarg, nullptr, 10);
|
2012-08-20 14:50:03 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_CIPHERS)) {
|
|
|
|
set_config_str(&mod_config()->ciphers, optarg);
|
2013-04-18 20:25:48 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_HONOR_CIPHER_ORDER)) {
|
|
|
|
mod_config()->honor_cipher_order = util::strieq(optarg, "yes");
|
2012-11-21 14:10:35 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_CLIENT)) {
|
|
|
|
mod_config()->client = util::strieq(optarg, "yes");
|
2012-11-22 13:46:15 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_INSECURE)) {
|
|
|
|
mod_config()->insecure = util::strieq(optarg, "yes");
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_CACERT)) {
|
|
|
|
set_config_str(&mod_config()->cacert, optarg);
|
2012-11-23 13:11:01 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_IPV4)) {
|
|
|
|
mod_config()->backend_ipv4 = util::strieq(optarg, "yes");
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_IPV6)) {
|
|
|
|
mod_config()->backend_ipv6 = util::strieq(optarg, "yes");
|
2013-02-09 08:42:01 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_BACKEND_HTTP_PROXY_URI)) {
|
|
|
|
// parse URI and get hostname, port and optionally userinfo.
|
|
|
|
http_parser_url u;
|
|
|
|
memset(&u, 0, sizeof(u));
|
|
|
|
int rv = http_parser_parse_url(optarg, strlen(optarg), 0, &u);
|
|
|
|
if(rv == 0) {
|
|
|
|
std::string val;
|
|
|
|
if(u.field_set & UF_USERINFO) {
|
2013-08-27 19:47:22 +02:00
|
|
|
http2::copy_url_component(val, &u, UF_USERINFO, optarg);
|
2013-02-22 13:23:59 +01:00
|
|
|
// Surprisingly, u.field_set & UF_USERINFO is nonzero even if
|
|
|
|
// userinfo component is empty string.
|
|
|
|
if(!val.empty()) {
|
|
|
|
val = util::percentDecode(val.begin(), val.end());
|
|
|
|
set_config_str(&mod_config()->downstream_http_proxy_userinfo,
|
|
|
|
val.c_str());
|
|
|
|
}
|
2013-02-09 08:42:01 +01:00
|
|
|
}
|
|
|
|
if(u.field_set & UF_HOST) {
|
2013-08-27 19:47:22 +02:00
|
|
|
http2::copy_url_component(val, &u, UF_HOST, optarg);
|
2013-02-09 08:42:01 +01:00
|
|
|
set_config_str(&mod_config()->downstream_http_proxy_host, val.c_str());
|
|
|
|
} else {
|
|
|
|
LOG(ERROR) << "backend-http-proxy-uri does not contain hostname";
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if(u.field_set & UF_PORT) {
|
|
|
|
mod_config()->downstream_http_proxy_port = u.port;
|
|
|
|
} else {
|
|
|
|
LOG(ERROR) << "backend-http-proxy-uri does not contain port";
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
LOG(ERROR) << "Could not parse backend-http-proxy-uri";
|
|
|
|
return -1;
|
|
|
|
}
|
2013-09-13 14:23:55 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_READ_RATE)) {
|
|
|
|
mod_config()->read_rate = strtoul(optarg, nullptr, 10);
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_READ_BURST)) {
|
|
|
|
mod_config()->read_burst = strtoul(optarg, nullptr, 10);
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_WRITE_RATE)) {
|
|
|
|
mod_config()->write_rate = strtoul(optarg, nullptr, 10);
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_WRITE_BURST)) {
|
|
|
|
mod_config()->write_burst = strtoul(optarg, nullptr, 10);
|
2014-03-09 06:53:28 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_WORKER_READ_RATE)) {
|
|
|
|
mod_config()->worker_read_rate = strtoul(optarg, nullptr, 10);
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_WORKER_READ_BURST)) {
|
|
|
|
mod_config()->worker_read_burst = strtoul(optarg, nullptr, 10);
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_WORKER_WRITE_RATE)) {
|
|
|
|
mod_config()->worker_write_rate = strtoul(optarg, nullptr, 10);
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_WORKER_WRITE_BURST)) {
|
|
|
|
mod_config()->worker_write_burst = strtoul(optarg, nullptr, 10);
|
2013-09-23 13:55:39 +02:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_NPN_LIST)) {
|
2014-01-02 03:13:07 +01:00
|
|
|
delete [] mod_config()->npn_list;
|
|
|
|
mod_config()->npn_list = parse_config_str_list(&mod_config()->npn_list_len,
|
|
|
|
optarg);
|
2014-01-02 03:49:38 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_TLS_PROTO_LIST)) {
|
|
|
|
delete [] mod_config()->tls_proto_list;
|
|
|
|
mod_config()->tls_proto_list = parse_config_str_list
|
|
|
|
(&mod_config()->tls_proto_list_len, optarg);
|
2013-11-01 17:10:18 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_VERIFY_CLIENT)) {
|
|
|
|
mod_config()->verify_client = util::strieq(optarg, "yes");
|
2013-11-02 13:30:32 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_VERIFY_CLIENT_CACERT)) {
|
|
|
|
set_config_str(&mod_config()->verify_client_cacert, optarg);
|
2013-11-02 14:58:02 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE)) {
|
|
|
|
set_config_str(&mod_config()->client_private_key_file, optarg);
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_CLIENT_CERT_FILE)) {
|
|
|
|
set_config_str(&mod_config()->client_cert_file, optarg);
|
2013-11-17 15:52:19 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER)) {
|
|
|
|
auto f = open_file_for_write(optarg);
|
|
|
|
if(f == NULL) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
mod_config()->http2_upstream_dump_request_header = f;
|
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER)) {
|
|
|
|
auto f = open_file_for_write(optarg);
|
|
|
|
if(f == NULL) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
mod_config()->http2_upstream_dump_response_header = f;
|
2013-11-17 16:03:55 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_HTTP2_NO_COOKIE_CRUMBLING)) {
|
|
|
|
mod_config()->http2_no_cookie_crumbling = util::strieq(optarg, "yes");
|
2014-02-09 10:47:26 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_FRAME_DEBUG)) {
|
|
|
|
mod_config()->upstream_frame_debug = util::strieq(optarg, "yes");
|
2014-02-11 09:23:22 +01:00
|
|
|
} else if(util::strieq(opt, SHRPX_OPT_PADDING)) {
|
|
|
|
mod_config()->padding = strtoul(optarg, nullptr, 10);
|
2012-08-01 17:06:41 +02:00
|
|
|
} else if(util::strieq(opt, "conf")) {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(WARNING) << "conf is ignored";
|
2012-08-01 17:06:41 +02:00
|
|
|
} else {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(ERROR) << "Unknown option: " << opt;
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int load_config(const char *filename)
|
|
|
|
{
|
|
|
|
std::ifstream in(filename, std::ios::binary);
|
|
|
|
if(!in) {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(ERROR) << "Could not open config file " << filename;
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
std::string line;
|
|
|
|
int linenum = 0;
|
|
|
|
while(std::getline(in, line)) {
|
|
|
|
++linenum;
|
|
|
|
if(line.empty() || line[0] == '#') {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
size_t i;
|
|
|
|
size_t size = line.size();
|
|
|
|
for(i = 0; i < size && line[i] != '='; ++i);
|
|
|
|
if(i == size) {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(ERROR) << "Bad configuration format at line " << linenum;
|
2012-08-01 17:06:41 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
line[i] = '\0';
|
2013-10-02 16:13:25 +02:00
|
|
|
auto s = line.c_str();
|
2012-08-01 17:06:41 +02:00
|
|
|
if(parse_config(s, s+i+1) == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-08-01 18:20:18 +02:00
|
|
|
const char* str_syslog_facility(int facility)
|
|
|
|
{
|
|
|
|
switch(facility) {
|
|
|
|
case(LOG_AUTH):
|
|
|
|
return "auth";
|
|
|
|
case(LOG_AUTHPRIV):
|
|
|
|
return "authpriv";
|
|
|
|
case(LOG_CRON):
|
|
|
|
return "cron";
|
|
|
|
case(LOG_DAEMON):
|
|
|
|
return "daemon";
|
|
|
|
case(LOG_FTP):
|
|
|
|
return "ftp";
|
|
|
|
case(LOG_KERN):
|
|
|
|
return "kern";
|
|
|
|
case(LOG_LOCAL0):
|
|
|
|
return "local0";
|
|
|
|
case(LOG_LOCAL1):
|
|
|
|
return "local1";
|
|
|
|
case(LOG_LOCAL2):
|
|
|
|
return "local2";
|
|
|
|
case(LOG_LOCAL3):
|
|
|
|
return "local3";
|
|
|
|
case(LOG_LOCAL4):
|
|
|
|
return "local4";
|
|
|
|
case(LOG_LOCAL5):
|
|
|
|
return "local5";
|
|
|
|
case(LOG_LOCAL6):
|
|
|
|
return "local6";
|
|
|
|
case(LOG_LOCAL7):
|
|
|
|
return "local7";
|
|
|
|
case(LOG_LPR):
|
|
|
|
return "lpr";
|
|
|
|
case(LOG_MAIL):
|
|
|
|
return "mail";
|
|
|
|
case(LOG_SYSLOG):
|
|
|
|
return "syslog";
|
|
|
|
case(LOG_USER):
|
|
|
|
return "user";
|
|
|
|
case(LOG_UUCP):
|
|
|
|
return "uucp";
|
|
|
|
default:
|
|
|
|
return "(unknown)";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int int_syslog_facility(const char *strfacility)
|
|
|
|
{
|
|
|
|
if(util::strieq(strfacility, "auth")) {
|
|
|
|
return LOG_AUTH;
|
|
|
|
} else if(util::strieq(strfacility, "authpriv")) {
|
|
|
|
return LOG_AUTHPRIV;
|
|
|
|
} else if(util::strieq(strfacility, "cron")) {
|
|
|
|
return LOG_CRON;
|
|
|
|
} else if(util::strieq(strfacility, "daemon")) {
|
|
|
|
return LOG_DAEMON;
|
|
|
|
} else if(util::strieq(strfacility, "ftp")) {
|
|
|
|
return LOG_FTP;
|
|
|
|
} else if(util::strieq(strfacility, "kern")) {
|
|
|
|
return LOG_KERN;
|
|
|
|
} else if(util::strieq(strfacility, "local0")) {
|
|
|
|
return LOG_LOCAL0;
|
|
|
|
} else if(util::strieq(strfacility, "local1")) {
|
|
|
|
return LOG_LOCAL1;
|
|
|
|
} else if(util::strieq(strfacility, "local2")) {
|
|
|
|
return LOG_LOCAL2;
|
|
|
|
} else if(util::strieq(strfacility, "local3")) {
|
|
|
|
return LOG_LOCAL3;
|
|
|
|
} else if(util::strieq(strfacility, "local4")) {
|
|
|
|
return LOG_LOCAL4;
|
|
|
|
} else if(util::strieq(strfacility, "local5")) {
|
|
|
|
return LOG_LOCAL5;
|
|
|
|
} else if(util::strieq(strfacility, "local6")) {
|
|
|
|
return LOG_LOCAL6;
|
|
|
|
} else if(util::strieq(strfacility, "local7")) {
|
|
|
|
return LOG_LOCAL7;
|
|
|
|
} else if(util::strieq(strfacility, "lpr")) {
|
|
|
|
return LOG_LPR;
|
|
|
|
} else if(util::strieq(strfacility, "mail")) {
|
|
|
|
return LOG_MAIL;
|
|
|
|
} else if(util::strieq(strfacility, "news")) {
|
|
|
|
return LOG_NEWS;
|
|
|
|
} else if(util::strieq(strfacility, "syslog")) {
|
|
|
|
return LOG_SYSLOG;
|
|
|
|
} else if(util::strieq(strfacility, "user")) {
|
|
|
|
return LOG_USER;
|
|
|
|
} else if(util::strieq(strfacility, "uucp")) {
|
|
|
|
return LOG_UUCP;
|
|
|
|
} else {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
} // namespace shrpx
|