walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Rename --client-mode as --client and add --client-proxy 

With --client-proxy option, shrpx makes sure that the request path is
an absolute URI, otherwise it will return 400 status code.
This commit is contained in:
Tatsuhiro Tsujikawa 2012-11-21 22:10:35 +09:00
parent fa552c6788
commit 0bf15a7694
4 changed files with 64 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/shrpx.cc
View File

@ -351,6 +351,9 @@ void fill_default_config()
mod_config()->backlog = 256; mod_config()->backlog = 256;
mod_config()->ciphers = 0; mod_config()->ciphers = 0;
mod_config()->client_proxy = false;
mod_config()->client = false;
mod_config()->client_mode = false; mod_config()->client_mode = false;
} }
} // namespace } // namespace
@ -358,12 +361,9 @@ void fill_default_config()
namespace { namespace {
void print_usage(std::ostream& out) void print_usage(std::ostream& out)
{ {
out << "Usage: shrpx [-Dhs] [-b <HOST,PORT>] [-f <HOST,PORT>] [-n <CORES>]\n" out << "Usage: shrpx [-Dh] [-s|--client|-p] [-b <HOST,PORT>]\n"
<< " [-c <NUM>] [-L <LEVEL>] [OPTIONS...]\n" << " [-f <HOST,PORT>] [-n <CORES>] [-c <NUM>] [-L <LEVEL>]\n"
<< " <PRIVATE_KEY> <CERT>\n" << " [OPTIONS...] <PRIVATE_KEY> <CERT>\n"
<< "\n"
<< " shrpx --client-mode [-Dh] [-b <HOST,PORT>] [-f <HOST,PORT>]\n"
<< " [-n <CORES>] [-c <NUM>] [-L <LEVEL>] [OPTIONS...]\n"
<< "\n" << "\n"
<< "A reverse proxy for SPDY/HTTPS.\n" << "A reverse proxy for SPDY/HTTPS.\n"
<< std::endl; << std::endl;
@ -401,6 +401,14 @@ void print_help(std::ostream& out)
<< " -D, --daemon Run in a background. If -D is used, the\n" << " -D, --daemon Run in a background. If -D is used, the\n"
<< " current working directory is changed to '/'.\n" << " current working directory is changed to '/'.\n"
<< " -s, --spdy-proxy SSL/SPDY proxy mode.\n" << " -s, --spdy-proxy SSL/SPDY proxy mode.\n"
<< " --client Instead of accepting SPDY/HTTPS connection,\n"
<< " accept HTTP connection and communicate with\n"
<< " backend server in SPDY. To use shrpx as\n"
<< " a forward proxy, use -p option instead.\n"
<< " -p, --client-proxy Like --client option, but it also requires\n"
<< " the request path from frontend must be\n"
<< " an absolute URI, suitable for use as a\n"
<< " forward proxy."
<< " --add-x-forwarded-for\n" << " --add-x-forwarded-for\n"
<< " Append X-Forwarded-For header field to the\n" << " Append X-Forwarded-For header field to the\n"
<< " downstream request.\n" << " downstream request.\n"
@ -451,10 +459,6 @@ void print_help(std::ostream& out)
<< get_config()->backlog << "\n" << get_config()->backlog << "\n"
<< " --ciphers=<SUITE> Set allowed cipher list. The format of the\n" << " --ciphers=<SUITE> Set allowed cipher list. The format of the\n"
<< " string is described in OpenSSL ciphers(1).\n" << " string is described in OpenSSL ciphers(1).\n"
<< " --client-mode Instead of accepting SPDY/HTTPS connection,\n"
<< " accept HTTP connection and communicate with\n"
<< " backend server in SPDY. This is for testing\n"
<< " purpose.\n"
<< " -h, --help Print this help.\n" << " -h, --help Print this help.\n"
<< std::endl; << std::endl;
} }
@ -477,6 +481,7 @@ int main(int argc, char **argv)
{"log-level", required_argument, 0, 'L' }, {"log-level", required_argument, 0, 'L' },
{"daemon", no_argument, 0, 'D' }, {"daemon", no_argument, 0, 'D' },
{"spdy-proxy", no_argument, 0, 's' }, {"spdy-proxy", no_argument, 0, 's' },
{"client-proxy", no_argument, 0, 'p' },
{"add-x-forwarded-for", no_argument, &flag, 1 }, {"add-x-forwarded-for", no_argument, &flag, 1 },
{"frontend-spdy-read-timeout", required_argument, &flag, 2 }, {"frontend-spdy-read-timeout", required_argument, &flag, 2 },
{"frontend-read-timeout", required_argument, &flag, 3 }, {"frontend-read-timeout", required_argument, &flag, 3 },
@ -493,12 +498,12 @@ int main(int argc, char **argv)
{"syslog-facility", required_argument, &flag, 14 }, {"syslog-facility", required_argument, &flag, 14 },
{"backlog", required_argument, &flag, 15 }, {"backlog", required_argument, &flag, 15 },
{"ciphers", required_argument, &flag, 16 }, {"ciphers", required_argument, &flag, 16 },
{"client-mode", no_argument, &flag, 17 }, {"client", no_argument, &flag, 17 },
{"help", no_argument, 0, 'h' }, {"help", no_argument, 0, 'h' },
{0, 0, 0, 0 } {0, 0, 0, 0 }
}; };
int option_index = 0; int option_index = 0;
int c = getopt_long(argc, argv, "DL:sb:c:f:n:h", long_options, int c = getopt_long(argc, argv, "DL:sb:c:f:n:hp", long_options,
&option_index); &option_index);
if(c == -1) { if(c == -1) {
break; break;
@ -529,6 +534,9 @@ int main(int argc, char **argv)
case 's': case 's':
cmdcfgs.push_back(std::make_pair(SHRPX_OPT_SPDY_PROXY, "yes")); cmdcfgs.push_back(std::make_pair(SHRPX_OPT_SPDY_PROXY, "yes"));
break; break;
case 'p':
cmdcfgs.push_back(std::make_pair(SHRPX_OPT_CLIENT_PROXY, "yes"));
break;
case '?': case '?':
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
case 0: case 0:
@ -603,8 +611,8 @@ int main(int argc, char **argv)
cmdcfgs.push_back(std::make_pair(SHRPX_OPT_CIPHERS, optarg)); cmdcfgs.push_back(std::make_pair(SHRPX_OPT_CIPHERS, optarg));
break; break;
case 17: case 17:
// --client-mode // --client
cmdcfgs.push_back(std::make_pair(SHRPX_OPT_CLIENT_MODE, "yes")); cmdcfgs.push_back(std::make_pair(SHRPX_OPT_CLIENT, "yes"));
break; break;
default: default:
break; break;
@ -637,6 +645,18 @@ int main(int argc, char **argv)
} }
} }
int mode = get_config()->spdy_proxy |
(get_config()->client_proxy << 1) | (get_config()->client << 2);
if(mode != 0 && mode != 1 && mode != 2 && mode != 4) {
LOG(FATAL) << "--spdy-proxy, --client-proxy and --client cannot be used "
<< "at the same time.";
exit(EXIT_FAILURE);
}
if(get_config()->client || get_config()->client_proxy) {
mod_config()->client_mode = true;
}
if(!get_config()->client_mode) { if(!get_config()->client_mode) {
if(!get_config()->private_key_file || !get_config()->cert_file) { if(!get_config()->private_key_file || !get_config()->cert_file) {
print_usage(std::cerr); print_usage(std::cerr);
@ -645,12 +665,6 @@ int main(int argc, char **argv)
} }
} }
if(get_config()->spdy_proxy && get_config()->client_mode) {
LOG(FATAL) << "--spdy-proxy and --client-mode cannot be used "
<< "at the same time.";
exit(EXIT_FAILURE);
}
char hostport[NI_MAXHOST+16]; char hostport[NI_MAXHOST+16];
bool downstream_ipv6_addr = bool downstream_ipv6_addr =
is_ipv6_numeric_addr(get_config()->downstream_host); is_ipv6_numeric_addr(get_config()->downstream_host);

11
src/shrpx_config.cc
View File

@ -51,6 +51,7 @@ SHRPX_OPT_SPDY_MAX_CONCURRENT_STREAMS[] = "spdy-max-concurrent-streams";
const char SHRPX_OPT_LOG_LEVEL[] = "log-level"; const char SHRPX_OPT_LOG_LEVEL[] = "log-level";
const char SHRPX_OPT_DAEMON[] = "daemon"; const char SHRPX_OPT_DAEMON[] = "daemon";
const char SHRPX_OPT_SPDY_PROXY[] = "spdy-proxy"; const char SHRPX_OPT_SPDY_PROXY[] = "spdy-proxy";
const char SHRPX_OPT_CLIENT_PROXY[] = "client-proxy";
const char SHRPX_OPT_ADD_X_FORWARDED_FOR[] = "add-x-forwarded-for"; const char SHRPX_OPT_ADD_X_FORWARDED_FOR[] = "add-x-forwarded-for";
const char const char
SHRPX_OPT_FRONTEND_SPDY_READ_TIMEOUT[] = "frontend-spdy-read-timeout"; SHRPX_OPT_FRONTEND_SPDY_READ_TIMEOUT[] = "frontend-spdy-read-timeout";
@ -68,7 +69,7 @@ const char SHRPX_OPT_SYSLOG[] = "syslog";
const char SHRPX_OPT_SYSLOG_FACILITY[] = "syslog-facility"; const char SHRPX_OPT_SYSLOG_FACILITY[] = "syslog-facility";
const char SHRPX_OPT_BACKLOG[] = "backlog"; const char SHRPX_OPT_BACKLOG[] = "backlog";
const char SHRPX_OPT_CIPHERS[] = "ciphers"; const char SHRPX_OPT_CIPHERS[] = "ciphers";
const char SHRPX_OPT_CLIENT_MODE[] = "client-mode"; const char SHRPX_OPT_CLIENT[] = "client";
Config::Config() Config::Config()
: verbose(false), : verbose(false),
@ -86,6 +87,7 @@ Config::Config()
num_worker(0), num_worker(0),
spdy_max_concurrent_streams(0), spdy_max_concurrent_streams(0),
spdy_proxy(false), spdy_proxy(false),
client_proxy(false),
add_x_forwarded_for(false), add_x_forwarded_for(false),
accesslog(false), accesslog(false),
spdy_upstream_window_bits(0), spdy_upstream_window_bits(0),
@ -98,6 +100,7 @@ Config::Config()
use_syslog(false), use_syslog(false),
backlog(0), backlog(0),
ciphers(0), ciphers(0),
client(false),
client_mode(false) client_mode(false)
{} {}
@ -189,6 +192,8 @@ int parse_config(const char *opt, const char *optarg)
mod_config()->daemon = util::strieq(optarg, "yes"); mod_config()->daemon = util::strieq(optarg, "yes");
} else if(util::strieq(opt, SHRPX_OPT_SPDY_PROXY)) { } else if(util::strieq(opt, SHRPX_OPT_SPDY_PROXY)) {
mod_config()->spdy_proxy = util::strieq(optarg, "yes"); mod_config()->spdy_proxy = util::strieq(optarg, "yes");
} else if(util::strieq(opt, SHRPX_OPT_CLIENT_PROXY)) {
mod_config()->client_proxy = util::strieq(optarg, "yes");
} else if(util::strieq(opt, SHRPX_OPT_ADD_X_FORWARDED_FOR)) { } else if(util::strieq(opt, SHRPX_OPT_ADD_X_FORWARDED_FOR)) {
mod_config()->add_x_forwarded_for = util::strieq(optarg, "yes"); mod_config()->add_x_forwarded_for = util::strieq(optarg, "yes");
} else if(util::strieq(opt, SHRPX_OPT_FRONTEND_SPDY_READ_TIMEOUT)) { } else if(util::strieq(opt, SHRPX_OPT_FRONTEND_SPDY_READ_TIMEOUT)) {
@ -248,8 +253,8 @@ int parse_config(const char *opt, const char *optarg)
mod_config()->backlog = strtol(optarg, 0, 10); mod_config()->backlog = strtol(optarg, 0, 10);
} else if(util::strieq(opt, SHRPX_OPT_CIPHERS)) { } else if(util::strieq(opt, SHRPX_OPT_CIPHERS)) {
set_config_str(&mod_config()->ciphers, optarg); set_config_str(&mod_config()->ciphers, optarg);
} else if(util::strieq(opt, SHRPX_OPT_CLIENT_MODE)) { } else if(util::strieq(opt, SHRPX_OPT_CLIENT)) {
mod_config()->client_mode = util::strieq(optarg, "yes"); mod_config()->client = util::strieq(optarg, "yes");
} else if(util::strieq(opt, "conf")) { } else if(util::strieq(opt, "conf")) {
LOG(WARNING) << "conf is ignored"; LOG(WARNING) << "conf is ignored";
} else { } else {

6
src/shrpx_config.h
View File

@ -45,6 +45,7 @@ extern const char SHRPX_OPT_SPDY_MAX_CONCURRENT_STREAMS[];
extern const char SHRPX_OPT_LOG_LEVEL[]; extern const char SHRPX_OPT_LOG_LEVEL[];
extern const char SHRPX_OPT_DAEMON[]; extern const char SHRPX_OPT_DAEMON[];
extern const char SHRPX_OPT_SPDY_PROXY[]; extern const char SHRPX_OPT_SPDY_PROXY[];
extern const char SHRPX_OPT_CLIENT_PROXY[];
extern const char SHRPX_OPT_ADD_X_FORWARDED_FOR[]; extern const char SHRPX_OPT_ADD_X_FORWARDED_FOR[];
extern const char SHRPX_OPT_FRONTEND_SPDY_READ_TIMEOUT[]; extern const char SHRPX_OPT_FRONTEND_SPDY_READ_TIMEOUT[];
extern const char SHRPX_OPT_FRONTEND_READ_TIMEOUT[]; extern const char SHRPX_OPT_FRONTEND_READ_TIMEOUT[];
@ -60,7 +61,7 @@ extern const char SHRPX_OPT_SYSLOG[];
extern const char SHRPX_OPT_SYSLOG_FACILITY[]; extern const char SHRPX_OPT_SYSLOG_FACILITY[];
extern const char SHRPX_OPT_BACKLOG[]; extern const char SHRPX_OPT_BACKLOG[];
extern const char SHRPX_OPT_CIPHERS[]; extern const char SHRPX_OPT_CIPHERS[];
extern const char SHRPX_OPT_CLIENT_MODE[]; extern const char SHRPX_OPT_CLIENT[];
union sockaddr_union { union sockaddr_union {
sockaddr sa; sockaddr sa;
@ -92,6 +93,7 @@ struct Config {
size_t num_worker; size_t num_worker;
size_t spdy_max_concurrent_streams; size_t spdy_max_concurrent_streams;
bool spdy_proxy; bool spdy_proxy;
bool client_proxy;
bool add_x_forwarded_for; bool add_x_forwarded_for;
bool accesslog; bool accesslog;
size_t spdy_upstream_window_bits; size_t spdy_upstream_window_bits;
@ -105,6 +107,8 @@ struct Config {
bool use_syslog; bool use_syslog;
int backlog; int backlog;
char *ciphers; char *ciphers;
bool client;
// true if --client or --client-proxy are enabled.
bool client_mode; bool client_mode;
Config(); Config();
}; };

18
src/shrpx_https_upstream.cc
View File

@ -126,6 +126,7 @@ int htp_hdr_valcb(http_parser *htp, const char *data, size_t len)
namespace { namespace {
int htp_hdrs_completecb(http_parser *htp) int htp_hdrs_completecb(http_parser *htp)
{ {
int rv;
HttpsUpstream *upstream; HttpsUpstream *upstream;
upstream = reinterpret_cast<HttpsUpstream*>(htp->data); upstream = reinterpret_cast<HttpsUpstream*>(htp->data);
if(ENABLE_LOG) { if(ENABLE_LOG) {
@ -139,6 +140,21 @@ int htp_hdrs_completecb(http_parser *htp)
downstream->set_request_connection_close(!http_should_keep_alive(htp)); downstream->set_request_connection_close(!http_should_keep_alive(htp));
if(get_config()->client_proxy &&
downstream->get_request_method() != "CONNECT") {
// Make sure that request path is an absolute URI.
http_parser_url u;
const char *url = downstream->get_request_path().c_str();
memset(&u, 0, sizeof(u));
rv = http_parser_parse_url(url,
downstream->get_request_path().size(),
0, &u);
if(rv != 0 || !(u.field_set & (1 << UF_SCHEMA))) {
// Expect to respond with 400 bad request
return -1;
}
}
DownstreamConnection *dconn; DownstreamConnection *dconn;
dconn = upstream->get_client_handler()->get_downstream_connection(); dconn = upstream->get_client_handler()->get_downstream_connection();
@ -151,7 +167,7 @@ int htp_hdrs_completecb(http_parser *htp)
} }
} }
int rv = dconn->attach_downstream(downstream); rv = dconn->attach_downstream(downstream);
if(rv != 0) { if(rv != 0) {
downstream->set_request_state(Downstream::CONNECT_FAIL); downstream->set_request_state(Downstream::CONNECT_FAIL);
downstream->set_downstream_connection(0); downstream->set_downstream_connection(0);