Omar Polo
14cee92646
some Pa -> Ar; while here drop two `The' from the start of the sentence
2022-01-04 23:22:14 +00:00
Omar Polo
7c2374af2c
document `require client ca' for proxies
2022-01-04 23:17:28 +00:00
Omar Polo
d474a97922
add missing prototype
2022-01-04 23:15:13 +00:00
Omar Polo
ba94a608a8
add `require client ca' for proxy blocks
...
refactor the code that calls validate_against_ca into an helper
function to reuse it in both apply_require_ca and (optionally) in
apply_reverse_proxy.
2022-01-04 23:14:34 +00:00
Omar Polo
280fd79b8f
ignore .d too
2022-01-03 18:25:27 +00:00
Omar Polo
718c0d6c71
work around freebsd' printf
...
printf: Illegal option -i
this is why we can't have nice things, isn't it?
2022-01-03 18:11:51 +00:00
Omar Polo
7c956fefc2
track file dependency using -MMD if available
...
While here, move the SRCS variable to the configure and add the
-includes in Makefile.local; it de-clutters the Makefile a bit.
2022-01-03 18:05:54 +00:00
Omar Polo
613c827165
add `gg' to the list of things to clean
2022-01-03 17:12:07 +00:00
Omar Polo
8dfacf0242
remove TAGS and compile_flags.txt from the list of default actions
2022-01-03 17:11:45 +00:00
Omar Polo
92a9f41d3d
add set_proxy to simplify testing + more checks in test_proxy_with_certs
2022-01-03 13:31:34 +00:00
Omar Polo
7b7def0a8f
set prefork to 1 during regress
2022-01-03 13:31:34 +00:00
Omar Polo
dd208aa2cf
don't print `config OK'
2022-01-03 13:31:34 +00:00
Omar Polo
6effb78141
sync changelog
2022-01-02 16:38:59 +00:00
Omar Polo
5df593f3a6
oops, wrong email address
2022-01-02 16:37:26 +00:00
Omar Polo
207dc0f9f6
sync manpage
2022-01-02 16:37:07 +00:00
Omar Polo
b7967bc1f6
proxy: allow multiple proxy blocks, matching options and validations
...
as a side effect the order of the content of a server block is relaxed:
options, location or proxy blocks can be put in any order.
2022-01-02 16:33:28 +00:00
Omar Polo
e2f167afb3
bump copyright year :)
2022-01-02 15:50:14 +00:00
Omar Polo
8e7e7cacf2
fix regress when TESTS is more than one word
2022-01-02 13:54:54 +00:00
Omar Polo
e19f21f5a6
parethesize `proxy', I'm about to change the syntax
2022-01-02 13:48:32 +00:00
Omar Polo
ec5c5ced4a
make clean: don't clean regress, add cleanall for that
2022-01-02 11:49:48 +00:00
Omar Polo
53884ec00a
document use-tls
2022-01-01 20:18:08 +00:00
Omar Polo
593e412b49
allow to disable TLS when proxying requests
2022-01-01 20:16:14 +00:00
Omar Polo
294a57275a
move %token USER to its own line
2022-01-01 19:51:53 +00:00
Omar Polo
ee68c36198
document the new proxy stuff
2022-01-01 19:25:07 +00:00
Omar Polo
3c4b712bb2
plug some memory leaks in config parsing
...
I forgot to free some strings when they're no more used.
2022-01-01 19:10:00 +00:00
Omar Polo
c7c8ef448b
add protocols' option to
proxy' rule
2022-01-01 19:04:50 +00:00
Omar Polo
5128c0b0e3
add verifyname' option for
proxy' rule
2022-01-01 18:50:10 +00:00
Omar Polo
7bdcc91ec7
simplify the proxying code
...
it doesn't make any sense to keep the proxying info per-location:
proxying only one per-vhost. It can't work differently, it doesn't make
sense anyway.
2022-01-01 17:08:39 +00:00
Omar Polo
bd5f79542c
update copyright years
2022-01-01 16:36:17 +00:00
Omar Polo
a9cb709d44
sync changelog
2022-01-01 16:34:37 +00:00
Omar Polo
c064f3de1d
add proxying with client certificate test
2022-01-01 16:33:44 +00:00
Omar Polo
e6ab6b25fc
typo
2022-01-01 16:33:44 +00:00
Omar Polo
d49093c105
support optional client certificate for proxy rule
2022-01-01 16:33:44 +00:00
Omar Polo
da2185f37f
move proxy sub-options to their own rule and allow grouping with { ... }
2022-01-01 16:33:40 +00:00
Omar Polo
cc1c8f548c
sync changelog
2022-01-01 10:54:17 +00:00
Omar Polo
c3eb759a79
mention the reverse proxying
2021-12-29 20:53:22 +00:00
Omar Polo
6a6b4a2a98
typo
2021-12-29 20:36:54 +00:00
Omar Polo
4b5b1e82a9
add a test for the `proxy relay-to' rule
2021-12-29 20:36:54 +00:00
Omar Polo
c143dcfa85
document the `proxy relay-to' rule
2021-12-29 20:36:54 +00:00
Omar Polo
72b033ef18
add ability to proxy requests
...
Add to gmid the ability to forwad a request to another gemini server and
thus acting like a reverse proxy. The current syntax for the config
file is
server "example.com" {
...
proxy relay-to host:port
}
Further options (like the use of custom certificates) are planned.
cf. github issue #7
2021-12-29 20:36:54 +00:00
Omar Polo
054387bb26
move struct iri and parser at the top of the file
2021-12-29 19:24:33 +00:00
Omar Polo
a62c63f261
retire the old gg
2021-12-29 18:18:41 +00:00
Omar Polo
7a4ae106ec
switch to the new gg for the regress suite
2021-12-29 18:16:00 +00:00
Omar Polo
ce09569f7b
typo
2021-12-29 18:13:55 +00:00
Omar Polo
5c7abf0151
reimplement gg
...
This is a better version of gg. Initially it grew with flags directly
needed to the specific test cases I wanted to write, so it's ugly to use
but handy for tests.
This is a new and re-thought implementation that it is (hopefully)
easier to use both and "curl-like for gemini" but also for scripts and
tests cases.
One completely new feature is the proxying support with -P to send the
request to the given host.
2021-12-29 18:01:08 +00:00
Omar Polo
fe903d30e7
sync changelog
2021-12-11 09:12:10 +00:00
Max
63bf54b646
[seccomp] allow ugetrlimit(2), needed by glibc on armv7l
2021-12-11 09:08:50 +00:00
Omar Polo
2d6b9b53ac
missing dots
...
(not adding one in the gemini version because it could be mistakenly
for part of the command)
2021-12-10 09:16:22 +00:00
Omar Polo
79c3a02152
specify that renew-certs needs gmid from the master branch
2021-12-10 09:15:39 +00:00
Omar Polo
52c92ef680
relax the "wont proxy request" check: don't check the port number
...
Don't refuse to serve the request if the port number doesn't match the
one we're listening on, as initially suggested by Allen Sobot.
Complex setup may have a gmid instance reachable from multiple ports and
the meaning of the check in the first places was to avoid tricking
clients into thinking that we're serving for those domains: the port
number is way less important than the schema or domain name.
In the long run, the best way would probably to add a `listen on'
keyword for the servers blocks, just like OpenBSD' httpd, but gmid can't
listen on multiple ports/interfaces yet
2021-12-09 20:59:05 +00:00