mirrors
/
kore
mirror of https://git.kore.io/kore.git
1
0
Fork 1
Code Issues Projects Releases Wiki Activity
kore/src/config.c

2120 lines
48 KiB
C
Raw Permalink Normal View History

add missing config.c
2013-05-01 17:17:16 +02:00
/*
i forgot, it's 2022.
2022-01-31 22:02:06 +01:00
* Copyright (c) 2013-2022 Joris Vink <joris@coders.se>
add missing config.c
2013-05-01 17:17:16 +02:00
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#include <sys/param.h>
explicitly include sys/types.h some smaller libc variants do not include this from sys/param.h.
2019-03-06 09:29:46 +01:00
#include <sys/types.h>
Missing sys/stat.h, from James Turner
2014-03-07 09:55:28 +01:00
#include <sys/stat.h>
Add missing C library headers
2016-01-22 12:08:13 +01:00
#include <stdio.h>
#include <string.h>
add stdint.h
2017-02-06 12:13:29 +01:00
#include <stdint.h>
add missing config.c
2013-05-01 17:17:16 +02:00
#include <ctype.h>
Add a callback that Kore can call in your module every given interval. The callback is run from the parent process (which runs as root). Adds kore_cb and kore_cb_interval configuration options.
2013-09-02 08:52:16 +02:00
#include <limits.h>
add missing config.c
2013-05-01 17:17:16 +02:00
#include <fcntl.h>
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
#include <pwd.h>
add missing config.c
2013-05-01 17:17:16 +02:00
#include "kore.h"
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
#include "http.h"
add missing config.c
2013-05-01 17:17:16 +02:00
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
#include "pgsql.h"
#endif
Add task_threads configuration option. Before Kore would spawn a task thread per task started if none were available. This was an obvious bad idiom but never really hit me hard until now. Kore will now only spawn as many task threads as configured by "task_threads" and queue up any newly started tasks ontop of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
#if defined(KORE_USE_TASKS)
#include "tasks.h"
#endif
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
#if defined(KORE_USE_PYTHON)
#include "python_api.h"
#endif
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#if defined(KORE_USE_CURL)
#include "curl.h"
#endif
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#if defined(KORE_USE_ACME)
#include "acme.h"
#endif
Add seccomp_tracing configuration option for linux. If set to "yes" then Kore will trace its child processes and properly notify you of seccomp violations while still allowing the syscalls. This can be very useful when running Kore on new platforms that have not been properly tested with seccomp, allowing me to adjust the default policies as we move further.
2019-10-31 12:52:10 +01:00
#if defined(__linux__)
#include "seccomp.h"
#endif
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
/* XXX - This is becoming a clusterfuck. Fix it. */
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
static int configure_load(char *);
Allow configuration to pickup values from environment. Eg: certfile $CERTFILE will pickup the value from the set $CERTFILE environment variable. This works for _any_ Kore configuration option.
2021-09-05 17:53:09 +02:00
static char *configure_resolve_var(char *);
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
static void configure_check_var(char **, const char *, const char *);
Allow single binaries to load modules again.
2017-01-26 13:13:23 +01:00
#if defined(KORE_SINGLE_BINARY)
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
static FILE *config_file_write(void);
extern u_int8_t asset_builtin_kore_conf[];
extern u_int32_t asset_len_builtin_kore_conf;
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
#elif defined(KORE_USE_PYTHON)
static int configure_file(char *);
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#endif
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#if defined(KORE_USE_ACME)
static int configure_acme(char *);
Add support for setting an email for ACME. Can be configured via the acme_email configuration option. eg: acme_email john@example.com
2020-01-13 11:00:40 +01:00
static int configure_acme_email(char *);
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
static int configure_acme_provider(char *);
#endif
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
static int configure_tls(char *);
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
static int configure_server(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_include(char *);
static int configure_bind(char *);
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
static int configure_bind_unix(char *);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
static int configure_attach(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_domain(char *);
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
static int configure_privsep(char *);
Add a logfile configuration option. This will log all output from Kore processes to the specified file.
2021-09-10 13:34:57 +02:00
static int configure_logfile(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_workers(char *);
static int configure_pidfile(char *);
static int configure_rlimit_nofiles(char *);
static int configure_max_connections(char *);
static int configure_accept_threshold(char *);
Add worker_death_policy setting. By default kore will restart worker processes if they terminate unexpected. However in certain scenarios you may want to bring down an entire kore instance if a worker process fails. By setting worker_death_policy to "terminate" the Kore server will completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
static int configure_death_policy(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_set_affinity(char *);
static int configure_socket_backlog(char *);
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
static int configure_privsep_skip(char *);
static int configure_privsep_root(char *);
static int configure_privsep_runas(char *);
Initial lua runtime. Works enough so one can do basic configuration and handle HTTP.
2023-01-21 23:41:35 +01:00
static int configure_deployment(char *);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
Add pledge support under OpenBSD. All worker processes will now call pledge(2) after dropping privileges (even if -rn was specified). By default Kore will use the following promises: "stdio rpath inet error" If your application requires more privileges, you can add more pledges by setting them in your configuration using the 'pledge' directive: pledge dns wpath
2018-07-31 06:51:34 +02:00
#if defined(KORE_USE_PLATFORM_PLEDGE)
static int configure_add_pledge(char *);
#endif
Add rand_file configuration option for keymgr. This option allows the user to specify a file to be used for seeding the PRNG initially and to write random bytes at exit. The option is only available if kore has TLS enabled (by default). If you enable this option Kore will refuse to start if there is a problem with the file specified (not found, not a file, invalid size, etc). While here let the keymgr process call RAND_poll() every half hour to grab more system entropy and seed it into the PRNG.
2017-02-28 05:58:04 +01:00
static int configure_rand_file(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_certfile(char *);
static int configure_certkey(char *);
static int configure_tls_version(char *);
static int configure_tls_cipher(char *);
static int configure_tls_dhparam(char *);
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
static int configure_client_verify(char *);
Add configurable x509 chain validation depth. You can now per domain configure the depth for x509 chain validation: client_verify_depth 1 By default this is 1. While here change around some log messages and properly set the callback for x509 verification rather then via hoops and loops.
2018-06-09 12:50:50 +02:00
static int configure_client_verify_depth(char *);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#if !defined(KORE_NO_HTTP)
Replace static/dynamic with a single option: route Kore will automatically detect if a route is a dynamic or static one so there is no need for the configuration options to differ anymore.
2019-11-15 08:11:02 +01:00
static int configure_route(char *);
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
static int configure_route_methods(char *);
HTTP improvements. Introduce an on_headers callback for routes, allowing one to inspect the headers before the request is processed further. Additionall, Add a new way of obtaining HTTP headers. Much like http_argument_get_*() functions, these new APIs allow you to fetch the data of an HTTP header as a specified C type. The new APIs are: * http_request_header_int16() * http_request_header_uint16() * http_request_header_int32() * http_request_header_uint32() * http_request_header_int64() * http_request_header_uint64() * http_request_header_float() * http_request_header_double() Should make it easier to operate in HTTP header data in a safe way. No need to always roll your own string to int conversion functions.
2021-09-15 22:16:22 +02:00
static int configure_route_handler(char *);
Python: allow route hooks via kore.route(). Adding the hooks keyword with a dictionary attached to specify the relevant hooks will hook them for the given route. Eg: domain.route("/", self.index, methods=["get"], hooks={ "on_free": self.request_free } ) These are the same hooks available via a normal Kore route configuration.
2021-12-14 23:15:21 +01:00
static int configure_route_on_free(char *);
HTTP improvements. Introduce an on_headers callback for routes, allowing one to inspect the headers before the request is processed further. Additionall, Add a new way of obtaining HTTP headers. Much like http_argument_get_*() functions, these new APIs allow you to fetch the data of an HTTP header as a specified C type. The new APIs are: * http_request_header_int16() * http_request_header_uint16() * http_request_header_int32() * http_request_header_uint32() * http_request_header_int64() * http_request_header_uint64() * http_request_header_float() * http_request_header_double() Should make it easier to operate in HTTP header data in a safe way. No need to always roll your own string to int conversion functions.
2021-09-15 22:16:22 +02:00
static int configure_route_on_headers(char *);
Bring back page authentication via config. Inside of the new route handlers the "authenticate" keyword can be specified to let the route authenticate via a previously configured authentication block. The ability to do this went missing in a previous commit that overhauled the routing structure of the configuration.
2022-01-31 15:13:34 +01:00
static int configure_route_authenticate(char *);
HTTP improvements. Introduce an on_headers callback for routes, allowing one to inspect the headers before the request is processed further. Additionall, Add a new way of obtaining HTTP headers. Much like http_argument_get_*() functions, these new APIs allow you to fetch the data of an HTTP header as a specified C type. The new APIs are: * http_request_header_int16() * http_request_header_uint16() * http_request_header_int32() * http_request_header_uint32() * http_request_header_int64() * http_request_header_uint64() * http_request_header_float() * http_request_header_double() Should make it easier to operate in HTTP header data in a safe way. No need to always roll your own string to int conversion functions.
2021-09-15 22:16:22 +02:00
static int configure_route_on_body_chunk(char *);
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
static int configure_filemap(char *);
Add a "return" configuration option. This hooks into the existing redirection framework but allows you to quickly deny certain paths with a 403 or other status code. The snippet below would for example declare a filemap served from 'www' directory but denying all access to the files under the 'data' directory: filemap / www deny /data 403
2020-03-03 11:28:16 +01:00
static int configure_return(char *);
Add support for config based redirection. Inside the domain contexts a 'redirect' rule will allow you to redirect a request to another URI. Ex: Redirect all requests with a 301 to example.com redirect ^/.*$ 301 https://example.com Using capture groups redirect ^/account/(.*)$ 301 https://example.com/account/$1 Adding the query string in the mix redirect ^/(.*)$ 301 https://example.com/$1?$qs
2020-02-07 06:42:33 +01:00
static int configure_redirect(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_static_handler(char *);
static int configure_dynamic_handler(char *);
static int configure_accesslog(char *);
static int configure_http_header_max(char *);
Add http_[header|body]_timeout. If the HTTP request headers or the HTTP body have not arrived before these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
static int configure_http_header_timeout(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_http_body_max(char *);
Add http_[header|body]_timeout. If the HTTP request headers or the HTTP body have not arrived before these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
static int configure_http_body_timeout(char *);
Add filemap_ext configuration option. Allows you to specify the default extensions used for a file served via a filemap, eg: filemap_ext .html Gives us ability to provide clean urls.
2018-07-03 19:58:43 +02:00
static int configure_filemap_ext(char *);
filemap and fileref improvements. - make sure we can serve updated files even if we have an old fileref around. - add filemap_index as a configuration option: allows one to specify what file to serve if a directory was requested (eg: index.html)
2018-06-28 23:00:42 +02:00
static int configure_filemap_index(char *);
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
static int configure_http_media_type(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_http_hsts_enable(char *);
static int configure_http_keepalive_time(char *);
Add http_request_ms configuration option. This option allows a user to finetune the number of milliseconds a worker process will max spend inside the http_process() loop. By default this is 10ms.
2018-03-14 13:41:17 +01:00
static int configure_http_request_ms(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_http_request_limit(char *);
static int configure_http_body_disk_offload(char *);
static int configure_http_body_disk_path(char *);
Add the http_server_version configuration option. This allows setting a custom server header from the config file, for example to mask the version number.
2020-02-18 22:29:41 +01:00
static int configure_http_server_version(char *);
Add the http_pretty_error configuration option. When enabled, Kore returns HTML error pages for status codes 4xx and 5xx instead of empty content.
2020-03-03 12:53:18 +01:00
static int configure_http_pretty_error(char *);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_validator(char *);
static int configure_validate(char *);
static int configure_authentication(char *);
static int configure_authentication_uri(char *);
static int configure_authentication_type(char *);
static int configure_authentication_value(char *);
static int configure_authentication_validator(char *);
static int configure_websocket_maxframe(char *);
static int configure_websocket_timeout(char *);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#endif
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_pgsql_conn_max(char *);
Add pgsql_queue_limit configuration option. Limits the number of queued asynchronous queries kore will allow before starting to return errors for KORE_PGSQL_ASYNC setups. By default set to 1000. Avoids uncontrolled growth of the pgsql_queue_wait pool.
2018-02-13 13:21:27 +01:00
static int configure_pgsql_queue_limit(char *);
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#endif
Add task_threads configuration option. Before Kore would spawn a task thread per task started if none were available. This was an obvious bad idiom but never really hit me hard until now. Kore will now only spawn as many task threads as configured by "task_threads" and queue up any newly started tasks ontop of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
#if defined(KORE_USE_TASKS)
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
static int configure_task_threads(char *);
Add task_threads configuration option. Before Kore would spawn a task thread per task started if none were available. This was an obvious bad idiom but never really hit me hard until now. Kore will now only spawn as many task threads as configured by "task_threads" and queue up any newly started tasks ontop of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
#endif
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
#if defined(KORE_USE_PYTHON)
bring back python_import and python_path. These were mistakingly removed a while ago.
2021-10-20 11:20:25 +02:00
static int configure_python_path(char *);
static int configure_python_import(char *);
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
#endif
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#if defined(KORE_USE_CURL)
static int configure_curl_timeout(char *);
static int configure_curl_recv_max(char *);
#endif
Add seccomp_tracing configuration option for linux. If set to "yes" then Kore will trace its child processes and properly notify you of seccomp violations while still allowing the syscalls. This can be very useful when running Kore on new platforms that have not been properly tested with seccomp, allowing me to adjust the default policies as we move further.
2019-10-31 12:52:10 +01:00
#if defined(__linux__)
static int configure_seccomp_tracing(char *);
#endif
add missing config.c
2013-05-01 17:17:16 +02:00
static struct {
const char *name;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
int (*configure)(char *);
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
} config_directives[] = {
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
{ "tls", configure_tls },
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#if defined(KORE_USE_ACME)
{ "acme", configure_acme },
#endif
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{ "bind", configure_bind },
{ "load", configure_load },
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
{ "domain", configure_domain },
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
{ "privsep", configure_privsep },
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
{ "server", configure_server },
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
{ "attach", configure_attach },
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
{ "certkey", configure_certkey },
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
{ "certfile", configure_certfile },
{ "include", configure_include },
{ "unix", configure_bind_unix },
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
{ "skip", configure_privsep_skip },
{ "root", configure_privsep_root },
{ "runas", configure_privsep_runas },
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
{ "client_verify", configure_client_verify },
{ "client_verify_depth", configure_client_verify_depth },
bring back python_import and python_path. These were mistakingly removed a while ago.
2021-10-20 11:20:25 +02:00
#if defined(KORE_USE_PYTHON)
{ "python_path", configure_python_path },
{ "python_import", configure_python_import },
#endif
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
#if !defined(KORE_NO_HTTP)
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
{ "route", configure_route },
{ "handler", configure_route_handler },
HTTP improvements. Introduce an on_headers callback for routes, allowing one to inspect the headers before the request is processed further. Additionall, Add a new way of obtaining HTTP headers. Much like http_argument_get_*() functions, these new APIs allow you to fetch the data of an HTTP header as a specified C type. The new APIs are: * http_request_header_int16() * http_request_header_uint16() * http_request_header_int32() * http_request_header_uint32() * http_request_header_int64() * http_request_header_uint64() * http_request_header_float() * http_request_header_double() Should make it easier to operate in HTTP header data in a safe way. No need to always roll your own string to int conversion functions.
2021-09-15 22:16:22 +02:00
{ "on_headers", configure_route_on_headers },
{ "on_body_chunk", configure_route_on_body_chunk },
Python: allow route hooks via kore.route(). Adding the hooks keyword with a dictionary attached to specify the relevant hooks will hook them for the given route. Eg: domain.route("/", self.index, methods=["get"], hooks={ "on_free": self.request_free } ) These are the same hooks available via a normal Kore route configuration.
2021-12-14 23:15:21 +01:00
{ "on_free", configure_route_on_free },
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
{ "methods", configure_route_methods },
Bring back page authentication via config. Inside of the new route handlers the "authenticate" keyword can be specified to let the route authenticate via a previously configured authentication block. The ability to do this went missing in a previous commit that overhauled the routing structure of the configuration.
2022-01-31 15:13:34 +01:00
{ "authenticate", configure_route_authenticate },
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
{ "filemap", configure_filemap },
Add support for config based redirection. Inside the domain contexts a 'redirect' rule will allow you to redirect a request to another URI. Ex: Redirect all requests with a 301 to example.com redirect ^/.*$ 301 https://example.com Using capture groups redirect ^/account/(.*)$ 301 https://example.com/account/$1 Adding the query string in the mix redirect ^/(.*)$ 301 https://example.com/$1?$qs
2020-02-07 06:42:33 +01:00
{ "redirect", configure_redirect },
Add a "return" configuration option. This hooks into the existing redirection framework but allows you to quickly deny certain paths with a 403 or other status code. The snippet below would for example declare a filemap served from 'www' directory but denying all access to the files under the 'data' directory: filemap / www deny /data 403
2020-03-03 11:28:16 +01:00
{ "return", configure_return },
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
{ "static", configure_static_handler },
{ "dynamic", configure_dynamic_handler },
{ "accesslog", configure_accesslog },
{ "validator", configure_validator },
{ "validate", configure_validate },
{ "authentication", configure_authentication },
{ "authentication_uri", configure_authentication_uri },
{ "authentication_type", configure_authentication_type },
{ "authentication_value", configure_authentication_value },
{ "authentication_validator", configure_authentication_validator },
#endif
{ NULL, NULL },
};
static struct {
const char *name;
int (*configure)(char *);
} config_settings[] = {
Add a logfile configuration option. This will log all output from Kore processes to the specified file.
2021-09-10 13:34:57 +02:00
{ "logfile", configure_logfile },
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{ "workers", configure_workers },
{ "worker_max_connections", configure_max_connections },
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
{ "worker_rlimit_nofiles", configure_rlimit_nofiles },
Fix typo in configuration option worker_accept_treshold. There is no backwards comptabile option available. Fixes #53
2015-05-18 12:20:28 +02:00
{ "worker_accept_threshold", configure_accept_threshold },
Add worker_death_policy setting. By default kore will restart worker processes if they terminate unexpected. However in certain scenarios you may want to bring down an entire kore instance if a worker process fails. By setting worker_death_policy to "terminate" the Kore server will completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
{ "worker_death_policy", configure_death_policy },
Add new configuration option: worker_set_affinity. Controls wether or not worker processes sets its affinity mask to bind themselves to a single CPU. Defaults to on (1).
2015-04-27 10:36:33 +02:00
{ "worker_set_affinity", configure_set_affinity },
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{ "pidfile", configure_pidfile },
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
{ "socket_backlog", configure_socket_backlog },
{ "tls_version", configure_tls_version },
{ "tls_cipher", configure_tls_cipher },
{ "tls_dhparam", configure_tls_dhparam },
Add rand_file configuration option for keymgr. This option allows the user to specify a file to be used for seeding the PRNG initially and to write random bytes at exit. The option is only available if kore has TLS enabled (by default). If you enable this option Kore will refuse to start if there is a problem with the file specified (not found, not a file, invalid size, etc). While here let the keymgr process call RAND_poll() every half hour to grab more system entropy and seed it into the PRNG.
2017-02-28 05:58:04 +01:00
{ "rand_file", configure_rand_file },
Initial lua runtime. Works enough so one can do basic configuration and handle HTTP.
2023-01-21 23:41:35 +01:00
{ "deployment", configure_deployment },
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#if defined(KORE_USE_ACME)
Add support for setting an email for ACME. Can be configured via the acme_email configuration option. eg: acme_email john@example.com
2020-01-13 11:00:40 +01:00
{ "acme_email", configure_acme_email },
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
{ "acme_provider", configure_acme_provider },
#endif
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
#if defined(KORE_USE_PLATFORM_PLEDGE)
{ "pledge", configure_add_pledge },
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#endif
Add seccomp_tracing configuration option for linux. If set to "yes" then Kore will trace its child processes and properly notify you of seccomp violations while still allowing the syscalls. This can be very useful when running Kore on new platforms that have not been properly tested with seccomp, allowing me to adjust the default policies as we move further.
2019-10-31 12:52:10 +01:00
#if defined(__linux__)
{ "seccomp_tracing", configure_seccomp_tracing },
#endif
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#if !defined(KORE_NO_HTTP)
Add filemap_ext configuration option. Allows you to specify the default extensions used for a file served via a filemap, eg: filemap_ext .html Gives us ability to provide clean urls.
2018-07-03 19:58:43 +02:00
{ "filemap_ext", configure_filemap_ext },
filemap and fileref improvements. - make sure we can serve updated files even if we have an old fileref around. - add filemap_index as a configuration option: allows one to specify what file to serve if a directory was requested (eg: index.html)
2018-06-28 23:00:42 +02:00
{ "filemap_index", configure_filemap_index },
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
{ "http_media_type", configure_http_media_type },
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
{ "http_header_max", configure_http_header_max },
Add http_[header|body]_timeout. If the HTTP request headers or the HTTP body have not arrived before these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
{ "http_header_timeout", configure_http_header_timeout },
Add PUT/DELETE/HEAD methods (finally). This commit renames certain POST centric variable and configuration naming to the correct HTTP body stuff. API changes include http_postbody_text() and http_postbody_bytes() to have become http_body_text() and http_body_bytes(). The developer is still responsible for validating the method their page handler is called with. Hopefully this becomes a configuration option soon enough.
2014-10-08 11:03:14 +02:00
{ "http_body_max", configure_http_body_max },
Add http_[header|body]_timeout. If the HTTP request headers or the HTTP body have not arrived before these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
{ "http_body_timeout", configure_http_body_timeout },
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
{ "http_hsts_enable", configure_http_hsts_enable },
Add http_keepalive_time configuration parameter. Allows you to configure maximum amount of seconds an HTTP connection can stay open (does not affect SPDY connections). If set to 0 it will disable keep-alive all together. Add some inttypes fluff.
2013-10-15 11:10:45 +02:00
{ "http_keepalive_time", configure_http_keepalive_time },
Add http_request_ms configuration option. This option allows a user to finetune the number of milliseconds a worker process will max spend inside the http_process() loop. By default this is 10ms.
2018-03-14 13:41:17 +01:00
{ "http_request_ms", configure_http_request_ms },
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
{ "http_request_limit", configure_http_request_limit },
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
{ "http_body_disk_offload", configure_http_body_disk_offload },
{ "http_body_disk_path", configure_http_body_disk_path },
Add the http_server_version configuration option. This allows setting a custom server header from the config file, for example to mask the version number.
2020-02-18 22:29:41 +01:00
{ "http_server_version", configure_http_server_version },
Add the http_pretty_error configuration option. When enabled, Kore returns HTML error pages for status codes 4xx and 5xx instead of empty content.
2020-03-03 12:53:18 +01:00
{ "http_pretty_error", configure_http_pretty_error },
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
{ "websocket_maxframe", configure_websocket_maxframe },
{ "websocket_timeout", configure_websocket_timeout },
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#endif
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
{ "pgsql_conn_max", configure_pgsql_conn_max },
Add pgsql_queue_limit configuration option. Limits the number of queued asynchronous queries kore will allow before starting to return errors for KORE_PGSQL_ASYNC setups. By default set to 1000. Avoids uncontrolled growth of the pgsql_queue_wait pool.
2018-02-13 13:21:27 +01:00
{ "pgsql_queue_limit", configure_pgsql_queue_limit },
Add task_threads configuration option. Before Kore would spawn a task thread per task started if none were available. This was an obvious bad idiom but never really hit me hard until now. Kore will now only spawn as many task threads as configured by "task_threads" and queue up any newly started tasks ontop of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
#endif
#if defined(KORE_USE_TASKS)
{ "task_threads", configure_task_threads },
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#endif
#if defined(KORE_USE_CURL)
{ "curl_timeout", configure_curl_timeout },
{ "curl_recv_max", configure_curl_recv_max },
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
#endif
#if !defined(KORE_SINGLE_BINARY) && defined(KORE_USE_PYTHON)
{ "file", configure_file },
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#endif
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{ NULL, NULL },
add missing config.c
2013-05-01 17:17:16 +02:00
};
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
static int finalized = 0;
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#if !defined(KORE_SINGLE_BINARY)
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
char *config_file = NULL;
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#endif
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#if !defined(KORE_NO_HTTP)
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
static struct kore_auth *current_auth = NULL;
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
static struct kore_route *current_route = NULL;
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#endif
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
extern const char *__progname;
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
static struct kore_domain *current_domain = NULL;
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
static struct kore_server *current_server = NULL;
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
static struct kore_privsep *current_privsep = NULL;
from now on configuration files must specify a domain for the handlers that follow. This allows for easy subdomain configuration. example: domain joris.local static / serve_index domain .joris.local static / serve_another_index
2013-05-02 13:30:13 +02:00
add missing config.c
2013-05-01 17:17:16 +02:00
void
refactor code quite a bit.
2013-06-26 11:18:32 +02:00
kore_parse_config(void)
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
{
Change kore_parent_configure() for single binaries. This function now takes any remaining arguments passed on the command line after kore parsed its own. For C the new prototype looks like this: void kore_parent_configure(int argc, char **argv); For python code, kore will pass each argument to the function so you can do things like: def kore_parent_configure(arg1, arg2):
2018-04-09 12:51:20 +02:00
FILE *fp;
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
struct passwd *pwd;
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
char path[PATH_MAX];
Change kore_parent_configure() for single binaries. This function now takes any remaining arguments passed on the command line after kore parsed its own. For C the new prototype looks like this: void kore_parent_configure(int argc, char **argv); For python code, kore will pass each argument to the function so you can do things like: def kore_parent_configure(arg1, arg2):
2018-04-09 12:51:20 +02:00
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
if (finalized)
return;
fp = NULL;
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#if !defined(KORE_SINGLE_BINARY)
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
if (config_file != NULL) {
if ((fp = fopen(config_file, "r")) == NULL) {
fatal("configuration given cannot be opened: %s",
config_file);
}
}
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#else
Change kore_parent_configure() for single binaries. This function now takes any remaining arguments passed on the command line after kore parsed its own. For C the new prototype looks like this: void kore_parent_configure(int argc, char **argv); For python code, kore will pass each argument to the function so you can do things like: def kore_parent_configure(arg1, arg2):
2018-04-09 12:51:20 +02:00
fp = config_file_write();
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#endif
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
if (fp != NULL) {
kore_parse_config_file(fp);
(void)fclose(fp);
}
Change kore_parent_configure() for single binaries. This function now takes any remaining arguments passed on the command line after kore parsed its own. For C the new prototype looks like this: void kore_parent_configure(int argc, char **argv); For python code, kore will pass each argument to the function so you can do things like: def kore_parent_configure(arg1, arg2):
2018-04-09 12:51:20 +02:00
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
kore_tls_dh_check();
resolve tls_dhparam after configure.
2021-04-21 22:39:35 +02:00
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
if (!kore_module_loaded())
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
fatal("no application module was loaded");
Make some configuration options fallback to defaults. * If no runas_user is given, use current user. * If no chroot path is given, don't complain if -n * If no workers is set, use the default 1.
2014-07-31 13:59:42 +02:00
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
if (worker_privsep.root == NULL) {
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
if (getcwd(path, sizeof(path)) == NULL)
fatal("getcwd: %s", errno_s);
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
worker_privsep.root = kore_strdup(path);
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if (!kore_quiet)
kore_log(LOG_NOTICE, "privsep: no root path set");
Make runas behave similarly to chroot. Add new command line knob '-r', that disables runas similar to '-n', it's implied as well for kore command runs. Add default runas (nobody) user and chroot (/var/empty) path, if none are specified, fallback to these.
2015-05-18 21:34:39 +02:00
}
Spacing.
2015-05-20 11:34:57 +02:00
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
if (worker_privsep.runas == NULL) {
if ((pwd = getpwuid(getuid())) == NULL)
fatal("getpwuid: %s", errno_s);
Make some configuration options fallback to defaults. * If no runas_user is given, use current user. * If no chroot path is given, don't complain if -n * If no workers is set, use the default 1.
2014-07-31 13:59:42 +02:00
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
worker_privsep.runas = kore_strdup(pwd->pw_name);
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if (!kore_quiet)
kore_log(LOG_NOTICE, "privsep: no runas user set");
Spacing.
2015-05-20 11:34:57 +02:00
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
endpwent();
}
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
configure_check_var(&keymgr_privsep.runas, worker_privsep.runas,
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
"privsep: no keymgr runas set");
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#if defined(KORE_USE_ACME)
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
configure_check_var(&acme_privsep.runas, worker_privsep.runas,
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
"privsep: no acme runas set");
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
#endif
configure_check_var(&keymgr_privsep.root, worker_privsep.root,
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
"privsep: no keymgr root set");
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
#if defined(KORE_USE_ACME)
configure_check_var(&acme_privsep.root, worker_privsep.root,
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
"privsep: no acme root set");
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#endif
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
if (skip_chroot) {
worker_privsep.skip_chroot = 1;
keymgr_privsep.skip_chroot = 1;
#if defined(KORE_USE_ACME)
acme_privsep.skip_chroot = 1;
#endif
}
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
if (skip_runas) {
worker_privsep.skip_runas = 1;
keymgr_privsep.skip_runas = 1;
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#if defined(KORE_USE_ACME)
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
acme_privsep.skip_runas = 1;
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#endif
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
}
if (skip_runas && !kore_quiet)
kore_log(LOG_NOTICE, "privsep: skipping all runas options");
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
Add -q flag. If specified Kore will run quietly and only log important messages.
2018-11-15 16:01:37 +01:00
if (skip_chroot && !kore_quiet)
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
kore_log(LOG_NOTICE, "privsep: skipping all chroot options");
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
finalized = 1;
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
}
Change kore_parent_configure() for single binaries. This function now takes any remaining arguments passed on the command line after kore parsed its own. For C the new prototype looks like this: void kore_parent_configure(int argc, char **argv); For python code, kore will pass each argument to the function so you can do things like: def kore_parent_configure(arg1, arg2):
2018-04-09 12:51:20 +02:00
void
kore_parse_config_file(FILE *fp)
add missing config.c
2013-05-01 17:17:16 +02:00
{
int i, lineno;
Allow configuration to pickup values from environment. Eg: certfile $CERTFILE will pickup the value from the set $CERTFILE environment variable. This works for _any_ Kore configuration option.
2021-09-05 17:53:09 +02:00
char buf[BUFSIZ], *p, *t, *v;
add missing config.c
2013-05-01 17:17:16 +02:00
lineno = 1;
Move shared file reading code to kore_read_line()
2016-02-01 22:10:10 +01:00
while ((p = kore_read_line(fp, buf, sizeof(buf))) != NULL) {
if (strlen(p) == 0) {
add missing config.c
2013-05-01 17:17:16 +02:00
lineno++;
continue;
}
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
if (!strcmp(p, "}") && current_privsep != NULL) {
lineno++;
current_privsep = NULL;
continue;
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if (!strcmp(p, "}") && current_server != NULL) {
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
lineno++;
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
kore_server_finalize(current_server);
current_server = NULL;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
continue;
}
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#if !defined(KORE_NO_HTTP)
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if (!strcmp(p, "}") && current_route != NULL) {
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
lineno++;
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
current_route = NULL;
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
continue;
}
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
if (!strcmp(p, "}") && current_auth != NULL) {
if (current_auth->validator == NULL) {
fatal("no authentication validator for %s",
current_auth->name);
}
lineno++;
current_auth = NULL;
continue;
}
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#endif
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
Be more clear when an invalid TLS setup is found
2019-03-26 21:36:45 +01:00
if (!strcmp(p, "}") && current_domain != NULL) {
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if (current_domain->server == NULL) {
fatal("domain '%s' not attached to server",
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
current_domain->domain);
}
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
if (current_domain->server->tls == 1) {
#if defined(KORE_USE_ACME)
if (current_domain->acme) {
lineno++;
current_domain = NULL;
continue;
}
#endif
if (current_domain->certfile == NULL ||
current_domain->certkey == NULL) {
fatal("incomplete TLS setup for '%s'",
current_domain->domain);
}
Be more clear when an invalid TLS setup is found
2019-03-26 21:36:45 +01:00
}
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
current_domain = NULL;
Be more clear when an invalid TLS setup is found
2019-03-26 21:36:45 +01:00
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
Continue on terminating '}' in a config stanza.
2015-05-07 16:24:08 +02:00
if (!strcmp(p, "}")) {
lineno++;
continue;
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if ((t = strchr(p, ' ')) == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_NOTICE,
"ignoring \"%s\" on line %d", p, lineno++);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
continue;
add missing config.c
2013-05-01 17:17:16 +02:00
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
*(t)++ = '\0';
p = kore_text_trim(p, strlen(p));
t = kore_text_trim(t, strlen(t));
if (strlen(p) == 0 || strlen(t) == 0) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_NOTICE,
"ignoring \"%s\" on line %d", p, lineno++);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
continue;
}
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
for (i = 0; config_directives[i].name != NULL; i++) {
if (!strcmp(config_directives[i].name, p)) {
Allow configuration to pickup values from environment. Eg: certfile $CERTFILE will pickup the value from the set $CERTFILE environment variable. This works for _any_ Kore configuration option.
2021-09-05 17:53:09 +02:00
if ((v = configure_resolve_var(t)) == NULL)
fatal("variable %s does not exist", t);
if (config_directives[i].configure(v))
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
break;
fatal("configuration error on line %d", lineno);
/* NOTREACHED */
}
}
if (config_directives[i].name != NULL) {
lineno++;
continue;
}
for (i = 0; config_settings[i].name != NULL; i++) {
if (!strcmp(config_settings[i].name, p)) {
Allow configuration to pickup values from environment. Eg: certfile $CERTFILE will pickup the value from the set $CERTFILE environment variable. This works for _any_ Kore configuration option.
2021-09-05 17:53:09 +02:00
if ((v = configure_resolve_var(t)) == NULL)
fatal("variable %s does not exist", t);
if (config_settings[i].configure(v))
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
break;
fatal("configuration error on line %d", lineno);
/* NOTREACHED */
}
Default to only TLSv1.2 from now on. Add configuration setting tls_version to specify if you either want TLSv1.2 or TLSv1.0 or both. The configuration options ssl_cipher and ssl_dhparam have changed name to tls_cipher and tls_dhparam. There is no fallback so you might have to update your configs.
2015-05-06 10:59:43 +02:00
}
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if (config_settings[i].name == NULL) {
kore_log(LOG_NOTICE,
"ignoring \"%s\" on line %d", p, lineno);
}
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
add missing config.c
2013-05-01 17:17:16 +02:00
lineno++;
}
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
}
Close fp after reading configuration
2014-04-09 14:43:23 +02:00
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
int
kore_configure_setting(const char *name, char *value)
{
int i;
if (finalized)
return (KORE_RESULT_ERROR);
for (i = 0; config_settings[i].name != NULL; i++) {
if (!strcmp(config_settings[i].name, name)) {
if (config_settings[i].configure(value))
return (KORE_RESULT_OK);
fatal("bad value '%s' for '%s'", value, name);
}
}
kore_log(LOG_NOTICE, "ignoring unknown kore.config.%s setting", name);
return (KORE_RESULT_OK);
}
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
static void
configure_check_var(char **var, const char *other, const char *logmsg)
{
if (*var == NULL) {
if (!kore_quiet)
kore_log(LOG_NOTICE, "%s", logmsg);
*var = kore_strdup(other);
}
}
Allow configuration to pickup values from environment. Eg: certfile $CERTFILE will pickup the value from the set $CERTFILE environment variable. This works for _any_ Kore configuration option.
2021-09-05 17:53:09 +02:00
static char *
configure_resolve_var(char *var)
{
char *v;
if (var[0] == '$') {
if ((v = getenv(&var[1])) == NULL)
return (NULL);
} else {
v = var;
}
return (v);
}
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_include(char *path)
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
{
Change kore_parent_configure() for single binaries. This function now takes any remaining arguments passed on the command line after kore parsed its own. For C the new prototype looks like this: void kore_parent_configure(int argc, char **argv); For python code, kore will pass each argument to the function so you can do things like: def kore_parent_configure(arg1, arg2):
2018-04-09 12:51:20 +02:00
FILE *fp;
if ((fp = fopen(path, "r")) == NULL)
fatal("failed to open include '%s'", path);
kore_parse_config_file(fp);
don't let kore_parse_config_file() call fclose. It doesn't own the FILE pointer, it shouldn't call fclose() on it, thats just confusing.
2018-04-10 14:39:57 +02:00
(void)fclose(fp);
Rework HTTP and worker processes. The HTTP layer used to make a copy of each incoming header and its value for a request. Stop doing that and make HTTP headers zero-copy all across the board. This change comes with some api function changes, notably the http_request_header() function which now takes a const char ** rather than a char ** out pointer. This commit also constifies several members of http_request, beware. Additional rework how the worker processes deal with the accept lock. Before: if a worker held the accept lock and it accepted a new connection it would release the lock for others and back off for 500ms before attempting to grab the lock again. This approach worked but under high load this starts becoming obvious. Now: - workers not holding the accept lock and not having any connections will wait less long before returning from kore_platform_event_wait(). - workers not holding the accept lock will no longer blindly wait an arbitrary amount in kore_platform_event_wait() but will look at how long until the next lock grab is and base their timeout on that. - if a worker its next_lock timeout is up and failed to grab the lock it will try again in half the time again. - the worker process holding the lock will when releasing the lock double check if it still has space for newer connections, if it does it will keep the lock until it is full. This prevents the lock from bouncing between several non busy worker processes all the time. Additional fixes: - Reduce the number of times we check the timeout list, only do it twice per second rather then every event tick. - Fix solo worker count for TLS (we actually hold two processes, not one). - Make sure we don't accidentally miscalculate the idle time causing new connections under heavy load to instantly drop. - Swap from gettimeofday() to clock_gettime() now that MacOS caught up.
2018-02-14 13:48:49 +01:00
Allow us to include config files with "include"
2014-04-22 13:15:19 +02:00
return (KORE_RESULT_OK);
add missing config.c
2013-05-01 17:17:16 +02:00
}
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
static int
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
configure_server(char *options)
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
{
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct kore_server *srv;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
char *argv[3];
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if (current_server != NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "nested server contexts are not allowed");
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
kore_split_string(options, " ", argv, 3);
if (argv[0] == NULL || argv[1] == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "server context invalid");
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
if (strcmp(argv[1], "{")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "server context not opened correctly");
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if ((srv = kore_server_lookup(argv[0])) != NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "server with name '%s' exists", srv->name);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
current_server = kore_server_create(argv[0]);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_OK);
}
static int
configure_tls(char *yesno)
{
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
if (!kore_tls_supported()) {
current_server->tls = 0;
if (!strcmp(yesno, "yes")) {
kore_log(LOG_ERR, "TLS not supported in this build");
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if (current_server == NULL) {
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
kore_log(LOG_ERR, "tls keyword not inside a server context");
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
if (!strcmp(yesno, "no")) {
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
current_server->tls = 0;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
} else if (!strcmp(yesno, "yes")) {
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
current_server->tls = 1;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "invalid '%s' for yes|no tls option", yesno);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
#if defined(KORE_USE_ACME)
static int
configure_acme(char *yesno)
{
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "acme keyword not inside a domain context");
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
return (KORE_RESULT_ERROR);
}
if (strchr(current_domain->domain, '*')) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"wildcards not supported due to lack of dns-01");
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
return (KORE_RESULT_ERROR);
}
if (!strcmp(yesno, "no")) {
current_domain->acme = 0;
} else if (!strcmp(yesno, "yes")) {
current_domain->acme = 1;
/* Override keyfile and certfile locations. */
kore_free(current_domain->certkey);
kore_free(current_domain->certfile);
Allow acme config via python api
2019-11-13 23:01:24 +01:00
kore_acme_get_paths(current_domain->domain,
&current_domain->certkey, &current_domain->certfile);
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
acme_domains++;
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "invalid '%s' for yes|no acme option", yesno);
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add support for setting an email for ACME. Can be configured via the acme_email configuration option. eg: acme_email john@example.com
2020-01-13 11:00:40 +01:00
static int
configure_acme_email(char *email)
{
kore_free(acme_email);
acme_email = kore_strdup(email);
return (KORE_RESULT_OK);
}
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
static int
configure_acme_provider(char *provider)
{
kore_free(acme_provider);
acme_provider = kore_strdup(provider);
return (KORE_RESULT_OK);
}
#endif
add missing config.c
2013-05-01 17:17:16 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_bind(char *options)
add missing config.c
2013-05-01 17:17:16 +02:00
{
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
char *argv[4];
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if (current_server == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bind keyword not inside a server context");
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_split_string(options, " ", argv, 4);
if (argv[0] == NULL || argv[1] == NULL)
add missing config.c
2013-05-01 17:17:16 +02:00
return (KORE_RESULT_ERROR);
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
return (kore_server_bind(current_server, argv[0], argv[1], argv[2]));
add missing config.c
2013-05-01 17:17:16 +02:00
}
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
static int
configure_bind_unix(char *options)
{
char *argv[3];
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if (current_server == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bind_unix keyword not inside a server context");
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
kore_split_string(options, " ", argv, 3);
if (argv[0] == NULL)
return (KORE_RESULT_ERROR);
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
return (kore_server_bind_unix(current_server, argv[0], argv[1]));
allow kore to bind to unix sockets via bind_unix.
2018-10-07 20:49:16 +02:00
}
add missing config.c
2013-05-01 17:17:16 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_load(char *options)
add missing config.c
2013-05-01 17:17:16 +02:00
{
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
char *argv[3];
kore_split_string(options, " ", argv, 3);
if (argv[0] == NULL)
add missing config.c
2013-05-01 17:17:16 +02:00
return (KORE_RESULT_ERROR);
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
kore_module_load(argv[0], argv[1], KORE_MODULE_NATIVE);
allow onload to be given in the config file. onload specifies what function in your module to call when the module has been loaded or reloaded.
2013-05-30 21:26:39 +02:00
return (KORE_RESULT_OK);
}
Allow single binaries to load modules again.
2017-01-26 13:13:23 +01:00
#if defined(KORE_SINGLE_BINARY)
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
static FILE *
config_file_write(void)
{
FILE *fp;
ssize_t ret;
int fd, len;
char fpath[MAXPATHLEN];
Some platforms doesn't have a /tmp/ directory where temporary files can be stored. Make it possible to override that location compile time.
2022-08-17 13:16:25 +02:00
len = snprintf(fpath, sizeof(fpath), "%s/%s.XXXXXX", KORE_TMPDIR,
__progname);
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
if (len == -1 || (size_t)len >= sizeof(fpath))
fatal("failed to create temporary path");
if ((fd = mkstemp(fpath)) == -1)
fatal("mkstemp(%s): %s", fpath, errno_s);
(void)unlink(fpath);
for (;;) {
ret = write(fd, asset_builtin_kore_conf,
asset_len_builtin_kore_conf);
if (ret == -1) {
if (errno == EINTR)
continue;
fatal("failed to write temporary config: %s", errno_s);
}
if ((size_t)ret != asset_len_builtin_kore_conf)
fatal("failed to write temporary config");
break;
}
if ((fp = fdopen(fd, "w+")) == NULL)
fatal("fdopen(): %s", errno_s);
rewind(fp);
return (fp);
}
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
#elif defined(KORE_USE_PYTHON)
static int
configure_file(char *file)
{
alter python skeleton from kodev create -p. adds the kore.config.file setting (required a fix for -c) and the kore.config.deployment option is set to "development".
2019-09-26 19:58:13 +02:00
free(config_file);
if ((config_file = strdup(file)) == NULL)
fatal("strdup");
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
return (KORE_RESULT_OK);
}
Allow "kore build" to produce single binaries. Producing single binaries can now be done with building with "kore build". To get started edit your build.conf and add the following directives: single_binary = yes kore_source = /path/to/kore optionally you can add kore_flavor to instruct how kore should be built: kore_flavor = NOTLS=1 When doing this your build.conf must also include the correct linking options as the linking is now done fully by kore build. The binary produced will include your configuration and takes over a few of kore its command line flags (such as -f, -n or -r).
2016-07-06 16:16:15 +02:00
#endif
allow onload to be given in the config file. onload specifies what function in your module to call when the module has been loaded or reloaded.
2013-05-30 21:26:39 +02:00
- Better spread load between all worker processes. - Introduce own memory management system on top of malloc to keep track of all our allocations and free's. Later we should introduce a pooling mechanism for fixed size allocations (http_request comes to mind). - Introduce ssl_cipher in configuration. Memory usage is kind of high right now, but it seems its OpenSSL doing it rather then Kore.
2013-06-27 08:43:07 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_tls_version(char *version)
Default to only TLSv1.2 from now on. Add configuration setting tls_version to specify if you either want TLSv1.2 or TLSv1.0 or both. The configuration options ssl_cipher and ssl_dhparam have changed name to tls_cipher and tls_dhparam. There is no fallback so you might have to update your configs.
2015-05-06 10:59:43 +02:00
{
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
int ver;
Add support for TLS 1.3 via OpenSSL 1.1.1. This commit removes TLS 1.0 support no matter what OpenSSL you are linking against. Changes the value of tls_version from 1.2 to both. Meaning if you link with OpenSSL 1.1.1 you will get 1.2 + 1.3.
2018-10-29 20:38:58 +01:00
if (!strcmp(version, "1.3")) {
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
ver = KORE_TLS_VERSION_1_3;
Add support for TLS 1.3 via OpenSSL 1.1.1. This commit removes TLS 1.0 support no matter what OpenSSL you are linking against. Changes the value of tls_version from 1.2 to both. Meaning if you link with OpenSSL 1.1.1 you will get 1.2 + 1.3.
2018-10-29 20:38:58 +01:00
} else if (!strcmp(version, "1.2")) {
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
ver = KORE_TLS_VERSION_1_2;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
} else if (!strcmp(version, "both")) {
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
ver = KORE_TLS_VERSION_BOTH;
Default to only TLSv1.2 from now on. Add configuration setting tls_version to specify if you either want TLSv1.2 or TLSv1.0 or both. The configuration options ssl_cipher and ssl_dhparam have changed name to tls_cipher and tls_dhparam. There is no fallback so you might have to update your configs.
2015-05-06 10:59:43 +02:00
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"unknown value for tls_version: %s (use 1.3, 1.2, both)",
version);
Default to only TLSv1.2 from now on. Add configuration setting tls_version to specify if you either want TLSv1.2 or TLSv1.0 or both. The configuration options ssl_cipher and ssl_dhparam have changed name to tls_cipher and tls_dhparam. There is no fallback so you might have to update your configs.
2015-05-06 10:59:43 +02:00
return (KORE_RESULT_ERROR);
}
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
kore_tls_version_set(ver);
Default to only TLSv1.2 from now on. Add configuration setting tls_version to specify if you either want TLSv1.2 or TLSv1.0 or both. The configuration options ssl_cipher and ssl_dhparam have changed name to tls_cipher and tls_dhparam. There is no fallback so you might have to update your configs.
2015-05-06 10:59:43 +02:00
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_tls_cipher(char *cipherlist)
- Better spread load between all worker processes. - Introduce own memory management system on top of malloc to keep track of all our allocations and free's. Later we should introduce a pooling mechanism for fixed size allocations (http_request comes to mind). - Introduce ssl_cipher in configuration. Memory usage is kind of high right now, but it seems its OpenSSL doing it rather then Kore.
2013-06-27 08:43:07 +02:00
{
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
return (kore_tls_ciphersuite_set(cipherlist));
- Better spread load between all worker processes. - Introduce own memory management system on top of malloc to keep track of all our allocations and free's. Later we should introduce a pooling mechanism for fixed size allocations (http_request comes to mind). - Introduce ssl_cipher in configuration. Memory usage is kind of high right now, but it seems its OpenSSL doing it rather then Kore.
2013-06-27 08:43:07 +02:00
}
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_tls_dhparam(char *path)
Add support for ephemeral key exchange mechanisms, ssl_dhparam configuration option must be set (and point to a file containing a generated DH key).
2013-08-07 16:51:39 +02:00
{
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
return (kore_tls_dh_load(path));
add missing config.c
2013-05-01 17:17:16 +02:00
}
add chroot and runas directives so we can chroot and drop privilegs properly
2013-05-04 22:18:27 +02:00
Add configurable x509 chain validation depth. You can now per domain configure the depth for x509 chain validation: client_verify_depth 1 By default this is 1. While here change around some log messages and properly set the callback for x509 verification rather then via hoops and loops.
2018-06-09 12:50:50 +02:00
static int
configure_client_verify_depth(char *value)
{
int err, depth;
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"client_verify_depth keyword not in domain context");
Add configurable x509 chain validation depth. You can now per domain configure the depth for x509 chain validation: client_verify_depth 1 By default this is 1. While here change around some log messages and properly set the callback for x509 verification rather then via hoops and loops.
2018-06-09 12:50:50 +02:00
return (KORE_RESULT_ERROR);
}
depth = kore_strtonum(value, 10, 0, INT_MAX, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad client_verify_depth value: %s", value);
Add configurable x509 chain validation depth. You can now per domain configure the depth for x509 chain validation: client_verify_depth 1 By default this is 1. While here change around some log messages and properly set the callback for x509 verification rather then via hoops and loops.
2018-06-09 12:50:50 +02:00
return (KORE_RESULT_ERROR);
}
current_domain->x509_verify_depth = depth;
return (KORE_RESULT_OK);
}
Add support for client certificates
2013-12-14 16:31:07 +01:00
static int
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
configure_client_verify(char *options)
Add support for client certificates
2013-12-14 16:31:07 +01:00
{
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
char *argv[3];
Add support for client certificates
2013-12-14 16:31:07 +01:00
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"client_verify keyword not in domain context");
Add support for client certificates
2013-12-14 16:31:07 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_split_string(options, " ", argv, 3);
if (argv[0] == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "client_verify is missing a parameter");
Add support for client certificates
2013-12-14 16:31:07 +01:00
return (KORE_RESULT_ERROR);
}
if (current_domain->cafile != NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "client_verify already set for '%s'",
Add support for client certificates
2013-12-14 16:31:07 +01:00
current_domain->domain);
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
current_domain->cafile = kore_strdup(argv[0]);
if (argv[1] != NULL)
current_domain->crlfile = kore_strdup(argv[1]);
Add CRL support. Allow Kore to use per domain CRLs when requiring client certificates. The require_client_cert configuration option has been renamed to a more sane client_certificates and can optionally take a second argument which is the CRL in pem format. You'll need a restart in case the CRLs get updated.
2014-10-18 02:32:05 +02:00
Add support for client certificates
2013-12-14 16:31:07 +01:00
return (KORE_RESULT_OK);
}
Add rand_file configuration option for keymgr. This option allows the user to specify a file to be used for seeding the PRNG initially and to write random bytes at exit. The option is only available if kore has TLS enabled (by default). If you enable this option Kore will refuse to start if there is a problem with the file specified (not found, not a file, invalid size, etc). While here let the keymgr process call RAND_poll() every half hour to grab more system entropy and seed it into the PRNG.
2017-02-28 05:58:04 +01:00
static int
configure_rand_file(char *path)
{
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
if (kore_rand_file != NULL)
kore_free(kore_rand_file);
Add rand_file configuration option for keymgr. This option allows the user to specify a file to be used for seeding the PRNG initially and to write random bytes at exit. The option is only available if kore has TLS enabled (by default). If you enable this option Kore will refuse to start if there is a problem with the file specified (not found, not a file, invalid size, etc). While here let the keymgr process call RAND_poll() every half hour to grab more system entropy and seed it into the PRNG.
2017-02-28 05:58:04 +01:00
Initial work splitting OpenSSL code away. This work moves all TLS / crypto related code into a tls_openssl.c file and adds a tls_none.c which contains just stubs. Allows compilation of Kore with TLS_BACKEND=none to remove building against OpenSSL. Also adds code for SHA1/SHA2 taken from openssh-portable so we don't depend on those being present anymore in libcrypto.
2022-02-17 13:45:28 +01:00
kore_rand_file = kore_strdup(path);
Add rand_file configuration option for keymgr. This option allows the user to specify a file to be used for seeding the PRNG initially and to write random bytes at exit. The option is only available if kore has TLS enabled (by default). If you enable this option Kore will refuse to start if there is a problem with the file specified (not found, not a file, invalid size, etc). While here let the keymgr process call RAND_poll() every half hour to grab more system entropy and seed it into the PRNG.
2017-02-28 05:58:04 +01:00
return (KORE_RESULT_OK);
}
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_certfile(char *path)
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
{
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"certfile keyword not specified in domain context");
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
return (KORE_RESULT_ERROR);
}
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
kore_free(current_domain->certfile);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
current_domain->certfile = kore_strdup(path);
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_certkey(char *path)
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
{
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"certkey keyword not specified in domain context");
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
return (KORE_RESULT_ERROR);
}
Add acmev2 (RFC8555) support to Kore. A new acme process is created that communicates with the acme servers. This process does not hold any of your private keys (no account keys, no domain keys etc). Whenever the acme process requires a signed payload it will ask the keymgr process to do the signing with the relevant keys. This process is also sandboxed with pledge+unveil on OpenBSD and seccomp syscall filtering on Linux. The implementation only supports the tls-alpn-01 challenge. This means that you do not need to open additional ports on your machine. http-01 and dns-01 are currently not supported (no wildcard support). A new configuration option "acme_provider" is available and can be set to the acme server its directory. By default this will point to the live letsencrypt environment: https://acme-v02.api.letsencrypt.org/directory The acme process can be controlled via the following config options: - acme_root (where the acme process will chroot/chdir into). - acme_runas (the user the acme process will run as). If none are set, the values from 'root' and 'runas' are taken. If you want to turn on acme for domains you do it as follows: domain kore.io { acme yes } You do not need to specify certkey/certfile anymore, if they are present still they will be overwritten by the acme system. The keymgr will store all certificates and keys under its root (keymgr_root), the account key is stored as "/account-key.pem" and all obtained certificates go under "certificates/<domain>/fullchain.pem" while keys go under "certificates/<domain>/key.pem". Kore will automatically renew certificates if they will expire in 7 days or less.
2019-11-06 19:33:53 +01:00
kore_free(current_domain->certkey);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
current_domain->certkey = kore_strdup(path);
Add access logging to Kore.
2013-06-24 09:36:40 +02:00
return (KORE_RESULT_OK);
}
add SNI support, and change domain configuration a bit.
2013-06-24 11:32:45 +02:00
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
static int
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
configure_privsep(char *options)
{
char *argv[3];
if (current_privsep != NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "nested privsep contexts are not allowed");
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
return (KORE_RESULT_ERROR);
}
kore_split_string(options, " ", argv, 3);
if (argv[0] == NULL || argv[1] == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "invalid privsep context");
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
return (KORE_RESULT_ERROR);
}
if (strcmp(argv[1], "{")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "privsep context not opened correctly");
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
return (KORE_RESULT_ERROR);
}
if (!strcmp(argv[0], "worker")) {
current_privsep = &worker_privsep;
} else if (!strcmp(argv[0], "keymgr")) {
current_privsep = &keymgr_privsep;
#if defined(KORE_USE_ACME)
use correct privsep name for acme
2021-12-02 19:33:20 +01:00
} else if (!strcmp(argv[0], "acme")) {
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
current_privsep = &acme_privsep;
#endif
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "unknown privsep context: %s", argv[0]);
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
configure_privsep_runas(char *user)
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
{
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
if (current_privsep == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "runas keyword not in privsep context");
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
return (KORE_RESULT_ERROR);
}
if (current_privsep->runas != NULL)
kore_free(current_privsep->runas);
current_privsep->runas = kore_strdup(user);
return (KORE_RESULT_OK);
}
static int
configure_privsep_root(char *root)
{
if (current_privsep == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "root keyword not in privsep context");
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
return (KORE_RESULT_ERROR);
}
if (current_privsep->root != NULL)
kore_free(current_privsep->root);
current_privsep->root = kore_strdup(root);
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
return (KORE_RESULT_OK);
}
static int
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
configure_privsep_skip(char *option)
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
{
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
if (current_privsep == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "skip keyword not in privsep context");
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
return (KORE_RESULT_ERROR);
}
if (!strcmp(option, "chroot")) {
current_privsep->skip_chroot = 1;
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "unknown skip option '%s'", option);
Rework worker startup/privsep config. Starting with the privsep config, this commit changes the following: - Removes the root, runas, keymgr_root, keymgr_runas, acme_root and acme_runas configuration options. Instead these are now configured via a privsep configuration context: privsep worker { root /tmp runas nobody } This is also configurable via Python using the new kore.privsep() method: kore.privsep("worker", root="/tmp", runas="nobody", skip=["chroot"]) Tied into this we also better handle worker startup: - Per worker process, wait until it signalled it is ready. - If a worker fails at startup, display its last log lines more clearly. - Don't start acme process if no domain requires acme. - Remove each process its individual startup log message in favour of a generalized one that displays its PID, root and user. - At startup, log the kore version and built-ins in a nicer way. - The worker processes now check things they need to start running before signaling they are ready (such as access to CA certs for TLS client authentication).
2021-09-07 21:59:22 +02:00
return (KORE_RESULT_ERROR);
}
Allow on-the-fly reloading of certificates/keys. This commit introduces the ability for the keymgr process to reload the certificates/keys for domains when receiving a SIGUSR1 signal. The keymgr receives 2 new configuration options: - keymgr_root_path The root path where the keymgr will live. If -n is not specified when the application starts the keymgr process will chroot into here. - keymgr_runas_user The user the keymgr will drop privileges towards if -r was not specified. All certfile and certkey configuration options are now relative to the keymgr_root_path configuration setting. The keymgr process will now also load the certificate for the domain (rather then the workers) and submit these to the worker processes so they can be reloaded when required. Worker processes will refuse connections until the TLS configuration for a given domain is completed (aka: the workers receive the certificate for that domain). Other changes: - client_certificates renamed to client_verify. - the chroot configuration option is now called root. - kore is a little more verbose if privsep options are missing. - filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
return (KORE_RESULT_OK);
}
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_domain(char *options)
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
{
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
char *argv[3];
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (current_domain != NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "nested domain contexts are not allowed");
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
return (KORE_RESULT_ERROR);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
}
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_split_string(options, " ", argv, 3);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
if (argv[0] == NULL || argv[1] == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "invalid domain context");
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (strcmp(argv[1], "{")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "domain context not opened correctly");
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_ERROR);
Separate private keys from worker processes. Kore will now isolate RSA private keys to a separate process (keymgr). Worker processes that require RSA signing for TLS connections will communicate with this keymgr process in order to do so. This behaviour cannot be disabled and is always turned on.
2016-06-08 13:55:14 +02:00
}
if (strlen(argv[0]) >= KORE_DOMAINNAME_LEN - 1) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "domain name '%s' too long", argv[0]);
Separate private keys from worker processes. Kore will now isolate RSA private keys to a separate process (keymgr). Worker processes that require RSA signing for TLS connections will communicate with this keymgr process in order to do so. This behaviour cannot be disabled and is always turned on.
2016-06-08 13:55:14 +02:00
return (KORE_RESULT_ERROR);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
}
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
current_domain = kore_domain_new(argv[0]);
return (KORE_RESULT_OK);
}
static int
configure_attach(char *name)
{
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
struct kore_server *srv;
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "attach keyword not in domain context");
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if (current_domain->server != NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "domain '%s' already attached to server",
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
current_domain->domain);
return (KORE_RESULT_ERROR);
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if ((srv = kore_server_lookup(name)) == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "server '%s' does not exist", name);
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
return (KORE_RESULT_ERROR);
}
Allow multiple binds on new server directive.
2019-09-27 20:00:35 +02:00
if (!kore_domain_attach(current_domain, srv)) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "failed to attach '%s' to '%s'",
Allow listening of tls/notls ports at the same time. Before kore needed to be built with NOTLS=1 to be able to do non TLS connections. This has been like this for years. It is time to allow non TLS listeners without having to rebuild Kore. This commit changes your configuration format and will break existing applications their config. Configurations now get listener {} contexts: listen default { bind 127.0.0.1 8888 } The above will create a listener on 127.0.0.1, port 8888 that will serve TLS (still the default). If you want to turn off TLS on that listener, specify "tls no" in that context. Domains now need to be attached to a listener: Eg: domain * { attach default } For the Python API this kills kore.bind(), and kore.bind_unix(). They are replaced with: kore.listen("name", ip=None, port=None, path=None, tls=True).
2019-09-27 12:22:35 +02:00
current_domain->domain, name);
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
return (KORE_RESULT_ERROR);
Be more verbose when configuration errors pop up.
2013-09-22 20:11:56 +02:00
}
Add a form of synchronization between what worker will be accepting new connections and which ones will not be notified for it. Fixes the thundering herd problem, and nicely spreads out load between all the workers equally. A configuration option (workers_max_connections) is available to tweak how many connections a worker will have before giving up the accept lock. Two ways are added to this commit for access locking: - Locking via semaphores. - Locking via GCC's builtin atomic methods. The default is running with semaphores disabled (OpenBSD cannot do sem_init() with pshared set to 1, which is required). If you want to use semaphores add KORE_USE_SEMAPHORES to CFLAGS, and -lpthread to LDFLAGS in the Makefile. Other fixes: - BSD: add a timeout to kevent(). - Merge kore_worker_wait together, linux knows waitpid() as well. - Send the correct SIGQUIT signal to workers instead of SIGINT. - Fix kore_time_ms(). - Log fatal worker messages in syslog. - Refactor code even more. - Do not free our own kore_worker structure.
2013-06-26 16:37:22 +02:00
return (KORE_RESULT_OK);
}
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
#if !defined(KORE_NO_HTTP)
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_static_handler(char *options)
{
Replace static/dynamic with a single option: route Kore will automatically detect if a route is a dynamic or static one so there is no need for the configuration options to differ anymore.
2019-11-15 08:11:02 +01:00
kore_log(LOG_NOTICE, "static keyword removed, use route instead");
return (KORE_RESULT_ERROR);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
}
static int
configure_dynamic_handler(char *options)
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
{
Replace static/dynamic with a single option: route Kore will automatically detect if a route is a dynamic or static one so there is no need for the configuration options to differ anymore.
2019-11-15 08:11:02 +01:00
kore_log(LOG_NOTICE, "dynamic keyword removed, use route instead");
return (KORE_RESULT_ERROR);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
}
static int
Replace static/dynamic with a single option: route Kore will automatically detect if a route is a dynamic or static one so there is no need for the configuration options to differ anymore.
2019-11-15 08:11:02 +01:00
configure_route(char *options)
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
{
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
struct kore_route *rt;
int type;
char *argv[4];
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "route keyword not in domain context");
return (KORE_RESULT_ERROR);
}
if (current_route != NULL) {
kore_log(LOG_ERR, "nested route contexts not allowed");
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_split_string(options, " ", argv, 4);
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if (argv[1] == NULL || strcmp(argv[1], "{")) {
kore_log(LOG_ERR, "invalid route context");
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_ERROR);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
}
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
Replace static/dynamic with a single option: route Kore will automatically detect if a route is a dynamic or static one so there is no need for the configuration options to differ anymore.
2019-11-15 08:11:02 +01:00
if (*argv[0] == '/')
type = HANDLER_TYPE_STATIC;
else
type = HANDLER_TYPE_DYNAMIC;
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if ((rt = kore_route_create(current_domain, argv[0], type)) == NULL) {
kore_log(LOG_ERR,
"failed to create route handler for '%s'", argv[0]);
return (KORE_RESULT_ERROR);
}
current_route = rt;
return (KORE_RESULT_OK);
}
static int
configure_route_handler(char *name)
{
if (current_route == NULL) {
kore_log(LOG_ERR,
"handler keyword not inside of route context");
Add worker_rlimit_nofiles as a configurable option.
2014-07-31 09:14:03 +02:00
return (KORE_RESULT_ERROR);
Introduce new config option worker_accept_treshold This configuration option limits the maximum number of connections a worker process can accept() in a single event loop. It can be used to more evenly spread out incoming connections across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
}
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_route_callback(current_route, name);
return (KORE_RESULT_OK);
}
HTTP improvements. Introduce an on_headers callback for routes, allowing one to inspect the headers before the request is processed further. Additionall, Add a new way of obtaining HTTP headers. Much like http_argument_get_*() functions, these new APIs allow you to fetch the data of an HTTP header as a specified C type. The new APIs are: * http_request_header_int16() * http_request_header_uint16() * http_request_header_int32() * http_request_header_uint32() * http_request_header_int64() * http_request_header_uint64() * http_request_header_float() * http_request_header_double() Should make it easier to operate in HTTP header data in a safe way. No need to always roll your own string to int conversion functions.
2021-09-15 22:16:22 +02:00
static int
configure_route_on_headers(char *name)
{
if (current_route == NULL) {
kore_log(LOG_ERR,
"on_header keyword not inside of route context");
return (KORE_RESULT_ERROR);
}
if ((current_route->on_headers = kore_runtime_getcall(name)) == NULL) {
kore_log(LOG_ERR, "on_headers callback '%s' for '%s' not found",
name, current_route->path);
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
configure_route_on_body_chunk(char *name)
{
if (current_route == NULL) {
kore_log(LOG_ERR,
"on_body_chunk keyword not inside of route context");
return (KORE_RESULT_ERROR);
}
current_route->on_body_chunk = kore_runtime_getcall(name);
if (current_route->on_body_chunk == NULL) {
kore_log(LOG_ERR,
"on_body_chunk callback '%s' for '%s' not found",
name, current_route->path);
return (KORE_RESULT_ERROR);
}
Python: allow route hooks via kore.route(). Adding the hooks keyword with a dictionary attached to specify the relevant hooks will hook them for the given route. Eg: domain.route("/", self.index, methods=["get"], hooks={ "on_free": self.request_free } ) These are the same hooks available via a normal Kore route configuration.
2021-12-14 23:15:21 +01:00
return (KORE_RESULT_OK);
}
static int
configure_route_on_free(char *name)
{
if (current_route == NULL) {
kore_log(LOG_ERR,
"on_free keyword not inside of route context");
return (KORE_RESULT_ERROR);
}
if ((current_route->on_free = kore_runtime_getcall(name)) == NULL) {
kore_log(LOG_ERR, "on_free callback '%s' for '%s' not found",
name, current_route->path);
return (KORE_RESULT_ERROR);
}
Bring back page authentication via config. Inside of the new route handlers the "authenticate" keyword can be specified to let the route authenticate via a previously configured authentication block. The ability to do this went missing in a previous commit that overhauled the routing structure of the configuration.
2022-01-31 15:13:34 +01:00
return (KORE_RESULT_OK);
}
static int
configure_route_authenticate(char *name)
{
if (current_route == NULL) {
kore_log(LOG_ERR,
"authenticate keyword not inside of route context");
return (KORE_RESULT_ERROR);
}
current_route->auth = kore_auth_lookup(name);
if (current_route->auth == NULL) {
kore_log(LOG_ERR, "no such authentication '%s' for '%s' found",
name, current_route->path);
return (KORE_RESULT_ERROR);
}
HTTP improvements. Introduce an on_headers callback for routes, allowing one to inspect the headers before the request is processed further. Additionall, Add a new way of obtaining HTTP headers. Much like http_argument_get_*() functions, these new APIs allow you to fetch the data of an HTTP header as a specified C type. The new APIs are: * http_request_header_int16() * http_request_header_uint16() * http_request_header_int32() * http_request_header_uint32() * http_request_header_int64() * http_request_header_uint64() * http_request_header_float() * http_request_header_double() Should make it easier to operate in HTTP header data in a safe way. No need to always roll your own string to int conversion functions.
2021-09-15 22:16:22 +02:00
return (KORE_RESULT_OK);
}
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
static int
configure_route_methods(char *options)
{
int i, cnt;
char *argv[10];
if (current_route == NULL) {
kore_log(LOG_ERR,
"methods keyword not inside of route context");
return (KORE_RESULT_ERROR);
}
cnt = kore_split_string(options, " ", argv, 10);
if (cnt < 1) {
kore_log(LOG_ERR,
"bad methods option '%s', missing methods", options);
return (KORE_RESULT_ERROR);
}
current_route->methods = 0;
for (i = 0; i < cnt; i++) {
if (!strcasecmp(argv[i], "post")) {
current_route->methods |= HTTP_METHOD_POST;
} else if (!strcasecmp(argv[i], "get")) {
current_route->methods |= HTTP_METHOD_GET;
} else if (!strcasecmp(argv[i], "put")) {
current_route->methods |= HTTP_METHOD_PUT;
} else if (!strcasecmp(argv[i], "delete")) {
current_route->methods |= HTTP_METHOD_DELETE;
} else if (!strcasecmp(argv[i], "head")) {
current_route->methods |= HTTP_METHOD_HEAD;
} else if (!strcasecmp(argv[i], "patch")) {
current_route->methods |= HTTP_METHOD_PATCH;
Missing options for HTTP method restrictions. While Kore supports the OPTIONS method, it was not possible to specify this in the route methods configuration. Pointed out via discord.
2023-12-01 00:33:18 +01:00
} else if (!strcasecmp(argv[i], "options")) {
current_route->methods |= HTTP_METHOD_OPTIONS;
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
} else {
kore_log(LOG_ERR, "unknown method: %s in method for %s",
argv[i], current_route->path);
return (KORE_RESULT_ERROR);
}
}
Introduce new config option worker_accept_treshold This configuration option limits the maximum number of connections a worker process can accept() in a single event loop. It can be used to more evenly spread out incoming connections across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
return (KORE_RESULT_OK);
}
Add a "return" configuration option. This hooks into the existing redirection framework but allows you to quickly deny certain paths with a 403 or other status code. The snippet below would for example declare a filemap served from 'www' directory but denying all access to the files under the 'data' directory: filemap / www deny /data 403
2020-03-03 11:28:16 +01:00
static int
configure_return(char *options)
{
char *argv[3];
int elm, status, err;
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "return keyword not in domain context");
Add a "return" configuration option. This hooks into the existing redirection framework but allows you to quickly deny certain paths with a 403 or other status code. The snippet below would for example declare a filemap served from 'www' directory but denying all access to the files under the 'data' directory: filemap / www deny /data 403
2020-03-03 11:28:16 +01:00
return (KORE_RESULT_ERROR);
}
elm = kore_split_string(options, " ", argv, 3);
if (elm != 2) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "missing parameters for return");
Add a "return" configuration option. This hooks into the existing redirection framework but allows you to quickly deny certain paths with a 403 or other status code. The snippet below would for example declare a filemap served from 'www' directory but denying all access to the files under the 'data' directory: filemap / www deny /data 403
2020-03-03 11:28:16 +01:00
return (KORE_RESULT_ERROR);
}
status = kore_strtonum(argv[1], 10, 400, 600, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"invalid status code on return (%s)", argv[1]);
Add a "return" configuration option. This hooks into the existing redirection framework but allows you to quickly deny certain paths with a 403 or other status code. The snippet below would for example declare a filemap served from 'www' directory but denying all access to the files under the 'data' directory: filemap / www deny /data 403
2020-03-03 11:28:16 +01:00
return (KORE_RESULT_ERROR);
}
if (!http_redirect_add(current_domain, argv[0], status, NULL)) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "invalid regex on return path");
Add a "return" configuration option. This hooks into the existing redirection framework but allows you to quickly deny certain paths with a 403 or other status code. The snippet below would for example declare a filemap served from 'www' directory but denying all access to the files under the 'data' directory: filemap / www deny /data 403
2020-03-03 11:28:16 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add support for config based redirection. Inside the domain contexts a 'redirect' rule will allow you to redirect a request to another URI. Ex: Redirect all requests with a 301 to example.com redirect ^/.*$ 301 https://example.com Using capture groups redirect ^/account/(.*)$ 301 https://example.com/account/$1 Adding the query string in the mix redirect ^/(.*)$ 301 https://example.com/$1?$qs
2020-02-07 06:42:33 +01:00
static int
configure_redirect(char *options)
{
char *argv[4];
int elm, status, err;
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "redirect keyword not in domain context");
Add support for config based redirection. Inside the domain contexts a 'redirect' rule will allow you to redirect a request to another URI. Ex: Redirect all requests with a 301 to example.com redirect ^/.*$ 301 https://example.com Using capture groups redirect ^/account/(.*)$ 301 https://example.com/account/$1 Adding the query string in the mix redirect ^/(.*)$ 301 https://example.com/$1?$qs
2020-02-07 06:42:33 +01:00
return (KORE_RESULT_ERROR);
}
elm = kore_split_string(options, " ", argv, 4);
if (elm != 3) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "missing parameters for redirect");
Add support for config based redirection. Inside the domain contexts a 'redirect' rule will allow you to redirect a request to another URI. Ex: Redirect all requests with a 301 to example.com redirect ^/.*$ 301 https://example.com Using capture groups redirect ^/account/(.*)$ 301 https://example.com/account/$1 Adding the query string in the mix redirect ^/(.*)$ 301 https://example.com/$1?$qs
2020-02-07 06:42:33 +01:00
return (KORE_RESULT_ERROR);
}
status = kore_strtonum(argv[1], 10, 300, 399, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"invalid status code on redirect (%s)", argv[1]);
Add support for config based redirection. Inside the domain contexts a 'redirect' rule will allow you to redirect a request to another URI. Ex: Redirect all requests with a 301 to example.com redirect ^/.*$ 301 https://example.com Using capture groups redirect ^/account/(.*)$ 301 https://example.com/account/$1 Adding the query string in the mix redirect ^/(.*)$ 301 https://example.com/$1?$qs
2020-02-07 06:42:33 +01:00
return (KORE_RESULT_ERROR);
}
if (!http_redirect_add(current_domain, argv[0], status, argv[2])) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "invalid regex on redirect path");
Add support for config based redirection. Inside the domain contexts a 'redirect' rule will allow you to redirect a request to another URI. Ex: Redirect all requests with a 301 to example.com redirect ^/.*$ 301 https://example.com Using capture groups redirect ^/account/(.*)$ 301 https://example.com/account/$1 Adding the query string in the mix redirect ^/(.*)$ 301 https://example.com/$1?$qs
2020-02-07 06:42:33 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
static int
configure_filemap(char *options)
{
Allow authenticators on filemaps. This commit introduces the ability to add authenticators to filemaps. Just like in normal routes, the authenticators will be resolved first before allowing access to the filemap entries. Configuration wise, the authenticator is an optional value after the filemap config directive: filemap / webroot myauth In the Python API you can now pass the authenticator for a filemap entry but turning the value of the filemap into a tuple with the first entry being the path and the second being the auth dict: AUTH AUTH={ "type": "cookie", "value": "cookiename", "redirect": "/auth/", "verify": verify_cookie } domain.filemaps({ "/css/": "webroot/css", "/secret/": ("webroot/secret", AUTH) })
2022-08-10 10:13:01 +02:00
char *argv[4];
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
if (current_domain == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "filemap keyword not in domain context");
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
return (KORE_RESULT_ERROR);
}
Allow authenticators on filemaps. This commit introduces the ability to add authenticators to filemaps. Just like in normal routes, the authenticators will be resolved first before allowing access to the filemap entries. Configuration wise, the authenticator is an optional value after the filemap config directive: filemap / webroot myauth In the Python API you can now pass the authenticator for a filemap entry but turning the value of the filemap into a tuple with the first entry being the path and the second being the auth dict: AUTH AUTH={ "type": "cookie", "value": "cookiename", "redirect": "/auth/", "verify": verify_cookie } domain.filemaps({ "/css/": "webroot/css", "/secret/": ("webroot/secret", AUTH) })
2022-08-10 10:13:01 +02:00
kore_split_string(options, " ", argv, 4);
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
if (argv[0] == NULL || argv[1] == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "missing parameters for filemap");
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
return (KORE_RESULT_ERROR);
}
Be better.
2022-08-10 10:20:18 +02:00
if (kore_filemap_create(current_domain,
argv[1], argv[0], argv[2]) == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "cannot create filemap for %s", argv[1]);
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Introduce new config option worker_accept_treshold This configuration option limits the maximum number of connections a worker process can accept() in a single event loop. It can be used to more evenly spread out incoming connections across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_accesslog(char *path)
Introduce new config option worker_accept_treshold This configuration option limits the maximum number of connections a worker process can accept() in a single event loop. It can be used to more evenly spread out incoming connections across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
{
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (current_domain == NULL) {
kore_debug() has been unused for years. Kill all useless messages, convert useful ones into kore_log() instead.
2022-08-18 15:20:55 +02:00
kore_log(LOG_ERR, "accesslog not specified in domain context");
Introduce new config option worker_accept_treshold This configuration option limits the maximum number of connections a worker process can accept() in a single event loop. It can be used to more evenly spread out incoming connections across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
return (KORE_RESULT_ERROR);
Add new configuration option: worker_set_affinity. Controls wether or not worker processes sets its affinity mask to bind themselves to a single CPU. Defaults to on (1).
2015-04-27 10:36:33 +02:00
}
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (current_domain->accesslog != -1) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "domain '%s' already has an open accesslog",
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
current_domain->domain);
Add new configuration option: worker_set_affinity. Controls wether or not worker processes sets its affinity mask to bind themselves to a single CPU. Defaults to on (1).
2015-04-27 10:36:33 +02:00
return (KORE_RESULT_ERROR);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
}
Add new configuration option: worker_set_affinity. Controls wether or not worker processes sets its affinity mask to bind themselves to a single CPU. Defaults to on (1).
2015-04-27 10:36:33 +02:00
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
current_domain->accesslog = open(path,
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
O_CREAT | O_APPEND | O_WRONLY,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (current_domain->accesslog == -1) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "accesslog open(%s): %s", path, errno_s);
Allow restriction of methods for paths. Now Kore will automatically send a 400 bad request in case the method was not allowed on the path.
2018-07-17 14:23:57 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add filemap_ext configuration option. Allows you to specify the default extensions used for a file served via a filemap, eg: filemap_ext .html Gives us ability to provide clean urls.
2018-07-03 19:58:43 +02:00
static int
configure_filemap_ext(char *ext)
{
kore_free(kore_filemap_ext);
kore_filemap_ext = kore_strdup(ext);
return (KORE_RESULT_OK);
}
filemap and fileref improvements. - make sure we can serve updated files even if we have an old fileref around. - add filemap_index as a configuration option: allows one to specify what file to serve if a directory was requested (eg: index.html)
2018-06-28 23:00:42 +02:00
static int
configure_filemap_index(char *index)
{
kore_free(kore_filemap_index);
kore_filemap_index = kore_strdup(index);
return (KORE_RESULT_OK);
}
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
static int
configure_http_media_type(char *type)
{
int i;
char *extensions, *ext[10];
extensions = strchr(type, ' ');
if (extensions == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad http_media_type value '%s'", type);
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
return (KORE_RESULT_ERROR);
}
*(extensions)++ = '\0';
kore_split_string(extensions, " \t", ext, 10);
for (i = 0; ext[i] != NULL; i++) {
if (!http_media_register(ext[i], type)) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"duplicate extension found '%s'", ext[i]);
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
return (KORE_RESULT_ERROR);
}
}
if (i == 0) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "missing extensions in '%s'", type);
Add filemaps. A filemap is a way of telling Kore to serve files from a directory much like a traditional webserver can do. Kore filemaps only handles files. Kore does not generate directory indexes or deal with non-regular files. The way files are sent to a client differs a bit per platform and build options: default: - mmap() backed file transfer due to TLS. NOTLS=1 - sendfile() under FreeBSD, macOS and Linux. - mmap() backed file for OpenBSD. The opened file descriptors/mmap'd regions are cached and reused when appropriate. If a file is no longer in use it will be closed and evicted from the cache after 30 seconds. New API's are available allowing developers to use these facilities via: void net_send_fileref(struct connection *, struct kore_fileref *); void http_response_fileref(struct http_request *, struct kore_fileref *); Kore will attempt to match media types based on file extensions. A few default types are built-in. Others can be added via the new "http_media_type" configuration directive.
2018-06-28 13:27:44 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_http_header_max(char *option)
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
http_header_max = kore_strtonum(option, 10, 1, 65535, &err);
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad http_header_max value '%s'", option);
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_[header|body]_timeout. If the HTTP request headers or the HTTP body have not arrived before these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
static int
configure_http_header_timeout(char *option)
{
int err;
http_header_timeout = kore_strtonum(option, 10, 1, 65535, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad http_header_timeout value '%s'", option);
Add http_[header|body]_timeout. If the HTTP request headers or the HTTP body have not arrived before these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_http_body_max(char *option)
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
{
int err;
unfuck parsing http_body_max.
2017-02-06 21:28:33 +01:00
http_body_max = kore_strtonum(option, 10, 0, LONG_MAX, &err);
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad http_body_max value '%s'", option);
Add http_header_max and http_postbody_max configuration variables. - http_header_max: Maximum size of HTTP headers (in non SPDY connections). - http_postbody_max: Maximum size of an HTTP POST body (both in SPDY and HTTP mode). Right now Kore will simply DC the client, ideally we want to send a 413 (entity too large) to the client however. See modules/examples/module.conf for more.
2013-09-22 20:05:24 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_[header|body]_timeout. If the HTTP request headers or the HTTP body have not arrived before these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
static int
configure_http_body_timeout(char *option)
{
int err;
http_body_timeout = kore_strtonum(option, 10, 1, 65535, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad http_body_timeout value '%s'", option);
Add http_[header|body]_timeout. If the HTTP request headers or the HTTP body have not arrived before these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_http_body_disk_offload(char *option)
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
http_body_disk_offload = kore_strtonum(option, 10, 0, LONG_MAX, &err);
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad http_body_disk_offload value '%s'", option);
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_http_body_disk_path(char *path)
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
{
Properly check if path was already set.
2016-01-18 11:43:10 +01:00
if (strcmp(http_body_disk_path, HTTP_BODY_DISK_PATH))
Large changes to the memory subsystem in kore. - Change pools to use mmap() for allocating regions. - Change kore_malloc() to use pools for commonly sized objects. (split into multiple of 2 buckets, starting at 8 bytes up to 8192). - Rename kore_mem_free() to kore_free(). The preallocated pools will hold up to 128K of elements per block size. In case a larger object is to be allocated kore_malloc() will use malloc() instead.
2016-07-12 13:54:14 +02:00
kore_free(http_body_disk_path);
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
http_body_disk_path = kore_strdup(path);
Massive rework of HTTP layer. This commit is a flag day, your old modules will almost certainly need to be updated in order to build properly with these changes. Summary of changes: - Offload HTTP bodies to disk if they are large (inspired by #100). (disabled by default) - The http_argument_get* macros now takes an explicit http_request parameter. - Kore will now throw 404 errors almost immediately after an HTTP request has come in instead of waiting until all data has arrived. API changes: - http_argument_get* macros now require an explicit http_request parameter. (no more magic invokations). - http_generic_404() is gone - http_populate_arguments() is gone - http_body_bytes() is gone - http_body_text() is gone - http_body_read() has been added - http_populate_post() has been added - http_populate_get() has been added - http_file_read() has been added - http_file_rewind() has been added - http_file_lookup() no longer takes name, fname, data and len parameters. - http_file_lookup() now returns a struct http_file pointer. - http_populate_multipart_form() no longer takes an secondary parameter. New configuration options: - http_body_disk_offload: Number of bytes after which Kore will offload the HTTP body to disk instead of retaining it in memory. If 0 this feature is disabled. (Default: 0) - http_body_disk_path: The path where Kore will store temporary HTTP body files. (this directory does not get created if http_body_disk_offload is 0). New example: The upload example has been added, demonstrating how to deal with file uploads from a multipart form.
2016-01-18 11:30:22 +01:00
return (KORE_RESULT_OK);
}
Add the http_server_version configuration option. This allows setting a custom server header from the config file, for example to mask the version number.
2020-02-18 22:29:41 +01:00
static int
configure_http_server_version(char *version)
{
http_server_version(version);
return (KORE_RESULT_OK);
}
Add the http_pretty_error configuration option. When enabled, Kore returns HTML error pages for status codes 4xx and 5xx instead of empty content.
2020-03-03 12:53:18 +01:00
static int
configure_http_pretty_error(char *yesno)
{
if (!strcmp(yesno, "no")) {
http_pretty_error = 0;
} else if (!strcmp(yesno, "yes")) {
http_pretty_error = 1;
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"invalid '%s' for yes|no http_pretty_error option", yesno);
Add the http_pretty_error configuration option. When enabled, Kore returns HTML error pages for status codes 4xx and 5xx instead of empty content.
2020-03-03 12:53:18 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_http_hsts_enable(char *option)
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
http_hsts_enable = kore_strtonum(option, 10, 0, LONG_MAX, &err);
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad http_hsts_enable value '%s'", option);
Add http_hsts_enable (enabled by default with max-age=31536000) to Kore's configuration file. If enabled Kore adds the HSTS header to every response. - Additionally, fix some typos in the example configuration. - Change default SSL cipher list again, no more RC4 and almost PFS for all browsers.
2013-10-15 10:44:56 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_keepalive_time configuration parameter. Allows you to configure maximum amount of seconds an HTTP connection can stay open (does not affect SPDY connections). If set to 0 it will disable keep-alive all together. Add some inttypes fluff.
2013-10-15 11:10:45 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_http_keepalive_time(char *option)
Add http_keepalive_time configuration parameter. Allows you to configure maximum amount of seconds an HTTP connection can stay open (does not affect SPDY connections). If set to 0 it will disable keep-alive all together. Add some inttypes fluff.
2013-10-15 11:10:45 +02:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
http_keepalive_time = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
Add http_keepalive_time configuration parameter. Allows you to configure maximum amount of seconds an HTTP connection can stay open (does not affect SPDY connections). If set to 0 it will disable keep-alive all together. Add some inttypes fluff.
2013-10-15 11:10:45 +02:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad http_keepalive_time value '%s'", option);
Add http_keepalive_time configuration parameter. Allows you to configure maximum amount of seconds an HTTP connection can stay open (does not affect SPDY connections). If set to 0 it will disable keep-alive all together. Add some inttypes fluff.
2013-10-15 11:10:45 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add http_request_ms configuration option. This option allows a user to finetune the number of milliseconds a worker process will max spend inside the http_process() loop. By default this is 10ms.
2018-03-14 13:41:17 +01:00
static int
configure_http_request_ms(char *option)
{
int err;
http_request_ms = kore_strtonum(option, 10, 0, UINT_MAX, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad http_request_ms value '%s'", option);
Add http_request_ms configuration option. This option allows a user to finetune the number of milliseconds a worker process will max spend inside the http_process() loop. By default this is 10ms.
2018-03-14 13:41:17 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_http_request_limit(char *option)
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
http_request_limit = kore_strtonum(option, 10, 0, UINT_MAX, &err);
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad http_request_limit value '%s'", option);
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_validator(char *name)
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
{
u_int8_t type;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
char *tname, *value;
if ((tname = strchr(name, ' ')) == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "missing validator name");
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
return (KORE_RESULT_ERROR);
}
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
*(tname)++ = '\0';
tname = kore_text_trim(tname, strlen(tname));
if ((value = strchr(tname, ' ')) == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "missing validator value");
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
return (KORE_RESULT_ERROR);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
}
*(value)++ = '\0';
value = kore_text_trim(value, strlen(value));
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (!strcmp(tname, "regex")) {
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
type = KORE_VALIDATOR_TYPE_REGEX;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
} else if (!strcmp(tname, "function")) {
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
type = KORE_VALIDATOR_TYPE_FUNCTION;
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad type '%s' for validator '%s'", tname, name);
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (!kore_validator_add(name, type, value)) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad validator specified for '%s'", name);
Add validators to kore, specified in the configuration using 'validator' keyword. Example: validator v_id function v_id_function validator v_url regex ^/url/path/[a-z]*$ You can then call these using kore_validator_run(char *, char *), example: if (!kore_validator_run("v_url", req->path)) [req->path is bad];
2013-11-09 16:21:52 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
static int
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
configure_validate(char *options)
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
{
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
struct kore_validator *val;
struct kore_route_params *param;
char *method, *argv[4];
int flags, http_method;
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if (kore_split_string(options, " ", argv, 4) != 3) {
kore_log(LOG_ERR,
"validate keyword needs 3 args: method param validator");
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
return (KORE_RESULT_ERROR);
}
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
flags = 0;
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
if ((method = strchr(argv[0], ':')) != NULL) {
*(method)++ = '\0';
if (!strcasecmp(argv[0], "qs")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
flags = KORE_PARAMS_QUERY_STRING;
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"unknown validate method prefix '%s' for '%s'",
argv[0], current_route->path);
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
return (KORE_RESULT_ERROR);
}
} else {
method = argv[0];
}
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if ((val = kore_validator_lookup(argv[2])) == NULL) {
kore_log(LOG_ERR, "unknown validator '%s'", argv[2]);
return (KORE_RESULT_ERROR);
}
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
if (!strcasecmp(method, "post")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
http_method = HTTP_METHOD_POST;
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
} else if (!strcasecmp(method, "get")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
http_method = HTTP_METHOD_GET;
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
/* Let params get /foo {} imply qs:get automatically. */
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
flags |= KORE_PARAMS_QUERY_STRING;
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
} else if (!strcasecmp(method, "put")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
http_method = HTTP_METHOD_PUT;
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
} else if (!strcasecmp(method, "delete")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
http_method = HTTP_METHOD_DELETE;
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
} else if (!strcasecmp(method, "head")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
http_method = HTTP_METHOD_HEAD;
Allow param blocks to be marked as "querystring" Before params get would mean querystring and anything else would just count toward a www-encoded body. Now you can prefix the params block with "qs" indicating that those configured parameters are allowed to occur in the query string regardless of the method used. This means you can do something like: params qs:post /uri { ... } to specify what the allowed parameters are in the querystring for a POST request towards /uri. inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
} else if (!strcasecmp(method, "patch")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
http_method = HTTP_METHOD_PATCH;
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "unknown method: %s in validator for %s",
method, current_route->path);
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
return (KORE_RESULT_ERROR);
}
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
if (!(current_route->methods & http_method)) {
kore_log(LOG_ERR, "method '%s' not enabled for route '%s'",
method, current_route->path);
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
return (KORE_RESULT_ERROR);
}
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
param = kore_calloc(1, sizeof(*param));
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
param->flags = flags;
param->validator = val;
param->method = http_method;
param->name = kore_strdup(argv[1]);
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
TAILQ_INSERT_TAIL(&current_route->params, param, list);
Kore now supports GET parameters and automatic validation of GET/POST parameters. Kore will automatically removes invalid parameters as a security measure. See modules/examples/module.conf for an example of how this works.
2013-11-10 15:17:15 +01:00
return (KORE_RESULT_OK);
}
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_authentication(char *options)
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
{
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
char *argv[3];
if (current_auth != NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "previous authentication block not closed");
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_split_string(options, " ", argv, 3);
if (argv[1] == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "missing name for authentication block");
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (strcmp(argv[1], "{")) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "missing { for authentication block");
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (!kore_auth_new(argv[0]))
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
current_auth = kore_auth_lookup(argv[0]);
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_authentication_type(char *option)
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
{
if (current_auth == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"authentication_type keyword not in correct context");
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (!strcmp(option, "cookie")) {
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
current_auth->type = KORE_AUTH_TYPE_COOKIE;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
} else if (!strcmp(option, "header")) {
Add header as an option for authentication blocks
2014-01-22 23:11:52 +01:00
current_auth->type = KORE_AUTH_TYPE_HEADER;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
} else if (!strcmp(option, "request")) {
"request" auth blocks should set their own response.
2015-02-04 12:04:07 +01:00
current_auth->type = KORE_AUTH_TYPE_REQUEST;
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "unknown authentication type '%s'", option);
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_authentication_value(char *option)
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
{
if (current_auth == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"authentication_value keyword not in correct context");
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (current_auth->value != NULL)
Large changes to the memory subsystem in kore. - Change pools to use mmap() for allocating regions. - Change kore_malloc() to use pools for commonly sized objects. (split into multiple of 2 buckets, starting at 8 bytes up to 8192). - Rename kore_mem_free() to kore_free(). The preallocated pools will hold up to 128K of elements per block size. In case a larger object is to be allocated kore_malloc() will use malloc() instead.
2016-07-12 13:54:14 +02:00
kore_free(current_auth->value);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
current_auth->value = kore_strdup(option);
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_authentication_validator(char *validator)
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
{
struct kore_validator *val;
if (current_auth == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"authentication_validator not in correct context");
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if ((val = kore_validator_lookup(validator)) == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"authentication validator '%s' not found", validator);
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
current_auth->validator = val;
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_authentication_uri(char *uri)
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
{
if (current_auth == NULL) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"authentication_uri keyword not in correct context");
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_ERROR);
}
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (current_auth->redirect != NULL)
Large changes to the memory subsystem in kore. - Change pools to use mmap() for allocating regions. - Change kore_malloc() to use pools for commonly sized objects. (split into multiple of 2 buckets, starting at 8 bytes up to 8192). - Rename kore_mem_free() to kore_free(). The preallocated pools will hold up to 128K of elements per block size. In case a larger object is to be allocated kore_malloc() will use malloc() instead.
2016-07-12 13:54:14 +02:00
kore_free(current_auth->redirect);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
current_auth->redirect = kore_strdup(uri);
Add authentication blocks for Kore. Using authentication blocks one can define "authentication" mechanisms in Kore for page handlers. This can be used to require a session cookie (validated by your own validator) for certain page handlers, and hopefully in the future provide a framework for adding more authentication things (like HTTP Auth). Right now only cookie checking is available.
2014-01-22 22:55:10 +01:00
return (KORE_RESULT_OK);
}
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_websocket_maxframe(char *option)
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_websocket_maxframe = kore_strtonum64(option, 1, &err);
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad kore_websocket_maxframe value '%s'", option);
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_websocket_timeout(char *option)
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_websocket_timeout = kore_strtonum64(option, 1, &err);
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad kore_websocket_timeout value '%s'", option);
Add websocket support to Kore. Introduces a few new api functions: - kore_websocket_handshake(struct http_request *): Performs the handshake on an HTTP request (coming from page handler) - kore_websocket_send(struct connection *, u_int8_t, void *, size_t): Sends data to a websocket connection. - kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int): Broadcast the given websocket op and data to all connected websocket clients on the worker. Note that as of right now the WEBSOCKET_BROADCAST_GLOBAL scope option does not work yet and messages broadcasted will be restricted to workers only. - kore_worker_websocket_broadcast(struct connection *, void *, void *): Backend function used by kore_websocket_broadcast(). Could prove useful for developers to have access to. A simple example is given under examples/websocket. Known issues: Kore does not support PING or CONT frames just yet.
2014-11-24 11:01:12 +01:00
return (KORE_RESULT_ERROR);
}
kore_websocket_timeout = kore_websocket_timeout * 1000;
return (KORE_RESULT_OK);
}
Spacing
2015-11-27 18:12:08 +01:00
#endif /* !KORE_NO_HTTP */
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
Add a logfile configuration option. This will log all output from Kore processes to the specified file.
2021-09-10 13:34:57 +02:00
static int
configure_logfile(char *path)
{
kore_log_file(path);
return (KORE_RESULT_OK);
}
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_workers(char *option)
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
{
int err;
Add kore.sendmsg(object, worker=None) to the python api. This allows you to send Python objects that can be run through pickle to other worker processes. If your application implements koreapp.onmsg() you will be able to receive these objects.
2019-10-16 12:05:27 +02:00
worker_count = kore_strtonum(option, 10, 1, KORE_WORKER_MAX, &err);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad value for worker '%s'", option);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_pidfile(char *path)
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
{
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
if (strcmp(kore_pidfile, KORE_PIDFILE_DEFAULT))
Large changes to the memory subsystem in kore. - Change pools to use mmap() for allocating regions. - Change kore_malloc() to use pools for commonly sized objects. (split into multiple of 2 buckets, starting at 8 bytes up to 8192). - Rename kore_mem_free() to kore_free(). The preallocated pools will hold up to 128K of elements per block size. In case a larger object is to be allocated kore_malloc() will use malloc() instead.
2016-07-12 13:54:14 +02:00
kore_free(kore_pidfile);
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_pidfile = kore_strdup(path);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_max_connections(char *option)
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
worker_max_connections = kore_strtonum(option, 10, 1, UINT_MAX, &err);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad value for worker_max_connections '%s'", option);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_rlimit_nofiles(char *option)
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
worker_rlimit_nofiles = kore_strtonum(option, 10, 1, UINT_MAX, &err);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad value for worker_rlimit_nofiles '%s'", option);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_accept_threshold(char *option)
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
worker_accept_threshold = kore_strtonum(option, 0, 1, UINT_MAX, &err);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad value for worker_accept_threshold '%s'\n", option);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_ERROR);
Add worker_death_policy setting. By default kore will restart worker processes if they terminate unexpected. However in certain scenarios you may want to bring down an entire kore instance if a worker process fails. By setting worker_death_policy to "terminate" the Kore server will completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
}
return (KORE_RESULT_OK);
}
static int
configure_death_policy(char *option)
{
if (!strcmp(option, "restart")) {
worker_policy = KORE_WORKER_POLICY_RESTART;
} else if (!strcmp(option, "terminate")) {
worker_policy = KORE_WORKER_POLICY_TERMINATE;
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad value for worker_death_policy '%s'\n", option);
Add worker_death_policy setting. By default kore will restart worker processes if they terminate unexpected. However in certain scenarios you may want to bring down an entire kore instance if a worker process fails. By setting worker_death_policy to "terminate" the Kore server will completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
return (KORE_RESULT_ERROR);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
}
return (KORE_RESULT_OK);
}
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_set_affinity(char *option)
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
worker_set_affinity = kore_strtonum(option, 10, 0, 1, &err);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad value for worker_set_affinity '%s'", option);
Introduce NOHTTP=1 build option. This basically turns off the HTTP layer for Kore. It does not compile in anything for HTTP. This allows Kore to be used as a network application platform as well. Added an example for this called nohttp. Other changes that sneaked in while hacking on this: * Use calloc(), kill pendantic malloc option. * Killed off SPDY/3.1 support completely, will be superseded by http2 Note that comes with massive changes to a lot of the core API functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_socket_backlog(char *option)
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_socket_backlog = kore_strtonum(option, 10, 0, UINT_MAX, &err);
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad socket_backlog value: '%s'", option);
Improve very heavy load handling. Introduces two new configuration knobs: * socket_backlog (backlog for listen(2)) * http_request_limit The second one is the most interesting one. Before, kore would iterate over all received HTTP requests in its queue before returning out of http_process(). Under heavy load this queue can cause Kore to spend a considerable amount of time iterating over said queue. With the http_request_limit, kore will process at MOST http_request_limit requests before returning back to the event loop. This means responses to processed requests are sent out much quicker and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#if defined(KORE_USE_PGSQL)
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_pgsql_conn_max(char *option)
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
{
int err;
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
pgsql_conn_max = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad value for pgsql_conn_max '%s'", option);
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add pgsql_queue_limit configuration option. Limits the number of queued asynchronous queries kore will allow before starting to return errors for KORE_PGSQL_ASYNC setups. By default set to 1000. Avoids uncontrolled growth of the pgsql_queue_wait pool.
2018-02-13 13:21:27 +01:00
static int
configure_pgsql_queue_limit(char *option)
{
int err;
pgsql_queue_limit = kore_strtonum(option, 10, 0, UINT_MAX, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad value for pgsql_queue_limit '%s'", option);
Add pgsql_queue_limit configuration option. Limits the number of queued asynchronous queries kore will allow before starting to return errors for KORE_PGSQL_ASYNC setups. By default set to 1000. Avoids uncontrolled growth of the pgsql_queue_wait pool.
2018-02-13 13:21:27 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add task_threads configuration option. Before Kore would spawn a task thread per task started if none were available. This was an obvious bad idiom but never really hit me hard until now. Kore will now only spawn as many task threads as configured by "task_threads" and queue up any newly started tasks ontop of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
#endif
#if defined(KORE_USE_TASKS)
static int
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
configure_task_threads(char *option)
Add task_threads configuration option. Before Kore would spawn a task thread per task started if none were available. This was an obvious bad idiom but never really hit me hard until now. Kore will now only spawn as many task threads as configured by "task_threads" and queue up any newly started tasks ontop of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
{
int err;
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
Redo config parsing a bit. No longer just call kore_string_split() on the line but separate out the configuration directive and let the appropriate callbacks parse things on their own.
2016-02-01 21:33:51 +01:00
kore_task_threads = kore_strtonum(option, 10, 0, UCHAR_MAX, &err);
Add task_threads configuration option. Before Kore would spawn a task thread per task started if none were available. This was an obvious bad idiom but never really hit me hard until now. Kore will now only spawn as many task threads as configured by "task_threads" and queue up any newly started tasks ontop of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad value for task_threads: '%s'", option);
Add task_threads configuration option. Before Kore would spawn a task thread per task started if none were available. This was an obvious bad idiom but never really hit me hard until now. Kore will now only spawn as many task threads as configured by "task_threads" and queue up any newly started tasks ontop of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Add pgsql_conn_max configuration parameter. Allows you to tune how many pgsql connections kore will make at one time.
2014-07-04 09:14:05 +02:00
#endif
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
static int
configure_deployment(char *value)
{
Add a docker python kore.config.deployment setting. This keeps kore in the foreground will still doing privsep. Useful with upcoming official kore docker images.
2021-05-10 10:27:32 +02:00
if (!strcmp(value, "docker")) {
kore_foreground = 1;
be explicit
2021-05-10 10:32:54 +02:00
skip_runas = 0;
skip_chroot = 0;
Add a docker python kore.config.deployment setting. This keeps kore in the foreground will still doing privsep. Useful with upcoming official kore docker images.
2021-05-10 10:27:32 +02:00
} else if (!strcmp(value, "dev") || !strcmp(value, "development")) {
rename foreground to kore_foreground.
2021-01-11 23:35:16 +01:00
kore_foreground = 1;
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
skip_runas = 1;
skip_chroot = 1;
} else if (!strcmp(value, "production")) {
rename foreground to kore_foreground.
2021-01-11 23:35:16 +01:00
kore_foreground = 0;
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
skip_runas = 0;
skip_chroot = 0;
} else {
kore_log(LOG_NOTICE,
Major Python API improvements. 1) Add @kore.route as a decorator for Python. This decorator can be used on non-class methods to automatically declare their route and parameters. Takes the same arguments as the kore.domain.route function that exists today. Provides a nice clean way of setting up Kore if you dont want a whole class based approach. 2) Remove the requirement for the name for kore.server() and the kore.domain(attach=) keywords. Instead of no name was given, the name "default" is used in both places resulting in less boilerplating. 3) Allow multiple routes to be defined for the same URI as long as the methods are different. So you can have one method for GET / and another for POST /. All changes combined condense the initial experience of getting a Kore Python app up and running: eg: import kore kore.server(ip="127.0.0.1", port="8888", tls=False) kore.domain("*") @kore.route("/", methods=["get"]) async def index(req): req.response(200, b'get method') @kore.route("/", methods=["post"]) async def index_post(req) req.response(200, b'post method')
2021-05-02 00:23:11 +02:00
"kore.config.deployment: bad value '%s'", value);
Many many Python improvements. - Kore can now fully be configured via Python code if one wants nothing to do with configuration files. - Kore can now start single python files and no longer requires them to be inside a module directory. - Pass all regex capture groups to the handler methods, allowing you to get access to them immediately. - Change python websocket_handshake to take callable objects directly. - Added a new deployment configuration option. If set to "dev" or "development" Kore will automatically foreground, no chroot / etc. If set to "production" Kore *will* chroot, drop privs, etc. - Many more.. These are all backported from a project that I was working on a while ago. I decided these should go back into mainline Kore.
2019-09-26 15:49:00 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
Initial lua runtime. Works enough so one can do basic configuration and handle HTTP.
2023-01-21 23:41:35 +01:00
#if defined(KORE_USE_PYTHON)
bring back python_import and python_path. These were mistakingly removed a while ago.
2021-10-20 11:20:25 +02:00
static int
configure_python_path(char *path)
{
kore_python_path(path);
return (KORE_RESULT_OK);
}
static int
configure_python_import(char *module)
{
char *argv[3];
kore_split_string(module, " ", argv, 3);
if (argv[0] == NULL)
return (KORE_RESULT_ERROR);
kore_module_load(argv[0], argv[1], KORE_MODULE_PYTHON);
return (KORE_RESULT_OK);
}
Add initial python support. Based on work done by Stanislav Yudin.
2017-01-12 23:38:51 +01:00
#endif
Add pledge support under OpenBSD. All worker processes will now call pledge(2) after dropping privileges (even if -rn was specified). By default Kore will use the following promises: "stdio rpath inet error" If your application requires more privileges, you can add more pledges by setting them in your configuration using the 'pledge' directive: pledge dns wpath
2018-07-31 06:51:34 +02:00
#if defined(KORE_USE_PLATFORM_PLEDGE)
static int
configure_add_pledge(char *pledge)
{
kore_platform_add_pledge(pledge);
return (KORE_RESULT_OK);
}
#endif
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
#if defined(KORE_USE_CURL)
static int
configure_curl_recv_max(char *option)
{
int err;
kore_curl_recv_max = kore_strtonum64(option, 1, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad curl_recv_max value '%s'\n", option);
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
static int
configure_curl_timeout(char *option)
{
int err;
kore_curl_timeout = kore_strtonum(option, 10, 0, USHRT_MAX, &err);
if (err != KORE_RESULT_OK) {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR, "bad kore_curl_timeout value: '%s'", option);
Add asynchronous libcurl support. This commit adds the CURL=1 build option. When enabled allows you to schedule CURL easy handles onto the Kore event loop. It also adds an easy to use HTTP client API that abstracts away the settings required from libcurl to make HTTP requests. Tied together with HTTP request state machines this means you can write fully asynchronous HTTP client requests in an easy way. Additionally this exposes that API to the Python code as well allowing you do to things like: client = kore.httpclient("https://kore.io") status, body = await client.get() Introduces 2 configuration options: - curl_recv_max Max incoming bytes for a response. - curl_timeout Timeout in seconds before a transfer is cancelled. This API also allows you to take the CURL easy handle and send emails with it, run FTP, etc. All asynchronously.
2019-04-24 00:10:47 +02:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
#endif
Add seccomp_tracing configuration option for linux. If set to "yes" then Kore will trace its child processes and properly notify you of seccomp violations while still allowing the syscalls. This can be very useful when running Kore on new platforms that have not been properly tested with seccomp, allowing me to adjust the default policies as we move further.
2019-10-31 12:52:10 +01:00
#if defined(__linux__)
static int
configure_seccomp_tracing(char *opt)
{
if (!strcmp(opt, "yes")) {
kore_seccomp_tracing = 1;
} else if (!strcmp(opt, "no")) {
kore_seccomp_tracing = 0;
} else {
Change how routes are configured in Kore. Routes are now configured in a context per route: route /path { handler handler_name methods get post head validate qs:get id v_id } All route related configurations are per-route, allowing multiple routes for the same path (for different methods). The param context is removed and merged into the route context now so that you use the validate keyword to specify what needs validating.
2021-09-15 11:09:52 +02:00
kore_log(LOG_ERR,
"bad seccomp_tracing value '%s' (expected yes|no)\n", opt);
Add seccomp_tracing configuration option for linux. If set to "yes" then Kore will trace its child processes and properly notify you of seccomp violations while still allowing the syscalls. This can be very useful when running Kore on new platforms that have not been properly tested with seccomp, allowing me to adjust the default policies as we move further.
2019-10-31 12:52:10 +01:00
return (KORE_RESULT_ERROR);
}
return (KORE_RESULT_OK);
}
#endif