Commit Graph

42 Commits

Author SHA1 Message Date
Joris Vink 917d4d7636 add missing options.
from Daniel Chavez via patches@
2019-05-07 19:53:19 +02:00
Joris Vink aa49e181b6 Add http_[header|body]_timeout.
If the HTTP request headers or the HTTP body have not arrived before
these timeouts expire, Kore will send a 408 back to the client.
2019-04-11 20:51:49 +02:00
Joris Vink 2445fd7bbd use correct values for the option. 2019-03-22 09:52:00 +01:00
Joris Vink 4238431b9e Add worker_death_policy setting.
By default kore will restart worker processes if they terminate
unexpected. However in certain scenarios you may want to bring down
an entire kore instance if a worker process fails.

By setting worker_death_policy to "terminate" the Kore server will
completely stop if a worker exits unexpected.
2019-03-22 09:49:50 +01:00
Joris Vink 2d8874dd2a change accept threshold default to 16. 2018-11-16 11:37:09 +01:00
Joris Vink fc246e5552 defaults were changed 2018-10-26 19:24:51 +02:00
Joris Vink 20c4036e5f add bind_unix configuration option to example conf 2018-10-07 21:08:04 +02:00
Remy Noulin bfffa2d68d update kore.conf.example keymgr configuration 2018-09-10 09:01:05 +02:00
Joris Vink 0726a26c0c Allow restriction of methods for paths.
Now Kore will automatically send a 400 bad request in case the
method was not allowed on the path.
2018-07-17 14:23:57 +02:00
Joris Vink cffb7ec379 Allow on-the-fly reloading of certificates/keys.
This commit introduces the ability for the keymgr process
to reload the certificates/keys for domains when receiving
a SIGUSR1 signal.

The keymgr receives 2 new configuration options:
	- keymgr_root_path
		The root path where the keymgr will live.
		If -n is not specified when the application starts the
		keymgr process will chroot into here.

	- keymgr_runas_user
		The user the keymgr will drop privileges towards if
		-r was not specified.

All certfile and certkey configuration options are now relative to the
keymgr_root_path configuration setting.

The keymgr process will now also load the certificate for the domain
(rather then the workers) and submit these to the worker processes so
they can be reloaded when required.

Worker processes will refuse connections until the TLS configuration
for a given domain is completed (aka: the workers receive the certificate
for that domain).

Other changes:
	- client_certificates renamed to client_verify.
	- the chroot configuration option is now called root.
	- kore is a little more verbose if privsep options are missing.
	- filemaps are now relative to the root configuration option.
2018-07-11 09:44:29 +02:00
Joris Vink 202234cf97 filemap and fileref improvements.
- make sure we can serve updated files even if we have an old
  fileref around.

- add filemap_index as a configuration option: allows one to specify
  what file to serve if a directory was requested (eg: index.html)
2018-06-28 23:00:42 +02:00
Joris Vink 48955dcb13 fix order of arguments to filemap 2018-06-28 13:35:09 +02:00
Joris Vink 80f5425698 Add filemaps.
A filemap is a way of telling Kore to serve files from a directory
much like a traditional webserver can do.

Kore filemaps only handles files. Kore does not generate directory
indexes or deal with non-regular files.

The way files are sent to a client differs a bit per platform and
build options:

default:
  - mmap() backed file transfer due to TLS.

NOTLS=1
  - sendfile() under FreeBSD, macOS and Linux.
  - mmap() backed file for OpenBSD.

The opened file descriptors/mmap'd regions are cached and reused when
appropriate. If a file is no longer in use it will be closed and evicted
from the cache after 30 seconds.

New API's are available allowing developers to use these facilities via:
  void net_send_fileref(struct connection *, struct kore_fileref *);
  void http_response_fileref(struct http_request *, struct kore_fileref *);

Kore will attempt to match media types based on file extensions. A few
default types are built-in. Others can be added via the new "http_media_type"
configuration directive.
2018-06-28 13:27:44 +02:00
Joris Vink 929e54e880 add client_verify_depth to example config. 2018-06-09 12:55:09 +02:00
Joris Vink 548068d2a0 Add http_request_ms configuration option.
This option allows a user to finetune the number of milliseconds
a worker process will max spend inside the http_process() loop.

By default this is 10ms.
2018-03-14 13:41:17 +01:00
Joris Vink b95b623e72 Allow param blocks to be marked as "querystring"
Before params get would mean querystring and anything else
would just count toward a www-encoded body.

Now you can prefix the params block with "qs" indicating that
those configured parameters are allowed to occur in the query
string regardless of the method used.

This means you can do something like:

params qs:post /uri {
	...
}

to specify what the allowed parameters are in the querystring for
a POST request towards /uri.

inspired by and properly fixes #205.
2018-01-16 18:47:50 +01:00
Joris Vink 509142e100 note that the rand_file must be inside chroot. 2017-03-06 16:58:51 +01:00
Joris Vink 6ba7390cc9 Add rand_file configuration option for keymgr.
This option allows the user to specify a file to be used for
seeding the PRNG initially and to write random bytes at exit.

The option is only available if kore has TLS enabled (by default).

If you enable this option Kore will refuse to start if there is
a problem with the file specified (not found, not a file, invalid size, etc).

While here let the keymgr process call RAND_poll() every half hour
to grab more system entropy and seed it into the PRNG.
2017-02-27 20:58:04 -08:00
Joris Vink 2c66dfa3cf add python_import to example config 2017-01-25 22:43:59 +01:00
Joris Vink fcb86ddb8b Massive rework of HTTP layer.
This commit is a flag day, your old modules will almost certainly
need to be updated in order to build properly with these changes.

Summary of changes:

- Offload HTTP bodies to disk if they are large (inspired by #100).
  (disabled by default)
- The http_argument_get* macros now takes an explicit http_request parameter.
- Kore will now throw 404 errors almost immediately after an HTTP request
  has come in instead of waiting until all data has arrived.

API changes:

- http_argument_get* macros now require an explicit http_request parameter.
  (no more magic invokations).
- http_generic_404() is gone
- http_populate_arguments() is gone
- http_body_bytes() is gone
- http_body_text() is gone
- http_body_read() has been added
- http_populate_post() has been added
- http_populate_get() has been added
- http_file_read() has been added
- http_file_rewind() has been added
- http_file_lookup() no longer takes name, fname, data and len parameters.
- http_file_lookup() now returns a struct http_file pointer.
- http_populate_multipart_form() no longer takes an secondary parameter.

New configuration options:

- http_body_disk_offload:
	Number of bytes after which Kore will offload the HTTP body to
	disk instead of retaining it in memory. If 0 this feature is
	disabled. (Default: 0)

- http_body_disk_path:
	The path where Kore will store temporary HTTP body files.
	(this directory does not get created if http_body_disk_offload is 0).

New example:

The upload example has been added, demonstrating how to deal with file
uploads from a multipart form.
2016-01-18 11:30:22 +01:00
Joris Vink 4706c9a2b4 tls_dhparam is required, mention this in example 2016-01-14 10:55:29 +01:00
Joris Vink 0647901ef5 Improve http_body_max directive a bit.
Allow setting it to 0 which will disable HTTP requests
that have a body (POST/PUT).

Reduce default http_body_max to 1MB by default, 10MB seems large.

Revisit to this code inspired by #100.
2016-01-08 17:54:40 +01:00
Joris Vink 8368f6d471 Updated comment section on worker_accept_threshold. 2015-12-20 11:21:40 +01:00
Joris Vink 6bfeb8e037 Clearify worker configuration directive. 2015-12-20 11:19:07 +01:00
Joris Vink 769c78a6e8 Introduce NOHTTP=1 build option.
This basically turns off the HTTP layer for Kore. It does not
compile in anything for HTTP.

This allows Kore to be used as a network application platform as well.
Added an example for this called nohttp.

Other changes that sneaked in while hacking on this:
* Use calloc(), kill pendantic malloc option.
* Killed off SPDY/3.1 support completely, will be superseded by http2

Note that comes with massive changes to a lot of the core API
functions provided by Kore, these might break your application.
2015-11-27 16:22:50 +01:00
Joris Vink 1d604643b5 Add task_threads configuration option.
Before Kore would spawn a task thread per task started
if none were available. This was an obvious bad idiom
but never really hit me hard until now.

Kore will now only spawn as many task threads as configured
by "task_threads" and queue up any newly started tasks ontop
of already running threads if the limit was hit.
2015-06-04 10:29:22 +02:00
Joris Vink ee59eb3f77 Small changes to the example configuration. 2015-05-19 21:53:58 +02:00
Joris Vink 5228fe1cbc Fix typo in configuration option worker_accept_treshold.
There is no backwards comptabile option available.

Fixes #53
2015-05-18 12:20:28 +02:00
Pascal Borreli 4e9d9968ac Fixed typos 2015-05-17 02:51:46 +01:00
Joris Vink 384bc8fdd6 Default to only TLSv1.2 from now on.
Add configuration setting tls_version to specify if you
either want TLSv1.2 or TLSv1.0 or both.

The configuration options ssl_cipher and ssl_dhparam
have changed name to tls_cipher and tls_dhparam. There is
no fallback so you might have to update your configs.
2015-05-06 10:59:43 +02:00
Joris Vink 09ad47ae48 Add worker_set_affinity to example configuration. 2015-04-27 10:37:58 +02:00
Joris Vink b869041a14 Introduce new config option worker_accept_treshold
This configuration option limits the maximum number
of connections a worker process can accept() in a single
event loop.

It can be used to more evenly spread out incoming connections
across workers when new connections arrive in a burst.
2015-04-23 10:24:00 +02:00
Joris Vink 097a1166df Improve very heavy load handling.
Introduces two new configuration knobs:
	* socket_backlog (backlog for listen(2))
	* http_request_limit

The second one is the most interesting one.

Before, kore would iterate over all received HTTP requests
in its queue before returning out of http_process().

Under heavy load this queue can cause Kore to spend a considerable
amount of time iterating over said queue. With the http_request_limit,
kore will process at MOST http_request_limit requests before returning
back to the event loop.

This means responses to processed requests are sent out much quicker
and allows kore to handle any other incoming requests more gracefully.
2015-04-09 15:29:44 +02:00
Joris Vink 2049bc72dc By default Kore now uses ECDH/DHE for TLS key exchanges.
This commit disables RSA key exchanges for TLS completely, while
introducing the requirement for always having DH parameters (ssl_dhparam).

Judging from ciphersuites most modern browsers now prefer this
change should be more than ok.
2015-02-03 13:17:59 +01:00
Joris Vink f867882f43 Add websocket support to Kore.
Introduces a few new api functions:

- kore_websocket_handshake(struct http_request *):
	Performs the handshake on an HTTP request (coming from page handler)

- kore_websocket_send(struct connection *, u_int8_t, void *, size_t):
	Sends data to a websocket connection.

- kore_websocket_broadcast(struct connection *, u_int8_t, void *, size_t, int):
	Broadcast the given websocket op and data to all connected
	websocket clients on the worker. Note that as of right now
	the WEBSOCKET_BROADCAST_GLOBAL scope option does not work
	yet and messages broadcasted will be restricted to workers
	only.

- kore_worker_websocket_broadcast(struct connection *, void *, void *):
	Backend function used by kore_websocket_broadcast().
	Could prove useful for developers to have access to.

A simple example is given under examples/websocket.

Known issues:
	Kore does not support PING or CONT frames just yet.
2014-11-24 11:08:34 +01:00
Joris Vink b49622bb1a Add CRL support.
Allow Kore to use per domain CRLs when requiring client certificates.
The require_client_cert configuration option has been renamed to a more
sane client_certificates and can optionally take a second argument
which is the CRL in pem format.

You'll need a restart in case the CRLs get updated.
2014-10-18 02:32:05 +02:00
Joris Vink a603b77e24 Add PUT/DELETE/HEAD methods (finally).
This commit renames certain POST centric variable and configuration
naming to the correct HTTP body stuff.

API changes include http_postbody_text() and http_postbody_bytes() to
have become http_body_text() and http_body_bytes().

The developer is still responsible for validating the method their
page handler is called with. Hopefully this becomes a configuration
option soon enough.
2014-10-08 11:03:14 +02:00
Joris Vink 891f3454ce Move the default pid file to kore.pid instead of /var/run/kore.pid 2014-08-05 13:10:34 +02:00
Joris Vink 577462379d Deprecate ssl_no_compression config option, its always on. 2014-08-05 13:07:32 +02:00
Joris Vink 4010bdd58d Remove kore_cb and its related settings.
After revisiting why this exists in Kore I decided it
does not belong in this platform and instead of letting
it sit there staring at me I rather just kill it.
2014-08-04 19:54:32 +02:00
Joris Vink 22e1e1c425 Add worker_rlimit_nofiles as a configurable option. 2014-07-31 09:14:03 +02:00
Joris Vink 3f853a79ce Add example configuration under conf/ 2014-07-30 09:02:34 +02:00