Florian Obser([email protected]) on 2018.04.10 16:50:14 +0200:
> Theo pointed out that this breaks our example config:
>
> /etc/examples/httpd.conf:13: server "example.com" defined twice
>
> The problem is that * now means v4 and v6 and we have a listen on ::
> in there, so we are listening twice on any v6 address.
>
> I think the best way forward is an entry to current.html and adapting
> (yet again) /etc/examples/httpd.conf:
ok
> diff --git etc/examples/httpd.conf etc/examples/httpd.conf
> index 4e2e243bd65..6afe975120a 100644
> --- etc/examples/httpd.conf
> +++ etc/examples/httpd.conf
> @@ -2,7 +2,6 @@
>
> server "example.com" {
> listen on * port 80
> - listen on :: port 80
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> root strip 2
> @@ -14,7 +13,6 @@ server "example.com" {
>
> server "example.com" {
> listen on * tls port 443
> - listen on :: tls port 443
> tls {
> certificate "/etc/ssl/example.com.fullchain.pem"
> key "/etc/ssl/private/example.com.key"
>
>
> On Mon, Apr 09, 2018 at 10:58:43AM +0200, Florian Obser wrote:
> >
> > This shuffles things around to make httpd listen on v4 and v6 for *.
> >
> > OK?
> >
> > diff --git httpd.conf.5 httpd.conf.5
> > index afda0ac132b..3194a3400c2 100644
> > --- httpd.conf.5
> > +++ httpd.conf.5
> > @@ -52,12 +52,12 @@ addresses of the specified network interface.
> > If
> > .Sq *
> > is given as an address,
> > -it will be used as an alias for
> > +.Xr httpd 8
> > +will listen on all IPv4 and IPv6 addresses.
> > .Ar 0.0.0.0
> > -to listen on all IPv4 addresses.
> > -Likewise,
> > -.Sq ::
> > -can be used to listen on all IPv6 addresses.
> > +means to listen on all IPv4 addresses and
> > +.Ar ::
> > +all IPv6 addresses.
> > A
> > .Ar port
> > can be specified by number or name.
> > diff --git httpd.h httpd.h
> > index 1d49dfa230f..4d4d7eacd27 100644
> > --- httpd.h
> > +++ httpd.h
> > @@ -53,6 +53,7 @@
> > #define HTTPD_LOGROOT "/logs"
> > #define HTTPD_ACCESS_LOG "access.log"
> > #define HTTPD_ERROR_LOG "error.log"
> > +#define HTTPD_MAX_ALIAS_IP 16
> > #define HTTPD_REALM_MAX 255
> > #define HTTPD_LOCATION_MAX 255
> > #define HTTPD_DEFAULT_TYPE { "bin", "application", "octet-stream", NULL }
> > diff --git parse.y parse.y
> > index fcf1938c42d..cda1860f447 100644
> > --- parse.y
> > +++ parse.y
> > @@ -106,7 +106,6 @@ int host_if(const char *, struct
> > addresslist *,
> > int, struct portrange *, const char *, int);
> > int host(const char *, struct addresslist *,
> > int, struct portrange *, const char *, int);
> > -void host_free(struct addresslist *);
> > struct server *server_inherit(struct server *, struct server_config *,
> > struct server_config *);
> > int getservice(char *);
> > @@ -415,39 +414,61 @@ serveroptsl : LISTEN ON STRING opttls port {
> > YYERROR;
> > }
> >
> > - if (srv->srv_conf.ss.ss_family != AF_UNSPEC) {
> > - if ((alias = calloc(1,
> > - sizeof(*alias))) == NULL)
> > - fatal("out of memory");
> > -
> > - /* Add as an IP-based alias. */
> > - s_conf = alias;
> > - } else
> > - s_conf = &srv->srv_conf;
> > -
> > TAILQ_INIT(&al);
> > - if (host($3, &al, 1, &$5, NULL, -1) <= 0) {
> > - yyerror("invalid listen ip: %s", $3);
> > - free($3);
> > - YYERROR;
> > + if (strcmp("*", $3) == 0) {
> > + if (host("0.0.0.0", &al, 1, &$5, NULL, -1) <=
> > + 0) {
> > + yyerror("invalid listen ip: %s",
> > + "0.0.0.0");
> > + free($3);
> > + YYERROR;
> > + }
> > + if (host("::", &al, 1, &$5, NULL, -1) <= 0) {
> > + yyerror("invalid listen ip: %s", "::");
> > + free($3);
> > + YYERROR;
> > + }
> > + } else {
> > + if (host($3, &al, HTTPD_MAX_ALIAS_IP, &$5, NULL,
> > + -1) <= 0) {
> > + yyerror("invalid listen ip: %s", $3);
> > + free($3);
> > + YYERROR;
> > + }
> > }
> > free($3);
> > - h = TAILQ_FIRST(&al);
> > - memcpy(&s_conf->ss, &h->ss, sizeof(s_conf->ss));
> > - s_conf->port = h->port.val[0];
> > - s_conf->prefixlen = h->prefixlen;
> > - host_free(&al);
> > + while ((h = TAILQ_FIRST(&al)) != NULL) {
> >
> > - if ($4)
> > - s_conf->flags |= SRVFLAG_TLS;
> > + if (srv->srv_conf.ss.ss_family != AF_UNSPEC) {
> > + if ((alias = calloc(1,
> > + sizeof(*alias))) == NULL)
> > + fatal("out of memory");
> >
> > - if (alias != NULL) {
> > - /* IP-based; use name match flags from parent */
> > - alias->flags &= ~SRVFLAG_SERVER_MATCH;
> > - alias->flags |= srv->srv_conf.flags &
> > - SRVFLAG_SERVER_MATCH;
> > - TAILQ_INSERT_TAIL(&srv->srv_hosts,
> > - alias, entry);
> > + /* Add as an IP-based alias. */
> > + s_conf = alias;
> > + } else
> > + s_conf = &srv->srv_conf;
> > +
> > + memcpy(&s_conf->ss, &h->ss, sizeof(s_conf->ss));
> > + s_conf->port = h->port.val[0];
> > + s_conf->prefixlen = h->prefixlen;
> > +
> > + if ($4)
> > + s_conf->flags |= SRVFLAG_TLS;
> > +
> > + if (alias != NULL) {
> > + /*
> > + * IP-based; use name match flags from
> > + * parent
> > + */
> > + alias->flags &= ~SRVFLAG_SERVER_MATCH;
> > + alias->flags |= srv->srv_conf.flags &
> > + SRVFLAG_SERVER_MATCH;
> > + TAILQ_INSERT_TAIL(&srv->srv_hosts,
> > + alias, entry);
> > + }
> > + TAILQ_REMOVE(&al, h, entry);
> > + free(h);
> > }
> > }
> > | ALIAS optmatch STRING {
> > @@ -1990,9 +2011,6 @@ host(const char *s, struct addresslist *al, int max,
> > {
> > struct address *h;
> >
> > - if (strcmp("*", s) == 0)
> > - s = "0.0.0.0";
> > -
> > h = host_v4(s);
> >
> > /* IPv6 address? */
> > @@ -2021,17 +2039,6 @@ host(const char *s, struct addresslist *al, int max,
> > return (host_dns(s, al, max, port, ifname, ipproto));
> > }
> >
> > -void
> > -host_free(struct addresslist *al)
> > -{
> > - struct address *h;
> > -
> > - while ((h = TAILQ_FIRST(al)) != NULL) {
> > - TAILQ_REMOVE(al, h, entry);
> > - free(h);
> > - }
> > -}
> > -
> > struct server *
> > server_inherit(struct server *src, struct server_config *alias,
> > struct server_config *addr)
> >
> >
> >
> >
> > --
> > I'm not entirely sure you are real.
> >
>
> --
> I'm not entirely sure you are real.
>
