mirror of https://github.com/nealey/eris.git
Compare commits
24 Commits
Author | SHA1 | Date |
---|---|---|
Neale Pickett | 16e32a6d59 | |
Neale Pickett | 49b1797df5 | |
musvaage | ce6b071398 | |
Neale Pickett | 2acfd4cf2d | |
Neale Pickett | d524cc02d5 | |
Neale Pickett | 2e1a3eb867 | |
Neale Pickett | 48dbc0e8e0 | |
Neale Pickett | 673aed81a2 | |
Neale Pickett | 855815099a | |
Neale Pickett | f63b3f1732 | |
Neale Pickett | 6dd03561d6 | |
Neale Pickett | 48bb066488 | |
Neale Pickett | 77c3ed33dd | |
Neale Pickett | 86a75813e3 | |
Neale Pickett | c3ddfae1ff | |
Neale Pickett | bdb9f0ac05 | |
Neale Pickett | b3c4786482 | |
Neale Pickett | 9de87a3e36 | |
Neale Pickett | ecad076ec6 | |
Neale Pickett | 86757101eb | |
Neale Pickett | 68452c56fa | |
Neale Pickett | aab1b7496b | |
Neale Pickett | 6121939bf0 | |
Neale Pickett | 7a4ac95441 |
13
CHANGES
13
CHANGES
|
@ -1,3 +1,14 @@
|
|||
fix punctuation and typo
|
||||
|
||||
4.4:
|
||||
Also log when called from stunnel
|
||||
|
||||
4.3.1:
|
||||
Add .webm mime type
|
||||
|
||||
4.3:
|
||||
Very stupid CONNECT handling mechanism.
|
||||
|
||||
4.2:
|
||||
Remove some bugs in CGI's "Status:" code (reported by Alyssa Milburn).
|
||||
Make extract_header_field less fragile (reported by Alyssa Milburn).
|
||||
|
@ -146,7 +157,7 @@
|
|||
Olaf: I changed my initial CGI-interface to NOT use the filesystem but
|
||||
two pipes.
|
||||
Add whole-host redirect (see README)
|
||||
Olaf: added direcory-lists and "index.cgi" support (normal CGI only !
|
||||
Olaf: added directory-lists and "index.cgi" support (normal CGI only !
|
||||
"nph-index.cgi" is not supported). Fixed some problematic parts in the
|
||||
CGI-interface (\n -> \r\n converter for http-header and CGI crash
|
||||
handling)
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
FROM alpine
|
||||
|
||||
RUN apk --no-cache add s6-networking
|
||||
|
||||
RUN apk --no-cache add build-base
|
||||
COPY . /usr/local/src/eris
|
||||
RUN make -C /usr/local/src/eris
|
||||
RUN cp /usr/local/src/eris/eris /usr/bin
|
||||
RUN rm -rf /usr/local/src/eris
|
||||
RUN apk --no-cache del build-base
|
||||
|
||||
RUN addgroup -S -g 800 www
|
||||
RUN adduser -S -u 800 -G www www
|
||||
|
||||
RUN mkdir /www
|
||||
WORKDIR /www
|
||||
|
||||
EXPOSE 80
|
||||
|
||||
CMD ["s6-tcpserver", "-u", "80", "-g", "80", "0.0.0.0", "80", "/usr/bin/eris", "-."]
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
SSL with eris
|
||||
=============
|
||||
|
||||
Eris does not care what transport is in use: that job is left to the invoking
|
||||
program (e.g. tcpserver).
|
||||
|
||||
In the past you could use `sslio` with `tcpsvd`,
|
||||
but `sslio` has not been updated in a long time,
|
||||
and won't work with (at least) Chrome 39.
|
||||
|
||||
I recommend using stunnel,
|
||||
which also works with IPv6.
|
||||
You can invoke it like so:
|
||||
|
||||
#! /bin/sh
|
||||
cd /srv/www
|
||||
HTTPS=enabled; export HTTPS
|
||||
|
||||
exec stunnel -fd 3 3<<EOD
|
||||
foreground = yes
|
||||
setuid = http
|
||||
setgid = http
|
||||
debug = 4
|
||||
|
||||
[https]
|
||||
accept = ::443
|
||||
cert = /path/to/yourserver.crt
|
||||
key = /path/to/yourserver.key
|
||||
exec = /path/to/eris
|
||||
execargs = eris -c
|
||||
EOD
|
||||
|
||||
I set the `HTTPS` environment variable,
|
||||
so CGI can tell whether or not its connection is secure.
|
26
README.SSL
26
README.SSL
|
@ -1,26 +0,0 @@
|
|||
SSL with eris
|
||||
=============
|
||||
|
||||
Eris does not care what transport is in use: that job is left to the invoking
|
||||
program (eg. tcpserver).
|
||||
|
||||
Gerrit Pape's `ipsvd` package comes with two programs for running SSL daemons:
|
||||
`sslsvd` and `sslio`. At the time of this writing, however, Gerrit's `ipsvd`
|
||||
has no support for IPv6. Busybox `ipsvd`, and `ucspi-tcp-ipv6`, both do
|
||||
support IPv6.
|
||||
|
||||
Here is how you can support SSL *and* IPv6:
|
||||
|
||||
cd /srv/www
|
||||
HTTPS=enabled; export HTTPS
|
||||
exec tcpserver -H -R 0 443 \
|
||||
/usr/bin/sslio -u nobody:ssl-cert -U www-data \
|
||||
-C /path/to/mydomain.crt -K /path/to/mydomain.key \
|
||||
/service/httpd/eris -c
|
||||
|
||||
This uses `tcpserver` to listen for and accept TCP4 and TCP6 connections.
|
||||
These connections are then handed to `sslio`, which drops permissions to
|
||||
`nobody:ssl-cert` and starts speaking SSL to `eris` running as `www-data`.
|
||||
|
||||
I like to set the `HTTPS` environment variable also, so CGI can tell whether or
|
||||
not its connection is secure.
|
|
@ -49,7 +49,7 @@ Start with:
|
|||
tcpserver -v -RHl localhost -u 1234 -g 1234 0 80 ./eris
|
||||
|
||||
There are many other ways to start eris.
|
||||
For example, you can run an HTTPS server using tcpsvd and sslio.
|
||||
For example, you can run an HTTPS server with stunnel.
|
||||
|
||||
You just need something that launches eris with stdin and stdout connected to the client.
|
||||
|
||||
|
@ -96,7 +96,7 @@ Please see <http://hoohoo.ncsa.uiuc.edu/cgi/interface.html> for the CGI specific
|
|||
About The Name
|
||||
==============
|
||||
|
||||
[Eris](http://en.wikipedia.org/wiki/Eris_(dwarf_planet%29)
|
||||
[Eris](http://en.wikipedia.org/wiki/Eris_%28dwarf_planet%29)
|
||||
is the most massive (heaviest) dwarf planet in the solar system.
|
||||
It's heavier than Pluto!
|
||||
|
|
@ -1,9 +1,9 @@
|
|||
#! /bin/sh
|
||||
|
||||
## Breaking fnord 1.10
|
||||
## Breaking fnord 1.11
|
||||
|
||||
if [ "$1" = "clean" ]; then
|
||||
rm -rf fnord-1.10
|
||||
rm -rf fnord-1.11
|
||||
fi
|
||||
|
||||
# Set HTTPD= to test something else
|
||||
|
@ -14,6 +14,7 @@ case ${HTTPD:=./fnord} in
|
|||
;;
|
||||
esac
|
||||
|
||||
tests=0
|
||||
title() {
|
||||
printf "%-50s: " "$1"
|
||||
tests=$(expr $tests + 1)
|
||||
|
@ -36,16 +37,16 @@ d () {
|
|||
}
|
||||
|
||||
|
||||
if [ ! -f fnord-1.10.tar.bz2 ]; then
|
||||
wget http://www.fefe.de/fnord/fnord-1.10.tar.bz2
|
||||
if [ ! -f fnord-1.11.tar.bz2 ]; then
|
||||
wget http://www.fefe.de/fnord/fnord-1.11.tar.bz2
|
||||
fi
|
||||
|
||||
if [ ! -f fnord-1.10/httpd.c ]; then
|
||||
rm -rf fnord-1.10
|
||||
bzcat fnord-1.10.tar.bz2 | tar xf -
|
||||
if [ ! -f fnord-1.11/httpd.c ]; then
|
||||
rm -rf fnord-1.11
|
||||
bzcat fnord-1.11.tar.bz2 | tar xf -
|
||||
fi
|
||||
|
||||
cd fnord-1.10
|
||||
cd fnord-1.11
|
||||
|
||||
# Comment this out if you want to build with diet libc
|
||||
make DIET=
|
||||
|
|
|
@ -5,5 +5,5 @@ a little easier.
|
|||
Quite a lot of web software these days is written to work with
|
||||
Apache and nothing else. PHP is a notable example: even PHP-CGI,
|
||||
as shipped on Debian, requires special environment variables that
|
||||
only Apache sets, and doesn't work with eg. mathopd, boa, busybox
|
||||
only Apache sets, and doesn't work with, e.g. mathopd, boa, busybox
|
||||
httpd, or eris.
|
||||
|
|
1
mime.c
1
mime.c
|
@ -19,6 +19,7 @@ static struct mimeentry {
|
|||
"jpeg", "image/jpeg"}, {
|
||||
"jpg", "image/jpeg"}, {
|
||||
"svg", "image/svg+xml"}, {
|
||||
"webm", "video/webm"}, {
|
||||
"mpeg", "video/mpeg"}, {
|
||||
"mpg", "video/mpeg"}, {
|
||||
"avi", "video/x-msvideo"}, {
|
||||
|
|
13
test.sh
13
test.sh
|
@ -4,6 +4,10 @@
|
|||
: ${HTTPD_CGI:=./eris -c}
|
||||
: ${HTTPD_IDX:=./eris -d}
|
||||
|
||||
tests=0
|
||||
successes=0
|
||||
failures=0
|
||||
|
||||
H () {
|
||||
section="$*"
|
||||
printf "\n%-20s " "$*"
|
||||
|
@ -138,6 +142,10 @@ title "Logging busybox"
|
|||
(printf 'GET /index.html HTTP/1.1\r\nHost: host\r\n\r\n' |
|
||||
PROTO=TCP TCPREMOTEADDR=[::1]:8765 $HTTPD >/dev/null) 2>&1 | grep -Fxq '[::1]:8765 200 6 host (null) (null) /index.html' && pass || fail
|
||||
|
||||
title "Logging stunnel"
|
||||
(printf 'GET /index.html HTTP/1.1\r\nHost: host\r\n\r\n' |
|
||||
REMOTE_HOST=::1 REMOTE_PORT=8765 $HTTPD >/dev/null) 2>&1 | grep -Fxq '::1:8765 200 6 host (null) (null) /index.html' && pass || fail
|
||||
|
||||
|
||||
|
||||
H "Options"
|
||||
|
@ -266,6 +274,11 @@ title "Read timeout"
|
|||
(sleep 2.1; printf 'GET / HTTP/1.0\r\n\r\n') | $HTTPD 2>/dev/null | grep -q '.' && fail || pass
|
||||
|
||||
|
||||
H "CONNECT handler"
|
||||
|
||||
title "Basic test"
|
||||
printf 'CONNECT /etc HTTP/1.1\r\n\r\n' | $HTTPD -o /bin/ls | grep -q passwd && pass || fail
|
||||
|
||||
|
||||
H "fnord bugs"
|
||||
|
||||
|
|
Loading…
Reference in New Issue