2 * nghttp2 - HTTP/2 C Library
4 * Copyright (c) 2012 Tatsuhiro Tsujikawa
6 * Permission is hereby granted, free of charge, to any person obtaining
7 * a copy of this software and associated documentation files (the
8 * "Software"), to deal in the Software without restriction, including
9 * without limitation the rights to use, copy, modify, merge, publish,
10 * distribute, sublicense, and/or sell copies of the Software, and to
11 * permit persons to whom the Software is furnished to do so, subject to
12 * the following conditions:
14 * The above copyright notice and this permission notice shall be
15 * included in all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
25 #ifndef SHRPX_CONFIG_H
26 #define SHRPX_CONFIG_H
30 #include <sys/types.h>
31 #ifdef HAVE_SYS_SOCKET_H
32 # include <sys/socket.h>
33 #endif // HAVE_SYS_SOCKET_H
35 #ifdef HAVE_NETINET_IN_H
36 # include <netinet/in.h>
37 #endif // HAVE_NETINET_IN_H
38 #ifdef HAVE_ARPA_INET_H
39 # include <arpa/inet.h>
40 #endif // HAVE_ARPA_INET_H
47 #include <openssl/ssl.h>
51 #include <nghttp2/nghttp2.h>
53 #include "shrpx_router.h"
57 #include "allocator.h"
59 using namespace nghttp2;
73 constexpr auto SHRPX_OPT_PRIVATE_KEY_FILE =
74 StringRef::from_lit("private-key-file");
75 constexpr auto SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE =
76 StringRef::from_lit("private-key-passwd-file");
77 constexpr auto SHRPX_OPT_CERTIFICATE_FILE =
78 StringRef::from_lit("certificate-file");
79 constexpr auto SHRPX_OPT_DH_PARAM_FILE = StringRef::from_lit("dh-param-file");
80 constexpr auto SHRPX_OPT_SUBCERT = StringRef::from_lit("subcert");
81 constexpr auto SHRPX_OPT_BACKEND = StringRef::from_lit("backend");
82 constexpr auto SHRPX_OPT_FRONTEND = StringRef::from_lit("frontend");
83 constexpr auto SHRPX_OPT_WORKERS = StringRef::from_lit("workers");
84 constexpr auto SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS =
85 StringRef::from_lit("http2-max-concurrent-streams");
86 constexpr auto SHRPX_OPT_LOG_LEVEL = StringRef::from_lit("log-level");
87 constexpr auto SHRPX_OPT_DAEMON = StringRef::from_lit("daemon");
88 constexpr auto SHRPX_OPT_HTTP2_PROXY = StringRef::from_lit("http2-proxy");
89 constexpr auto SHRPX_OPT_HTTP2_BRIDGE = StringRef::from_lit("http2-bridge");
90 constexpr auto SHRPX_OPT_CLIENT_PROXY = StringRef::from_lit("client-proxy");
91 constexpr auto SHRPX_OPT_ADD_X_FORWARDED_FOR =
92 StringRef::from_lit("add-x-forwarded-for");
93 constexpr auto SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_FOR =
94 StringRef::from_lit("strip-incoming-x-forwarded-for");
95 constexpr auto SHRPX_OPT_NO_VIA = StringRef::from_lit("no-via");
96 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT =
97 StringRef::from_lit("frontend-http2-read-timeout");
98 constexpr auto SHRPX_OPT_FRONTEND_READ_TIMEOUT =
99 StringRef::from_lit("frontend-read-timeout");
100 constexpr auto SHRPX_OPT_FRONTEND_WRITE_TIMEOUT =
101 StringRef::from_lit("frontend-write-timeout");
102 constexpr auto SHRPX_OPT_BACKEND_READ_TIMEOUT =
103 StringRef::from_lit("backend-read-timeout");
104 constexpr auto SHRPX_OPT_BACKEND_WRITE_TIMEOUT =
105 StringRef::from_lit("backend-write-timeout");
106 constexpr auto SHRPX_OPT_STREAM_READ_TIMEOUT =
107 StringRef::from_lit("stream-read-timeout");
108 constexpr auto SHRPX_OPT_STREAM_WRITE_TIMEOUT =
109 StringRef::from_lit("stream-write-timeout");
110 constexpr auto SHRPX_OPT_ACCESSLOG_FILE = StringRef::from_lit("accesslog-file");
111 constexpr auto SHRPX_OPT_ACCESSLOG_SYSLOG =
112 StringRef::from_lit("accesslog-syslog");
113 constexpr auto SHRPX_OPT_ACCESSLOG_FORMAT =
114 StringRef::from_lit("accesslog-format");
115 constexpr auto SHRPX_OPT_ERRORLOG_FILE = StringRef::from_lit("errorlog-file");
116 constexpr auto SHRPX_OPT_ERRORLOG_SYSLOG =
117 StringRef::from_lit("errorlog-syslog");
118 constexpr auto SHRPX_OPT_BACKEND_KEEP_ALIVE_TIMEOUT =
119 StringRef::from_lit("backend-keep-alive-timeout");
120 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS =
121 StringRef::from_lit("frontend-http2-window-bits");
122 constexpr auto SHRPX_OPT_BACKEND_HTTP2_WINDOW_BITS =
123 StringRef::from_lit("backend-http2-window-bits");
124 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS =
125 StringRef::from_lit("frontend-http2-connection-window-bits");
126 constexpr auto SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_BITS =
127 StringRef::from_lit("backend-http2-connection-window-bits");
128 constexpr auto SHRPX_OPT_FRONTEND_NO_TLS =
129 StringRef::from_lit("frontend-no-tls");
130 constexpr auto SHRPX_OPT_BACKEND_NO_TLS = StringRef::from_lit("backend-no-tls");
131 constexpr auto SHRPX_OPT_BACKEND_TLS_SNI_FIELD =
132 StringRef::from_lit("backend-tls-sni-field");
133 constexpr auto SHRPX_OPT_PID_FILE = StringRef::from_lit("pid-file");
134 constexpr auto SHRPX_OPT_USER = StringRef::from_lit("user");
135 constexpr auto SHRPX_OPT_SYSLOG_FACILITY =
136 StringRef::from_lit("syslog-facility");
137 constexpr auto SHRPX_OPT_BACKLOG = StringRef::from_lit("backlog");
138 constexpr auto SHRPX_OPT_CIPHERS = StringRef::from_lit("ciphers");
139 constexpr auto SHRPX_OPT_CLIENT = StringRef::from_lit("client");
140 constexpr auto SHRPX_OPT_INSECURE = StringRef::from_lit("insecure");
141 constexpr auto SHRPX_OPT_CACERT = StringRef::from_lit("cacert");
142 constexpr auto SHRPX_OPT_BACKEND_IPV4 = StringRef::from_lit("backend-ipv4");
143 constexpr auto SHRPX_OPT_BACKEND_IPV6 = StringRef::from_lit("backend-ipv6");
144 constexpr auto SHRPX_OPT_BACKEND_HTTP_PROXY_URI =
145 StringRef::from_lit("backend-http-proxy-uri");
146 constexpr auto SHRPX_OPT_READ_RATE = StringRef::from_lit("read-rate");
147 constexpr auto SHRPX_OPT_READ_BURST = StringRef::from_lit("read-burst");
148 constexpr auto SHRPX_OPT_WRITE_RATE = StringRef::from_lit("write-rate");
149 constexpr auto SHRPX_OPT_WRITE_BURST = StringRef::from_lit("write-burst");
150 constexpr auto SHRPX_OPT_WORKER_READ_RATE =
151 StringRef::from_lit("worker-read-rate");
152 constexpr auto SHRPX_OPT_WORKER_READ_BURST =
153 StringRef::from_lit("worker-read-burst");
154 constexpr auto SHRPX_OPT_WORKER_WRITE_RATE =
155 StringRef::from_lit("worker-write-rate");
156 constexpr auto SHRPX_OPT_WORKER_WRITE_BURST =
157 StringRef::from_lit("worker-write-burst");
158 constexpr auto SHRPX_OPT_NPN_LIST = StringRef::from_lit("npn-list");
159 constexpr auto SHRPX_OPT_TLS_PROTO_LIST = StringRef::from_lit("tls-proto-list");
160 constexpr auto SHRPX_OPT_VERIFY_CLIENT = StringRef::from_lit("verify-client");
161 constexpr auto SHRPX_OPT_VERIFY_CLIENT_CACERT =
162 StringRef::from_lit("verify-client-cacert");
163 constexpr auto SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE =
164 StringRef::from_lit("client-private-key-file");
165 constexpr auto SHRPX_OPT_CLIENT_CERT_FILE =
166 StringRef::from_lit("client-cert-file");
167 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER =
168 StringRef::from_lit("frontend-http2-dump-request-header");
169 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER =
170 StringRef::from_lit("frontend-http2-dump-response-header");
171 constexpr auto SHRPX_OPT_HTTP2_NO_COOKIE_CRUMBLING =
172 StringRef::from_lit("http2-no-cookie-crumbling");
173 constexpr auto SHRPX_OPT_FRONTEND_FRAME_DEBUG =
174 StringRef::from_lit("frontend-frame-debug");
175 constexpr auto SHRPX_OPT_PADDING = StringRef::from_lit("padding");
176 constexpr auto SHRPX_OPT_ALTSVC = StringRef::from_lit("altsvc");
177 constexpr auto SHRPX_OPT_ADD_REQUEST_HEADER =
178 StringRef::from_lit("add-request-header");
179 constexpr auto SHRPX_OPT_ADD_RESPONSE_HEADER =
180 StringRef::from_lit("add-response-header");
181 constexpr auto SHRPX_OPT_WORKER_FRONTEND_CONNECTIONS =
182 StringRef::from_lit("worker-frontend-connections");
183 constexpr auto SHRPX_OPT_NO_LOCATION_REWRITE =
184 StringRef::from_lit("no-location-rewrite");
185 constexpr auto SHRPX_OPT_NO_HOST_REWRITE =
186 StringRef::from_lit("no-host-rewrite");
187 constexpr auto SHRPX_OPT_BACKEND_HTTP1_CONNECTIONS_PER_HOST =
188 StringRef::from_lit("backend-http1-connections-per-host");
189 constexpr auto SHRPX_OPT_BACKEND_HTTP1_CONNECTIONS_PER_FRONTEND =
190 StringRef::from_lit("backend-http1-connections-per-frontend");
191 constexpr auto SHRPX_OPT_LISTENER_DISABLE_TIMEOUT =
192 StringRef::from_lit("listener-disable-timeout");
193 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_FILE =
194 StringRef::from_lit("tls-ticket-key-file");
195 constexpr auto SHRPX_OPT_RLIMIT_NOFILE = StringRef::from_lit("rlimit-nofile");
196 constexpr auto SHRPX_OPT_BACKEND_REQUEST_BUFFER =
197 StringRef::from_lit("backend-request-buffer");
198 constexpr auto SHRPX_OPT_BACKEND_RESPONSE_BUFFER =
199 StringRef::from_lit("backend-response-buffer");
200 constexpr auto SHRPX_OPT_NO_SERVER_PUSH = StringRef::from_lit("no-server-push");
201 constexpr auto SHRPX_OPT_BACKEND_HTTP2_CONNECTIONS_PER_WORKER =
202 StringRef::from_lit("backend-http2-connections-per-worker");
203 constexpr auto SHRPX_OPT_FETCH_OCSP_RESPONSE_FILE =
204 StringRef::from_lit("fetch-ocsp-response-file");
205 constexpr auto SHRPX_OPT_OCSP_UPDATE_INTERVAL =
206 StringRef::from_lit("ocsp-update-interval");
207 constexpr auto SHRPX_OPT_NO_OCSP = StringRef::from_lit("no-ocsp");
208 constexpr auto SHRPX_OPT_HEADER_FIELD_BUFFER =
209 StringRef::from_lit("header-field-buffer");
210 constexpr auto SHRPX_OPT_MAX_HEADER_FIELDS =
211 StringRef::from_lit("max-header-fields");
212 constexpr auto SHRPX_OPT_INCLUDE = StringRef::from_lit("include");
213 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_CIPHER =
214 StringRef::from_lit("tls-ticket-key-cipher");
215 constexpr auto SHRPX_OPT_HOST_REWRITE = StringRef::from_lit("host-rewrite");
216 constexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED =
217 StringRef::from_lit("tls-session-cache-memcached");
218 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED =
219 StringRef::from_lit("tls-ticket-key-memcached");
220 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL =
221 StringRef::from_lit("tls-ticket-key-memcached-interval");
222 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY =
223 StringRef::from_lit("tls-ticket-key-memcached-max-retry");
224 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL =
225 StringRef::from_lit("tls-ticket-key-memcached-max-fail");
226 constexpr auto SHRPX_OPT_MRUBY_FILE = StringRef::from_lit("mruby-file");
227 constexpr auto SHRPX_OPT_ACCEPT_PROXY_PROTOCOL =
228 StringRef::from_lit("accept-proxy-protocol");
229 constexpr auto SHRPX_OPT_FASTOPEN = StringRef::from_lit("fastopen");
230 constexpr auto SHRPX_OPT_TLS_DYN_REC_WARMUP_THRESHOLD =
231 StringRef::from_lit("tls-dyn-rec-warmup-threshold");
232 constexpr auto SHRPX_OPT_TLS_DYN_REC_IDLE_TIMEOUT =
233 StringRef::from_lit("tls-dyn-rec-idle-timeout");
234 constexpr auto SHRPX_OPT_ADD_FORWARDED = StringRef::from_lit("add-forwarded");
235 constexpr auto SHRPX_OPT_STRIP_INCOMING_FORWARDED =
236 StringRef::from_lit("strip-incoming-forwarded");
237 constexpr auto SHRPX_OPT_FORWARDED_BY = StringRef::from_lit("forwarded-by");
238 constexpr auto SHRPX_OPT_FORWARDED_FOR = StringRef::from_lit("forwarded-for");
239 constexpr auto SHRPX_OPT_REQUEST_HEADER_FIELD_BUFFER =
240 StringRef::from_lit("request-header-field-buffer");
241 constexpr auto SHRPX_OPT_MAX_REQUEST_HEADER_FIELDS =
242 StringRef::from_lit("max-request-header-fields");
243 constexpr auto SHRPX_OPT_RESPONSE_HEADER_FIELD_BUFFER =
244 StringRef::from_lit("response-header-field-buffer");
245 constexpr auto SHRPX_OPT_MAX_RESPONSE_HEADER_FIELDS =
246 StringRef::from_lit("max-response-header-fields");
247 constexpr auto SHRPX_OPT_NO_HTTP2_CIPHER_BLACK_LIST =
248 StringRef::from_lit("no-http2-cipher-black-list");
249 constexpr auto SHRPX_OPT_BACKEND_HTTP1_TLS =
250 StringRef::from_lit("backend-http1-tls");
251 constexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_TLS =
252 StringRef::from_lit("tls-session-cache-memcached-tls");
253 constexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_CERT_FILE =
254 StringRef::from_lit("tls-session-cache-memcached-cert-file");
255 constexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_PRIVATE_KEY_FILE =
256 StringRef::from_lit("tls-session-cache-memcached-private-key-file");
257 constexpr auto SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY =
258 StringRef::from_lit("tls-session-cache-memcached-address-family");
259 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_TLS =
260 StringRef::from_lit("tls-ticket-key-memcached-tls");
261 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_CERT_FILE =
262 StringRef::from_lit("tls-ticket-key-memcached-cert-file");
263 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE =
264 StringRef::from_lit("tls-ticket-key-memcached-private-key-file");
265 constexpr auto SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY =
266 StringRef::from_lit("tls-ticket-key-memcached-address-family");
267 constexpr auto SHRPX_OPT_BACKEND_ADDRESS_FAMILY =
268 StringRef::from_lit("backend-address-family");
269 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_MAX_CONCURRENT_STREAMS =
270 StringRef::from_lit("frontend-http2-max-concurrent-streams");
271 constexpr auto SHRPX_OPT_BACKEND_HTTP2_MAX_CONCURRENT_STREAMS =
272 StringRef::from_lit("backend-http2-max-concurrent-streams");
273 constexpr auto SHRPX_OPT_BACKEND_CONNECTIONS_PER_FRONTEND =
274 StringRef::from_lit("backend-connections-per-frontend");
275 constexpr auto SHRPX_OPT_BACKEND_TLS = StringRef::from_lit("backend-tls");
276 constexpr auto SHRPX_OPT_BACKEND_CONNECTIONS_PER_HOST =
277 StringRef::from_lit("backend-connections-per-host");
278 constexpr auto SHRPX_OPT_ERROR_PAGE = StringRef::from_lit("error-page");
279 constexpr auto SHRPX_OPT_NO_KQUEUE = StringRef::from_lit("no-kqueue");
280 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_SETTINGS_TIMEOUT =
281 StringRef::from_lit("frontend-http2-settings-timeout");
282 constexpr auto SHRPX_OPT_BACKEND_HTTP2_SETTINGS_TIMEOUT =
283 StringRef::from_lit("backend-http2-settings-timeout");
284 constexpr auto SHRPX_OPT_API_MAX_REQUEST_BODY =
285 StringRef::from_lit("api-max-request-body");
286 constexpr auto SHRPX_OPT_BACKEND_MAX_BACKOFF =
287 StringRef::from_lit("backend-max-backoff");
288 constexpr auto SHRPX_OPT_SERVER_NAME = StringRef::from_lit("server-name");
289 constexpr auto SHRPX_OPT_NO_SERVER_REWRITE =
290 StringRef::from_lit("no-server-rewrite");
291 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_OPTIMIZE_WRITE_BUFFER_SIZE =
292 StringRef::from_lit("frontend-http2-optimize-write-buffer-size");
293 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_OPTIMIZE_WINDOW_SIZE =
294 StringRef::from_lit("frontend-http2-optimize-window-size");
295 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_WINDOW_SIZE =
296 StringRef::from_lit("frontend-http2-window-size");
297 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_SIZE =
298 StringRef::from_lit("frontend-http2-connection-window-size");
299 constexpr auto SHRPX_OPT_BACKEND_HTTP2_WINDOW_SIZE =
300 StringRef::from_lit("backend-http2-window-size");
301 constexpr auto SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_SIZE =
302 StringRef::from_lit("backend-http2-connection-window-size");
303 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_ENCODER_DYNAMIC_TABLE_SIZE =
304 StringRef::from_lit("frontend-http2-encoder-dynamic-table-size");
305 constexpr auto SHRPX_OPT_FRONTEND_HTTP2_DECODER_DYNAMIC_TABLE_SIZE =
306 StringRef::from_lit("frontend-http2-decoder-dynamic-table-size");
307 constexpr auto SHRPX_OPT_BACKEND_HTTP2_ENCODER_DYNAMIC_TABLE_SIZE =
308 StringRef::from_lit("backend-http2-encoder-dynamic-table-size");
309 constexpr auto SHRPX_OPT_BACKEND_HTTP2_DECODER_DYNAMIC_TABLE_SIZE =
310 StringRef::from_lit("backend-http2-decoder-dynamic-table-size");
311 constexpr auto SHRPX_OPT_ECDH_CURVES = StringRef::from_lit("ecdh-curves");
312 constexpr auto SHRPX_OPT_TLS_SCT_DIR = StringRef::from_lit("tls-sct-dir");
313 constexpr auto SHRPX_OPT_BACKEND_CONNECT_TIMEOUT =
314 StringRef::from_lit("backend-connect-timeout");
315 constexpr auto SHRPX_OPT_DNS_CACHE_TIMEOUT =
316 StringRef::from_lit("dns-cache-timeout");
317 constexpr auto SHRPX_OPT_DNS_LOOKUP_TIMEOUT =
318 StringRef::from_lit("dns-lookup-timeout");
319 constexpr auto SHRPX_OPT_DNS_MAX_TRY = StringRef::from_lit("dns-max-try");
320 constexpr auto SHRPX_OPT_FRONTEND_KEEP_ALIVE_TIMEOUT =
321 StringRef::from_lit("frontend-keep-alive-timeout");
322 constexpr auto SHRPX_OPT_PSK_SECRETS = StringRef::from_lit("psk-secrets");
323 constexpr auto SHRPX_OPT_CLIENT_PSK_SECRETS =
324 StringRef::from_lit("client-psk-secrets");
325 constexpr auto SHRPX_OPT_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST =
326 StringRef::from_lit("client-no-http2-cipher-black-list");
327 constexpr auto SHRPX_OPT_CLIENT_CIPHERS = StringRef::from_lit("client-ciphers");
328 constexpr auto SHRPX_OPT_ACCESSLOG_WRITE_EARLY =
329 StringRef::from_lit("accesslog-write-early");
330 constexpr auto SHRPX_OPT_TLS_MIN_PROTO_VERSION =
331 StringRef::from_lit("tls-min-proto-version");
332 constexpr auto SHRPX_OPT_TLS_MAX_PROTO_VERSION =
333 StringRef::from_lit("tls-max-proto-version");
334 constexpr auto SHRPX_OPT_REDIRECT_HTTPS_PORT =
335 StringRef::from_lit("redirect-https-port");
336 constexpr auto SHRPX_OPT_FRONTEND_MAX_REQUESTS =
337 StringRef::from_lit("frontend-max-requests");
338 constexpr auto SHRPX_OPT_SINGLE_THREAD = StringRef::from_lit("single-thread");
339 constexpr auto SHRPX_OPT_SINGLE_PROCESS = StringRef::from_lit("single-process");
340 constexpr auto SHRPX_OPT_NO_ADD_X_FORWARDED_PROTO =
341 StringRef::from_lit("no-add-x-forwarded-proto");
342 constexpr auto SHRPX_OPT_NO_STRIP_INCOMING_X_FORWARDED_PROTO =
343 StringRef::from_lit("no-strip-incoming-x-forwarded-proto");
344 constexpr auto SHRPX_OPT_OCSP_STARTUP = StringRef::from_lit("ocsp-startup");
345 constexpr auto SHRPX_OPT_NO_VERIFY_OCSP = StringRef::from_lit("no-verify-ocsp");
346 constexpr auto SHRPX_OPT_VERIFY_CLIENT_TOLERATE_EXPIRED =
347 StringRef::from_lit("verify-client-tolerate-expired");
348 constexpr auto SHRPX_OPT_IGNORE_PER_PATTERN_MRUBY_ERROR =
349 StringRef::from_lit("ignore-per-pattern-mruby-error");
350 constexpr auto SHRPX_OPT_TLS_NO_POSTPONE_EARLY_DATA =
351 StringRef::from_lit("tls-no-postpone-early-data");
352 constexpr auto SHRPX_OPT_TLS_MAX_EARLY_DATA =
353 StringRef::from_lit("tls-max-early-data");
354 constexpr auto SHRPX_OPT_TLS13_CIPHERS = StringRef::from_lit("tls13-ciphers");
355 constexpr auto SHRPX_OPT_TLS13_CLIENT_CIPHERS =
356 StringRef::from_lit("tls13-client-ciphers");
357 constexpr auto SHRPX_OPT_NO_STRIP_INCOMING_EARLY_DATA =
358 StringRef::from_lit("no-strip-incoming-early-data");
360 constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8;
362 constexpr char DEFAULT_DOWNSTREAM_HOST[] = "127.0.0.1";
363 constexpr int16_t DEFAULT_DOWNSTREAM_PORT = 80;
372 enum class SessionAffinity {
373 // No session affinity
375 // Client IP affinity
377 // Cookie based affinity
381 enum class SessionAffinityCookieSecure {
382 // Secure attribute of session affinity cookie is determined by the
385 // Secure attribute of session affinity cookie is always set.
387 // Secure attribute of session affinity cookie is always unset.
391 struct AffinityConfig {
392 // Type of session affinity.
393 SessionAffinity type;
395 // Name of a cookie to use.
397 // Path which a cookie is applied to.
400 SessionAffinityCookieSecure secure;
404 enum shrpx_forwarded_param {
408 FORWARDED_HOST = 0x4,
409 FORWARDED_PROTO = 0x8,
412 enum class ForwardedNode {
418 StringRef protocol_id, host, origin, service;
423 enum class UpstreamAltMode {
424 // No alternative mode
426 // API processing mode
428 // Health monitor mode
432 struct UpstreamAddr {
433 // The frontend address (e.g., FQDN, hostname, IP address). If
434 // |host_unix| is true, this is UNIX domain socket path. This must
435 // be NULL terminated string.
437 // For TCP socket, this is <IP address>:<PORT>. For IPv6 address,
438 // address is surrounded by square brackets. If socket is UNIX
439 // domain socket, this is "localhost".
441 // frontend port. 0 if |host_unix| is true.
443 // For TCP socket, this is either AF_INET or AF_INET6. For UNIX
444 // domain socket, this is 0.
447 UpstreamAltMode alt_mode;
448 // true if |host| contains UNIX domain socket path.
450 // true if TLS is enabled.
452 // true if SNI host should be used as a host when selecting backend
455 // true if client is supposed to send PROXY protocol v1 header.
456 bool accept_proxy_protocol;
460 struct DownstreamAddrConfig {
461 // Resolved address if |dns| is false
463 // backend address. If |host_unix| is true, this is UNIX domain
464 // socket path. This must be NULL terminated string.
466 // <HOST>:<PORT>. This does not treat 80 and 443 specially. If
467 // |host_unix| is true, this is "localhost".
469 // hostname sent as SNI field
471 // name of group which this address belongs to.
475 // weight of this address inside a weight group. Its range is [1,
478 // weight of the weight group. Its range is [1, 256], inclusive.
479 uint32_t group_weight;
480 // Application protocol used in this group
482 // backend port. 0 if |host_unix| is true.
484 // true if |host| contains UNIX domain socket path.
487 // true if dynamic DNS is enabled
489 // true if :scheme pseudo header field should be upgraded to secure
490 // variant (e.g., "https") when forwarding request to a backend
491 // connected by TLS connection.
495 // Mapping hash to idx which is an index into
496 // DownstreamAddrGroupConfig::addrs.
497 struct AffinityHash {
498 AffinityHash(size_t idx, uint32_t hash) : idx(idx), hash(hash) {}
504 struct DownstreamAddrGroupConfig {
505 DownstreamAddrGroupConfig(const StringRef &pattern)
507 affinity{SessionAffinity::NONE},
508 redirect_if_not_tls(false),
512 StringRef mruby_file;
513 std::vector<DownstreamAddrConfig> addrs;
514 // Bunch of session affinity hash. Only used if affinity ==
515 // SessionAffinity::IP.
516 std::vector<AffinityHash> affinity_hash;
517 // Cookie based session affinity configuration.
518 AffinityConfig affinity;
519 // true if this group requires that client connection must be TLS,
520 // and the request must be redirected to https URI.
521 bool redirect_if_not_tls;
522 // Timeouts for backend connection.
530 const EVP_CIPHER *cipher;
534 // name of this ticket configuration
535 std::array<uint8_t, 16> name;
536 // encryption key for |cipher|
537 std::array<uint8_t, 32> enc_key;
538 // hmac key for |hmac|
539 std::array<uint8_t, 32> hmac_key;
545 std::vector<TicketKey> keys;
548 struct TLSCertificate {
549 TLSCertificate(StringRef private_key_file, StringRef cert_file,
550 std::vector<uint8_t> sct_data)
551 : private_key_file(std::move(private_key_file)),
552 cert_file(std::move(cert_file)),
553 sct_data(std::move(sct_data)) {}
555 StringRef private_key_file;
557 std::vector<uint8_t> sct_data;
562 // host in http proxy URI
564 // userinfo in http proxy URI, not percent-encoded form
566 // port in http proxy URI
571 // RFC 5077 Session ticket related configurations
576 // Hostname of memcached server. This is also used as SNI field
577 // if TLS is enabled.
579 // Client private key and certificate for authentication
580 StringRef private_key_file;
583 // Maximum number of retries when getting TLS ticket key from
584 // mamcached, due to network error.
586 // Maximum number of consecutive error from memcached, when this
587 // limit reached, TLS ticket is disabled.
589 // Address family of memcached connection. One of either
590 // AF_INET, AF_INET6 or AF_UNSPEC.
594 std::vector<StringRef> files;
595 const EVP_CIPHER *cipher;
596 // true if --tls-ticket-key-cipher is used
600 // Session cache related configurations
605 // Hostname of memcached server. This is also used as SNI field
606 // if TLS is enabled.
608 // Client private key and certificate for authentication
609 StringRef private_key_file;
611 // Address family of memcached connection. One of either
612 // AF_INET, AF_INET6 or AF_UNSPEC.
618 // Dynamic record sizing configurations
620 size_t warmup_threshold;
621 ev_tstamp idle_timeout;
624 // OCSP realted configurations
626 ev_tstamp update_interval;
627 StringRef fetch_ocsp_response_file;
633 // Client verification configurations
635 // Path to file containing CA certificate solely used for client
636 // certificate validation
639 // true if we accept an expired client certificate.
640 bool tolerate_expired;
643 // Client (backend connection) TLS configuration.
645 // Client PSK configuration
647 // identity must be NULL terminated string.
651 StringRef private_key_file;
654 StringRef tls13_ciphers;
655 bool no_http2_cipher_black_list;
658 // PSK secrets. The key is identity, and the associated value is
660 std::map<StringRef, StringRef> psk_secrets;
661 // The list of additional TLS certificate pair
662 std::vector<TLSCertificate> subcerts;
663 std::vector<unsigned char> alpn_prefs;
664 // list of supported NPN/ALPN protocol strings in the order of
666 std::vector<StringRef> npn_list;
667 // list of supported SSL/TLS protocol strings.
668 std::vector<StringRef> tls_proto_list;
669 std::vector<uint8_t> sct_data;
670 BIO_METHOD *bio_method;
671 // Bit mask to disable SSL/TLS protocol versions. This will be
672 // passed to SSL_CTX_set_options().
673 long int tls_proto_mask;
674 StringRef backend_sni_name;
675 std::chrono::seconds session_timeout;
676 StringRef private_key_file;
677 StringRef private_key_passwd;
679 StringRef dh_param_file;
681 StringRef tls13_ciphers;
682 StringRef ecdh_curves;
684 // The maximum amount of 0-RTT data that server accepts.
685 uint32_t max_early_data;
686 // The minimum and maximum TLS version. These values are defined in
687 // OpenSSL header file.
688 int min_proto_version;
689 int max_proto_version;
691 bool no_http2_cipher_black_list;
692 // true if forwarding requests included in TLS early data should not
693 // be postponed until TLS handshake finishes.
694 bool no_postpone_early_data;
699 // not NULL-terminated
700 std::vector<uint8_t> content;
701 // 0 is special value, and it matches all HTTP status code.
702 unsigned int http_status;
707 // obfuscated value used in "by" parameter of Forwarded header
708 // field. This is only used when user defined static obfuscated
709 // string is provided.
710 StringRef by_obfuscated;
711 // bitwise-OR of one or more of shrpx_forwarded_param values.
713 // type of value recorded in "by" parameter of Forwarded header
715 ForwardedNode by_node_type;
716 // type of value recorded in "for" parameter of Forwarded header
718 ForwardedNode for_node_type;
732 std::vector<AltSvc> altsvcs;
733 std::vector<ErrorPage> error_pages;
734 HeaderRefs add_request_headers;
735 HeaderRefs add_response_headers;
736 StringRef server_name;
737 // Port number which appears in Location header field when https
739 StringRef redirect_https_port;
740 size_t request_header_field_buffer;
741 size_t max_request_header_fields;
742 size_t response_header_field_buffer;
743 size_t max_response_header_fields;
746 bool no_location_rewrite;
747 bool no_host_rewrite;
748 bool no_server_rewrite;
755 StringRef request_header_file;
756 StringRef response_header_file;
757 FILE *request_header;
758 FILE *response_header;
765 nghttp2_option *option;
766 nghttp2_option *alt_mode_option;
767 nghttp2_session_callbacks *callbacks;
768 size_t max_concurrent_streams;
769 size_t encoder_dynamic_table_size;
770 size_t decoder_dynamic_table_size;
772 int32_t connection_window_size;
773 bool optimize_write_buffer_size;
774 bool optimize_window_size;
780 nghttp2_option *option;
781 nghttp2_session_callbacks *callbacks;
782 size_t encoder_dynamic_table_size;
783 size_t decoder_dynamic_table_size;
785 int32_t connection_window_size;
786 size_t max_concurrent_streams;
789 ev_tstamp stream_read;
790 ev_tstamp stream_write;
792 bool no_cookie_crumbling;
796 struct LoggingConfig {
798 std::vector<LogFragment> format;
800 // Send accesslog to syslog, ignoring accesslog_file.
802 // Write accesslog when response headers are received from
803 // backend, rather than response body is received and sent.
808 // Send errorlog to syslog, ignoring errorlog_file.
815 struct RateLimitConfig {
820 // Wildcard host pattern routing. We strips left most '*' from host
821 // field. router includes all path patterns sharing the same wildcard
823 struct WildcardPattern {
824 WildcardPattern(const StringRef &host) : host(host) {}
826 // This might not be NULL terminated. Currently it is only used for
832 // Configuration to select backend to forward request
833 struct RouterConfig {
835 // Router for reversed wildcard hosts. Since this router has
836 // wildcard hosts reversed without '*', one should call match()
837 // function with reversed host stripping last character. This is
838 // because we require at least one character must match for '*'.
839 // The index stored in this router is index of wildcard_patterns.
840 Router rev_wildcard_router;
841 std::vector<WildcardPattern> wildcard_patterns;
844 struct DownstreamConfig {
846 : balloc(1024, 1024),
848 addr_group_catch_all{0},
849 connections_per_host{0},
850 connections_per_frontend{0},
851 request_buffer_size{0},
852 response_buffer_size{0},
855 DownstreamConfig(const DownstreamConfig &) = delete;
856 DownstreamConfig(DownstreamConfig &&) = delete;
857 DownstreamConfig &operator=(const DownstreamConfig &) = delete;
858 DownstreamConfig &operator=(DownstreamConfig &&) = delete;
860 // Allocator to allocate memory for Downstream configuration. Since
861 // we may swap around DownstreamConfig in arbitrary times with API
862 // calls, we should use their own allocator instead of per Config
864 BlockAllocator balloc;
870 // The maximum backoff while checking health check for offline
871 // backend or while detaching failed backend from load balancing
872 // group temporarily.
873 ev_tstamp max_backoff;
876 std::vector<DownstreamAddrGroupConfig> addr_groups;
877 // The index of catch-all group in downstream_addr_groups.
878 size_t addr_group_catch_all;
879 size_t connections_per_host;
880 size_t connections_per_frontend;
881 size_t request_buffer_size;
882 size_t response_buffer_size;
883 // Address family of backend connection. One of either AF_INET,
884 // AF_INET6 or AF_UNSPEC. This is ignored if backend connection
885 // is made via Unix domain socket.
889 struct ConnectionConfig {
894 // address of frontend acceptors
895 std::vector<UpstreamAddr> addrs;
897 // TCP fastopen. If this is positive, it is passed to
898 // setsockopt() along with TCP_FASTOPEN.
904 ev_tstamp http2_read;
910 RateLimitConfig read;
911 RateLimitConfig write;
913 size_t worker_connections;
914 // Deprecated. See UpstreamAddr.accept_proxy_protocol.
915 bool accept_proxy_protocol;
918 std::shared_ptr<DownstreamConfig> downstream;
922 // Maximum request body size for one API request
923 size_t max_request_body;
924 // true if at least one of UpstreamAddr has api enabled
933 // The number of tries name resolver makes before abandoning
940 : balloc(4096, 4096),
941 downstream_http_proxy{},
959 single_process{false},
960 single_thread{false},
961 ignore_per_pattern_mruby_error{false},
965 Config(Config &&) = delete;
966 Config(const Config &&) = delete;
967 Config &operator=(Config &&) = delete;
968 Config &operator=(const Config &&) = delete;
970 // Allocator to allocate memory for this object except for
971 // DownstreamConfig. Currently, it is used to allocate memory for
973 BlockAllocator balloc;
974 HttpProxy downstream_http_proxy;
978 LoggingConfig logging;
979 ConnectionConfig conn;
985 StringRef mruby_file;
986 // The revision of configuration which is opaque string, and changes
987 // on each configuration reloading. This does not change on
988 // backendconfig API call. This value is returned in health check
989 // as "nghttpx-conf-rev" response header field. The external
990 // program can check this value to know whether reloading has
992 uint64_t config_revision;
995 size_t rlimit_nofile;
1002 // Run nghttpx in single process mode. With this mode, signal
1003 // handling is omitted.
1004 bool single_process;
1006 // Ignore mruby compile error for per-pattern mruby script.
1007 bool ignore_per_pattern_mruby_error;
1008 // flags passed to ev_default_loop() and ev_loop_new()
1012 const Config *get_config();
1013 Config *mod_config();
1014 // Replaces the current config with given |new_config|. The old config is
1016 std::unique_ptr<Config> replace_config(std::unique_ptr<Config> new_config);
1017 void create_config();
1019 // generated by gennghttpxfun.py
1021 SHRPX_OPTID_ACCEPT_PROXY_PROTOCOL,
1022 SHRPX_OPTID_ACCESSLOG_FILE,
1023 SHRPX_OPTID_ACCESSLOG_FORMAT,
1024 SHRPX_OPTID_ACCESSLOG_SYSLOG,
1025 SHRPX_OPTID_ACCESSLOG_WRITE_EARLY,
1026 SHRPX_OPTID_ADD_FORWARDED,
1027 SHRPX_OPTID_ADD_REQUEST_HEADER,
1028 SHRPX_OPTID_ADD_RESPONSE_HEADER,
1029 SHRPX_OPTID_ADD_X_FORWARDED_FOR,
1031 SHRPX_OPTID_API_MAX_REQUEST_BODY,
1032 SHRPX_OPTID_BACKEND,
1033 SHRPX_OPTID_BACKEND_ADDRESS_FAMILY,
1034 SHRPX_OPTID_BACKEND_CONNECT_TIMEOUT,
1035 SHRPX_OPTID_BACKEND_CONNECTIONS_PER_FRONTEND,
1036 SHRPX_OPTID_BACKEND_CONNECTIONS_PER_HOST,
1037 SHRPX_OPTID_BACKEND_HTTP_PROXY_URI,
1038 SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_FRONTEND,
1039 SHRPX_OPTID_BACKEND_HTTP1_CONNECTIONS_PER_HOST,
1040 SHRPX_OPTID_BACKEND_HTTP1_TLS,
1041 SHRPX_OPTID_BACKEND_HTTP2_CONNECTION_WINDOW_BITS,
1042 SHRPX_OPTID_BACKEND_HTTP2_CONNECTION_WINDOW_SIZE,
1043 SHRPX_OPTID_BACKEND_HTTP2_CONNECTIONS_PER_WORKER,
1044 SHRPX_OPTID_BACKEND_HTTP2_DECODER_DYNAMIC_TABLE_SIZE,
1045 SHRPX_OPTID_BACKEND_HTTP2_ENCODER_DYNAMIC_TABLE_SIZE,
1046 SHRPX_OPTID_BACKEND_HTTP2_MAX_CONCURRENT_STREAMS,
1047 SHRPX_OPTID_BACKEND_HTTP2_SETTINGS_TIMEOUT,
1048 SHRPX_OPTID_BACKEND_HTTP2_WINDOW_BITS,
1049 SHRPX_OPTID_BACKEND_HTTP2_WINDOW_SIZE,
1050 SHRPX_OPTID_BACKEND_IPV4,
1051 SHRPX_OPTID_BACKEND_IPV6,
1052 SHRPX_OPTID_BACKEND_KEEP_ALIVE_TIMEOUT,
1053 SHRPX_OPTID_BACKEND_MAX_BACKOFF,
1054 SHRPX_OPTID_BACKEND_NO_TLS,
1055 SHRPX_OPTID_BACKEND_READ_TIMEOUT,
1056 SHRPX_OPTID_BACKEND_REQUEST_BUFFER,
1057 SHRPX_OPTID_BACKEND_RESPONSE_BUFFER,
1058 SHRPX_OPTID_BACKEND_TLS,
1059 SHRPX_OPTID_BACKEND_TLS_SNI_FIELD,
1060 SHRPX_OPTID_BACKEND_WRITE_TIMEOUT,
1061 SHRPX_OPTID_BACKLOG,
1063 SHRPX_OPTID_CERTIFICATE_FILE,
1064 SHRPX_OPTID_CIPHERS,
1066 SHRPX_OPTID_CLIENT_CERT_FILE,
1067 SHRPX_OPTID_CLIENT_CIPHERS,
1068 SHRPX_OPTID_CLIENT_NO_HTTP2_CIPHER_BLACK_LIST,
1069 SHRPX_OPTID_CLIENT_PRIVATE_KEY_FILE,
1070 SHRPX_OPTID_CLIENT_PROXY,
1071 SHRPX_OPTID_CLIENT_PSK_SECRETS,
1074 SHRPX_OPTID_DH_PARAM_FILE,
1075 SHRPX_OPTID_DNS_CACHE_TIMEOUT,
1076 SHRPX_OPTID_DNS_LOOKUP_TIMEOUT,
1077 SHRPX_OPTID_DNS_MAX_TRY,
1078 SHRPX_OPTID_ECDH_CURVES,
1079 SHRPX_OPTID_ERROR_PAGE,
1080 SHRPX_OPTID_ERRORLOG_FILE,
1081 SHRPX_OPTID_ERRORLOG_SYSLOG,
1082 SHRPX_OPTID_FASTOPEN,
1083 SHRPX_OPTID_FETCH_OCSP_RESPONSE_FILE,
1084 SHRPX_OPTID_FORWARDED_BY,
1085 SHRPX_OPTID_FORWARDED_FOR,
1086 SHRPX_OPTID_FRONTEND,
1087 SHRPX_OPTID_FRONTEND_FRAME_DEBUG,
1088 SHRPX_OPTID_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS,
1089 SHRPX_OPTID_FRONTEND_HTTP2_CONNECTION_WINDOW_SIZE,
1090 SHRPX_OPTID_FRONTEND_HTTP2_DECODER_DYNAMIC_TABLE_SIZE,
1091 SHRPX_OPTID_FRONTEND_HTTP2_DUMP_REQUEST_HEADER,
1092 SHRPX_OPTID_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER,
1093 SHRPX_OPTID_FRONTEND_HTTP2_ENCODER_DYNAMIC_TABLE_SIZE,
1094 SHRPX_OPTID_FRONTEND_HTTP2_MAX_CONCURRENT_STREAMS,
1095 SHRPX_OPTID_FRONTEND_HTTP2_OPTIMIZE_WINDOW_SIZE,
1096 SHRPX_OPTID_FRONTEND_HTTP2_OPTIMIZE_WRITE_BUFFER_SIZE,
1097 SHRPX_OPTID_FRONTEND_HTTP2_READ_TIMEOUT,
1098 SHRPX_OPTID_FRONTEND_HTTP2_SETTINGS_TIMEOUT,
1099 SHRPX_OPTID_FRONTEND_HTTP2_WINDOW_BITS,
1100 SHRPX_OPTID_FRONTEND_HTTP2_WINDOW_SIZE,
1101 SHRPX_OPTID_FRONTEND_KEEP_ALIVE_TIMEOUT,
1102 SHRPX_OPTID_FRONTEND_MAX_REQUESTS,
1103 SHRPX_OPTID_FRONTEND_NO_TLS,
1104 SHRPX_OPTID_FRONTEND_READ_TIMEOUT,
1105 SHRPX_OPTID_FRONTEND_WRITE_TIMEOUT,
1106 SHRPX_OPTID_HEADER_FIELD_BUFFER,
1107 SHRPX_OPTID_HOST_REWRITE,
1108 SHRPX_OPTID_HTTP2_BRIDGE,
1109 SHRPX_OPTID_HTTP2_MAX_CONCURRENT_STREAMS,
1110 SHRPX_OPTID_HTTP2_NO_COOKIE_CRUMBLING,
1111 SHRPX_OPTID_HTTP2_PROXY,
1112 SHRPX_OPTID_IGNORE_PER_PATTERN_MRUBY_ERROR,
1113 SHRPX_OPTID_INCLUDE,
1114 SHRPX_OPTID_INSECURE,
1115 SHRPX_OPTID_LISTENER_DISABLE_TIMEOUT,
1116 SHRPX_OPTID_LOG_LEVEL,
1117 SHRPX_OPTID_MAX_HEADER_FIELDS,
1118 SHRPX_OPTID_MAX_REQUEST_HEADER_FIELDS,
1119 SHRPX_OPTID_MAX_RESPONSE_HEADER_FIELDS,
1120 SHRPX_OPTID_MRUBY_FILE,
1121 SHRPX_OPTID_NO_ADD_X_FORWARDED_PROTO,
1122 SHRPX_OPTID_NO_HOST_REWRITE,
1123 SHRPX_OPTID_NO_HTTP2_CIPHER_BLACK_LIST,
1124 SHRPX_OPTID_NO_KQUEUE,
1125 SHRPX_OPTID_NO_LOCATION_REWRITE,
1126 SHRPX_OPTID_NO_OCSP,
1127 SHRPX_OPTID_NO_SERVER_PUSH,
1128 SHRPX_OPTID_NO_SERVER_REWRITE,
1129 SHRPX_OPTID_NO_STRIP_INCOMING_EARLY_DATA,
1130 SHRPX_OPTID_NO_STRIP_INCOMING_X_FORWARDED_PROTO,
1131 SHRPX_OPTID_NO_VERIFY_OCSP,
1133 SHRPX_OPTID_NPN_LIST,
1134 SHRPX_OPTID_OCSP_STARTUP,
1135 SHRPX_OPTID_OCSP_UPDATE_INTERVAL,
1136 SHRPX_OPTID_PADDING,
1137 SHRPX_OPTID_PID_FILE,
1138 SHRPX_OPTID_PRIVATE_KEY_FILE,
1139 SHRPX_OPTID_PRIVATE_KEY_PASSWD_FILE,
1140 SHRPX_OPTID_PSK_SECRETS,
1141 SHRPX_OPTID_READ_BURST,
1142 SHRPX_OPTID_READ_RATE,
1143 SHRPX_OPTID_REDIRECT_HTTPS_PORT,
1144 SHRPX_OPTID_REQUEST_HEADER_FIELD_BUFFER,
1145 SHRPX_OPTID_RESPONSE_HEADER_FIELD_BUFFER,
1146 SHRPX_OPTID_RLIMIT_NOFILE,
1147 SHRPX_OPTID_SERVER_NAME,
1148 SHRPX_OPTID_SINGLE_PROCESS,
1149 SHRPX_OPTID_SINGLE_THREAD,
1150 SHRPX_OPTID_STREAM_READ_TIMEOUT,
1151 SHRPX_OPTID_STREAM_WRITE_TIMEOUT,
1152 SHRPX_OPTID_STRIP_INCOMING_FORWARDED,
1153 SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_FOR,
1154 SHRPX_OPTID_SUBCERT,
1155 SHRPX_OPTID_SYSLOG_FACILITY,
1156 SHRPX_OPTID_TLS_DYN_REC_IDLE_TIMEOUT,
1157 SHRPX_OPTID_TLS_DYN_REC_WARMUP_THRESHOLD,
1158 SHRPX_OPTID_TLS_MAX_EARLY_DATA,
1159 SHRPX_OPTID_TLS_MAX_PROTO_VERSION,
1160 SHRPX_OPTID_TLS_MIN_PROTO_VERSION,
1161 SHRPX_OPTID_TLS_NO_POSTPONE_EARLY_DATA,
1162 SHRPX_OPTID_TLS_PROTO_LIST,
1163 SHRPX_OPTID_TLS_SCT_DIR,
1164 SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED,
1165 SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_ADDRESS_FAMILY,
1166 SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_CERT_FILE,
1167 SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_PRIVATE_KEY_FILE,
1168 SHRPX_OPTID_TLS_SESSION_CACHE_MEMCACHED_TLS,
1169 SHRPX_OPTID_TLS_TICKET_KEY_CIPHER,
1170 SHRPX_OPTID_TLS_TICKET_KEY_FILE,
1171 SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED,
1172 SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_ADDRESS_FAMILY,
1173 SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_CERT_FILE,
1174 SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
1175 SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
1176 SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
1177 SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_PRIVATE_KEY_FILE,
1178 SHRPX_OPTID_TLS_TICKET_KEY_MEMCACHED_TLS,
1179 SHRPX_OPTID_TLS13_CIPHERS,
1180 SHRPX_OPTID_TLS13_CLIENT_CIPHERS,
1182 SHRPX_OPTID_VERIFY_CLIENT,
1183 SHRPX_OPTID_VERIFY_CLIENT_CACERT,
1184 SHRPX_OPTID_VERIFY_CLIENT_TOLERATE_EXPIRED,
1185 SHRPX_OPTID_WORKER_FRONTEND_CONNECTIONS,
1186 SHRPX_OPTID_WORKER_READ_BURST,
1187 SHRPX_OPTID_WORKER_READ_RATE,
1188 SHRPX_OPTID_WORKER_WRITE_BURST,
1189 SHRPX_OPTID_WORKER_WRITE_RATE,
1190 SHRPX_OPTID_WORKERS,
1191 SHRPX_OPTID_WRITE_BURST,
1192 SHRPX_OPTID_WRITE_RATE,
1196 // Looks up token for given option name |name| of length |namelen|.
1197 int option_lookup_token(const char *name, size_t namelen);
1199 // Parses option name |opt| and value |optarg|. The results are
1200 // stored into the object pointed by |config|. This function returns 0
1201 // if it succeeds, or -1. The |included_set| contains the all paths
1202 // already included while processing this configuration, to avoid loop
1203 // in --include option. The |pattern_addr_indexer| contains a pair of
1204 // pattern of backend, and its index in DownstreamConfig::addr_groups.
1205 // It is introduced to speed up loading configuration file with lots
1207 int parse_config(Config *config, const StringRef &opt, const StringRef &optarg,
1208 std::set<StringRef> &included_set,
1209 std::map<StringRef, size_t> &pattern_addr_indexer);
1211 // Similar to parse_config() above, but additional |optid| which
1212 // should be the return value of option_lookup_token(opt).
1213 int parse_config(Config *config, int optid, const StringRef &opt,
1214 const StringRef &optarg, std::set<StringRef> &included_set,
1215 std::map<StringRef, size_t> &pattern_addr_indexer);
1217 // Loads configurations from |filename| and stores them in |config|.
1218 // This function returns 0 if it succeeds, or -1. See parse_config()
1219 // for |include_set|.
1220 int load_config(Config *config, const char *filename,
1221 std::set<StringRef> &include_set,
1222 std::map<StringRef, size_t> &pattern_addr_indexer);
1224 // Parses header field in |optarg|. We expect header field is formed
1225 // like "NAME: VALUE". We require that NAME is non empty string. ":"
1226 // is allowed at the start of the NAME, but NAME == ":" is not
1227 // allowed. This function returns pair of NAME and VALUE.
1228 HeaderRefs::value_type parse_header(BlockAllocator &balloc,
1229 const StringRef &optarg);
1231 std::vector<LogFragment> parse_log_format(BlockAllocator &balloc,
1232 const StringRef &optarg);
1234 // Returns string for syslog |facility|.
1235 StringRef str_syslog_facility(int facility);
1237 // Returns integer value of syslog |facility| string.
1238 int int_syslog_facility(const StringRef &strfacility);
1240 FILE *open_file_for_write(const char *filename);
1242 // Reads TLS ticket key file in |files| and returns TicketKey which
1243 // stores read key data. The given |cipher| and |hmac| determine the
1244 // expected file size. This function returns TicketKey if it
1245 // succeeds, or nullptr.
1246 std::unique_ptr<TicketKeys>
1247 read_tls_ticket_key_file(const std::vector<StringRef> &files,
1248 const EVP_CIPHER *cipher, const EVP_MD *hmac);
1250 // Returns string representation of |proto|.
1251 StringRef strproto(Proto proto);
1253 int configure_downstream_group(Config *config, bool http2_proxy,
1254 bool numeric_addr_only,
1255 const TLSConfig &tlsconf);
1257 int resolve_hostname(Address *addr, const char *hostname, uint16_t port,
1258 int family, int additional_flags = 0);
1260 } // namespace shrpx
1262 #endif // SHRPX_CONFIG_H