Don't trust http.Request.URL.Scheme to set Forwarded proto

Instead, use contextTLSState.
Drop port from X-Forwarded-For
f43d2f1d — delthas 2 months ago
Support Hijack, Flush when using access logs

This fixes the following error when using WebSockets with access logs

    http: proxy error: can't switch protocols using non-Hijacker ResponseWriter type *main.interceptRW

We also add an Unwrap method for upcoming (Go 1.20) ResponseController
Retry on temporary net.Listener failure

Instead of stopping to listen, retry on temporary failure. This
can happen when running out of FDs.
Close access logs file in Server.Stop
Reload config file on SIGHUP

Not quite complete yet, but it's a start.

We're a TCP server, we'll handle potentially a lot of FDs.

See https://0pointer.net/blog/file-descriptor-limits.html
Upgrade dependencies
Use net.ErrClosed instead of our own error value
Use the HTTP/2 priority scheduler by default

The HTTP/2 random scheduler is used by default in kimchi. The default
scheduler was changed in Go 1.9 to the priority-based scheduler but this
change is only active in basic net/http server usages, not in our case.

This commit manually enables the priority-based HTTP/2 scheduler.

See: https://github.com/golang/go/issues/18318
See: https://go-review.googlesource.com/c/go/+/43231/
Add the access-logs directive

This lets users log all requests to a kimchi server, for easy debugging.
Fix redirecting to HTTPS with multiple hosts on the same port

Before this patch, there was only one Insecure flag per listener port.
This means that using any http+insecure host for a certain port would
prevent any request to that port from being redirect to HTTPS.


  site http://foo.example.com {
  site http+insecure://bar.example.com {

makes any request to http://bar.example.com AND http://foo.example.com
NOT redirect to HTTPS.

This patch fixes the issue by storing the insecure flag per handler
instead of per listener.
readme: add contributing section
man: update example with kimchi directives

The example was using tlstunnel directives.
contrib/systemd: add template service file
Fix path for site configs with subtree roots

This makes site configs such as the following work:

    site foo.example.org/foo/ {
        file_server /path/to/index/html/
man: better describe path matching rules
makefile: remove build dep from install target

Otherwise the Go tooling gets run as root.
512fa7bf — delthas 2 years ago
Set the X-Forwarded-* headers