~emersion/kimchi: master

cd8b11f5 — Simon Ser 2 months ago master

Don't trust http.Request.URL.Scheme to set Forwarded proto

Instead, use contextTLSState.

1585a9b2 — Simon Ser 2 months ago

Drop port from X-Forwarded-For

f43d2f1d — delthas 2 months ago

Support Hijack, Flush when using access logs

This fixes the following error when using WebSockets with access logs
enabled:

    http: proxy error: can't switch protocols using non-Hijacker ResponseWriter type *main.interceptRW

We also add an Unwrap method for upcoming (Go 1.20) ResponseController
support.

b5c6ce57 — Simon Ser 10 months ago

Retry on temporary net.Listener failure

Instead of stopping to listen, retry on temporary failure. This
can happen when running out of FDs.

f26ac42a — Simon Ser 10 months ago

Close access logs file in Server.Stop

899040ea — Simon Ser 10 months ago

Reload config file on SIGHUP

354b737a — Simon Ser 10 months ago

Handle SIGINT and SIGTERM

Not quite complete yet, but it's a start.

398943d6 — Simon Ser 11 months ago

Bump RLIMIT_NOFILE

We're a TCP server, we'll handle potentially a lot of FDs.

See https://0pointer.net/blog/file-descriptor-limits.html

d577250f — Simon Ser 11 months ago

Upgrade dependencies

2dde0d46 — Simon Ser 11 months ago

Use net.ErrClosed instead of our own error value

09e5c497 — delthas 1 year, 3 months ago

Use the HTTP/2 priority scheduler by default

The HTTP/2 random scheduler is used by default in kimchi. The default
scheduler was changed in Go 1.9 to the priority-based scheduler but this
change is only active in basic net/http server usages, not in our case.

This commit manually enables the priority-based HTTP/2 scheduler.

See: https://github.com/golang/go/issues/18318
See: https://go-review.googlesource.com/c/go/+/43231/

9baad456 — delthas 1 year, 3 months ago

Add the access-logs directive

This lets users log all requests to a kimchi server, for easy debugging.

e00f9159 — delthas 1 year, 4 months ago

Fix redirecting to HTTPS with multiple hosts on the same port

Before this patch, there was only one Insecure flag per listener port.
This means that using any http+insecure host for a certain port would
prevent any request to that port from being redirect to HTTPS.

Example:

  site http://foo.example.com {
    ...
  }
  site http+insecure://bar.example.com {
    ...
  }

makes any request to http://bar.example.com AND http://foo.example.com
NOT redirect to HTTPS.

This patch fixes the issue by storing the insecure flag per handler
instead of per listener.

5238436d — Simon Ser 1 year, 4 months ago

readme: add contributing section

1ec4ec62 — Simon Ser 1 year, 10 months ago

man: update example with kimchi directives

The example was using tlstunnel directives.

78402681 — Simon Ser 1 year, 10 months ago

contrib/systemd: add template service file

81efed75 — Jonathan Halmen 1 year, 10 months ago

Fix path for site configs with subtree roots

This makes site configs such as the following work:

    site foo.example.org/foo/ {
        file_server /path/to/index/html/
    }

f4a3b3f5 — Simon Ser 1 year, 10 months ago

man: better describe path matching rules

181313a0 — Simon Ser 2 years ago

makefile: remove build dep from install target

Otherwise the Go tooling gets run as root.

512fa7bf — delthas 2 years ago

Set the X-Forwarded-* headers