"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Omar Polo <op@omarpolo.com>
Subject:
Re: gotwebd.conf global address settings
To:
Stefan Sperling <stsp@stsp.name>
Cc:
gameoftrees@openbsd.org
Date:
Sat, 20 Aug 2022 16:04:47 +0200

Download raw body.

Thread
On 2022/08/20 05:49:04 +0200, Stefan Sperling <stsp@stsp.name> wrote:
> It doesn't seem useful to me to have socket configuration data in
> the global gotwebd context. These settings should be per-server,
> with implicit defaults if not specified.

makes sense to me

> With the patch below, the only remaining global config items in
> gotwebd.conf are the pre-fork count and the chroot directory path.
> 
> This means admins may have to specify addresses redundantly.
> The following syntax no longer works:
> 
>   fcgi_socket yes
>   listen on 127.0.0.1
>   port 9999
>   server foo { }
>   server bar { }
> 
> Instead, the above would now need to be written as:
> 
>   server foo {
>     fcgi_socket yes
>     listen on 127.0.0.1
>     port 9999
>   }
>   server bar {
>     fcgi_socket yes
>     listen on 127.0.0.1
>     port 9999
>   }
> 
> Which seems better to me because it is much easier to understand.
> And listing IPs per server instance makes it less likely that a server
> instance would accidentally be exposed via the wrong IP address.
> 
> Going forward, I think we should be able to remove the 'fcgi_socket'
> toggle, and set this toggle implicitly when a "listen on" statement
> appears. But that is left for a later patch.
> 
> ok?

fwiw, i like the direction, ok op@