From: Stefan Sperling Subject: gotwebd.conf global address settings To: gameoftrees@openbsd.org Date: Sat, 20 Aug 2022 05:49:04 +0200 It doesn't seem useful to me to have socket configuration data in the global gotwebd context. These settings should be per-server, with implicit defaults if not specified. With the patch below, the only remaining global config items in gotwebd.conf are the pre-fork count and the chroot directory path. This means admins may have to specify addresses redundantly. The following syntax no longer works: fcgi_socket yes listen on 127.0.0.1 port 9999 server foo { } server bar { } Instead, the above would now need to be written as: server foo { fcgi_socket yes listen on 127.0.0.1 port 9999 } server bar { fcgi_socket yes listen on 127.0.0.1 port 9999 } Which seems better to me because it is much easier to understand. And listing IPs per server instance makes it less likely that a server instance would accidentally be exposed via the wrong IP address. Going forward, I think we should be able to remove the 'fcgi_socket' toggle, and set this toggle implicitly when a "listen on" statement appears. But that is left for a later patch. ok? diff 026ac2c462910064c5c9143a96b17a920e6bbc58 6d22ddcbe3fad88cb86835fb75bb5e83511c81dd commit - 026ac2c462910064c5c9143a96b17a920e6bbc58 commit + 6d22ddcbe3fad88cb86835fb75bb5e83511c81dd blob - 4a98f544d07275e73edfe3df1b42a22bc24af9c0 blob + f9c4cfd4e7cf5b57181a4e04590cfc540f2cf5aa --- gotwebd/gotwebd.h +++ gotwebd/gotwebd.h @@ -333,13 +333,6 @@ struct gotwebd { int server_cnt; char httpd_chroot[PATH_MAX]; - - int unix_socket; - char unix_socket_name[PATH_MAX]; - - int fcgi_socket; - char fcgi_socket_bind[GOTWEBD_MAXTEXT]; - in_port_t fcgi_socket_port; }; struct querystring { blob - 601286fd54eb92e666ed42a52b7d7a851eb91940 blob + 5e0cace3988998b75c7ea3fce9383982b42a2465 --- gotwebd/parse.y +++ gotwebd/parse.y @@ -188,29 +188,6 @@ main : PREFORK NUMBER { } free($2); } - | FCGI_SOCKET boolean { - gotwebd->fcgi_socket = $2; - } - | FCGI_SOCKET boolean { - gotwebd->fcgi_socket = $2; - } '{' optnl socketopts4 '}' - | UNIX_SOCKET boolean { - gotwebd->unix_socket = $2; - } - | UNIX_SOCKET_NAME STRING { - n = snprintf(gotwebd->unix_socket_name, - sizeof(gotwebd->unix_socket_name), "%s%s", - strlen(gotwebd->httpd_chroot) ? - gotwebd->httpd_chroot : D_HTTPD_CHROOT, $2); - if (n < 0 || - (size_t)n >= sizeof(gotwebd->unix_socket_name)) { - yyerror("%s: unix_socket_name truncated", - __func__); - free($2); - YYERROR; - } - free($2); - } ; server : SERVER STRING { @@ -414,26 +391,6 @@ socketopts2 : socketopts2 socketopts1 nl | socketopts1 optnl ; -socketopts3 : LISTEN ON STRING { - n = strlcpy(gotwebd->fcgi_socket_bind, $3, - sizeof(gotwebd->fcgi_socket_bind)); - if (n >= sizeof(gotwebd->fcgi_socket_bind)) { - yyerror("%s: fcgi_socket_bind truncated", - __func__); - free($3); - YYERROR; - } - free($3); - } - | PORT fcgiport { - gotwebd->fcgi_socket_port = $2; - } - ; - -socketopts4 : socketopts4 socketopts3 nl - | socketopts3 optnl - ; - nl : '\n' optnl ; @@ -879,7 +836,6 @@ struct server * conf_new_server(const char *name) { struct server *srv = NULL; - int val; srv = calloc(1, sizeof(*srv)); if (srv == NULL) @@ -920,9 +876,7 @@ conf_new_server(const char *name) if (n >= sizeof(srv->custom_css)) fatalx("%s: strlcpy", __func__); - val = getservice(D_FCGI_PORT); - srv->fcgi_socket_port = gotwebd->fcgi_socket_port ? - gotwebd->fcgi_socket_port: val; + srv->fcgi_socket_port = getservice(D_FCGI_PORT); srv->show_site_owner = D_SHOWSOWNER; srv->show_repo_owner = D_SHOWROWNER; @@ -934,8 +888,9 @@ conf_new_server(const char *name) srv->max_commits_display = D_MAXCOMMITDISP; srv->max_repos = D_MAXREPO; + /* Unix socket is the default. */ srv->unix_socket = 1; - srv->fcgi_socket = gotwebd->fcgi_socket ? gotwebd->fcgi_socket : 0; + srv->fcgi_socket = 0; TAILQ_INIT(&srv->al); TAILQ_INSERT_TAIL(&gotwebd->servers, srv, entry);