]>
git.proxmox.com Git - pve-http-server.git/log
summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Stoiko Ivanov [Fri, 15 Feb 2019 11:36:00 +0000 (12:36 +0100)]
Add configurable 'compression'
Rationale for disabling compression is the potential for being affected by
the BREACH (CVE-2013-3587) attack and it's considered good practice for https
configuration (see e.g. [0]).
The default remains: to have compression enabled for compressible file-types.
[0] https://cipherli.st/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Stoiko Ivanov [Fri, 15 Feb 2019 11:35:59 +0000 (12:35 +0100)]
Add configurable 'honor_cipher_order'
Needed to fix #2069.
Prefering the ciphers set in the server, instead of relying on the offer of the
client is considered good practice in TLS1.[012] (see e.g. [0]).
[0] https://cipherli.st/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Thomas Lamprecht [Fri, 28 Sep 2018 08:42:07 +0000 (10:42 +0200)]
bump version to 2.0-11
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dominik Csapak [Fri, 28 Sep 2018 07:36:39 +0000 (09:36 +0200)]
fix #1935: read empty line after 200 OK
commit
a4d8bbafbe400be78bebeab169963025dc46e29b
introduced an additional empty line after '200 OK'
for remote-viewer 7 to work, but we also have to read this line
in our own proxy reader else the connection to a remote node does
not work
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Rhonda D'Vine [Thu, 6 Sep 2018 09:43:43 +0000 (11:43 +0200)]
Use https for Homepage URL
Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
Rhonda D'Vine [Thu, 6 Sep 2018 09:43:42 +0000 (11:43 +0200)]
Add unzip to Build-Depends
Signed-off-by: Rhonda D'Vine <rhonda@proxmox.com>
Dietmar Maurer [Fri, 17 Aug 2018 06:30:07 +0000 (08:30 +0200)]
bump version to 2.0-10
Dominik Csapak [Thu, 16 Aug 2018 12:48:12 +0000 (14:48 +0200)]
fix #1869: send correct http response in spice proxy
the glib implementation of the http proxy correctly checks the
http response (response code, followed by an empty line)
so we need to answer with the correct status
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dietmar Maurer [Wed, 6 Jun 2018 15:30:40 +0000 (17:30 +0200)]
websocket: set $max_payload_size = 128*1024; (131072)
AnyEvent checks rbuf_max after calling the callback (too late), so
we can receive larger data, because AnyEvent uses MAX_READ_SIZE=131072
to fill the buffer.
So a more elegant solution is to set $max_payload_size=128*1024. At least
I am not able to receive rbuf larger than 128*1024 now. But I keep the
protection from the previous patch - just to be sure.
Dietmar Maurer [Wed, 6 Jun 2018 14:41:30 +0000 (16:41 +0200)]
limit websocket frame size
AnyEvent checks rbuf_max after calling the callback (too late), so
we can receive larger data.
Dietmar Maurer [Mon, 28 May 2018 08:36:26 +0000 (10:36 +0200)]
bump version to 2.0-9
René Jochum [Fri, 25 May 2018 16:15:22 +0000 (18:15 +0200)]
Fix #1684 WebSocket proxy behind a buffered proxy.
The given patch fixes incoming WebSocket traffic behind buffered Proxies
like NGINX.
NGINX buffers multiple requests from the Browser into one frame and sends that to pveproxy,
before this patch we then processed the first message of the frame and cleared the buffer which
may contained more messages.
With this patch we process each message and clear the buffer right.
This fixes the "NoVNC blank screen" problem users reported on the forums.
Thomas Lamprecht [Fri, 25 May 2018 14:42:05 +0000 (16:42 +0200)]
fixup no newline at end of .gitignore
René Jochum [Fri, 25 May 2018 13:20:57 +0000 (15:20 +0200)]
Add .gitignore
Signed-off-by: René Jochum <rene@jochums.at>
Fabian Grünbichler [Mon, 11 Dec 2017 14:36:42 +0000 (15:36 +0100)]
bump version to 2.0-8
Thomas Lamprecht [Thu, 7 Dec 2017 13:00:37 +0000 (14:00 +0100)]
auth_handler: respond with passed error if we get a PVE::Exception
Allows to fix a problem where a logged in connected client was logged
out because we could not verify him for this call as the cluster
filesystem was unavailable.
If we get such a exception then use it for responding.
THis is save as no logged out client can get ever do anything where
login privileges are required and a logged in client cannot to
anything during the problematic period, but does not gets logged out.
Partail fix for #1589
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Wolfgang Bumiller [Fri, 24 Nov 2017 08:25:55 +0000 (09:25 +0100)]
whitespace fixup
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Dominik Csapak [Thu, 23 Nov 2017 14:55:56 +0000 (15:55 +0100)]
add 'map' filetype to http-server
those files are used for javascript source maps
(useful for debugging purposes)
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dominik Csapak [Thu, 23 Nov 2017 14:55:55 +0000 (15:55 +0100)]
do not send websocket status code to port
this is not data, but the status code,
so print it in debug mode instead
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Dietmar Maurer [Tue, 14 Nov 2017 07:05:38 +0000 (08:05 +0100)]
bump version to 2.0-7
Dietmar Maurer [Thu, 9 Nov 2017 06:17:49 +0000 (07:17 +0100)]
add content type application/x-compressed-tar
Dietmar Maurer [Wed, 8 Nov 2017 08:23:30 +0000 (09:23 +0100)]
allow API calls to download file contents.
We use this to download backup files with pmg.
Fabian Grünbichler [Wed, 4 Oct 2017 09:05:33 +0000 (11:05 +0200)]
build: reformat debian/control
using wrap-and-sort -abt
Dietmar Maurer [Thu, 10 Aug 2017 10:06:11 +0000 (12:06 +0200)]
bump version to 2.0-6
Dietmar Maurer [Thu, 10 Aug 2017 06:47:32 +0000 (08:47 +0200)]
pass $format to rest_handler()
Used by PMG::HTTPServer.
Wolfgang Bumiller [Fri, 2 Jun 2017 10:49:56 +0000 (12:49 +0200)]
bump version to 2.0-5
Dominik Csapak [Thu, 11 May 2017 11:01:10 +0000 (13:01 +0200)]
add json/mp3/oga/svg filetypes
those are needed for the noVNC upgrade
svg: button images
mp3/oga: bell sound of terminal
json: language files
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Thomas Lamprecht [Fri, 12 May 2017 07:37:49 +0000 (09:37 +0200)]
increase max POST data limit to 64 KB
this matches also our wbuf_max settings of our AnyEvent handle
Tested with 1000 parallel started dummy POST request with 64KB
payload, wh
It should not be too problematic to increase the limit
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Dietmar Maurer [Tue, 2 May 2017 09:56:13 +0000 (11:56 +0200)]
bump version to 2.0-4
Dietmar Maurer [Tue, 2 May 2017 07:58:53 +0000 (09:58 +0200)]
assume all parameters are utf8 encoded
Previously, we called decode_utf8_parameters(), which only encoded
some parameters. This was just an optimization, and it turend out to
be error prone (for example passwords also contain utf8 parameters).
Wolfgang Bumiller [Thu, 27 Apr 2017 12:02:46 +0000 (14:02 +0200)]
buildsys: clean: remove *.buildinfo
Dietmar Maurer [Mon, 24 Apr 2017 05:43:50 +0000 (07:43 +0200)]
bump version to 2.0-3
Dietmar Maurer [Mon, 24 Apr 2017 05:37:57 +0000 (07:37 +0200)]
avoid locale specific time stamps
Wolfgang Bumiller [Fri, 21 Apr 2017 09:52:21 +0000 (11:52 +0200)]
bump version to 2.0-2
Fabian Grünbichler [Thu, 30 Mar 2017 09:54:39 +0000 (11:54 +0200)]
fix #1332: allow ECDHE with all supported curves
with openssl 1.0.1, we had to limit ourself to one curve to
allow ECDHE at all.
with openssl 1.1.x, the same limit actually means only
allowing ECDSA certificates using that curve, even for
non-ephemeral ECDH handshakes, effectively only allowing
prime256 EC certificates.
since openssl 1.1.x supports auto-negotiation of the curve
used for ECDHE, simply use that for now.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Dietmar Maurer [Fri, 10 Mar 2017 07:51:30 +0000 (08:51 +0100)]
bump version to 2.0-1 for debian stretch
Dietmar Maurer [Wed, 8 Mar 2017 16:35:17 +0000 (17:35 +0100)]
Makefile: use "--product pve,pmg --dist stretch" for upload target
Dietmar Maurer [Fri, 3 Mar 2017 05:32:25 +0000 (06:32 +0100)]
cleanup error message for non-existent files
Wolfgang Bumiller [Tue, 7 Feb 2017 14:23:34 +0000 (15:23 +0100)]
buildsys: make job safety
Dietmar Maurer [Sat, 21 Jan 2017 15:37:07 +0000 (16:37 +0100)]
bump version to 1.0-4
Dietmar Maurer [Sat, 21 Jan 2017 15:35:36 +0000 (16:35 +0100)]
add debian triggers file
to correctly restart API daemons on updates.
Dietmar Maurer [Sat, 21 Jan 2017 15:23:37 +0000 (16:23 +0100)]
use ${perl:Depends}
to avoid warning when building the package
Dietmar Maurer [Sat, 21 Jan 2017 15:20:02 +0000 (16:20 +0100)]
bump version to 1.0-3
Dietmar Maurer [Sat, 21 Jan 2017 15:08:36 +0000 (16:08 +0100)]
add a more complex demo
Dietmar Maurer [Sat, 21 Jan 2017 14:48:04 +0000 (15:48 +0100)]
move simple-demo.pl -> examples/simple-demo.pl
Dietmar Maurer [Sat, 21 Jan 2017 10:55:18 +0000 (11:55 +0100)]
call Net::SSLeay::ERR_clear_error after all handlers
just to be sure.
Dietmar Maurer [Fri, 20 Jan 2017 17:15:21 +0000 (18:15 +0100)]
call Net::SSLeay::ERR_clear_error() after auth_handler
Some auth_handlers use Crypt::OpenSSL::RSA, which seems to set the openssl error
variable. We need to clear that here, else AnyEvent::TLS aborts the connection.
Dietmar Maurer [Fri, 20 Jan 2017 17:11:42 +0000 (18:11 +0100)]
remove simple-demo.pem in distclean
Avoid generating to many different certs (confuses the browser).
Dietmar Maurer [Fri, 20 Jan 2017 10:22:40 +0000 (11:22 +0100)]
avoid warnings when clients disconnects early
Dietmar Maurer [Tue, 17 Jan 2017 06:38:23 +0000 (07:38 +0100)]
implement more reasonable ticket verification for demo server
Do not pass secrets to client.
Dietmar Maurer [Tue, 17 Jan 2017 06:26:04 +0000 (07:26 +0100)]
set CN=$nodename for demo server certificate
Dietmar Maurer [Tue, 17 Jan 2017 05:50:06 +0000 (06:50 +0100)]
use openssl instead of make-ssl-cert to generate demo cert
We do not set things like subjectAltName, but the cert ist good
enough for the demo.
Dietmar Maurer [Mon, 16 Jan 2017 17:39:56 +0000 (18:39 +0100)]
bump version to 1.0-2
Dietmar Maurer [Mon, 16 Jan 2017 14:10:04 +0000 (15:10 +0100)]
simple-demo.pl: simple demo server for testing
Dietmar Maurer [Mon, 16 Jan 2017 13:24:21 +0000 (14:24 +0100)]
extract_auth_cookie: always call uri_unescape($ticket)
should not harm.
Dietmar Maurer [Mon, 16 Jan 2017 12:05:21 +0000 (13:05 +0100)]
use canonical flag for json format
Dietmar Maurer [Mon, 16 Jan 2017 10:40:45 +0000 (11:40 +0100)]
improve error message
Fabian Grünbichler [Mon, 16 Jan 2017 10:40:00 +0000 (11:40 +0100)]
fix debian/rules permissions
Fabian Grünbichler [Mon, 16 Jan 2017 10:34:50 +0000 (11:34 +0100)]
build script improvement
build with dpkg-buildpackage (in temp dir), instead of
install-ing the files manually and then pretending to build
with dpkg-buildpackage.
this makes the whole fakeroot/root handling simpler, and
makes "make deb" a simple wrapper around building the
package, like it should be.
Dietmar Maurer [Sun, 15 Jan 2017 10:43:48 +0000 (11:43 +0100)]
pass basic server configuration to formatter functions
Dietmar Maurer [Sun, 15 Jan 2017 10:04:02 +0000 (11:04 +0100)]
Formatter/HTML: only display description if we have one
Dietmar Maurer [Sun, 15 Jan 2017 09:54:26 +0000 (10:54 +0100)]
add some inline docs
Dietmar Maurer [Sun, 15 Jan 2017 08:25:24 +0000 (09:25 +0100)]
remove base_handler_class from required arguments
Dietmar Maurer [Sun, 15 Jan 2017 07:34:46 +0000 (08:34 +0100)]
remove all references to rpcenv (we can do this in the subclass).
Dietmar Maurer [Sat, 14 Jan 2017 16:16:22 +0000 (17:16 +0100)]
Formatter/Bootstrap.pm; use configured cookie_name
Dietmar Maurer [Sat, 14 Jan 2017 15:39:25 +0000 (16:39 +0100)]
pass $title to formatter functions
Dietmar Maurer [Sat, 14 Jan 2017 15:00:29 +0000 (16:00 +0100)]
include jquery-3.3.1.min.js
Dietmar Maurer [Sat, 14 Jan 2017 14:42:36 +0000 (15:42 +0100)]
Bootstrap.pm: remove support for IE8 and older
Dietmar Maurer [Sat, 14 Jan 2017 14:36:15 +0000 (15:36 +0100)]
include bootstrap-3.3.7-dist.zip files
Dietmar Maurer [Sat, 14 Jan 2017 13:26:33 +0000 (14:26 +0100)]
new helper add_dirs (copied from pveproxy.pm)
Dietmar Maurer [Sat, 14 Jan 2017 13:25:57 +0000 (14:25 +0100)]
depend on perl
Dietmar Maurer [Sat, 14 Jan 2017 12:18:27 +0000 (13:18 +0100)]
white space cleanups
Dietmar Maurer [Sat, 14 Jan 2017 12:16:59 +0000 (13:16 +0100)]
add new hook function to generate CSRF token
This avoid the reference to PVE::AccessControl.
Dietmar Maurer [Sat, 14 Jan 2017 10:12:05 +0000 (11:12 +0100)]
pass auth_handler result to formatters
In case somebody want to display that info.
Dietmar Maurer [Sat, 14 Jan 2017 09:25:10 +0000 (10:25 +0100)]
rework formatter registration
Do the whole thing inside PVE/APIServer/Formatter.pm
Dietmar Maurer [Fri, 13 Jan 2017 18:05:21 +0000 (19:05 +0100)]
add generic formatter framework
Dietmar Maurer [Fri, 13 Jan 2017 17:18:13 +0000 (18:18 +0100)]
rename class to PVE::APIServer::AnyEvent
So that we can move all api server related code into PVE::APIServer::*.
Dietmar Maurer [Fri, 13 Jan 2017 13:55:16 +0000 (14:55 +0100)]
debian/control: add missing dependencies
Dietmar Maurer [Fri, 13 Jan 2017 13:53:28 +0000 (14:53 +0100)]
avoide dependency on PVE::AccessControl
add new abstract function verify_spice_connect_url().
Dietmar Maurer [Fri, 13 Jan 2017 13:45:56 +0000 (14:45 +0100)]
move abstract fuctions to end of file
Dietmar Maurer [Fri, 13 Jan 2017 12:33:22 +0000 (13:33 +0100)]
AsyncHTTPServer.pm: fix dependencies, remove handler implementation
So this is an abstract, reusable class now.
Dietmar Maurer [Fri, 13 Jan 2017 12:16:54 +0000 (13:16 +0100)]
fix/change class name to PVE::AsyncHTTPServer
Dietmar Maurer [Fri, 13 Jan 2017 11:55:20 +0000 (12:55 +0100)]
initial import
The PVE/AsyncHTTPServer.pm code is copied from the pve-manager
package (PVE/HTTPServer.pm) and renamed.