qse/cmd/http/httpd.conf

#
# this is a sample configuration file for qsehttpd.
#

# string to be used as a httpd name 
name = "QSEHTTPD v1";

# none, unlimited, or positive number
max-nofile = none;
max-nproc = none;

#hooks {
#	module "ext-1" {
#		file = "ext";
#		config {
#			item1 = abc;
#			item2 = def;
#		}
#	}
#}

################################################
# default server configuration
################################################
server-default {
	backlog-size = 1024;

	# default ssl certificate file
	#ssl-cert-file = "/etc/qse/cert.pem";
	# default ssl private key file
	#ssl-key-file =  "/etc/qse/key.pem";

	####################################################################
	# document root
	####################################################################
	root = "/var/www";
	#root = "1.2.3.4:80";
	#root = "https://1.2.3.4";
	#root = "http://code.abiyo.net";
	#root = "<302>http://www.google.com"; #301, 302, 303, 307, 308
	#root = "<404>"; #400 - 599

	# pseudonym to use in Via: for proxying
	#pseudonym = "my-host";

	realm = "default realm";
	auth = "username:password";
	index = "index.html",
	        "index.cgi";

	# you can get some files exempted from authorization 
	# with auth-rule.
	#auth-rule {
	#	suffix ".awk" = noauth;
	#	other = auth;
	#}

	cgi {

		#name "t3.nph" = "nph";
		#prefix "t3." = "nph";
		suffix ".cgi";
		suffix ".nph" = "nph";
		suffix ".awk" = "cgi", "/usr/bin/qseawk -f";

		# glob is not supported yet
		# glob "x*.xxx";
	}

	mime {
		@include "httpd-mime.conf";
	}


	####################################################################
	#
	# Accee control including dir-access and file-access can be 
	# defined using patterns and actions shown below
	#
	# Pattern
	# 	prefix ".xxxx"     (prefix match)
	# 	suffix "xxxx."     (suffix match)
	# 	name   "xxxx.yyyy" (exact match)
	# 	other              (all others)
	#
	# Action
	#	noent
	#	forbid
	#	ok
	#
	####################################################################


	####################################################################
	# control access to directories
	####################################################################
	dir-access {
		#prefix ".xxxx" = ok;
		#suffix ".xxxx" = ok;
		#name "xxxxx" = ok;
		#other = noent;
	}

	####################################################################
	# control access to normal files.
	# cgi scripts are not control by these.
	####################################################################
	file-access {
		#prefix "index.html." = ok;
		suffix ".html" = ok;
		suffix ".css" = ok;
		suffix ".js" = ok;
		suffix ".png" = ok;
		suffix ".jpg" = ok;
		#other = noent;
	}

	####################################################################
	# directory listing includes this string in the <head> tag of the
	# generated html page.
	####################################################################
	#dir-head = "<style type='text/css'>body { background-color:#d0e4fe; font-size: 0.9em; } div.header { font-weight: bold; margin-bottom: 5px; } div.footer { border-top: 1px solid #99AABB; text-align: right; } table { font-size: 0.9em; } td { white-space: nowrap; } td.size { text-align: right; }</style>";

	####################################################################
	# directory listing shows the httpd name in the footer. you can 
	# override it with dir-foot.
	####################################################################
	#dir-foot = "QSEHTTPD v1";

	####################################################################
	# the error page includes this string in the <head> tag of the 
	# generated html page.
	####################################################################
	#error-head = "<style type='text/css'>body { background-color:#d0e4fe; font-size: 0.9em; } div.header { font-weight: bold; margin-bottom: 5px; } div.footer { border-top: 1px solid #99AABB; text-align: right; }</style>";

	####################################################################
	# the error page shows the httpd name in the footer. you can
	# override it with error-foot.
	####################################################################
	#error-foot = "QSEHTTPD v1";

	####################################################################
	# Default proxy configuration
	####################################################################
	proxy {
		http = yes;        # yes/on, no/off
		https = yes;        # yes/on, no/off
		connect = yes;     # yes/on, no/off
		intercept = yes;   # yes/proxy/on, local, no/off, 
		upgrade = yes;     # yes/on, no/off
		x-forwarded = yes; # yes/on, no/off

		#pseudonym = "nice-host";

		# TOOD: add-headers and remove-headers
		#add-headers = "X-Forwarded-For: ${Client_Ipaddr}", 
		#              "X-Forwarded-Proto: ${Client-Proto}";
		#remove-headers = "Connection";

		dns-enabled = yes; # yes/on, no/off
		dns-server = "192.168.1.1:53";
		#dns-server = "[::1]:53";
		#dns-server = "@/tmp/dns.sock"; # unix socket prefixed with @
		#dns-timeout = 3;
		#dns-retries = 2;
		dns-queries = a, aaaa;

		#urs-enabled = yes; # no, yes,
		#urs-server = "127.0.0.1:97";
		#urs-server = "@/tmp/urs.sock"; # unix socket prefixed with @
		#urs-timeout = 1;
		#urs-retries = 4;
		#urs-prerewrite-hook = "ext-1";
	}
}

server {
	backlog-size = 1024;
	bind = "0.0.0.0:1999";
	ssl = no;

	# you can create certificate/key files as shown below
	#  openssl genrsa -out key.pem
	#  openssl req -new -key key.pem -out cert.csr
	#  openssl req -new -x509 -key key.pem -out cert.pem -days 1095
	ssl-cert-file = "/etc/qse/cert.pem";
	ssl-key-file =  "/etc/qse/key.pem";
	
	host "*" {
		# place other locations before /
		#location "/help"  {
		#}

		location "/" {
			# uncomment the followng block to override the default.
			#root = "/var/www";

			# pseudonym to use in Via: for proxying
			#pseudonym = "my-host";

			# uncomment the followng block to override the default.
			# if you want to disable authentication while the default
			# enables it, don't put a value like 'realm;'
			#realm = "default realm";
			#auth = "username:password";

			# uncomment the following block to override the default
			#index = "index.cgi", "index.html";

			# uncomment the following block to override the default
			#cgi {
			#	suffix ".cgi";
			#	suffix ".awk" = "/usr/bin/qseawk -f";
			#}

			# uncomment the following block to override the default.
			#mime {
			#	suffix ".htm" = "text/html";
			#	suffix ".html" = "text/html";
			#	suffix ".txt" = "text/html";
			#	suffix ".css" = "text/css";
			#	suffix ".xml" = "text/xml";
			#	suffix ".js" = "application/javascript";
			#	suffix ".jpg" = "image/jpeg";
			#	suffix ".png" = "image/png";
			#}
		}

	}

	#host "www.google.com" {
	#	location "/" {
	#		root = "/home/www/google";
	#		realm = "jjjjjjjj";
	#		auth = "username:password";
	#	}
	#}
}
revising httpd 2013-02-18 13:45:50 +00:00			`#`
			`# this is a sample configuration file for qsehttpd.`
			`#`

implemented QSE_DIR_SORT. changed the way directory listing is formatted. 2013-04-04 15:04:45 +00:00			`# string to be used as a httpd name`
			`name = "QSEHTTPD v1";`

added max-nofile and max-nproc to httpd 2013-04-13 05:22:41 +00:00			`# none, unlimited, or positive number`
			`max-nofile = none;`
			`max-nproc = none;`

did some prep work to make dns query type configurable 2014-09-06 04:20:35 +00:00			`#hooks {`
			`# module "ext-1" {`
			`# file = "ext";`
added experimental code to pass unvalidated configuration items to a module 2014-11-12 15:39:45 +00:00			`# config {`
			`# item1 = abc;`
			`# item2 = def;`
			`# }`
did some prep work to make dns query type configurable 2014-09-06 04:20:35 +00:00			`# }`
			`#}`

changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`################################################`
			`# default server configuration`
			`################################################`
implemented QSE_DIR_SORT. changed the way directory listing is formatted. 2013-04-04 15:04:45 +00:00			`server-default {`
changed the writability checker to use poll() to handle a high file descroptor in httpd-std.c. added server.backlog-size option for httpd servers 2017-01-25 05:28:02 +00:00			`backlog-size = 1024;`

added qse_httpd_serverstd_ssl_t 2013-03-04 04:46:22 +00:00			`# default ssl certificate file`
			`#ssl-cert-file = "/etc/qse/cert.pem";`
			`# default ssl private key file`
			`#ssl-key-file = "/etc/qse/key.pem";`

changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
added qse_httpd_serverstd_root_t 2013-02-21 15:49:49 +00:00			`# document root`
changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
			`root = "/var/www";`
changed httpd-std.c to drop a query request not beginning with a slash when it's handled locally. 2014-10-09 12:46:12 +00:00			`#root = "1.2.3.4:80";`
changed httpd to accept http://name:port and https://name:port as a document root value 2014-10-17 14:15:15 +00:00			`#root = "https://1.2.3.4";`
			`#root = "http://code.abiyo.net";`
added a new root type for httpd - <XXX> where XXX is a relocation code or an error code 2014-10-09 14:42:02 +00:00			`#root = "<302>http://www.google.com"; #301, 302, 303, 307, 308`
			`#root = "<404>"; #400 - 599`
revising httpd 2013-02-18 13:45:50 +00:00
added QSE_HTTPD_SERVERSTD_PSEUDONYM 2014-07-30 16:42:25 +00:00			`# pseudonym to use in Via: for proxying`
			`#pseudonym = "my-host";`

added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`realm = "default realm";`
added a new root type for httpd - <XXX> where XXX is a relocation code or an error code 2014-10-09 14:42:02 +00:00			`auth = "username:password";`
added -x to cmd/httpd.c 2013-02-22 05:08:22 +00:00			`index = "index.html",`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`"index.cgi";`
revising httpd 2013-02-18 13:45:50 +00:00
added the auth-rule option to httpd 2013-04-23 08:21:26 +00:00			`# you can get some files exempted from authorization`
			`# with auth-rule.`
			`#auth-rule {`
			`# suffix ".awk" = noauth;`
			`# other = auth;`
			`#}`

revising httpd 2013-02-18 13:45:50 +00:00			`cgi {`
enhanced httpd 2014-08-11 05:44:03 +00:00
removed many debugging messages from httpd 2013-02-22 05:01:33 +00:00			`#name "t3.nph" = "nph";`
added qse_xli_definepair() and qse_xli_undefinepair(). renamed some xli functions. updated cmd/httpd to utilize qse_xli_definepair() 2013-07-12 15:37:29 +00:00			`#prefix "t3." = "nph";`
revising httpd 2013-02-18 13:45:50 +00:00			`suffix ".cgi";`
removed many debugging messages from httpd 2013-02-22 05:01:33 +00:00			`suffix ".nph" = "nph";`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`suffix ".awk" = "cgi", "/usr/bin/qseawk -f";`

			`# glob is not supported yet`
			`# glob "x*.xxx";`
revising httpd 2013-02-18 13:45:50 +00:00			`}`

			`mime {`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`@include "httpd-mime.conf";`
revising httpd 2013-02-18 13:45:50 +00:00			`}`

enhanced httpd 2014-08-11 05:44:03 +00:00

			`####################################################################`
			`#`
			`# Accee control including dir-access and file-access can be`
			`# defined using patterns and actions shown below`
			`#`
			`# Pattern`
			`# prefix ".xxxx" (prefix match)`
			`# suffix "xxxx." (suffix match)`
			`# name "xxxx.yyyy" (exact match)`
			`# other (all others)`
			`#`
			`# Action`
			`# noent`
			`# forbid`
			`# ok`
			`#`
			`####################################################################`


changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`# control access to directories`
changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`dir-access {`
removed many debugging messages from httpd 2013-02-22 05:01:33 +00:00			`#prefix ".xxxx" = ok;`
			`#suffix ".xxxx" = ok;`
			`#name "xxxxx" = ok;`
			`#other = noent;`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`}`

changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`# control access to normal files.`
			`# cgi scripts are not control by these.`
changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`file-access {`
removed many debugging messages from httpd 2013-02-22 05:01:33 +00:00			`#prefix "index.html." = ok;`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`suffix ".html" = ok;`
			`suffix ".css" = ok;`
			`suffix ".js" = ok;`
			`suffix ".png" = ok;`
			`suffix ".jpg" = ok;`
removed many debugging messages from httpd 2013-02-22 05:01:33 +00:00			`#other = noent;`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`}`

changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
			`# directory listing includes this string in the <head> tag of the`
			`# generated html page.`
			`####################################################################`
			`#dir-head = "<style type='text/css'>body { background-color:#d0e4fe; font-size: 0.9em; } div.header { font-weight: bold; margin-bottom: 5px; } div.footer { border-top: 1px solid #99AABB; text-align: right; } table { font-size: 0.9em; } td { white-space: nowrap; } td.size { text-align: right; }</style>";`

			`####################################################################`
			`# directory listing shows the httpd name in the footer. you can`
			`# override it with dir-foot.`
			`####################################################################`
implemented QSE_DIR_SORT. changed the way directory listing is formatted. 2013-04-04 15:04:45 +00:00			`#dir-foot = "QSEHTTPD v1";`

changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
			`# the error page includes this string in the <head> tag of the`
			`# generated html page.`
			`####################################################################`
			`#error-head = "<style type='text/css'>body { background-color:#d0e4fe; font-size: 0.9em; } div.header { font-weight: bold; margin-bottom: 5px; } div.footer { border-top: 1px solid #99AABB; text-align: right; }</style>";`
implemented QSE_DIR_SORT. changed the way directory listing is formatted. 2013-04-04 15:04:45 +00:00
changed default style for directory listing and error pages 2013-04-05 01:07:45 +00:00			`####################################################################`
			`# the error page shows the httpd name in the footer. you can`
			`# override it with error-foot.`
			`####################################################################`
implemented QSE_DIR_SORT. changed the way directory listing is formatted. 2013-04-04 15:04:45 +00:00			`#error-foot = "QSEHTTPD v1";`
enhanced httpd 2014-08-11 05:44:03 +00:00
			`####################################################################`
			`# Default proxy configuration`
			`####################################################################`
			`proxy {`
added QSE_HTTPD_RSRC_PROXY_X_FORWARDED and actual implementation 2014-10-13 14:14:06 +00:00			`http = yes; # yes/on, no/off`
enhanced httpd to accept a document root specified of the secure nwad prefixed with https://. moved ssl context initialization for server from the httpd structure to the server structure 2014-10-16 12:30:20 +00:00			`https = yes; # yes/on, no/off`
added QSE_HTTPD_RSRC_PROXY_X_FORWARDED and actual implementation 2014-10-13 14:14:06 +00:00			`connect = yes; # yes/on, no/off`
			`intercept = yes; # yes/proxy/on, local, no/off,`
			`upgrade = yes; # yes/on, no/off`
			`x-forwarded = yes; # yes/on, no/off`
added more configuration items to httpd 2014-08-13 14:35:43 +00:00
			`#pseudonym = "nice-host";`

fixed a bug of not resetting htre's flags field when clearing it 2014-10-14 12:55:00 +00:00			`# TOOD: add-headers and remove-headers`
			`#add-headers = "X-Forwarded-For: ${Client_Ipaddr}",`
			`# "X-Forwarded-Proto: ${Client-Proto}";`
			`#remove-headers = "Connection";`

added an option to handle intercepted sessions locally 2014-10-09 13:09:23 +00:00			`dns-enabled = yes; # yes/on, no/off`
added more configuration items to httpd 2014-08-13 14:35:43 +00:00			`dns-server = "192.168.1.1:53";`
			`#dns-server = "[::1]:53";`
added the unix socket support to httpd dns 2014-09-28 02:51:57 +00:00			`#dns-server = "@/tmp/dns.sock"; # unix socket prefixed with @`
changed the writability checker to use poll() to handle a high file descroptor in httpd-std.c. added server.backlog-size option for httpd servers 2017-01-25 05:28:02 +00:00			`#dns-timeout = 3;`
			`#dns-retries = 2;`
added qse_httpd_dns_server_t and qse_httpd_urs_server_t. deleted qse_httpd_natr_t. deleted QSE_HTTPD_DNSNOA and QSE_HTTPD_DNSNOAAAA added QSE_HTTPD_DNS_SERVER_A and QSE_HTTPD_DNS_SERVER_AAAA 2014-09-11 09:02:07 +00:00			`dns-queries = a, aaaa;`
added more configuration items to httpd 2014-08-13 14:35:43 +00:00
added some urs code 2014-08-25 16:18:17 +00:00			`#urs-enabled = yes; # no, yes,`
added more configuration items to httpd 2014-08-13 14:35:43 +00:00			`#urs-server = "127.0.0.1:97";`
added the unix socket support to httpd dns 2014-09-28 02:51:57 +00:00			`#urs-server = "@/tmp/urs.sock"; # unix socket prefixed with @`
added more configuration items to httpd 2014-08-13 14:35:43 +00:00			`#urs-timeout = 1;`
			`#urs-retries = 4;`
did some prep work to make dns query type configurable 2014-09-06 04:20:35 +00:00			`#urs-prerewrite-hook = "ext-1";`
enhanced httpd 2014-08-11 05:44:03 +00:00			`}`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`}`
revising httpd 2013-02-18 13:45:50 +00:00
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`server {`
changed the writability checker to use poll() to handle a high file descroptor in httpd-std.c. added server.backlog-size option for httpd servers 2017-01-25 05:28:02 +00:00			`backlog-size = 1024;`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`bind = "0.0.0.0:1999";`
changed the writability checker to use poll() to handle a high file descroptor in httpd-std.c. added server.backlog-size option for httpd servers 2017-01-25 05:28:02 +00:00			`ssl = no;`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00
added qse_xli_getnumpairsbyname() 2013-03-10 16:25:36 +00:00			`# you can create certificate/key files as shown below`
			`# openssl genrsa -out key.pem`
			`# openssl req -new -key key.pem -out cert.csr`
			`# openssl req -new -x509 -key key.pem -out cert.pem -days 1095`
added qse_httpd_serverstd_ssl_t 2013-03-04 04:46:22 +00:00			`ssl-cert-file = "/etc/qse/cert.pem";`
			`ssl-key-file = "/etc/qse/key.pem";`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00
			`host "*" {`
added some code for name resolution 2014-07-16 15:31:04 +00:00			`# place other locations before /`
			`#location "/help" {`
			`#}`

added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`location "/" {`
			`# uncomment the followng block to override the default.`
added qse_httpd_serverstd_root_t 2013-02-21 15:49:49 +00:00			`#root = "/var/www";`
added QSE_HTTPD_SERVERSTD_PSEUDONYM 2014-07-30 16:42:25 +00:00
			`# pseudonym to use in Via: for proxying`
			`#pseudonym = "my-host";`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00
			`# uncomment the followng block to override the default.`
			`# if you want to disable authentication while the default`
			`# enables it, don't put a value like 'realm;'`
			`#realm = "default realm";`
			`#auth = "username:password";`

			`# uncomment the following block to override the default`
			`#index = "index.cgi", "index.html";`

			`# uncomment the following block to override the default`
			`#cgi {`
			`# suffix ".cgi";`
			`# suffix ".awk" = "/usr/bin/qseawk -f";`
			`#}`

			`# uncomment the following block to override the default.`
			`#mime {`
			`# suffix ".htm" = "text/html";`
			`# suffix ".html" = "text/html";`
			`# suffix ".txt" = "text/html";`
			`# suffix ".css" = "text/css";`
			`# suffix ".xml" = "text/xml";`
			`# suffix ".js" = "application/javascript";`
			`# suffix ".jpg" = "image/jpeg";`
			`# suffix ".png" = "image/png";`
			`#}`
revising httpd 2013-02-18 13:45:50 +00:00			`}`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00
revising httpd 2013-02-18 13:45:50 +00:00			`}`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00
			`#host "www.google.com" {`
			`# location "/" {`
changed httpd to accept http://name:port and https://name:port as a document root value 2014-10-17 14:15:15 +00:00			`# root = "/home/www/google";`
added qse_xli_getnumpairsbyname() 2013-03-10 16:25:36 +00:00			`# realm = "jjjjjjjj";`
			`# auth = "username:password";`
added file-access and dir-access to cmd/http/httpd.c 2013-02-21 15:00:08 +00:00			`# }`
			`#}`
revising httpd 2013-02-18 13:45:50 +00:00			`}`