libwebsockets
Lightweight C library for HTML5 websockets
lws-context-vhost.h
Go to the documentation of this file.
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2021 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
25/*! \defgroup context-and-vhost context and vhost related functions
26 * ##Context and Vhost releated functions
27 * \ingroup lwsapi
28 *
29 *
30 * LWS requires that there is one context, in which you may define multiple
31 * vhosts. Each vhost is a virtual host, with either its own listen port
32 * or sharing an existing one. Each vhost has its own SSL context that can
33 * be set up individually or left disabled.
34 *
35 * If you don't care about multiple "site" support, you can ignore it and
36 * lws will create a single default vhost at context creation time.
37 */
38///@{
39
40/*
41 * NOTE: These public enums are part of the abi. If you want to add one,
42 * add it at where specified so existing users are unaffected.
43 */
44
45
46#define LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT ((1ll << 1) |
47 (1ll << 12))
48 /**< (VH) Don't allow the connection unless the client has a
49 * client cert that we recognize; provides
50 * LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT */
51#define LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME (1ll << 2)
52 /**< (CTX) Don't try to get the server's hostname */
53#define LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT ((1ll << 3) |
54 (1ll << 12))
55 /**< (VH) Allow non-SSL (plaintext) connections on the same
56 * port as SSL is listening. If combined with
57 * LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS it will try to
58 * force http connections on an https listener (eg, http://x.com:443) to
59 * redirect to an explicit https connection (eg, https://x.com)
60 */
61#define LWS_SERVER_OPTION_LIBEV (1ll << 4)
62 /**< (CTX) Use libev event loop */
63#define LWS_SERVER_OPTION_DISABLE_IPV6 (1ll << 5)
64 /**< (VH) Disable IPV6 support */
65#define LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS (1ll << 6)
66 /**< (VH) Don't load OS CA certs, you will need to load your
67 * own CA cert(s) */
68#define LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED (1ll << 7)
69 /**< (VH) Accept connections with no valid Cert (eg, selfsigned) */
70#define LWS_SERVER_OPTION_VALIDATE_UTF8 (1ll << 8)
71 /**< (VH) Check UT-8 correctness */
72#define LWS_SERVER_OPTION_SSL_ECDH ((1ll << 9) |
73 (1ll << 12))
74 /**< (VH) initialize ECDH ciphers */
75#define LWS_SERVER_OPTION_LIBUV (1ll << 10)
76 /**< (CTX) Use libuv event loop */
77#define LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS ((1ll << 11) |
78 (1ll << 12))
79 /**< (VH) Use an http redirect to force the client to ask for https.
80 * Notice if your http server issues the STS header and the client has
81 * ever seen that, the client will fail the http connection before it
82 * can actually do the redirect.
83 *
84 * Combine with LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS to handle, eg,
85 * http://x.com:443 -> https://x.com
86 *
87 * (deprecated: use mount redirection) */
88#define LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT (1ll << 12)
89 /**< (CTX) Initialize the SSL library at all */
90#define LWS_SERVER_OPTION_EXPLICIT_VHOSTS (1ll << 13)
91 /**< (CTX) Only create the context when calling context
92 * create api, implies user code will create its own vhosts */
93#define LWS_SERVER_OPTION_UNIX_SOCK (1ll << 14)
94 /**< (VH) Use Unix socket */
95#define LWS_SERVER_OPTION_STS (1ll << 15)
96 /**< (VH) Send Strict Transport Security header, making
97 * clients subsequently go to https even if user asked for http */
98#define LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY (1ll << 16)
99 /**< (VH) Enable LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE to take effect */
100#define LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE (1ll << 17)
101 /**< (VH) if set, only ipv6 allowed on the vhost */
102#define LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN (1ll << 18)
103 /**< (CTX) Libuv only: Do not spin on SIGSEGV / SIGFPE. A segfault
104 * normally makes the lib spin so you can attach a debugger to it
105 * even if it happened without a debugger in place. You can disable
106 * that by giving this option.
107 */
108#define LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN (1ll << 19)
109 /**< For backwards-compatibility reasons, by default
110 * lws prepends "http://" to the origin you give in the client
111 * connection info struct. If you give this flag when you create
112 * the context, only the string you give in the client connect
113 * info for .origin (if any) will be used directly.
114 */
115#define LWS_SERVER_OPTION_FALLBACK_TO_RAW /* use below name */ (1ll << 20)
116#define LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG (1ll << 20)
117 /**< (VH) if invalid http is coming in the first line, then abandon
118 * trying to treat the connection as http, and belatedly apply the
119 * .listen_accept_role / .listen_accept_protocol info struct members to
120 * the connection. If they are NULL, for backwards-compatibility the
121 * connection is bound to "raw-skt" role, and in order of priority:
122 * 1) the vh protocol with a pvo named "raw", 2) the vh protocol with a
123 * pvo named "default", or 3) protocols[0].
124 *
125 * Must be combined with LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT
126 * to work with a socket listening with tls.
127 */
128
129#define LWS_SERVER_OPTION_LIBEVENT (1ll << 21)
130 /**< (CTX) Use libevent event loop */
131
132#define LWS_SERVER_OPTION_ONLY_RAW /* Use below name instead */ (1ll << 22)
133#define LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG (1ll << 22)
134 /**< (VH) All connections to this vhost / port are bound to the
135 * role and protocol given in .listen_accept_role /
136 * .listen_accept_protocol.
137 *
138 * If those explicit user-controlled names are NULL, for backwards-
139 * compatibility the connection is bound to "raw-skt" role, and in order
140 * of priority: 1) the vh protocol with a pvo named "raw", 2) the vh
141 * protocol with a pvo named "default", or 3) protocols[0].
142 *
143 * It's much preferred to specify the role + protocol using the
144 * .listen_accept_role and .listen_accept_protocol in the info struct.
145 */
146#define LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE (1ll << 23)
147 /**< (VH) Set to allow multiple listen sockets on one interface +
148 * address + port. The default is to strictly allow only one
149 * listen socket at a time. This is automatically selected if you
150 * have multiple service threads. Linux only.
151 */
152#define LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX (1ll << 24)
153 /**< (VH) Force setting up the vhost SSL_CTX, even though the user
154 * code doesn't explicitly provide a cert in the info struct. It
155 * implies the user code is going to provide a cert at the
156 * LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS callback, which
157 * provides the vhost SSL_CTX * in the user parameter.
158 */
159#define LWS_SERVER_OPTION_SKIP_PROTOCOL_INIT (1ll << 25)
160 /**< (VH) You probably don't want this. It forces this vhost to not
161 * call LWS_CALLBACK_PROTOCOL_INIT on its protocols. It's used in the
162 * special case of a temporary vhost bound to a single protocol.
163 */
164#define LWS_SERVER_OPTION_IGNORE_MISSING_CERT (1ll << 26)
165 /**< (VH) Don't fail if the vhost TLS cert or key are missing, just
166 * continue. The vhost won't be able to serve anything, but if for
167 * example the ACME plugin was configured to fetch a cert, this lets
168 * you bootstrap your vhost from having no cert to start with.
169 */
170#define LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK (1ll << 27)
171 /**< (VH) On this vhost, if the connection is being upgraded, insist
172 * that there's a Host: header and that the contents match the vhost
173 * name + port (443 / 80 are assumed if no :port given based on if the
174 * connection is using TLS).
175 *
176 * By default, without this flag, on upgrade lws just checks that the
177 * Host: header was given without checking the contents... this is to
178 * allow lax hostname mappings like localhost / 127.0.0.1, and CNAME
179 * mappings like www.mysite.com / mysite.com
180 */
181#define LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE (1ll << 28)
182 /**< (VH) Send lws default HTTP headers recommended by Mozilla
183 * Observatory for security. This is a helper option that sends canned
184 * headers on each http response enabling a VERY strict Content Security
185 * Policy. The policy is so strict, for example it won't let the page
186 * run its own inline JS nor show images or take CSS from a different
187 * server. In many cases your JS only comes from your server as do the
188 * image sources and CSS, so that is what you want... attackers hoping
189 * to inject JS into your DOM are completely out of luck since even if
190 * they succeed, it will be rejected for execution by the browser
191 * according to the strict CSP. In other cases you have to deviate from
192 * the complete strictness, in which case don't use this flag: use the
193 * .headers member in the vhost init described in struct
194 * lws_context_creation_info instead to send the adapted headers
195 * yourself.
196 */
197
198#define LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER (1ll << 29)
199 /**< (VH) If you really want to allow HTTP connections on a tls
200 * listener, you can do it with this combined with
201 * LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT. But this is allowing
202 * accidental loss of the security assurances provided by tls depending
203 * on the client using http when he meant https... it's not
204 * recommended.
205 */
206#define LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND (1ll << 30)
207 /**< (VH) When instantiating a new vhost and the specified port is
208 * already in use, a null value shall be return to signal the error.
209 */
210
211#define LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW (1ll << 31)
212 /**< (VH) Indicates the connections using this vhost should ignore
213 * h2 WINDOW_UPDATE from broken peers and fix them up */
214
215#define LWS_SERVER_OPTION_VH_H2_HALF_CLOSED_LONG_POLL (1ll << 32)
216 /**< (VH) Tell the vhost to treat half-closed remote clients as
217 * entered into an immortal (ie, not subject to normal timeouts) long
218 * poll mode.
219 */
220
221#define LWS_SERVER_OPTION_GLIB (1ll << 33)
222 /**< (CTX) Use glib event loop */
223
224#define LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE (1ll << 34)
225 /**< (VH) Tell the vhost to treat plain text http connections as
226 * H2 with prior knowledge (no upgrade request involved)
227 */
228
229#define LWS_SERVER_OPTION_NO_LWS_SYSTEM_STATES (1ll << 35)
230 /**< (CTX) Disable lws_system state, eg, because we are a secure streams
231 * proxy client that is not trying to track system state by itself. */
232
233#define LWS_SERVER_OPTION_SS_PROXY (1ll << 36)
234 /**< (VH) We are being a SS Proxy listen socket for the vhost */
235
236#define LWS_SERVER_OPTION_SDEVENT (1ll << 37)
237 /**< (CTX) Use sd-event loop */
238
239#define LWS_SERVER_OPTION_ULOOP (1ll << 38)
240 /**< (CTX) Use libubox / uloop event loop */
241
242#define LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE (1ll << 39)
243 /**< (VHOST) Disallow use of client tls caching (on by default) */
244
245
246 /****** add new things just above ---^ ******/
247
248
249#define lws_check_opt(c, f) ((((uint64_t)c) & ((uint64_t)f)) == ((uint64_t)f))
250
251struct lws_plat_file_ops;
252struct lws_ss_policy;
253struct lws_ss_plugin;
254struct lws_metric_policy;
255struct lws_sss_ops;
256
257typedef int (*lws_context_ready_cb_t)(struct lws_context *context);
258
259#if defined(LWS_WITH_NETWORK)
260typedef int (*lws_peer_limits_notify_t)(struct lws_context *ctx,
261 lws_sockfd_type sockfd,
262 lws_sockaddr46 *sa46);
263#endif
264
265/** struct lws_context_creation_info - parameters to create context and /or vhost with
266 *
267 * This is also used to create vhosts.... if LWS_SERVER_OPTION_EXPLICIT_VHOSTS
268 * is not given, then for backwards compatibility one vhost is created at
269 * context-creation time using the info from this struct.
270 *
271 * If LWS_SERVER_OPTION_EXPLICIT_VHOSTS is given, then no vhosts are created
272 * at the same time as the context, they are expected to be created afterwards.
273 */
275#if defined(LWS_WITH_NETWORK)
276 const char *iface;
277 /**< VHOST: NULL to bind the listen socket to all interfaces, or the
278 * interface name, eg, "eth2"
279 * If options specifies LWS_SERVER_OPTION_UNIX_SOCK, this member is
280 * the pathname of a UNIX domain socket. you can use the UNIX domain
281 * sockets in abstract namespace, by prepending an at symbol to the
282 * socket name. */
283 const struct lws_protocols *protocols;
284 /**< VHOST: Array of structures listing supported protocols and a
285 * protocol-specific callback for each one. The list is ended with an
286 * entry that has a NULL callback pointer. SEE ALSO .pprotocols below,
287 * which gives an alternative way to provide an array of pointers to
288 * protocol structs. */
289#if defined(LWS_ROLE_WS)
290 const struct lws_extension *extensions;
291 /**< VHOST: NULL or array of lws_extension structs listing the
292 * extensions this context supports. */
293#endif
294#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
295 const struct lws_token_limits *token_limits;
296 /**< CONTEXT: NULL or struct lws_token_limits pointer which is
297 * initialized with a token length limit for each possible WSI_TOKEN_ */
298 const char *http_proxy_address;
299 /**< VHOST: If non-NULL, attempts to proxy via the given address.
300 * If proxy auth is required, use format
301 * "username:password\@server:port" */
303 /**< VHOST: pointer to optional linked list of per-vhost
304 * canned headers that are added to server responses */
305
307 /**< CONTEXT: Optional list of keywords and rejection codes + text.
308 *
309 * The keywords are checked for existing in the user agent string.
310 *
311 * Eg, "badrobot" "404 Not Found"
312 */
313 const struct lws_protocol_vhost_options *pvo;
314 /**< VHOST: pointer to optional linked list of per-vhost
315 * options made accessible to protocols */
316 const char *log_filepath;
317 /**< VHOST: filepath to append logs to... this is opened before
318 * any dropping of initial privileges */
319 const struct lws_http_mount *mounts;
320 /**< VHOST: optional linked list of mounts for this vhost */
321 const char *server_string;
322 /**< CONTEXT: string used in HTTP headers to identify server
323 * software, if NULL, "libwebsockets". */
324
325 const char *error_document_404;
326 /**< VHOST: If non-NULL, when asked to serve a non-existent file,
327 * lws attempts to server this url path instead. Eg,
328 * "/404.html" */
329 int port;
330 /**< VHOST: Port to listen on. Use CONTEXT_PORT_NO_LISTEN to suppress
331 * listening for a client. Use CONTEXT_PORT_NO_LISTEN_SERVER if you are
332 * writing a server but you are using \ref sock-adopt instead of the
333 * built-in listener.
334 *
335 * You can also set port to 0, in which case the kernel will pick
336 * a random port that is not already in use. You can find out what
337 * port the vhost is listening on using lws_get_vhost_listen_port() */
338
339 unsigned int http_proxy_port;
340 /**< VHOST: If http_proxy_address was non-NULL, uses this port */
341 unsigned int max_http_header_data2;
342 /**< CONTEXT: if max_http_header_data is 0 and this
343 * is nonzero, this will be used in place of the default. It's
344 * like this for compatibility with the original short version,
345 * this is unsigned int length. */
346 unsigned int max_http_header_pool2;
347 /**< CONTEXT: if max_http_header_pool is 0 and this
348 * is nonzero, this will be used in place of the default. It's
349 * like this for compatibility with the original short version:
350 * this is unsigned int length. */
351
353 /**< VHOST: (default = 0 = 5s, 31s for http/2) seconds to allow remote
354 * client to hold on to an idle HTTP/1.1 connection. Timeout lifetime
355 * applied to idle h2 network connections */
357 /**< VHOST: if http2_settings[0] is nonzero, the values given in
358 * http2_settings[1]..[6] are used instead of the lws
359 * platform default values.
360 * Just leave all at 0 if you don't care.
361 */
362
363 unsigned short max_http_header_data;
364 /**< CONTEXT: The max amount of header payload that can be handled
365 * in an http request (unrecognized header payload is dropped) */
366 unsigned short max_http_header_pool;
367 /**< CONTEXT: The max number of connections with http headers that
368 * can be processed simultaneously (the corresponding memory is
369 * allocated and deallocated dynamically as needed). If the pool is
370 * fully busy new incoming connections must wait for accept until one
371 * becomes free. 0 = allow as many ah as number of availble fds for
372 * the process */
373
374#endif
375
376#if defined(LWS_WITH_TLS)
377 const char *ssl_private_key_password;
378 /**< VHOST: NULL or the passphrase needed for the private key. (For
379 * backwards compatibility, this can also be used to pass the client
380 * cert passphrase when setting up a vhost client SSL context, but it is
381 * preferred to use .client_ssl_private_key_password for that.) */
382 const char *ssl_cert_filepath;
383 /**< VHOST: If libwebsockets was compiled to use ssl, and you want
384 * to listen using SSL, set to the filepath to fetch the
385 * server cert from, otherwise NULL for unencrypted. (For backwards
386 * compatibility, this can also be used to pass the client certificate
387 * when setting up a vhost client SSL context, but it is preferred to
388 * use .client_ssl_cert_filepath for that.)
389 *
390 * Notice you can alternatively set a single DER or PEM from a memory
391 * buffer as the vhost tls cert using \p server_ssl_cert_mem and
392 * \p server_ssl_cert_mem_len.
393 */
394 const char *ssl_private_key_filepath;
395 /**< VHOST: filepath to private key if wanting SSL mode;
396 * this should not be set to NULL when ssl_cert_filepath is set.
397 *
398 * Alteratively, the certificate and private key can both be set in
399 * the OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS callback directly via
400 * openSSL library calls. This requires that
401 * LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX is set in the vhost info options
402 * to force initializtion of the SSL_CTX context.
403 *
404 * (For backwards compatibility, this can also be used
405 * to pass the client cert private key filepath when setting up a
406 * vhost client SSL context, but it is preferred to use
407 * .client_ssl_private_key_filepath for that.)
408 *
409 * Notice you can alternatively set a DER or PEM private key from a
410 * memory buffer as the vhost tls private key using
411 * \p server_ssl_private_key_mem and \p server_ssl_private_key_mem_len.
412 */
413 const char *ssl_ca_filepath;
414 /**< VHOST: CA certificate filepath or NULL. (For backwards
415 * compatibility, this can also be used to pass the client CA
416 * filepath when setting up a vhost client SSL context,
417 * but it is preferred to use .client_ssl_ca_filepath for that.)
418 *
419 * Notice you can alternatively set a DER or PEM CA cert from a memory
420 * buffer using \p server_ssl_ca_mem and \p server_ssl_ca_mem_len.
421 */
422 const char *ssl_cipher_list;
423 /**< VHOST: List of valid ciphers to use ON TLS1.2 AND LOWER ONLY (eg,
424 * "RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL"
425 * or you can leave it as NULL to get "DEFAULT" (For backwards
426 * compatibility, this can also be used to pass the client cipher
427 * list when setting up a vhost client SSL context,
428 * but it is preferred to use .client_ssl_cipher_list for that.)
429 * SEE .tls1_3_plus_cipher_list and .client_tls_1_3_plus_cipher_list
430 * for the equivalent for tls1.3.
431 */
432 const char *ecdh_curve;
433 /**< VHOST: if NULL, defaults to initializing server with
434 * "prime256v1" */
435 const char *tls1_3_plus_cipher_list;
436 /**< VHOST: List of valid ciphers to use for incoming server connections
437 * ON TLS1.3 AND ABOVE (eg, "TLS_CHACHA20_POLY1305_SHA256" on this vhost
438 * or you can leave it as NULL to get "DEFAULT".
439 * SEE .client_tls_1_3_plus_cipher_list to do the same on the vhost
440 * client SSL_CTX.
441 */
442
443 const void *server_ssl_cert_mem;
444 /**< VHOST: Alternative for \p ssl_cert_filepath that allows setting
445 * from memory instead of from a file. At most one of
446 * \p ssl_cert_filepath or \p server_ssl_cert_mem should be non-NULL. */
447 const void *server_ssl_private_key_mem;
448 /**< VHOST: Alternative for \p ssl_private_key_filepath allowing
449 * init from a private key in memory instead of a file. At most one
450 * of \p ssl_private_key_filepath or \p server_ssl_private_key_mem
451 * should be non-NULL. */
452 const void *server_ssl_ca_mem;
453 /**< VHOST: Alternative for \p ssl_ca_filepath allowing
454 * init from a CA cert in memory instead of a file. At most one
455 * of \p ssl_ca_filepath or \p server_ssl_ca_mem should be non-NULL. */
456
457 long ssl_options_set;
458 /**< VHOST: Any bits set here will be set as server SSL options */
460 /**< VHOST: Any bits set here will be cleared as server SSL options */
462 /**< CONTEXT: 0 (no limit) or limit of simultaneous SSL sessions
463 * possible.*/
465 /**< CONTEXT: 0 (no limit) or limit of simultaneous SSL handshakes ongoing */
467 /**< VHOST: mask of ssl events to be reported on LWS_CALLBACK_SSL_INFO
468 * callback for connections on this vhost. The mask values are of
469 * the form SSL_CB_ALERT, defined in openssl/ssl.h. The default of
470 * 0 means no info events will be reported.
471 */
472 unsigned int server_ssl_cert_mem_len;
473 /**< VHOST: Server SSL context init: length of server_ssl_cert_mem in
474 * bytes */
476 /**< VHOST: length of \p server_ssl_private_key_mem in memory */
477 unsigned int server_ssl_ca_mem_len;
478 /**< VHOST: length of \p server_ssl_ca_mem in memory */
479
480 const char *alpn;
481 /**< CONTEXT: If non-NULL, default list of advertised alpn, comma-
482 * separated
483 *
484 * VHOST: If non-NULL, per-vhost list of advertised alpn, comma-
485 * separated
486 */
487
488
489#if defined(LWS_WITH_CLIENT)
491 /**< VHOST: Client SSL context init: NULL or the passphrase needed
492 * for the private key */
493 const char *client_ssl_cert_filepath;
494 /**< VHOST: Client SSL context init: The certificate the client
495 * should present to the peer on connection */
496 const void *client_ssl_cert_mem;
497 /**< VHOST: Client SSL context init: client certificate memory buffer or
498 * NULL... use this to load client cert from memory instead of file */
499 unsigned int client_ssl_cert_mem_len;
500 /**< VHOST: Client SSL context init: length of client_ssl_cert_mem in
501 * bytes */
503 /**< VHOST: Client SSL context init: filepath to client private key
504 * if this is set to NULL but client_ssl_cert_filepath is set, you
505 * can handle the LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS
506 * callback of protocols[0] to allow setting of the private key directly
507 * via tls library calls */
508 const void *client_ssl_key_mem;
509 /**< VHOST: Client SSL context init: client key memory buffer or
510 * NULL... use this to load client key from memory instead of file */
511 const char *client_ssl_ca_filepath;
512 /**< VHOST: Client SSL context init: CA certificate filepath or NULL */
513 const void *client_ssl_ca_mem;
514 /**< VHOST: Client SSL context init: CA certificate memory buffer or
515 * NULL... use this to load CA cert from memory instead of file */
516
517 const char *client_ssl_cipher_list;
518 /**< VHOST: Client SSL context init: List of valid ciphers to use (eg,
519 * "RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL"
520 * or you can leave it as NULL to get "DEFAULT" */
522 /**< VHOST: List of valid ciphers to use for outgoing client connections
523 * ON TLS1.3 AND ABOVE on this vhost (eg,
524 * "TLS_CHACHA20_POLY1305_SHA256") or you can leave it as NULL to get
525 * "DEFAULT".
526 */
527
529 /**< VHOST: Any bits set here will be set as CLIENT SSL options */
531 /**< VHOST: Any bits set here will be cleared as CLIENT SSL options */
532
533
534 unsigned int client_ssl_ca_mem_len;
535 /**< VHOST: Client SSL context init: length of client_ssl_ca_mem in
536 * bytes */
537 unsigned int client_ssl_key_mem_len;
538 /**< VHOST: Client SSL context init: length of client_ssl_key_mem in
539 * bytes */
540
541#endif
542
543#if !defined(LWS_WITH_MBEDTLS)
545 /**< CONTEXT: If non-null, swap out libwebsockets ssl
546 * implementation for the one provided by provided_ssl_ctx.
547 * Libwebsockets no longer is responsible for freeing the context
548 * if this option is selected. */
549#else /* WITH_MBEDTLS */
551 /**< CONTEXT: If NULL, no effect. Otherwise it should point to a
552 * filepath where every created client SSL_CTX is preloaded from the
553 * system trust bundle.
554 *
555 * This sets a processwide variable that affects all contexts.
556 *
557 * Requires that the mbedtls provides mbedtls_x509_crt_parse_file(),
558 * else disabled.
559 */
560#endif
561#endif
562
563 int ka_time;
564 /**< CONTEXT: 0 for no TCP keepalive, otherwise apply this keepalive
565 * timeout to all libwebsocket sockets, client or server */
566 int ka_probes;
567 /**< CONTEXT: if ka_time was nonzero, after the timeout expires how many
568 * times to try to get a response from the peer before giving up
569 * and killing the connection */
570 int ka_interval;
571 /**< CONTEXT: if ka_time was nonzero, how long to wait before each ka_probes
572 * attempt */
573 unsigned int timeout_secs;
574 /**< VHOST: various processes involving network roundtrips in the
575 * library are protected from hanging forever by timeouts. If
576 * nonzero, this member lets you set the timeout used in seconds.
577 * Otherwise a default timeout is used. */
578 unsigned int connect_timeout_secs;
579 /**< VHOST: client connections have this long to find a working server
580 * from the DNS results, or the whole connection times out. If zero,
581 * a default timeout is used */
582 int bind_iface;
583 /**< VHOST: nonzero to strictly bind sockets to the interface name in
584 * .iface (eg, "eth2"), using SO_BIND_TO_DEVICE.
585 *
586 * Requires SO_BINDTODEVICE support from your OS and CAP_NET_RAW
587 * capability.
588 *
589 * Notice that common things like access network interface IP from
590 * your local machine use your lo / loopback interface and will be
591 * disallowed by this.
592 */
593 unsigned int timeout_secs_ah_idle;
594 /**< VHOST: seconds to allow a client to hold an ah without using it.
595 * 0 defaults to 10s. */
596#endif /* WITH_NETWORK */
597
598#if defined(LWS_WITH_TLS_SESSIONS)
600 /**< VHOST: seconds until timeout/ttl for newly created sessions.
601 * 0 means default timeout (defined per protocol, usually 300s). */
603 /**< VHOST: 0 for default limit of 10, or the maximum number of
604 * client tls sessions we are willing to cache */
605#endif
606
608 /**< CONTEXT: group id to change to after setting listen socket,
609 * or -1. See also .username below. */
611 /**< CONTEXT: user id to change to after setting listen socket,
612 * or -1. See also .groupname below. */
614 /**< VHOST + CONTEXT: 0, or LWS_SERVER_OPTION_... bitfields */
615 void *user;
616 /**< VHOST + CONTEXT: optional user pointer that will be associated
617 * with the context when creating the context (and can be retrieved by
618 * lws_context_user(context), or with the vhost when creating the vhost
619 * (and can be retrieved by lws_vhost_user(vhost)). You will need to
620 * use LWS_SERVER_OPTION_EXPLICIT_VHOSTS and create the vhost separately
621 * if you care about giving the context and vhost different user pointer
622 * values.
623 */
624 unsigned int count_threads;
625 /**< CONTEXT: how many contexts to create in an array, 0 = 1 */
627 /**< CONTEXT: nonzero means restrict each service thread to this
628 * many fds, 0 means the default which is divide the process fd
629 * limit by the number of threads.
630 *
631 * Note if this is nonzero, and fd_limit_per_thread multiplied by the
632 * number of service threads is less than the process ulimit, then lws
633 * restricts internal lookup table allocation to the smaller size, and
634 * switches to a less efficient lookup scheme. You should use this to
635 * trade off speed against memory usage if you know the lws context
636 * will only use a handful of fds.
637 *
638 * Bear in mind lws may use some fds internally, for example for the
639 * cancel pipe, so you may need to allow for some extras for normal
640 * operation.
641 */
642 const char *vhost_name;
643 /**< VHOST: name of vhost, must match external DNS name used to
644 * access the site, like "warmcat.com" as it's used to match
645 * Host: header and / or SNI name for SSL.
646 * CONTEXT: NULL, or the name to associate with the context for
647 * context-specific logging
648 */
649#if defined(LWS_WITH_PLUGINS)
650 const char * const *plugin_dirs;
651 /**< CONTEXT: NULL, or NULL-terminated array of directories to
652 * scan for lws protocol plugins at context creation time */
653#endif
655 /**< CONTEXT: NULL, or pointer to something externally malloc'd, that
656 * should be freed when the context is destroyed. This allows you to
657 * automatically sync the freeing action to the context destruction
658 * action, so there is no need for an external free() if the context
659 * succeeded to create.
660 */
661
662
663 unsigned int pt_serv_buf_size;
664 /**< CONTEXT: 0 = default of 4096. This buffer is used by
665 * various service related features including file serving, it
666 * defines the max chunk of file that can be sent at once.
667 * At the risk of lws having to buffer failed large sends, it
668 * can be increased to, eg, 128KiB to improve throughput. */
669#if defined(LWS_WITH_FILE_OPS)
670 const struct lws_plat_file_ops *fops;
671 /**< CONTEXT: NULL, or pointer to an array of fops structs, terminated
672 * by a sentinel with NULL .open.
673 *
674 * If NULL, lws provides just the platform file operations struct for
675 * backwards compatibility.
676 */
677#endif
678
679#if defined(LWS_WITH_SOCKS5)
680 const char *socks_proxy_address;
681 /**< VHOST: If non-NULL, attempts to proxy via the given address.
682 * If proxy auth is required, use format
683 * "username:password\@server:port" */
684 unsigned int socks_proxy_port;
685 /**< VHOST: If socks_proxy_address was non-NULL, uses this port
686 * if nonzero, otherwise requires "server:port" in .socks_proxy_address
687 */
688#endif
689
690#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP)
691 cap_value_t caps[4];
692 /**< CONTEXT: array holding Linux capabilities you want to
693 * continue to be available to the server after it transitions
694 * to a noprivileged user. Usually none are needed but for, eg,
695 * .bind_iface, CAP_NET_RAW is required. This gives you a way
696 * to still have the capability but drop root.
697 */
698 char count_caps;
699 /**< CONTEXT: count of Linux capabilities in .caps[]. 0 means
700 * no capabilities will be inherited from root (the default) */
701#endif
703 /**< CONTEXT: This is ignored if the context is not being started with
704 * an event loop, ie, .options has a flag like
705 * LWS_SERVER_OPTION_LIBUV.
706 *
707 * NULL indicates lws should start its own even loop for
708 * each service thread, and deal with closing the loops
709 * when the context is destroyed.
710 *
711 * Non-NULL means it points to an array of external
712 * ("foreign") event loops that are to be used in turn for
713 * each service thread. In the default case of 1 service
714 * thread, it can just point to one foreign event loop.
715 */
716 void (*signal_cb)(void *event_lib_handle, int signum);
717 /**< CONTEXT: NULL: default signal handling. Otherwise this receives
718 * the signal handler callback. event_lib_handle is the
719 * native event library signal handle, eg uv_signal_t *
720 * for libuv.
721 */
722 struct lws_context **pcontext;
723 /**< CONTEXT: if non-NULL, at the end of context destroy processing,
724 * the pointer pointed to by pcontext is written with NULL. You can
725 * use this to let foreign event loops know that lws context destruction
726 * is fully completed.
727 */
728 void (*finalize)(struct lws_vhost *vh, void *arg);
729 /**< VHOST: NULL, or pointer to function that will be called back
730 * when the vhost is just about to be freed. The arg parameter
731 * will be set to whatever finalize_arg is below.
732 */
734 /**< VHOST: opaque pointer lws ignores but passes to the finalize
735 * callback. If you don't care, leave it NULL.
736 */
738 /**< VHOST: NULL for default, or force accepted incoming connections to
739 * bind to this role. Uses the role names from their ops struct, eg,
740 * "raw-skt".
741 */
743 /**< VHOST: NULL for default, or force accepted incoming connections to
744 * bind to this vhost protocol name.
745 */
746 const struct lws_protocols **pprotocols;
747 /**< VHOST: NULL: use .protocols, otherwise ignore .protocols and use
748 * this array of pointers to protocols structs. The end of the array
749 * is marked by a NULL pointer.
750 *
751 * This is preferred over .protocols, because it allows the protocol
752 * struct to be opaquely defined elsewhere, with just a pointer to it
753 * needed to create the context with it. .protocols requires also
754 * the type of the user data to be known so its size can be given.
755 */
756
757 const char *username; /**< CONTEXT: string username for post-init
758 * permissions. Like .uid but takes a string username. */
759 const char *groupname; /**< CONTEXT: string groupname for post-init
760 * permissions. Like .gid but takes a string groupname. */
761 const char *unix_socket_perms; /**< VHOST: if your vhost is listening
762 * on a unix socket, you can give a "username:groupname" string here
763 * to control the owner:group it's created with. It's always created
764 * with 0660 mode. */
766 /**< CONTEXT: hook up lws_system_ apis to system-specific
767 * implementations */
769 /**< VHOST: optional retry and idle policy to apply to this vhost.
770 * Currently only the idle parts are applied to the connections.
771 */
772#if defined(LWS_WITH_SYS_STATE)
774 /**< CONTEXT: NULL, or pointer to an array of notifiers that should
775 * be registered during context creation, so they can see state change
776 * events from very early on. The array should end with a NULL. */
777#endif
778#if defined(LWS_WITH_SECURE_STREAMS)
779#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
780 const struct lws_ss_policy *pss_policies; /**< CONTEXT: point to first
781 * in a linked-list of streamtype policies prepared by user code */
782#else
783 const char *pss_policies_json; /**< CONTEXT: point to a string
784 * containing a JSON description of the secure streams policies. Set
785 * to NULL if not using Secure Streams.
786 * If the platform supports files and the string does not begin with
787 * '{', lws treats the string as a filepath to open to get the JSON
788 * policy.
789 */
790#endif
791 const struct lws_ss_plugin **pss_plugins; /**< CONTEXT: point to an array
792 * of pointers to plugin structs here, terminated with a NULL ptr.
793 * Set to NULL if not using Secure Streams. */
794 const char *ss_proxy_bind; /**< CONTEXT: NULL, or: ss_proxy_port == 0:
795 * point to a string giving the Unix Domain Socket address to use (start
796 * with @ for abstract namespace), ss_proxy_port nonzero: set the
797 * network interface address (not name, it's ambiguous for ipv4/6) to
798 * bind the tcp connection to the proxy to */
799 const char *ss_proxy_address; /**< CONTEXT: NULL, or if ss_proxy_port
800 * nonzero: the tcp address of the ss proxy to connect to */
801 uint16_t ss_proxy_port; /* 0 = if connecting to ss proxy, do it via a
802 * Unix Domain Socket, "+@proxy.ss.lws" if ss_proxy_bind is NULL else
803 * the socket path given in ss_proxy_bind (start it with a + or +@);
804 * nonzero means connect via a tcp socket to the tcp address in
805 * ss_proxy_bind and the given port */
806 const struct lws_transport_proxy_ops *txp_ops_ssproxy; /**< CONTEXT: NULL, or
807 * custom sss transport ops used for ss proxy communication. NULL means
808 * to use the default wsi-based proxy server */
809 const void *txp_ssproxy_info; /**< CONTEXT: NULL, or extra transport-
810 * specifi creation info to be used at \p txp_ops_ssproxy creation */
811 const struct lws_transport_client_ops *txp_ops_sspc; /**< CONTEXT: NULL, or
812 * custom sss transport ops used for ss client communication to the ss
813 * proxy. NULL means to use the default wsi-based client support */
814#endif
815
816#if defined(LWS_WITH_SECURE_STREAMS_PROXY_API)
817#endif
818
820 /**< 0 = inherit the initial ulimit for files / sockets from the startup
821 * environment. Nonzero = try to set the limit for this process.
822 */
823#if defined(LWS_WITH_PEER_LIMITS)
825 /**< CONTEXT: NULL, or a callback to receive notifications each time a
826 * connection is being dropped because of peer limits.
827 *
828 * The callback provides the context, and an lws_sockaddr46 with the
829 * peer address and port.
830 */
831 unsigned short ip_limit_ah;
832 /**< CONTEXT: max number of ah a single IP may use simultaneously
833 * 0 is no limit. This is a soft limit: if the limit is
834 * reached, connections from that IP will wait in the ah
835 * waiting list and not be able to acquire an ah until
836 * a connection belonging to the IP relinquishes one it
837 * already has.
838 */
839 unsigned short ip_limit_wsi;
840 /**< CONTEXT: max number of wsi a single IP may use simultaneously.
841 * 0 is no limit. This is a hard limit, connections from
842 * the same IP will simply be dropped once it acquires the
843 * amount of simultaneous wsi / accepted connections
844 * given here.
845 */
846
847#endif /* PEER_LIMITS */
848
849#if defined(LWS_WITH_SYS_FAULT_INJECTION)
851 /**< CONTEXT | VHOST: attach external Fault Injection context to the
852 * lws_context or vhost. If creating the context + default vhost in
853 * one step, only the context binds to \p fi. When creating a vhost
854 * otherwise this can bind to the vhost so the faults can be injected
855 * from the start.
856 */
857#endif
858
859#if defined(LWS_WITH_SYS_SMD)
861 /**< CONTEXT: NULL, or an smd notification callback that will be registered
862 * immediately after the smd in the context is initialized. This ensures
863 * you can get all notifications without having to intercept the event loop
864 * creation, eg, when using an event library. Other callbacks can be
865 * registered later manually without problems.
866 */
867 void *early_smd_opaque;
870 /**< CONTEXT: SMD messages older than this many us are removed from the
871 * queue and destroyed even if not fully delivered yet. If zero,
872 * defaults to 2 seconds (5 second for FREERTOS).
873 */
875 /**< CONTEXT: Maximum queue depth, If zero defaults to 40
876 * (20 for FREERTOS) */
877#endif
878
879#if defined(LWS_WITH_SYS_METRICS)
881 /**< CONTEXT: non-SS policy metrics policies */
882 const char *metrics_prefix;
883 /**< CONTEXT: prefix for this context's metrics, used to distinguish
884 * metrics pooled from different processes / applications, so, eg what
885 * would be "cpu.svc" if this is NULL becomes "myapp.cpu.svc" is this is
886 * set to "myapp". Policies are applied using the name with the prefix,
887 * if present.
888 */
889#endif
890
892 /**< VHOST: 0 = no TCP_FASTOPEN, nonzero = enable TCP_FASTOPEN if the
893 * platform supports it, with the given queue length for the listen
894 * socket.
895 */
896
898 /**< CONTEXT: If non-NULL, override event library selection so it uses
899 * this custom event library implementation, instead of default internal
900 * loop. Don't set any other event lib context creation flags in that
901 * case. it will be used automatically. This is useful for integration
902 * where an existing application is using its own handrolled event loop
903 * instead of an event library, it provides a way to allow lws to use
904 * the custom event loop natively as if it were an "event library".
905 */
906
907#if defined(LWS_WITH_TLS_JIT_TRUST)
909 /**< CONTEXT: 0 for no limit, else max bytes used by JIT Trust cache...
910 * LRU items are evicted to keep under this limit */
912 /**< CONTEXT: 0 for default of 5000ms, or number of ms JIT Trust vhosts
913 * are allowed to live without active connections using them. */
914#endif
915
917 /**< CONTEXT: NULL to use the default, process-scope logging context,
918 * else a specific logging context to associate with this context */
919
920#if defined(LWS_WITH_CACHE_NSCOOKIEJAR) && defined(LWS_WITH_CLIENT)
921 const char *http_nsc_filepath;
922 /**< CONTEXT: Filepath to use for http netscape cookiejar file */
923
925 /**< CONTEXT: 0, or limit in bytes for heap usage of memory cookie
926 * cache */
928 /**< CONTEXT: 0, or the max number of items allowed in the cookie cache
929 * before destroying lru items to keep it under the limit */
931 /**< CONTEXT: 0, or the maximum size of a single cookie we are able to
932 * handle */
933#endif
934
935#if defined(LWS_WITH_SYS_ASYNC_DNS)
936 const char **async_dns_servers;
937 /**< CONTEXT: NULL, or a pointer to an array of strings containing the
938 * numeric IP like "8.8.8.8" or "2001:4860:4860::8888" for a list of DNS
939 * server to forcibly add. If given, the list of strings must be
940 * terminated with a NULL.
941 */
942#endif
943
944#if defined(WIN32)
946 /**< CONTEXT: win32 needs client connection status checking at intervals
947 * to work reliably. This sets the interval in us, up to 999999. By
948 * default, it's 500us.
949 */
950#endif
951
952 /* Add new things just above here ---^
953 * This is part of the ABI, don't needlessly break compatibility
954 *
955 * The below is to ensure later library versions with new
956 * members added above will see 0 (default) even if the app
957 * was not built against the newer headers.
958 */
959
960 void *_unused[2]; /**< dummy */
961};
962
963/**
964 * lws_create_context() - Create the websocket handler
965 * \param info: pointer to struct with parameters
966 *
967 * This function creates the listening socket (if serving) and takes care
968 * of all initialization in one step.
969 *
970 * If option LWS_SERVER_OPTION_EXPLICIT_VHOSTS is given, no vhost is
971 * created; you're expected to create your own vhosts afterwards using
972 * lws_create_vhost(). Otherwise a vhost named "default" is also created
973 * using the information in the vhost-related members, for compatibility.
974 *
975 * After initialization, it returns a struct lws_context * that
976 * represents this server. After calling, user code needs to take care
977 * of calling lws_service() with the context pointer to get the
978 * server's sockets serviced. This must be done in the same process
979 * context as the initialization call.
980 *
981 * The protocol callback functions are called for a handful of events
982 * including http requests coming in, websocket connections becoming
983 * established, and data arriving; it's also called periodically to allow
984 * async transmission.
985 *
986 * HTTP requests are sent always to the FIRST protocol in protocol, since
987 * at that time websocket protocol has not been negotiated. Other
988 * protocols after the first one never see any HTTP callback activity.
989 *
990 * The server created is a simple http server by default; part of the
991 * websocket standard is upgrading this http connection to a websocket one.
992 *
993 * This allows the same server to provide files like scripts and favicon /
994 * images or whatever over http and dynamic data over websockets all in
995 * one place; they're all handled in the user callback.
996 */
997LWS_VISIBLE LWS_EXTERN struct lws_context *
999
1000
1001/**
1002 * lws_context_destroy() - Destroy the websocket context
1003 * \param context: Websocket context
1004 *
1005 * This function closes any active connections and then frees the
1006 * context. After calling this, any further use of the context is
1007 * undefined.
1008 */
1009LWS_VISIBLE LWS_EXTERN void
1010lws_context_destroy(struct lws_context *context);
1011
1012typedef int (*lws_reload_func)(void);
1013
1014/**
1015 * lws_context_deprecate() - Deprecate the websocket context
1016 *
1017 * \param context: Websocket context
1018 * \param cb: Callback notified when old context listen sockets are closed
1019 *
1020 * This function is used on an existing context before superceding it
1021 * with a new context.
1022 *
1023 * It closes any listen sockets in the context, so new connections are
1024 * not possible.
1025 *
1026 * And it marks the context to be deleted when the number of active
1027 * connections into it falls to zero.
1028 *
1029 * This is aimed at allowing seamless configuration reloads.
1030 *
1031 * The callback cb will be called after the listen sockets are actually
1032 * closed and may be reopened. In the callback the new context should be
1033 * configured and created. (With libuv, socket close happens async after
1034 * more loop events).
1035 */
1036LWS_VISIBLE LWS_EXTERN void
1037lws_context_deprecate(struct lws_context *context, lws_reload_func cb);
1038
1039LWS_VISIBLE LWS_EXTERN int
1040lws_context_is_deprecated(struct lws_context *context);
1041
1042/**
1043 * lws_set_proxy() - Setups proxy to lws_context.
1044 * \param vhost: pointer to struct lws_vhost you want set proxy for
1045 * \param proxy: pointer to c string containing proxy in format address:port
1046 *
1047 * Returns 0 if proxy string was parsed and proxy was setup.
1048 * Returns -1 if proxy is NULL or has incorrect format.
1049 *
1050 * This is only required if your OS does not provide the http_proxy
1051 * environment variable (eg, OSX)
1052 *
1053 * IMPORTANT! You should call this function right after creation of the
1054 * lws_context and before call to connect. If you call this
1055 * function after connect behavior is undefined.
1056 * This function will override proxy settings made on lws_context
1057 * creation with genenv() call.
1058 */
1059LWS_VISIBLE LWS_EXTERN int
1060lws_set_proxy(struct lws_vhost *vhost, const char *proxy);
1061
1062/**
1063 * lws_set_socks() - Setup socks to lws_context.
1064 * \param vhost: pointer to struct lws_vhost you want set socks for
1065 * \param socks: pointer to c string containing socks in format address:port
1066 *
1067 * Returns 0 if socks string was parsed and socks was setup.
1068 * Returns -1 if socks is NULL or has incorrect format.
1069 *
1070 * This is only required if your OS does not provide the socks_proxy
1071 * environment variable (eg, OSX)
1072 *
1073 * IMPORTANT! You should call this function right after creation of the
1074 * lws_context and before call to connect. If you call this
1075 * function after connect behavior is undefined.
1076 * This function will override proxy settings made on lws_context
1077 * creation with genenv() call.
1078 */
1079LWS_VISIBLE LWS_EXTERN int
1080lws_set_socks(struct lws_vhost *vhost, const char *socks);
1081
1082struct lws_vhost;
1083
1084/**
1085 * lws_create_vhost() - Create a vhost (virtual server context)
1086 * \param context: pointer to result of lws_create_context()
1087 * \param info: pointer to struct with parameters
1088 *
1089 * This function creates a virtual server (vhost) using the vhost-related
1090 * members of the info struct. You can create many vhosts inside one context
1091 * if you created the context with the option LWS_SERVER_OPTION_EXPLICIT_VHOSTS
1092 */
1093LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1094lws_create_vhost(struct lws_context *context,
1095 const struct lws_context_creation_info *info);
1096
1097/**
1098 * lws_vhost_destroy() - Destroy a vhost (virtual server context)
1099 *
1100 * \param vh: pointer to result of lws_create_vhost()
1101 *
1102 * This function destroys a vhost. Normally, if you just want to exit,
1103 * then lws_destroy_context() will take care of everything. If you want
1104 * to destroy an individual vhost and all connections and allocations, you
1105 * can do it with this.
1106 *
1107 * If the vhost has a listen sockets shared by other vhosts, it will be given
1108 * to one of the vhosts sharing it rather than closed.
1109 *
1110 * The vhost close is staged according to the needs of the event loop, and if
1111 * there are multiple service threads. At the point the vhost itself if
1112 * about to be freed, if you provided a finalize callback and optional arg at
1113 * vhost creation time, it will be called just before the vhost is freed.
1114 */
1115LWS_VISIBLE LWS_EXTERN void
1116lws_vhost_destroy(struct lws_vhost *vh);
1117
1118/**
1119 * lwsws_get_config_globals() - Parse a JSON server config file
1120 * \param info: pointer to struct with parameters
1121 * \param d: filepath of the config file
1122 * \param config_strings: storage for the config strings extracted from JSON,
1123 * the pointer is incremented as strings are stored
1124 * \param len: pointer to the remaining length left in config_strings
1125 * the value is decremented as strings are stored
1126 *
1127 * This function prepares a n lws_context_creation_info struct with global
1128 * settings from a file d.
1129 *
1130 * Requires CMake option LWS_WITH_LEJP_CONF to have been enabled
1131 */
1132LWS_VISIBLE LWS_EXTERN int
1134 char **config_strings, int *len);
1135
1136/**
1137 * lwsws_get_config_vhosts() - Create vhosts from a JSON server config file
1138 * \param context: pointer to result of lws_create_context()
1139 * \param info: pointer to struct with parameters
1140 * \param d: filepath of the config file
1141 * \param config_strings: storage for the config strings extracted from JSON,
1142 * the pointer is incremented as strings are stored
1143 * \param len: pointer to the remaining length left in config_strings
1144 * the value is decremented as strings are stored
1145 *
1146 * This function creates vhosts into a context according to the settings in
1147 *JSON files found in directory d.
1148 *
1149 * Requires CMake option LWS_WITH_LEJP_CONF to have been enabled
1150 */
1151LWS_VISIBLE LWS_EXTERN int
1152lwsws_get_config_vhosts(struct lws_context *context,
1153 struct lws_context_creation_info *info, const char *d,
1154 char **config_strings, int *len);
1155
1156/**
1157 * lws_get_vhost() - return the vhost a wsi belongs to
1158 *
1159 * \param wsi: which connection
1160 */
1161LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1162lws_get_vhost(struct lws *wsi);
1163
1164/**
1165 * lws_get_vhost_name() - returns the name of a vhost
1166 *
1167 * \param vhost: which vhost
1168 */
1169LWS_VISIBLE LWS_EXTERN const char *
1170lws_get_vhost_name(struct lws_vhost *vhost);
1171
1172/**
1173 * lws_get_vhost_by_name() - returns the vhost with the requested name, or NULL
1174 *
1175 * \param context: the lws_context to look in
1176 * \param name: vhost name we are looking for
1177 *
1178 * Returns NULL, or the vhost with the name \p name
1179 */
1180LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1181lws_get_vhost_by_name(struct lws_context *context, const char *name);
1182
1183/**
1184 * lws_get_vhost_port() - returns the port a vhost listens on, or -1
1185 *
1186 * \param vhost: which vhost
1187 */
1188LWS_VISIBLE LWS_EXTERN int
1189lws_get_vhost_port(struct lws_vhost *vhost);
1190
1191/**
1192 * lws_get_vhost_user() - returns the user pointer for the vhost
1193 *
1194 * \param vhost: which vhost
1195 */
1196LWS_VISIBLE LWS_EXTERN void *
1197lws_get_vhost_user(struct lws_vhost *vhost);
1198
1199/**
1200 * lws_get_vhost_iface() - returns the binding for the vhost listen socket
1201 *
1202 * \param vhost: which vhost
1203 */
1204LWS_VISIBLE LWS_EXTERN const char *
1205lws_get_vhost_iface(struct lws_vhost *vhost);
1206
1207/**
1208 * lws_vhost_user() - get the user data associated with the vhost
1209 * \param vhost: Websocket vhost
1210 *
1211 * This returns the optional user pointer that can be attached to
1212 * a vhost when it was created. Lws never dereferences this pointer, it only
1213 * sets it when the vhost is created, and returns it using this api.
1214 */
1215LWS_VISIBLE LWS_EXTERN void *
1216lws_vhost_user(struct lws_vhost *vhost);
1217
1218/**
1219 * lws_context_user() - get the user data associated with the context
1220 * \param context: Websocket context
1221 *
1222 * This returns the optional user allocation that can be attached to
1223 * the context the sockets live in at context_create time. It's a way
1224 * to let all sockets serviced in the same context share data without
1225 * using globals statics in the user code.
1226 */
1227LWS_VISIBLE LWS_EXTERN void *
1228lws_context_user(struct lws_context *context);
1229
1230LWS_VISIBLE LWS_EXTERN const char *
1231lws_vh_tag(struct lws_vhost *vh);
1232
1233LWS_VISIBLE LWS_EXTERN void
1235 const char *sspol);
1236
1237LWS_VISIBLE LWS_EXTERN void
1238lws_default_loop_exit(struct lws_context *cx);
1239
1240LWS_VISIBLE LWS_EXTERN void
1242
1243LWS_VISIBLE LWS_EXTERN int
1244lws_cmdline_passfail(int argc, const char **argv, int actual);
1245
1246/**
1247 * lws_context_is_being_destroyed() - find out if context is being destroyed
1248 *
1249 * \param context: the struct lws_context pointer
1250 *
1251 * Returns nonzero if the context has had lws_context_destroy() called on it...
1252 * when using event library loops the destroy process can be asynchronous. In
1253 * the special case of libuv foreign loops, the failure to create the context
1254 * may have to do work on the foreign loop to reverse the partial creation,
1255 * meaning a failed context create cannot unpick what it did and return NULL.
1256 *
1257 * In that condition, a valid context that is already started the destroy
1258 * process is returned, and this test api will return nonzero as a way to
1259 * find out the create is in the middle of failing.
1260 */
1261LWS_VISIBLE LWS_EXTERN int
1262lws_context_is_being_destroyed(struct lws_context *context);
1263
1264/*! \defgroup vhost-mounts Vhost mounts and options
1265 * \ingroup context-and-vhost-creation
1266 *
1267 * ##Vhost mounts and options
1268 */
1269///@{
1270/** struct lws_protocol_vhost_options - linked list of per-vhost protocol
1271 * name=value options
1272 *
1273 * This provides a general way to attach a linked-list of name=value pairs,
1274 * which can also have an optional child link-list using the options member.
1275 */
1277 const struct lws_protocol_vhost_options *next; /**< linked list */
1278 const struct lws_protocol_vhost_options *options; /**< child linked-list of more options for this node */
1279 const char *name; /**< name of name=value pair */
1280 const char *value; /**< value of name=value pair */
1281};
1282
1283/** enum lws_mount_protocols
1284 * This specifies the mount protocol for a mountpoint, whether it is to be
1285 * served from a filesystem, or it is a cgi etc.
1286 */
1288 LWSMPRO_HTTP = 0, /**< http reverse proxy */
1289 LWSMPRO_HTTPS = 1, /**< https reverse proxy */
1290 LWSMPRO_FILE = 2, /**< serve from filesystem directory */
1291 LWSMPRO_CGI = 3, /**< pass to CGI to handle */
1292 LWSMPRO_REDIR_HTTP = 4, /**< redirect to http:// url */
1293 LWSMPRO_REDIR_HTTPS = 5, /**< redirect to https:// url */
1294 LWSMPRO_CALLBACK = 6, /**< hand by named protocol's callback */
1295};
1296
1297/** enum lws_authentication_mode
1298 * This specifies the authentication mode of the mount. The basic_auth_login_file mount parameter
1299 * is ignored unless LWSAUTHM_DEFAULT is set.
1300 */
1302 LWSAUTHM_DEFAULT = 0, /**< default authenticate only if basic_auth_login_file is provided */
1303 LWSAUTHM_BASIC_AUTH_CALLBACK = 1 << 28 /**< Basic auth with a custom verifier */
1305
1306/** The authentication mode is stored in the top 4 bits of lws_http_mount.auth_mask */
1307#define AUTH_MODE_MASK 0xF0000000
1308
1309/** struct lws_http_mount
1310 *
1311 * arguments for mounting something in a vhost's url namespace
1312 */
1315 /**< pointer to next struct lws_http_mount */
1316 const char *mountpoint;
1317 /**< mountpoint in http pathspace, eg, "/" */
1318 const char *origin;
1319 /**< path to be mounted, eg, "/var/www/warmcat.com" */
1320 const char *def;
1321 /**< default target, eg, "index.html" */
1322 const char *protocol;
1323 /**<"protocol-name" to handle mount */
1324
1326 /**< optional linked-list of cgi options. These are created
1327 * as environment variables for the cgi process
1328 */
1330 /**< optional linked-list of mimetype mappings */
1332 /**< optional linked-list of files to be interpreted */
1333
1335 /**< seconds cgi is allowed to live, if cgi://mount type */
1337 /**< max-age for reuse of client cache of files, seconds */
1338 unsigned int auth_mask;
1339 /**< bits set here must be set for authorized client session */
1340
1341 unsigned int cache_reusable:1; /**< set if client cache may reuse this */
1342 unsigned int cache_revalidate:1; /**< set if client cache should revalidate on use */
1343 unsigned int cache_intermediaries:1; /**< set if intermediaries are allowed to cache */
1344 unsigned int cache_no:1; /**< set if client should check cache always*/
1345
1346 unsigned char origin_protocol; /**< one of enum lws_mount_protocols */
1347 unsigned char mountpoint_len; /**< length of mountpoint string */
1348
1350 /**<NULL, or filepath to use to check basic auth logins against. (requires LWSAUTHM_DEFAULT) */
1351
1352 /* Add new things just above here ---^
1353 * This is part of the ABI, don't needlessly break compatibility
1354 */
1355};
1356
1357///@}
1358///@}
const struct lws_protocol_vhost_options * next
const struct lws_protocol_vhost_options * options
LWS_VISIBLE LWS_EXTERN void lws_context_deprecate(struct lws_context *context, lws_reload_func cb)
LWS_VISIBLE LWS_EXTERN void lws_context_default_loop_run_destroy(struct lws_context *cx)
int(* lws_reload_func)(void)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_get_vhost(struct lws *wsi)
LWS_VISIBLE LWS_EXTERN int lwsws_get_config_vhosts(struct lws_context *context, struct lws_context_creation_info *info, const char *d, char **config_strings, int *len)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_create_vhost(struct lws_context *context, const struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN int lws_cmdline_passfail(int argc, const char **argv, int actual)
LWS_VISIBLE LWS_EXTERN void * lws_vhost_user(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN int lws_set_proxy(struct lws_vhost *vhost, const char *proxy)
LWS_VISIBLE LWS_EXTERN struct lws_context * lws_create_context(const struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN void lws_default_loop_exit(struct lws_context *cx)
LWS_VISIBLE LWS_EXTERN void lws_context_destroy(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lwsws_get_config_globals(struct lws_context_creation_info *info, const char *d, char **config_strings, int *len)
LWS_VISIBLE LWS_EXTERN int lws_set_socks(struct lws_vhost *vhost, const char *socks)
LWS_VISIBLE LWS_EXTERN const char * lws_vh_tag(struct lws_vhost *vh)
LWS_VISIBLE LWS_EXTERN const char * lws_get_vhost_name(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_get_vhost_by_name(struct lws_context *context, const char *name)
LWS_VISIBLE LWS_EXTERN int lws_get_vhost_port(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN void lws_vhost_destroy(struct lws_vhost *vh)
LWS_VISIBLE LWS_EXTERN const char * lws_get_vhost_iface(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN void _lws_context_info_defaults(struct lws_context_creation_info *info, const char *sspol)
LWS_VISIBLE LWS_EXTERN int lws_context_is_deprecated(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lws_context_is_being_destroyed(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN void * lws_context_user(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN void * lws_get_vhost_user(struct lws_vhost *vhost)
int(* lws_context_ready_cb_t)(struct lws_context *context)
const struct lws_http_mount * mount_next
const char * protocol
const struct lws_protocol_vhost_options * interpret
const char * origin
unsigned int cache_no
const char * basic_auth_login_file
const struct lws_protocol_vhost_options * extra_mimetypes
unsigned int auth_mask
unsigned char origin_protocol
unsigned int cache_reusable
const char * mountpoint
unsigned int cache_intermediaries
unsigned char mountpoint_len
unsigned int cache_revalidate
const struct lws_protocol_vhost_options * cgienv
lws_mount_protocols
lws_authentication_mode
@ LWSMPRO_CGI
@ LWSMPRO_HTTP
@ LWSMPRO_FILE
@ LWSMPRO_REDIR_HTTPS
@ LWSMPRO_CALLBACK
@ LWSMPRO_REDIR_HTTP
@ LWSMPRO_HTTPS
@ LWSAUTHM_BASIC_AUTH_CALLBACK
@ LWSAUTHM_DEFAULT
const lws_system_ops_t * system_ops
const struct lws_plugin_evlib * event_lib_custom
const struct lws_protocols ** pprotocols
struct lws_context ** pcontext
const lws_retry_bo_t * retry_and_idle_policy
void(* signal_cb)(void *event_lib_handle, int signum)