libwebsockets
Lightweight C library for HTML5 websockets
Loading...
Searching...
No Matches
lws-context-vhost.h
Go to the documentation of this file.
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2021 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
39
40/*
41 * NOTE: These public enums are part of the abi. If you want to add one,
42 * add it at where specified so existing users are unaffected.
43 */
44
45
46#define LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT ((1ll << 1) | \
47 (1ll << 12))
48
51#define LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME (1ll << 2)
53#define LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT ((1ll << 3) | \
54 (1ll << 12))
55
61#define LWS_SERVER_OPTION_LIBEV (1ll << 4)
63#define LWS_SERVER_OPTION_DISABLE_IPV6 (1ll << 5)
65#define LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS (1ll << 6)
68#define LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED (1ll << 7)
70#define LWS_SERVER_OPTION_VALIDATE_UTF8 (1ll << 8)
72#define LWS_SERVER_OPTION_SSL_ECDH ((1ll << 9) | \
73 (1ll << 12))
74
75#define LWS_SERVER_OPTION_LIBUV (1ll << 10)
77#define LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS ((1ll << 11) |\
78 (1ll << 12))
79
88#define LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT (1ll << 12)
90#define LWS_SERVER_OPTION_EXPLICIT_VHOSTS (1ll << 13)
93#define LWS_SERVER_OPTION_UNIX_SOCK (1ll << 14)
95#define LWS_SERVER_OPTION_STS (1ll << 15)
98#define LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY (1ll << 16)
100#define LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE (1ll << 17)
102#define LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN (1ll << 18)
108#define LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN (1ll << 19)
115#define LWS_SERVER_OPTION_FALLBACK_TO_RAW /* use below name */ (1ll << 20)
116#define LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG (1ll << 20)
128
129#define LWS_SERVER_OPTION_LIBEVENT (1ll << 21)
131
132#define LWS_SERVER_OPTION_ONLY_RAW /* Use below name instead */ (1ll << 22)
133#define LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG (1ll << 22)
146#define LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE (1ll << 23)
152#define LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX (1ll << 24)
159#define LWS_SERVER_OPTION_SKIP_PROTOCOL_INIT (1ll << 25)
164#define LWS_SERVER_OPTION_IGNORE_MISSING_CERT (1ll << 26)
170#define LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK (1ll << 27)
181#define LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE (1ll << 28)
197
198#define LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER (1ll << 29)
206#define LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND (1ll << 30)
210
211#define LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW (1ll << 31)
214
215#define LWS_SERVER_OPTION_VH_H2_HALF_CLOSED_LONG_POLL (1ll << 32)
220
221#define LWS_SERVER_OPTION_GLIB (1ll << 33)
223
224#define LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE (1ll << 34)
228
229#define LWS_SERVER_OPTION_NO_LWS_SYSTEM_STATES (1ll << 35)
232
233#define LWS_SERVER_OPTION_SS_PROXY (1ll << 36)
235
236#define LWS_SERVER_OPTION_SDEVENT (1ll << 37)
238
239#define LWS_SERVER_OPTION_ULOOP (1ll << 38)
241
242#define LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE (1ll << 39)
244
245#define LWS_SERVER_OPTION_OPENSSL_AUTO_DH_PARAMETERS (1ll << 40)
251
252 /****** add new things just above ---^ ******/
253
254
255#define lws_check_opt(c, f) ((((uint64_t)c) & ((uint64_t)f)) == ((uint64_t)f))
256
257struct lws_plat_file_ops;
258struct lws_ss_policy;
259struct lws_ss_plugin;
260struct lws_metric_policy;
261struct lws_sss_ops;
262
263typedef int (*lws_context_ready_cb_t)(struct lws_context *context);
264
265#if defined(LWS_WITH_NETWORK)
266typedef int (*lws_peer_limits_notify_t)(struct lws_context *ctx,
267 lws_sockfd_type sockfd,
268 lws_sockaddr46 *sa46);
269#endif
270
281#if defined(LWS_WITH_NETWORK)
282 const char *iface;
289 const struct lws_protocols *protocols;
295#if defined(LWS_ROLE_WS)
296 const struct lws_extension *extensions;
299#endif
300#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
301 const struct lws_token_limits *token_limits;
304 const char *http_proxy_address;
308 const struct lws_protocol_vhost_options *headers;
311
312 const struct lws_protocol_vhost_options *reject_service_keywords;
319 const struct lws_protocol_vhost_options *pvo;
322 const char *log_filepath;
325 const struct lws_http_mount *mounts;
327 const char *server_string;
330
331 const char *error_document_404;
335 int port;
347
348 unsigned int http_proxy_port;
350 unsigned int max_http_header_data2;
355 unsigned int max_http_header_pool2;
360
361 int keepalive_timeout;
365 uint32_t http2_settings[7];
371
372 unsigned short max_http_header_data;
375 unsigned short max_http_header_pool;
382
383#endif
384
385#if defined(LWS_WITH_TLS)
386 const char *ssl_private_key_password;
391 const char *ssl_cert_filepath;
403 const char *ssl_private_key_filepath;
422 const char *ssl_ca_filepath;
431 const char *ssl_cipher_list;
441 const char *ecdh_curve;
444 const char *tls1_3_plus_cipher_list;
451
452 const void *server_ssl_cert_mem;
456 const void *server_ssl_private_key_mem;
461 const void *server_ssl_ca_mem;
465
466 long ssl_options_set;
468 long ssl_options_clear;
470 int simultaneous_ssl_restriction;
473 int simultaneous_ssl_handshake_restriction;
475 int ssl_info_event_mask;
481 unsigned int server_ssl_cert_mem_len;
484 unsigned int server_ssl_private_key_mem_len;
486 unsigned int server_ssl_ca_mem_len;
488
489 const char *alpn;
496
497
498#if defined(LWS_WITH_CLIENT)
499 const char *client_ssl_private_key_password;
502 const char *client_ssl_cert_filepath;
505 const void *client_ssl_cert_mem;
508 unsigned int client_ssl_cert_mem_len;
511 const char *client_ssl_private_key_filepath;
517 const void *client_ssl_key_mem;
520 const char *client_ssl_ca_filepath;
522 const void *client_ssl_ca_mem;
525
526 const char *client_ssl_cipher_list;
530 const char *client_tls_1_3_plus_cipher_list;
536
537 long ssl_client_options_set;
539 long ssl_client_options_clear;
541
542
543 unsigned int client_ssl_ca_mem_len;
546 unsigned int client_ssl_key_mem_len;
549
550#endif
551
552#if !defined(LWS_WITH_MBEDTLS)
553 SSL_CTX *provided_client_ssl_ctx;
558#else /* WITH_MBEDTLS */
559 const char *mbedtls_client_preload_filepath;
569#endif
570#endif
571
572 int ka_time;
575 int ka_probes;
579 int ka_interval;
582 unsigned int timeout_secs;
587 unsigned int connect_timeout_secs;
591 int bind_iface;
602 unsigned int timeout_secs_ah_idle;
605#endif /* WITH_NETWORK */
606
607#if defined(LWS_WITH_TLS_SESSIONS)
608 uint32_t tls_session_timeout;
611 uint32_t tls_session_cache_max;
614#endif
615
616 gid_t gid;
619 uid_t uid;
622 uint64_t options;
624 void *user;
633 unsigned int count_threads;
651 const char *vhost_name;
658#if defined(LWS_WITH_PLUGINS)
659 const char * const *plugin_dirs;
662#endif
670
671
672 unsigned int pt_serv_buf_size;
678#if defined(LWS_WITH_FILE_OPS)
679 const struct lws_plat_file_ops *fops;
686#endif
687
688#if defined(LWS_WITH_SOCKS5)
689 const char *socks_proxy_address;
693 unsigned int socks_proxy_port;
697#endif
698
699#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP)
700 cap_value_t caps[4];
707 char count_caps;
710#endif
725 void (*signal_cb)(void *event_lib_handle, int signum);
731 struct lws_context **pcontext;
737 void (*finalize)(struct lws_vhost *vh, void *arg);
755 const struct lws_protocols **pprotocols;
765
766 const char *username;
768 const char *groupname;
770 const char *unix_socket_perms;
781#if defined(LWS_WITH_SYS_STATE)
782 lws_state_notify_link_t * const *register_notifier_list;
786#endif
787#if defined(LWS_WITH_SECURE_STREAMS)
788#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
789 const struct lws_ss_policy *pss_policies;
791#else
792 const char *pss_policies_json;
799#endif
800 const struct lws_ss_plugin **pss_plugins;
803 const char *ss_proxy_bind;
808 const char *ss_proxy_address;
810 uint16_t ss_proxy_port; /* 0 = if connecting to ss proxy, do it via a
811 * Unix Domain Socket, "+@proxy.ss.lws" if ss_proxy_bind is NULL else
812 * the socket path given in ss_proxy_bind (start it with a + or +@);
813 * nonzero means connect via a tcp socket to the tcp address in
814 * ss_proxy_bind and the given port */
815 const struct lws_transport_proxy_ops *txp_ops_ssproxy;
818 const void *txp_ssproxy_info;
820 const struct lws_transport_client_ops *txp_ops_sspc;
823#endif
824
825#if defined(LWS_WITH_SECURE_STREAMS_PROXY_API)
826#endif
827
832#if defined(LWS_WITH_PEER_LIMITS)
833 lws_peer_limits_notify_t pl_notify_cb;
840 unsigned short ip_limit_ah;
848 unsigned short ip_limit_wsi;
855
856#endif /* PEER_LIMITS */
857
858#if defined(LWS_WITH_SYS_FAULT_INJECTION)
859 lws_fi_ctx_t fic;
866#endif
867
868#if defined(LWS_WITH_SYS_SMD)
869 lws_smd_notification_cb_t early_smd_cb;
876 void *early_smd_opaque;
877 lws_smd_class_t early_smd_class_filter;
878 lws_usec_t smd_ttl_us;
883 uint16_t smd_queue_depth;
886#endif
887
888#if defined(LWS_WITH_SYS_METRICS)
889 const struct lws_metric_policy *metrics_policies;
891 const char *metrics_prefix;
898#endif
899
905
915
916#if defined(LWS_WITH_TLS_JIT_TRUST)
917 size_t jitt_cache_max_footprint;
920 int vh_idle_grace_ms;
923#endif
924
928
929#if defined(LWS_WITH_CACHE_NSCOOKIEJAR) && defined(LWS_WITH_CLIENT)
930 const char *http_nsc_filepath;
932
933 size_t http_nsc_heap_max_footprint;
936 size_t http_nsc_heap_max_items;
939 size_t http_nsc_heap_max_payload;
942#endif
943
944#if defined(LWS_WITH_SYS_ASYNC_DNS)
945 const char **async_dns_servers;
951#endif
952
953#if defined(WIN32)
954 unsigned int win32_connect_check_interval_usec;
959#endif
960
967
975
976#if defined(LWS_WITH_NETWORK)
977 const char *wol_if;
979#endif
980
981 /* Add new things just above here ---^
982 * This is part of the ABI, don't needlessly break compatibility
983 *
984 * The below is to ensure later library versions with new
985 * members added above will see 0 (default) even if the app
986 * was not built against the newer headers.
987 */
988
989 void *_unused[2];
990};
991
1026LWS_VISIBLE LWS_EXTERN struct lws_context *
1028
1029
1039lws_context_destroy(struct lws_context *context);
1040
1041typedef int (*lws_reload_func)(void);
1042
1066lws_context_deprecate(struct lws_context *context, lws_reload_func cb);
1067
1069lws_context_is_deprecated(struct lws_context *context);
1070
1089lws_set_proxy(struct lws_vhost *vhost, const char *proxy);
1090
1109lws_set_socks(struct lws_vhost *vhost, const char *socks);
1110
1111struct lws_vhost;
1112
1122LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1123lws_create_vhost(struct lws_context *context,
1124 const struct lws_context_creation_info *info);
1125
1145lws_vhost_destroy(struct lws_vhost *vh);
1146
1163 char **config_strings, int *len);
1164
1181lwsws_get_config_vhosts(struct lws_context *context,
1182 struct lws_context_creation_info *info, const char *d,
1183 char **config_strings, int *len);
1184
1190LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1191lws_get_vhost(struct lws *wsi);
1192
1198LWS_VISIBLE LWS_EXTERN const char *
1199lws_get_vhost_name(struct lws_vhost *vhost);
1200
1209LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1210lws_get_vhost_by_name(struct lws_context *context, const char *name);
1211
1218lws_get_vhost_port(struct lws_vhost *vhost);
1219
1226lws_get_vhost_user(struct lws_vhost *vhost);
1227
1233LWS_VISIBLE LWS_EXTERN const char *
1234lws_get_vhost_iface(struct lws_vhost *vhost);
1235
1245lws_vhost_user(struct lws_vhost *vhost);
1246
1257lws_context_user(struct lws_context *context);
1258
1259LWS_VISIBLE LWS_EXTERN const char *
1260lws_vh_tag(struct lws_vhost *vh);
1261
1264 const char *sspol);
1265
1267lws_default_loop_exit(struct lws_context *cx);
1268
1271
1273lws_cmdline_passfail(int argc, const char **argv, int actual);
1274
1286lws_systemd_inherited_fd(unsigned int index,
1287 struct lws_context_creation_info *info);
1288
1305lws_context_is_being_destroyed(struct lws_context *context);
1306
1313
1325
1340
1349
1351#define AUTH_MODE_MASK 0xF0000000
1352
1360 const char *mountpoint;
1362 const char *origin;
1364 const char *def;
1366 const char *protocol;
1368
1377
1382 unsigned int auth_mask;
1384
1385 unsigned int cache_reusable:1;
1386 unsigned int cache_revalidate:1;
1387 unsigned int cache_intermediaries:1;
1388 unsigned int cache_no:1;
1389
1390 unsigned char origin_protocol;
1391 unsigned char mountpoint_len;
1392
1395
1396 const char *cgi_chroot_path;
1398
1399 const char *cgi_wd;
1403
1412 unsigned int keepalive_timeout;
1416
1417 /* Add new things just above here ---^
1418 * This is part of the ABI, don't needlessly break compatibility
1419 */
1420};
1421
1423lws_vhost_set_mounts(struct lws_vhost *v, const struct lws_http_mount *mounts);
1424
const lws_system_ops_t * system_ops
const struct lws_plugin_evlib * event_lib_custom
void(* finalize)(struct lws_vhost *vh, void *arg)
const struct lws_protocols ** pprotocols
struct lws_context ** pcontext
const lws_retry_bo_t * retry_and_idle_policy
const struct lws_protocol_vhost_options * next
void(* signal_cb)(void *event_lib_handle, int signum)
const struct lws_protocol_vhost_options * options
LWS_VISIBLE LWS_EXTERN void lws_context_deprecate(struct lws_context *context, lws_reload_func cb)
LWS_VISIBLE LWS_EXTERN void lws_context_default_loop_run_destroy(struct lws_context *cx)
int(* lws_reload_func)(void)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_get_vhost(struct lws *wsi)
LWS_VISIBLE LWS_EXTERN int lwsws_get_config_vhosts(struct lws_context *context, struct lws_context_creation_info *info, const char *d, char **config_strings, int *len)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_create_vhost(struct lws_context *context, const struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN int lws_cmdline_passfail(int argc, const char **argv, int actual)
LWS_VISIBLE LWS_EXTERN void * lws_vhost_user(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN int lws_set_proxy(struct lws_vhost *vhost, const char *proxy)
LWS_VISIBLE LWS_EXTERN struct lws_context * lws_create_context(const struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN void lws_default_loop_exit(struct lws_context *cx)
LWS_VISIBLE LWS_EXTERN void lws_context_destroy(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lwsws_get_config_globals(struct lws_context_creation_info *info, const char *d, char **config_strings, int *len)
LWS_VISIBLE LWS_EXTERN int lws_set_socks(struct lws_vhost *vhost, const char *socks)
LWS_VISIBLE LWS_EXTERN const char * lws_vh_tag(struct lws_vhost *vh)
LWS_VISIBLE LWS_EXTERN const char * lws_get_vhost_name(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_get_vhost_by_name(struct lws_context *context, const char *name)
LWS_VISIBLE LWS_EXTERN int lws_get_vhost_port(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN void lws_vhost_destroy(struct lws_vhost *vh)
LWS_VISIBLE LWS_EXTERN const char * lws_get_vhost_iface(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN int lws_systemd_inherited_fd(unsigned int index, struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN void _lws_context_info_defaults(struct lws_context_creation_info *info, const char *sspol)
LWS_VISIBLE LWS_EXTERN int lws_context_is_deprecated(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lws_context_is_being_destroyed(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN void * lws_context_user(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN void * lws_get_vhost_user(struct lws_vhost *vhost)
int(* lws_context_ready_cb_t)(struct lws_context *context)
struct lws_log_cx lws_log_cx_t
const struct lws_http_mount * mount_next
const char * protocol
const struct lws_protocol_vhost_options * interpret
unsigned int keepalive_timeout
unsigned int cache_no
const char * basic_auth_login_file
const struct lws_protocol_vhost_options * extra_mimetypes
unsigned int auth_mask
unsigned char origin_protocol
unsigned int cache_reusable
const char * mountpoint
unsigned int cache_intermediaries
const char * cgi_chroot_path
unsigned char mountpoint_len
const struct lws_protocol_vhost_options * headers
unsigned int cache_revalidate
const struct lws_protocol_vhost_options * cgienv
lws_mount_protocols
LWS_VISIBLE LWS_EXTERN void lws_vhost_set_mounts(struct lws_vhost *v, const struct lws_http_mount *mounts)
lws_authentication_mode
@ LWSMPRO_NO_MOUNT
@ LWSMPRO_CGI
@ LWSMPRO_HTTP
@ LWSMPRO_FILE
@ LWSMPRO_REDIR_HTTPS
@ LWSMPRO_CALLBACK
@ LWSMPRO_REDIR_HTTP
@ LWSMPRO_HTTPS
@ LWSAUTHM_BASIC_AUTH_CALLBACK
@ LWSAUTHM_DEFAULT
#define LWS_EXTERN
int64_t lws_usec_t
int lws_sockfd_type
#define LWS_VISIBLE
struct lws_retry_bo lws_retry_bo_t
int(* lws_smd_notification_cb_t)(void *opaque, lws_smd_class_t _class, lws_usec_t timestamp, void *buf, size_t len)
Definition lws-smd.h:185
uint32_t lws_smd_class_t
Definition lws-smd.h:31
struct lws_system_ops lws_system_ops_t