libwebsockets
Lightweight C library for HTML5 websockets
lws-context-vhost.h
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2010 - 2021 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 */
24
39
40/*
41 * NOTE: These public enums are part of the abi. If you want to add one,
42 * add it at where specified so existing users are unaffected.
43 */
44
45
46#define LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT ((1ll << 1) | \
47 (1ll << 12))
51#define LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME (1ll << 2)
53#define LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT ((1ll << 3) | \
54 (1ll << 12))
61#define LWS_SERVER_OPTION_LIBEV (1ll << 4)
63#define LWS_SERVER_OPTION_DISABLE_IPV6 (1ll << 5)
65#define LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS (1ll << 6)
68#define LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED (1ll << 7)
70#define LWS_SERVER_OPTION_VALIDATE_UTF8 (1ll << 8)
72#define LWS_SERVER_OPTION_SSL_ECDH ((1ll << 9) | \
73 (1ll << 12))
75#define LWS_SERVER_OPTION_LIBUV (1ll << 10)
77#define LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS ((1ll << 11) |\
78 (1ll << 12))
88#define LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT (1ll << 12)
90#define LWS_SERVER_OPTION_EXPLICIT_VHOSTS (1ll << 13)
93#define LWS_SERVER_OPTION_UNIX_SOCK (1ll << 14)
95#define LWS_SERVER_OPTION_STS (1ll << 15)
98#define LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY (1ll << 16)
100#define LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE (1ll << 17)
102#define LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN (1ll << 18)
108#define LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN (1ll << 19)
115#define LWS_SERVER_OPTION_FALLBACK_TO_RAW /* use below name */ (1ll << 20)
116#define LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG (1ll << 20)
129#define LWS_SERVER_OPTION_LIBEVENT (1ll << 21)
132#define LWS_SERVER_OPTION_ONLY_RAW /* Use below name instead */ (1ll << 22)
133#define LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG (1ll << 22)
146#define LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE (1ll << 23)
152#define LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX (1ll << 24)
159#define LWS_SERVER_OPTION_SKIP_PROTOCOL_INIT (1ll << 25)
164#define LWS_SERVER_OPTION_IGNORE_MISSING_CERT (1ll << 26)
170#define LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK (1ll << 27)
181#define LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE (1ll << 28)
198#define LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER (1ll << 29)
206#define LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND (1ll << 30)
211#define LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW (1ll << 31)
215#define LWS_SERVER_OPTION_VH_H2_HALF_CLOSED_LONG_POLL (1ll << 32)
221#define LWS_SERVER_OPTION_GLIB (1ll << 33)
224#define LWS_SERVER_OPTION_H2_PRIOR_KNOWLEDGE (1ll << 34)
229#define LWS_SERVER_OPTION_NO_LWS_SYSTEM_STATES (1ll << 35)
233#define LWS_SERVER_OPTION_SS_PROXY (1ll << 36)
236#define LWS_SERVER_OPTION_SDEVENT (1ll << 37)
239#define LWS_SERVER_OPTION_ULOOP (1ll << 38)
242#define LWS_SERVER_OPTION_DISABLE_TLS_SESSION_CACHE (1ll << 39)
246 /****** add new things just above ---^ ******/
247
248
249#define lws_check_opt(c, f) ((((uint64_t)c) & ((uint64_t)f)) == ((uint64_t)f))
250
251struct lws_plat_file_ops;
252struct lws_ss_policy;
253struct lws_ss_plugin;
254struct lws_metric_policy;
255
256typedef int (*lws_context_ready_cb_t)(struct lws_context *context);
257
258typedef int (*lws_peer_limits_notify_t)(struct lws_context *ctx,
259 lws_sockfd_type sockfd,
260 lws_sockaddr46 *sa46);
261
272#if defined(LWS_WITH_NETWORK)
273 const char *iface;
280 const struct lws_protocols *protocols;
286#if defined(LWS_ROLE_WS)
287 const struct lws_extension *extensions;
290#endif
291#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)
292 const struct lws_token_limits *token_limits;
295 const char *http_proxy_address;
299 const struct lws_protocol_vhost_options *headers;
303 const struct lws_protocol_vhost_options *reject_service_keywords;
310 const struct lws_protocol_vhost_options *pvo;
313 const char *log_filepath;
316 const struct lws_http_mount *mounts;
318 const char *server_string;
322 const char *error_document_404;
326 int port;
336 unsigned int http_proxy_port;
338 unsigned int max_http_header_data2;
343 unsigned int max_http_header_pool2;
349 int keepalive_timeout;
353 uint32_t http2_settings[7];
360 unsigned short max_http_header_data;
363 unsigned short max_http_header_pool;
371#endif
372
373#if defined(LWS_WITH_TLS)
374 const char *ssl_private_key_password;
379 const char *ssl_cert_filepath;
391 const char *ssl_private_key_filepath;
410 const char *ssl_ca_filepath;
419 const char *ssl_cipher_list;
429 const char *ecdh_curve;
432 const char *tls1_3_plus_cipher_list;
440 const void *server_ssl_cert_mem;
444 const void *server_ssl_private_key_mem;
449 const void *server_ssl_ca_mem;
454 long ssl_options_set;
456 long ssl_options_clear;
458 int simultaneous_ssl_restriction;
461 int simultaneous_ssl_handshake_restriction;
463 int ssl_info_event_mask;
469 unsigned int server_ssl_cert_mem_len;
472 unsigned int server_ssl_private_key_mem_len;
474 unsigned int server_ssl_ca_mem_len;
477 const char *alpn;
486#if defined(LWS_WITH_CLIENT)
487 const char *client_ssl_private_key_password;
490 const char *client_ssl_cert_filepath;
493 const void *client_ssl_cert_mem;
496 unsigned int client_ssl_cert_mem_len;
499 const char *client_ssl_private_key_filepath;
505 const void *client_ssl_key_mem;
508 const char *client_ssl_ca_filepath;
510 const void *client_ssl_ca_mem;
514 const char *client_ssl_cipher_list;
518 const char *client_tls_1_3_plus_cipher_list;
525 long ssl_client_options_set;
527 long ssl_client_options_clear;
531 unsigned int client_ssl_ca_mem_len;
534 unsigned int client_ssl_key_mem_len;
538#endif
539
540#if !defined(LWS_WITH_MBEDTLS)
541 SSL_CTX *provided_client_ssl_ctx;
546#else /* WITH_MBEDTLS */
547 const char *mbedtls_client_preload_filepath;
557#endif
558#endif
559
560 int ka_time;
563 int ka_probes;
567 int ka_interval;
570 unsigned int timeout_secs;
575 unsigned int connect_timeout_secs;
579 int bind_iface;
590 unsigned int timeout_secs_ah_idle;
593#endif /* WITH_NETWORK */
594
595#if defined(LWS_WITH_TLS_SESSIONS)
596 uint32_t tls_session_timeout;
599 uint32_t tls_session_cache_max;
602#endif
603
604 gid_t gid;
607 uid_t uid;
610 uint64_t options;
612 void *user;
621 unsigned int count_threads;
639 const char *vhost_name;
646#if defined(LWS_WITH_PLUGINS)
647 const char * const *plugin_dirs;
650#endif
660 unsigned int pt_serv_buf_size;
666#if defined(LWS_WITH_FILE_OPS)
667 const struct lws_plat_file_ops *fops;
674#endif
675
676#if defined(LWS_WITH_SOCKS5)
677 const char *socks_proxy_address;
681 unsigned int socks_proxy_port;
685#endif
686
687#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP)
688 cap_value_t caps[4];
695 char count_caps;
698#endif
713 void (*signal_cb)(void *event_lib_handle, int signum);
719 struct lws_context **pcontext;
725 void (*finalize)(struct lws_vhost *vh, void *arg);
743 const struct lws_protocols **pprotocols;
754 const char *username;
756 const char *groupname;
758 const char *unix_socket_perms;
769#if defined(LWS_WITH_SYS_STATE)
770 lws_state_notify_link_t * const *register_notifier_list;
774#endif
775#if defined(LWS_WITH_SECURE_STREAMS)
776#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
777 const struct lws_ss_policy *pss_policies;
779#else
780 const char *pss_policies_json;
787#endif
788 const struct lws_ss_plugin **pss_plugins;
791 const char *ss_proxy_bind;
796 const char *ss_proxy_address;
798 uint16_t ss_proxy_port; /* 0 = if connecting to ss proxy, do it via a
799 * Unix Domain Socket, "+@proxy.ss.lws" if ss_proxy_bind is NULL else
800 * the socket path given in ss_proxy_bind (start it with a + or +@);
801 * nonzero means connect via a tcp socket to the tcp address in
802 * ss_proxy_bind and the given port */
803#endif
804
809#if defined(LWS_WITH_PEER_LIMITS)
810 lws_peer_limits_notify_t pl_notify_cb;
817 unsigned short ip_limit_ah;
825 unsigned short ip_limit_wsi;
833#endif /* PEER_LIMITS */
834
835#if defined(LWS_WITH_SYS_FAULT_INJECTION)
836 lws_fi_ctx_t fic;
843#endif
844
845#if defined(LWS_WITH_SYS_SMD)
846 lws_smd_notification_cb_t early_smd_cb;
853 void *early_smd_opaque;
854 lws_smd_class_t early_smd_class_filter;
855 lws_usec_t smd_ttl_us;
860 uint16_t smd_queue_depth;
863#endif
864
865#if defined(LWS_WITH_SYS_METRICS)
866 const struct lws_metric_policy *metrics_policies;
868 const char *metrics_prefix;
875#endif
876
893#if defined(LWS_WITH_TLS_JIT_TRUST)
894 size_t jitt_cache_max_footprint;
897 int vh_idle_grace_ms;
900#endif
901
906#if defined(LWS_WITH_CACHE_NSCOOKIEJAR) && defined(LWS_WITH_CLIENT)
907 const char *http_nsc_filepath;
910 size_t http_nsc_heap_max_footprint;
913 size_t http_nsc_heap_max_items;
916 size_t http_nsc_heap_max_payload;
919#endif
920
921 /* Add new things just above here ---^
922 * This is part of the ABI, don't needlessly break compatibility
923 *
924 * The below is to ensure later library versions with new
925 * members added above will see 0 (default) even if the app
926 * was not built against the newer headers.
927 */
928
929 void *_unused[2];
930};
931
966LWS_VISIBLE LWS_EXTERN struct lws_context *
968
969
978LWS_VISIBLE LWS_EXTERN void
979lws_context_destroy(struct lws_context *context);
980
981typedef int (*lws_reload_func)(void);
982
1005LWS_VISIBLE LWS_EXTERN void
1006lws_context_deprecate(struct lws_context *context, lws_reload_func cb);
1007
1008LWS_VISIBLE LWS_EXTERN int
1009lws_context_is_deprecated(struct lws_context *context);
1010
1028LWS_VISIBLE LWS_EXTERN int
1029lws_set_proxy(struct lws_vhost *vhost, const char *proxy);
1030
1048LWS_VISIBLE LWS_EXTERN int
1049lws_set_socks(struct lws_vhost *vhost, const char *socks);
1050
1051struct lws_vhost;
1052
1062LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1063lws_create_vhost(struct lws_context *context,
1064 const struct lws_context_creation_info *info);
1065
1084LWS_VISIBLE LWS_EXTERN void
1085lws_vhost_destroy(struct lws_vhost *vh);
1086
1101LWS_VISIBLE LWS_EXTERN int
1103 char **config_strings, int *len);
1104
1120LWS_VISIBLE LWS_EXTERN int
1121lwsws_get_config_vhosts(struct lws_context *context,
1122 struct lws_context_creation_info *info, const char *d,
1123 char **config_strings, int *len);
1124
1130LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1131lws_get_vhost(struct lws *wsi);
1132
1138LWS_VISIBLE LWS_EXTERN const char *
1139lws_get_vhost_name(struct lws_vhost *vhost);
1140
1149LWS_VISIBLE LWS_EXTERN struct lws_vhost *
1150lws_get_vhost_by_name(struct lws_context *context, const char *name);
1151
1157LWS_VISIBLE LWS_EXTERN int
1158lws_get_vhost_port(struct lws_vhost *vhost);
1159
1165LWS_VISIBLE LWS_EXTERN void *
1166lws_get_vhost_user(struct lws_vhost *vhost);
1167
1173LWS_VISIBLE LWS_EXTERN const char *
1174lws_get_vhost_iface(struct lws_vhost *vhost);
1175
1183LWS_VISIBLE LWS_EXTERN int
1184lws_json_dump_vhost(const struct lws_vhost *vh, char *buf, int len);
1185
1196LWS_VISIBLE LWS_EXTERN int
1197lws_json_dump_context(const struct lws_context *context, char *buf, int len,
1198 int hide_vhosts);
1199
1208LWS_VISIBLE LWS_EXTERN void *
1209lws_vhost_user(struct lws_vhost *vhost);
1210
1220LWS_VISIBLE LWS_EXTERN void *
1221lws_context_user(struct lws_context *context);
1222
1223LWS_VISIBLE LWS_EXTERN const char *
1224lws_vh_tag(struct lws_vhost *vh);
1225
1241LWS_VISIBLE LWS_EXTERN int
1242lws_context_is_being_destroyed(struct lws_context *context);
1243
1250
1259 const char *name;
1260 const char *value;
1261};
1262
1275};
1276
1285
1287#define AUTH_MODE_MASK 0xF0000000
1288
1296 const char *mountpoint;
1298 const char *origin;
1300 const char *def;
1302 const char *protocol;
1318 unsigned int auth_mask;
1321 unsigned int cache_reusable:1;
1322 unsigned int cache_revalidate:1;
1323 unsigned int cache_intermediaries:1;
1325 unsigned char origin_protocol;
1326 unsigned char mountpoint_len;
1331 /* Add new things just above here ---^
1332 * This is part of the ABI, don't needlessly break compatibility
1333 */
1334};
1335
LWS_VISIBLE LWS_EXTERN void lws_context_deprecate(struct lws_context *context, lws_reload_func cb)
LWS_VISIBLE LWS_EXTERN int lws_json_dump_context(const struct lws_context *context, char *buf, int len, int hide_vhosts)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_get_vhost(struct lws *wsi)
LWS_VISIBLE LWS_EXTERN int lwsws_get_config_vhosts(struct lws_context *context, struct lws_context_creation_info *info, const char *d, char **config_strings, int *len)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_create_vhost(struct lws_context *context, const struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN void * lws_vhost_user(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN int lws_set_proxy(struct lws_vhost *vhost, const char *proxy)
LWS_VISIBLE LWS_EXTERN struct lws_context * lws_create_context(const struct lws_context_creation_info *info)
LWS_VISIBLE LWS_EXTERN void lws_context_destroy(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN int lws_json_dump_vhost(const struct lws_vhost *vh, char *buf, int len)
LWS_VISIBLE LWS_EXTERN int lwsws_get_config_globals(struct lws_context_creation_info *info, const char *d, char **config_strings, int *len)
LWS_VISIBLE LWS_EXTERN int lws_set_socks(struct lws_vhost *vhost, const char *socks)
LWS_VISIBLE LWS_EXTERN const char * lws_get_vhost_name(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN struct lws_vhost * lws_get_vhost_by_name(struct lws_context *context, const char *name)
LWS_VISIBLE LWS_EXTERN int lws_get_vhost_port(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN void lws_vhost_destroy(struct lws_vhost *vh)
LWS_VISIBLE LWS_EXTERN const char * lws_get_vhost_iface(struct lws_vhost *vhost)
LWS_VISIBLE LWS_EXTERN int lws_context_is_being_destroyed(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN void * lws_context_user(struct lws_context *context)
LWS_VISIBLE LWS_EXTERN void * lws_get_vhost_user(struct lws_vhost *vhost)
lws_mount_protocols
Definition: lws-context-vhost.h:1267
lws_authentication_mode
Definition: lws-context-vhost.h:1281
@ LWSMPRO_CGI
Definition: lws-context-vhost.h:1271
@ LWSMPRO_HTTP
Definition: lws-context-vhost.h:1268
@ LWSMPRO_FILE
Definition: lws-context-vhost.h:1270
@ LWSMPRO_REDIR_HTTPS
Definition: lws-context-vhost.h:1273
@ LWSMPRO_CALLBACK
Definition: lws-context-vhost.h:1274
@ LWSMPRO_REDIR_HTTP
Definition: lws-context-vhost.h:1272
@ LWSMPRO_HTTPS
Definition: lws-context-vhost.h:1269
@ LWSAUTHM_BASIC_AUTH_CALLBACK
Definition: lws-context-vhost.h:1283
@ LWSAUTHM_DEFAULT
Definition: lws-context-vhost.h:1282
Definition: lws-context-vhost.h:271
void ** foreign_loops
Definition: lws-context-vhost.h:699
void * user
Definition: lws-context-vhost.h:612
const lws_system_ops_t * system_ops
Definition: lws-context-vhost.h:762
lws_log_cx_t * log_cx
Definition: lws-context-vhost.h:902
const struct lws_plugin_evlib * event_lib_custom
Definition: lws-context-vhost.h:883
void(* finalize)(struct lws_vhost *vh, void *arg)
Definition: lws-context-vhost.h:725
gid_t gid
Definition: lws-context-vhost.h:604
unsigned int fd_limit_per_thread
Definition: lws-context-vhost.h:623
const char * listen_accept_protocol
Definition: lws-context-vhost.h:739
const struct lws_protocols ** pprotocols
Definition: lws-context-vhost.h:743
uid_t uid
Definition: lws-context-vhost.h:607
struct lws_context ** pcontext
Definition: lws-context-vhost.h:719
unsigned int pt_serv_buf_size
Definition: lws-context-vhost.h:660
int fo_listen_queue
Definition: lws-context-vhost.h:877
const char * listen_accept_role
Definition: lws-context-vhost.h:734
const char * username
Definition: lws-context-vhost.h:754
const char * groupname
Definition: lws-context-vhost.h:756
const lws_retry_bo_t * retry_and_idle_policy
Definition: lws-context-vhost.h:765
uint64_t options
Definition: lws-context-vhost.h:610
void * external_baggage_free_on_destroy
Definition: lws-context-vhost.h:651
const char * unix_socket_perms
Definition: lws-context-vhost.h:758
int rlimit_nofile
Definition: lws-context-vhost.h:805
const char * vhost_name
Definition: lws-context-vhost.h:639
void * finalize_arg
Definition: lws-context-vhost.h:730
void * _unused[2]
Definition: lws-context-vhost.h:929
void(* signal_cb)(void *event_lib_handle, int signum)
Definition: lws-context-vhost.h:713
unsigned int count_threads
Definition: lws-context-vhost.h:621
Definition: lws-ws-ext.h:139
Definition: lws-context-vhost.h:1293
const struct lws_http_mount * mount_next
Definition: lws-context-vhost.h:1294
const char * protocol
Definition: lws-context-vhost.h:1302
const struct lws_protocol_vhost_options * interpret
Definition: lws-context-vhost.h:1311
const char * origin
Definition: lws-context-vhost.h:1298
const char * basic_auth_login_file
Definition: lws-context-vhost.h:1328
int cache_max_age
Definition: lws-context-vhost.h:1316
const struct lws_protocol_vhost_options * extra_mimetypes
Definition: lws-context-vhost.h:1309
int cgi_timeout
Definition: lws-context-vhost.h:1314
unsigned int auth_mask
Definition: lws-context-vhost.h:1318
unsigned char origin_protocol
Definition: lws-context-vhost.h:1325
unsigned int cache_reusable
Definition: lws-context-vhost.h:1321
const char * mountpoint
Definition: lws-context-vhost.h:1296
unsigned int cache_intermediaries
Definition: lws-context-vhost.h:1323
unsigned char mountpoint_len
Definition: lws-context-vhost.h:1326
unsigned int cache_revalidate
Definition: lws-context-vhost.h:1322
const struct lws_protocol_vhost_options * cgienv
Definition: lws-context-vhost.h:1305
const char * def
Definition: lws-context-vhost.h:1300
Definition: lws-logs.h:80
Definition: lws-secure-streams-policy.h:82
Definition: lws-vfs.h:95
Definition: lws-protocols-plugins.h:297
Definition: lws-context-vhost.h:1256
const char * value
Definition: lws-context-vhost.h:1260
const struct lws_protocol_vhost_options * next
Definition: lws-context-vhost.h:1257
const char * name
Definition: lws-context-vhost.h:1259
const struct lws_protocol_vhost_options * options
Definition: lws-context-vhost.h:1258
Definition: lws-protocols-plugins.h:44
Definition: lws-retry.h:25
Definition: lws-secure-streams-policy.h:249
Definition: lws-system.h:163
Definition: lws-http.h:369
Definition: lws-adopt.h:86