Mailman with nginx and thttpd
Igor Sysoev
igor at sysoev.ru
Tue Oct 26 22:05:16 MSD 2010
On Tue, Oct 26, 2010 at 11:02:34AM -0700, David Newman wrote:
> On 10/26/10 10:38 AM, Igor Sysoev wrote:
> > On Tue, Oct 26, 2010 at 10:32:47AM -0700, David Newman wrote:
> >
> >> On 10/25/10 9:46 PM, Igor Sysoev wrote:
> >>
> >>> nginx.org runs Mailman's CGI using mini_httpd. This is a simple server by
> >>> the same author as thttpd. I have also patched mini_httpd to support
> >>> X-Real-IP header.
> >>
> >> Thanks for the responses.
> >>
> >> Is this the mini_httpd patch:
> >>
> >> http://www.lexa.ru/nginx-ru/msg29854.html
> >>
> >> If not, what changes are needed to mini_httpd?
> >
> > Yes, it is this patch. If you have problems with applying I can sent
> > it as attachment.
>
> Thanks -- please do. I'm having trouble with line wraps when cutting and
> pasting from that email, and an attempt to patch manually failed (as it
> should -- that's always a bad idea).
Here is the patch.
--
Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
--- mini_httpd.c 2009-11-20 12:10:55.000000000 +0300
+++ mini_httpd.c 2009-11-20 12:13:59.000000000 +0300
@@ -186,6 +186,7 @@
static char* pidfile;
static char* charset;
static char* p3p;
+static char* xrealip;
static int max_age;
static FILE* logfp;
static int listen4_fd, listen6_fd;
@@ -226,6 +227,7 @@
static time_t if_modified_since;
static char* referer;
static char* useragent;
+static char* remote_addr;
static char* remoteuser;
@@ -332,6 +334,7 @@
local_pattern = (char*) 0;
charset = DEFAULT_CHARSET;
p3p = (char*) 0;
+ xrealip = (char*) 0;
max_age = -1;
user = DEFAULT_USER;
hostname = (char*) 0;
@@ -426,6 +429,11 @@
++argn;
p3p = argv[argn];
}
+ else if ( strcmp( argv[argn], "-X" ) == 0 && argn + 1 < argc )
+ {
+ ++argn;
+ xrealip = argv[argn];
+ }
else if ( strcmp( argv[argn], "-M" ) == 0 && argn + 1 < argc )
{
++argn;
@@ -990,6 +998,11 @@
value_required( name, value );
p3p = e_strdup( value );
}
+ else if ( strcasecmp( name, "xrealip" ) == 0 )
+ {
+ value_required( name, value );
+ xrealip = e_strdup( value );
+ }
else if ( strcasecmp( name, "max_age" ) == 0 )
{
value_required( name, value );
@@ -1159,6 +1172,7 @@
if_modified_since = (time_t) -1;
referer = "";
useragent = "";
+ remote_addr = ntoa( &client_addr );
#ifdef TCP_NOPUSH
/* Set the TCP_NOPUSH socket option, to try and avoid the 0.2 second
@@ -1276,6 +1290,15 @@
cp += strspn( cp, " \t" );
useragent = cp;
}
+ else if ( strncasecmp( line, "X-Real-IP:", 10 ) == 0 )
+ {
+ if ( strcmp(remote_addr, xrealip ) == 0 )
+ {
+ cp = &line[10];
+ cp += strspn( cp, " \t" );
+ remote_addr = cp;
+ }
+ }
}
if ( strcasecmp( method_str, get_method_str( METHOD_GET ) ) == 0 )
@@ -1471,7 +1494,7 @@
{
syslog(
LOG_NOTICE, "%.80s URL \"%.80s\" tried to retrieve an auth file",
- ntoa( &client_addr ), path );
+ remote_addr, path );
send_error( 403, "Forbidden", "", "File is protected." );
}
@@ -1492,7 +1515,7 @@
{
syslog(
LOG_INFO, "%.80s File \"%.80s\" is protected",
- ntoa( &client_addr ), path );
+ remote_addr, path );
send_error( 403, "Forbidden", "", "File is protected." );
}
mime_type = figure_mime( file, mime_encodings, sizeof(mime_encodings) );
@@ -1569,7 +1592,7 @@
{
syslog(
LOG_INFO, "%.80s Directory \"%.80s\" is protected",
- ntoa( &client_addr ), path );
+ remote_addr, path );
send_error( 403, "Forbidden", "", "Directory is protected." );
}
#endif /* HAVE_SCANDIR */
@@ -2143,7 +2166,7 @@
}
if ( query[0] != '\0' )
envp[envn++] = build_env( "QUERY_STRING=%s", query );
- envp[envn++] = build_env( "REMOTE_ADDR=%s", ntoa( &client_addr ) );
+ envp[envn++] = build_env( "REMOTE_ADDR=%s", remote_addr );
if ( referer[0] != '\0' )
envp[envn++] = build_env( "HTTP_REFERER=%s", referer );
if ( useragent[0] != '\0' )
@@ -2255,7 +2278,7 @@
/* The file exists but we can't open it? Disallow access. */
syslog(
LOG_ERR, "%.80s auth file %.80s could not be opened - %m",
- ntoa( &client_addr ), authpath );
+ remote_addr, authpath );
send_error( 403, "Forbidden", "", "File is protected." );
}
@@ -2759,7 +2782,7 @@
/* And write the log entry. */
(void) fprintf( logfp,
"%.80s - %.80s [%s] \"%.80s %.200s %.80s\" %d %s \"%.200s\" \"%.200s\"\n",
- ntoa( &client_addr ), ru, date, get_method_str( method ), url,
+ remote_addr, ru, date, get_method_str( method ), url,
protocol, status, bytes_str, referer, useragent );
(void) fflush( logfp );
}
@@ -2790,7 +2813,7 @@
cp = "";
syslog(
LOG_INFO, "%.80s non-local referer \"%.80s%.80s\" \"%.80s\"",
- ntoa( &client_addr ), cp, path, referer );
+ remote_addr, cp, path, referer );
send_error( 403, "Forbidden", "", "You must supply a local referer." );
}
@@ -3128,7 +3151,7 @@
static void
handle_read_timeout( int sig )
{
- syslog( LOG_INFO, "%.80s connection timed out reading", ntoa( &client_addr ) );
+ syslog( LOG_INFO, "%.80s connection timed out reading", remote_addr );
send_error(
408, "Request Timeout", "",
"No request appeared within a reasonable time period." );
@@ -3138,7 +3161,7 @@
static void
handle_write_timeout( int sig )
{
- syslog( LOG_INFO, "%.80s connection timed out writing", ntoa( &client_addr ) );
+ syslog( LOG_INFO, "%.80s connection timed out writing", remote_addr );
exit( 1 );
}
--- mini_httpd.8 2009-11-20 12:10:55.000000000 +0300
+++ mini_httpd.8 2009-11-20 11:30:58.000000000 +0300
@@ -27,6 +27,8 @@
.IR charset ]
.RB [ -P
.IR P3P ]
+.RB [ -X
+.IR address ]
.RB [ -M
.IR maxage ]
.RB [ -S ]
@@ -163,6 +165,11 @@
P3P: response header.
The config-file option name for this flag is "p3p".
.TP
+.B -X
+Specifies an address of a proxy server allowed to override a client address
+with "X-Real-IP" header.
+The config-file option name for this flag is "xrealip".
+.TP
.B -M
Specifies the number of seconds to be used in a "Cache-Control: max-age"
header to be returned with all responses.
More information about the nginx
mailing list