25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-10-31 15:21:38 +01:00
Commit Graph

93 Commits

Author SHA1 Message Date
Badlop
55417dfb37 Update copyright to 2019 (#2756) 2019-01-08 22:53:27 +01:00
Paweł Chmielowski
6845896d12 Add support for proxy protocol
This add support for version 1 and 2 of protocol specified in
http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

To enable it you need add option use_proxy_protocol: true to listener.
2018-12-04 14:22:45 +01:00
Badlop
06e9d34018 Handle some malformed URL requests in ejabberd_http (#2687) 2018-11-16 12:13:17 +01:00
Paweł Chmielowski
432ca80db6 Do no add 127.0.0.1 address to trusted_proxies list by default 2018-10-24 15:16:32 +02:00
Evgeny Khramtsov
39fa1a810d Move certificates processing code to pkix application
==== WARNING: MUST BE ADDED TO RELEASE NOTES =====
The commit introduces the following incompatibility:
- Option 'ca_path' is deprecated and has no effect anymore:
  option 'ca_file' should be used instead if needed.
==================================================
2018-09-27 20:37:27 +03:00
Evgeny Khramtsov
08f3d066b1 Switch more log message to warning level
The commit is supposed to improve logging at loglevel 3, which
is the recommended level for high loaded ejabberd servers
2018-09-19 23:12:14 +03:00
Evgeny Khramtsov
03de853e4f Refactor ejabberd_listener 2018-09-18 12:53:36 +03:00
Evgeny Khramtsov
de385591d0 Refactor ejabberd listener API 2018-09-17 11:21:02 +03:00
Evgeny Khramtsov
2d246f61dd Fix some dialyzer warnings 2018-09-09 09:59:08 +03:00
Evgeniy Khramtsov
86236431b9 mod_http_upload: Treat file and network errors differently 2018-07-04 08:55:52 +03:00
Evgeniy Khramtsov
fd8e07af47 Get rid of ejabberd.hrl header
The header consisted of too many unrelated stuff and macros misuse.
Some stuff is moved into scram.hrl and type_compat.hrl.
All macros have been replaced with the corresponding function calls.

TODO: probably type_compat.hrl is not even needed anymore since
we support only Erlang >= OTP 17.5
2018-06-14 14:00:47 +03:00
Paweł Chmielowski
97f7d99007 Handle "Expect: 100-continue" request header in ejabberd_http 2018-05-23 14:52:47 +02:00
Evgeniy Khramtsov
d2114be6f3 Correctly calculate remaining bytes on file upload 2018-05-19 18:29:33 +03:00
Paweł Chmielowski
c41bab9ca0 Clean state between requests in ejabberd_http 2018-05-15 14:25:19 +02:00
Evgeniy Khramtsov
063737e4f5 Optimize HTTP requests memory usage
Due to historical reasons, ejabberd loads the whole file/data
into the memory when serving an HTTP request. This is now improved:

1) For GET requests ejabberd uses sendfile(2) if the underlying
   connection is HTTP and falls back to read/write loop with 64kb
   buffer for HTTPS connections. This type of requests are handled
   by mod_http_fileserver, mod_http_upload, ejabberd_captcha, etc
2) POST requests are now limited to 20Mb and are fully downloaded
   into the memory for further processing (by ejabberd_web_admin,
   mod_bosh, etc)
3) PUT requests (e.g. for mod_http_upload) are handled by read/write
   loop with 64kb buffer
2018-05-14 19:39:58 +03:00
Paweł Chmielowski
b1a03cc346 Make trusted_proxied ejabberd_http option accept ip masks 2018-05-04 09:53:07 +02:00
Evgeniy Khramtsov
4ea481d1dd Add validator for 'accept_interval' listening option 2018-04-30 11:52:00 +03:00
Holger Weiss
df651d893e Remove old hex conversion functions
Depend on list_to_integer/2 and integer_to_list/2 being available.
2018-04-03 00:21:33 +02:00
Holger Weiss
a2e1f5c882 Move ejabberd_http:url_encode/1 to 'misc' module 2018-04-03 00:12:43 +02:00
Stu Tomlinson
da81590fef Validate additional listen opts
The options "inet", "inet6" and "backlog" are valid listen options, but are
currently logged as errors (even though they do work):

2018-02-28 16:08:44.141 [error] <0.338.0>@ejabberd_listener:validate_module_option:630 unknown listen option 'backlog' for 'ejabberd_c2s' will be likely ignored, available options are: access, shaper, certfile, ciphers, dhfile, cafile, client_cafile, protocol_options, tls, tls_compression, starttls, starttls_required, tls_verify, zlib, max_fsm_queue

This adds the necessary validators so they are correctly recognized.
2018-02-28 16:14:35 +00:00
Evgeniy Khramtsov
6e5439db5c Find and fix typos using 'codespell' 2018-01-27 19:35:38 +03:00
Evgeniy Khramtsov
cdc7c1d1ed Update copyright dates 2018-01-05 23:18:58 +03:00
Evgeniy Khramtsov
4e49919d16 Revert "Don't set twice"
This reverts commit 6dca89f616.
2017-12-25 08:41:51 +03:00
Evgeniy Khramtsov
6dca89f616 Don't set twice 2017-12-24 12:34:47 +03:00
Evgeniy Khramtsov
1698956f34 Rely on Server Name Indication for incoming Direct-TLS connections
This commit also deprecates `certfile` option for ejabberd_http
listener.
2017-12-24 12:27:51 +03:00
Evgeniy Khramtsov
3a02c4369f Get rid of meaningless log message 2017-11-22 10:12:49 +03:00
Evgeniy Khramtsov
b04c6b7d75 Merge branch 'lets_encrypt_acme_support' of git://github.com/angelhof/ejabberd into angelhof-lets_encrypt_acme_support
Conflicts:
	rebar.config
	src/ejabberd_pkix.erl
2017-11-15 10:01:30 +03:00
Konstantinos Kallas
ce99db0595 Explain what is needed for the acme configuration and other small changes
1. Add a request handler in ejabberd_http and explain how to configure the http listener so that the challenges can be solved.
2. Make acme configuration optional by providing defaults in ejabberd_acme.
3. Save the CA that the account has been created in so that it creates a new account when connecting to a new CA.
4. Small spec change in acme configuration.
2017-11-14 14:12:33 +02:00
Evgeniy Khramtsov
e5e64c99f3 Don't crash when Host header is missing 2017-10-11 18:53:53 +03:00
Evgeniy Khramtsov
e93762a720 Deprecate misc:encode_base64/1 and misc:decode_base64/1 2017-05-23 10:43:26 +03:00
Evgeniy Khramtsov
a71065fcda Ciphers should be a binary string 2017-05-17 15:42:18 +03:00
Evgeniy Khramtsov
cc58ce6301 Introduce Certficate Manager
The major goal is to simplify certificate management in ejabberd.
Currently it requires some effort from a user to configure certficates,
especially in the situation where a lot of virtual domains are hosted.

The task is splitted in several sub-tasks:
* Implement basic certificate validator. The validator should check all
configured certificates for existence, validity, duration and so on. The
validator should not perform any actions in the case of errors except
logging an error message. This is actually implemented by this commit.
* All certificates should be configured inside a single section (something
like 'certfiles') where ejabberd should parse them, check the full-chain,
find the corresponding private keys and, if needed, resort chains and
split the certficates into separate files for easy to use by fast_tls.
* Options like 'domain_certfile', 'c2s_certfile' or 's2s_certfile' should
probably be deprecated, since the process of matching certificates with the
corresponding virtual hosts should be done automatically and these options
only introduce configuration errors without any meaningful purpose.
2017-05-12 16:27:09 +03:00
Evgeniy Khramtsov
d3c8fb7705 Check presence of some files during option validation 2017-05-12 09:34:57 +03:00
Evgeniy Khramtsov
8368a0850a Don't call gen_mod:get_opt() outside of modules 2017-05-08 14:34:35 +03:00
Evgeniy Khramtsov
01a2c9fe12 Add type specs for Module:opt_type/1 2017-05-08 12:59:28 +03:00
Evgeniy Khramtsov
fddd6110e0 Don't validate an option in gen_mod:get*opt() functions
The changes are very similar to those from previous commit:
* Now there is no need to pass validating function in
  gen_mod:get_opt() and gen_mod:get_module_opt() functions,
  because the modules' configuration keeps already validated values.
* New functions gen_mod:get_opt/2 and gen_mod:get_module_opt/3 are
  introduced.
* Functions gen_mod:get_opt/4 and get_module_opt/5 are deprecated.
  If the functions are still called, the "function" argument is
  simply ignored.
* Validating callback Mod:listen_opt_type/1 is introduced to validate
  listening options at startup.
2017-04-30 19:01:47 +03:00
Evgeniy Khramtsov
b82b93f8f0 Don't validate an option in ejabberd_config:get_option() functions
The commit introduces the following changes:
* Now there is no need to pass validating function in
  ejabberd_config:get_option() functions, because the configuration
  keeps already validated values.
* New function ejabberd_config:get_option/1 is introduced
* Function ejabberd_config:get_option/3 is deprecated. If the function
  is still called, the second argument (validating function) is simply
  ignored.
* The second argument for ejabberd_config:get_option/2 is now
  a default value, not a validating function.
2017-04-29 11:39:40 +03:00
Christophe Romain
b1acd1183f Rename aux.erl as misc.erl
Thanks Microsoft Windows to not support some filenames
2017-04-11 12:13:58 +02:00
Evgeniy Khramtsov
7bcbea2108 Deprecate jlib.erl in favor of aux.erl
Since the main goal of jlib.erl is lost, all auxiliary functions
are now moved to aux.erl, and the whole jlib.erl is now deprecated.
2017-03-30 14:17:13 +03:00
Holger Weiss
191fc1b4e8 ejabberd_http: Expand @VERSION@ in custom headers
Let ejabberd_http expand the @VERSION@ keyword to the ejabberd version
if specified in the "custom_headers" listener option.

Closes #1414.
2017-03-27 23:52:49 +02:00
Holger Weiss
41de5e78d0 ejabberd_http: Add "custom_headers" option
If the new listener option "custom_headers" is specified, include those
headers with the HTTP(S) response.

Closes #517.
2017-03-27 23:19:11 +02:00
Paweł Chmielowski
6aab450c16 Make sure that addr_re is always initialized when creating http state 2017-02-24 11:30:36 +01:00
Paweł Chmielowski
f310d7bb12 Make host header parser work correctly with ipv6 literal addresses 2017-02-24 10:25:26 +01:00
Evgeniy Khramtsov
d5d906184f Merge branch 'new_stream'
Conflicts:
	src/cyrsasl.erl
	src/ejabberd_c2s.erl
	src/ejabberd_cluster.erl
	src/ejabberd_frontend_socket.erl
	src/ejabberd_node_groups.erl
	src/ejabberd_router.erl
	src/mod_bosh.erl
	src/mod_ip_blacklist.erl
	src/mod_muc_mnesia.erl
	src/mod_offline.erl
	src/mod_proxy65_sm.erl
2017-01-20 19:35:46 +03:00
Badlop
5fdd1c39fe Update copyright date automatically (#1442) 2017-01-02 21:42:06 +01:00
Paweł Chmielowski
769975f6d7 Remove mod_http_bind and migration code to mod_bosh 2017-01-02 15:53:25 +01:00
Evgeniy Khramtsov
e7fe4dc474 More refactoring on session management 2016-12-30 00:00:36 +03:00
Evgeniy Khramtsov
49f1275e20 Get rid of excessive (io)list_to_binary/1 calls 2016-11-24 15:06:06 +03:00
Evgeniy Khramtsov
78a44e0176 Merge branch 'master' into xml-ng
Conflicts:
	src/adhoc.erl
	src/cyrsasl_oauth.erl
	src/ejabberd_c2s.erl
	src/ejabberd_config.erl
	src/ejabberd_service.erl
	src/gen_mod.erl
	src/mod_admin_extra.erl
	src/mod_announce.erl
	src/mod_carboncopy.erl
	src/mod_client_state.erl
	src/mod_configure.erl
	src/mod_echo.erl
	src/mod_mam.erl
	src/mod_muc.erl
	src/mod_muc_room.erl
	src/mod_offline.erl
	src/mod_pubsub.erl
	src/mod_stats.erl
	src/node_flat_sql.erl
	src/randoms.erl
2016-11-12 13:27:15 +03:00
Holger Weiss
d4b4f35a0e ejabberd_http: Handle missing POST data gracefully
Return a "bad request" error instead of crashing if receiving POST/PUT
data fails.
2016-09-27 23:22:30 +02:00