Theo pointed out that this breaks our example config:
/etc/examples/httpd.conf:13: server "example.com" defined twice
The problem is that * now means v4 and v6 and we have a listen on ::
in there, so we are listening twice on any v6 address.
I think the best way forward is an entry to current.html and adapting
(yet again) /etc/examples/httpd.conf:
diff --git etc/examples/httpd.conf etc/examples/httpd.conf
index 4e2e243bd65..6afe975120a 100644
--- etc/examples/httpd.conf
+++ etc/examples/httpd.conf
@@ -2,7 +2,6 @@
server "example.com" {
listen on * port 80
- listen on :: port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
@@ -14,7 +13,6 @@ server "example.com" {
server "example.com" {
listen on * tls port 443
- listen on :: tls port 443
tls {
certificate "/etc/ssl/example.com.fullchain.pem"
key "/etc/ssl/private/example.com.key"
On Mon, Apr 09, 2018 at 10:58:43AM +0200, Florian Obser wrote:
>
> This shuffles things around to make httpd listen on v4 and v6 for *.
>
> OK?
>
> diff --git httpd.conf.5 httpd.conf.5
> index afda0ac132b..3194a3400c2 100644
> --- httpd.conf.5
> +++ httpd.conf.5
> @@ -52,12 +52,12 @@ addresses of the specified network interface.
> If
> .Sq *
> is given as an address,
> -it will be used as an alias for
> +.Xr httpd 8
> +will listen on all IPv4 and IPv6 addresses.
> .Ar 0.0.0.0
> -to listen on all IPv4 addresses.
> -Likewise,
> -.Sq ::
> -can be used to listen on all IPv6 addresses.
> +means to listen on all IPv4 addresses and
> +.Ar ::
> +all IPv6 addresses.
> A
> .Ar port
> can be specified by number or name.
> diff --git httpd.h httpd.h
> index 1d49dfa230f..4d4d7eacd27 100644
> --- httpd.h
> +++ httpd.h
> @@ -53,6 +53,7 @@
> #define HTTPD_LOGROOT "/logs"
> #define HTTPD_ACCESS_LOG "access.log"
> #define HTTPD_ERROR_LOG "error.log"
> +#define HTTPD_MAX_ALIAS_IP 16
> #define HTTPD_REALM_MAX 255
> #define HTTPD_LOCATION_MAX 255
> #define HTTPD_DEFAULT_TYPE { "bin", "application", "octet-stream", NULL }
> diff --git parse.y parse.y
> index fcf1938c42d..cda1860f447 100644
> --- parse.y
> +++ parse.y
> @@ -106,7 +106,6 @@ int host_if(const char *, struct
> addresslist *,
> int, struct portrange *, const char *, int);
> int host(const char *, struct addresslist *,
> int, struct portrange *, const char *, int);
> -void host_free(struct addresslist *);
> struct server *server_inherit(struct server *, struct server_config *,
> struct server_config *);
> int getservice(char *);
> @@ -415,39 +414,61 @@ serveroptsl : LISTEN ON STRING opttls port {
> YYERROR;
> }
>
> - if (srv->srv_conf.ss.ss_family != AF_UNSPEC) {
> - if ((alias = calloc(1,
> - sizeof(*alias))) == NULL)
> - fatal("out of memory");
> -
> - /* Add as an IP-based alias. */
> - s_conf = alias;
> - } else
> - s_conf = &srv->srv_conf;
> -
> TAILQ_INIT(&al);
> - if (host($3, &al, 1, &$5, NULL, -1) <= 0) {
> - yyerror("invalid listen ip: %s", $3);
> - free($3);
> - YYERROR;
> + if (strcmp("*", $3) == 0) {
> + if (host("0.0.0.0", &al, 1, &$5, NULL, -1) <=
> + 0) {
> + yyerror("invalid listen ip: %s",
> + "0.0.0.0");
> + free($3);
> + YYERROR;
> + }
> + if (host("::", &al, 1, &$5, NULL, -1) <= 0) {
> + yyerror("invalid listen ip: %s", "::");
> + free($3);
> + YYERROR;
> + }
> + } else {
> + if (host($3, &al, HTTPD_MAX_ALIAS_IP, &$5, NULL,
> + -1) <= 0) {
> + yyerror("invalid listen ip: %s", $3);
> + free($3);
> + YYERROR;
> + }
> }
> free($3);
> - h = TAILQ_FIRST(&al);
> - memcpy(&s_conf->ss, &h->ss, sizeof(s_conf->ss));
> - s_conf->port = h->port.val[0];
> - s_conf->prefixlen = h->prefixlen;
> - host_free(&al);
> + while ((h = TAILQ_FIRST(&al)) != NULL) {
>
> - if ($4)
> - s_conf->flags |= SRVFLAG_TLS;
> + if (srv->srv_conf.ss.ss_family != AF_UNSPEC) {
> + if ((alias = calloc(1,
> + sizeof(*alias))) == NULL)
> + fatal("out of memory");
>
> - if (alias != NULL) {
> - /* IP-based; use name match flags from parent */
> - alias->flags &= ~SRVFLAG_SERVER_MATCH;
> - alias->flags |= srv->srv_conf.flags &
> - SRVFLAG_SERVER_MATCH;
> - TAILQ_INSERT_TAIL(&srv->srv_hosts,
> - alias, entry);
> + /* Add as an IP-based alias. */
> + s_conf = alias;
> + } else
> + s_conf = &srv->srv_conf;
> +
> + memcpy(&s_conf->ss, &h->ss, sizeof(s_conf->ss));
> + s_conf->port = h->port.val[0];
> + s_conf->prefixlen = h->prefixlen;
> +
> + if ($4)
> + s_conf->flags |= SRVFLAG_TLS;
> +
> + if (alias != NULL) {
> + /*
> + * IP-based; use name match flags from
> + * parent
> + */
> + alias->flags &= ~SRVFLAG_SERVER_MATCH;
> + alias->flags |= srv->srv_conf.flags &
> + SRVFLAG_SERVER_MATCH;
> + TAILQ_INSERT_TAIL(&srv->srv_hosts,
> + alias, entry);
> + }
> + TAILQ_REMOVE(&al, h, entry);
> + free(h);
> }
> }
> | ALIAS optmatch STRING {
> @@ -1990,9 +2011,6 @@ host(const char *s, struct addresslist *al, int max,
> {
> struct address *h;
>
> - if (strcmp("*", s) == 0)
> - s = "0.0.0.0";
> -
> h = host_v4(s);
>
> /* IPv6 address? */
> @@ -2021,17 +2039,6 @@ host(const char *s, struct addresslist *al, int max,
> return (host_dns(s, al, max, port, ifname, ipproto));
> }
>
> -void
> -host_free(struct addresslist *al)
> -{
> - struct address *h;
> -
> - while ((h = TAILQ_FIRST(al)) != NULL) {
> - TAILQ_REMOVE(al, h, entry);
> - free(h);
> - }
> -}
> -
> struct server *
> server_inherit(struct server *src, struct server_config *alias,
> struct server_config *addr)
>
>
>
>
> --
> I'm not entirely sure you are real.
>
--
I'm not entirely sure you are real.
