hprox 0.6.2 → 0.6.3
raw patch · 3 files changed
+13/−21 lines, 3 filesdep ~http-reverse-proxyPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: http-reverse-proxy
API changes (from Hackage documentation)
Files
- Changelog.md +5/−0
- hprox.cabal +2/−2
- src/Network/HProx.hs +6/−19
Changelog.md view
@@ -1,3 +1,8 @@+## 0.6.3++- bump stack dependencies+- fix Content-Length header for encoded HTTP responses in reverse proxy mode+ ## 0.6.2 - fixes to improve ssltest result
hprox.cabal view
@@ -5,7 +5,7 @@ -- see: https://github.com/sol/hpack name: hprox-version: 0.6.2+version: 0.6.3 synopsis: a lightweight HTTP proxy server, and more description: Please see the README on GitHub at <https://github.com/bjin/hprox#readme> category: Web@@ -67,7 +67,7 @@ , fast-logger >=3.0 , http-client >=0.5 , http-client-tls >=0.3.4- , http-reverse-proxy >=0.6.0.2+ , http-reverse-proxy >=0.6.0.3 , http-types >=0.12 , http2 >=4.0 , optparse-applicative >=0.14
src/Network/HProx.hs view
@@ -21,7 +21,7 @@ import Data.ByteString.Char8 qualified as BS8 import Data.Default.Class (def) import Data.HashMap.Strict qualified as HM-import Data.List (elemIndex, elemIndices, find, isSuffixOf, sortOn, (\\))+import Data.List (elemIndex, elemIndices, isSuffixOf, sortOn) import Data.List.NonEmpty (NonEmpty(..)) import Data.Ord (Down(..)) import Data.String (fromString)@@ -29,7 +29,6 @@ import Network.HTTP.Client.TLS (newTlsManager) import Network.HTTP.Types qualified as HT import Network.TLS qualified as TLS-import Network.TLS.Extra.Cipher qualified as TLS import Network.TLS.SessionManager qualified as SM import Network.Wai (Application, rawPathInfo) import Network.Wai.Handler.Warp@@ -37,7 +36,7 @@ setLogger, setNoParsePath, setOnException, setPort, setServerName) import Network.Wai.Handler.WarpTLS (OnInsecure(..), WarpTLSException, defaultTlsSettings, onInsecure, runTLS, tlsAllowedVersions,- tlsCiphers, tlsCredentials, tlsServerHooks, tlsSessionManager)+ tlsCredentials, tlsServerHooks, tlsSessionManager) import Control.Exception (Exception(..)) import GHC.IO.Exception (IOErrorType(..))@@ -46,6 +45,7 @@ #ifdef QUIC_ENABLED import Control.Concurrent.Async (mapConcurrently_)+import Data.List (find) import Network.QUIC qualified as Q import Network.QUIC.Internal qualified as Q import Network.Wai.Handler.Warp (setAltSvc)@@ -320,7 +320,6 @@ -> IO () run fallback Config{..} = withLogger (getLoggerType _log) _loglevel $ \logger -> do logger INFO $ "hprox " <> toLogStr (showVersion version) <> " started"- logger INFO $ "bind to TCP port " <> toLogStr (fromMaybe "[::]" _bind) <> ":" <> toLogStr _port let certfiles = _ssl @@ -354,9 +353,10 @@ #elif defined(QUIC_ENABLED) case (dropped, _quic) of (True, Just qport) | qport < 1024 -> logger ERROR $ "dropping root priviledge will likely break QUIC connection over UDP port " <> toLogStr (show qport)+ (True, _) -> logger INFO "root priviledge dropped" _ -> return () #else- return ()+ when dropped $ logger INFO "root priviledge dropped" #endif #endif @@ -381,24 +381,11 @@ | otherwise = logger TRACE $ "(" <> toLogStr (HT.statusCode status) <> ") " <> logRequest req - -- https://www.ssllabs.com/ssltest- -- https://github.com/haskell-tls/hs-tls/blob/master/core/Network/TLS/Extra/Cipher.hs- weak_ciphers = [ TLS.cipher_ECDHE_RSA_AES256CBC_SHA384- , TLS.cipher_ECDHE_RSA_AES256CBC_SHA- , TLS.cipher_AES256CCM_SHA256- , TLS.cipher_AES256GCM_SHA384- , TLS.cipher_AES256_SHA256- , TLS.cipher_AES256_SHA1- , TLS.cipher_ECDHE_ECDSA_AES256CBC_SHA384- , TLS.cipher_ECDHE_ECDSA_AES256CBC_SHA- ]- tlsset = defaultTlsSettings { tlsServerHooks = def { TLS.onServerNameIndication = onSNI } , tlsCredentials = Just (TLS.Credentials [head certs]) , onInsecure = AllowInsecure , tlsAllowedVersions = [TLS.TLS13, TLS.TLS12]- , tlsCiphers = TLS.ciphersuite_strong \\ weak_ciphers , tlsSessionManager = Just smgr } @@ -422,7 +409,6 @@ { Q.scAddresses = [(fromString (fromMaybe "0.0.0.0" _bind), fromIntegral qport)] , Q.scVersions = [Q.Version1, Q.Version2] , Q.scCredentials = TLS.Credentials [head certs]- , Q.scCiphers = Q.scCiphers Q.defaultServerConfig \\ weak_ciphers , Q.scALPN = Just alpn , Q.scTlsHooks = def { TLS.onServerNameIndication = onSNI } , Q.scUse0RTT = True@@ -482,6 +468,7 @@ unless (null revSorted) $ logger INFO $ "reverse proxy: " <> toLogStr (show revSorted) forM_ _doh $ \doh -> logger INFO $ "DNS-over-HTTPS redirect: " <> toLogStr doh + logger INFO $ "bind to TCP port " <> toLogStr (fromMaybe "[::]" _bind) <> ":" <> toLogStr _port case _doh of Nothing -> runner proxy Just doh -> createResolver doh (\resolver -> runner (dnsOverHTTPS resolver proxy))