packages feed

hprox 0.6.2 → 0.6.3

raw patch · 3 files changed

+13/−21 lines, 3 filesdep ~http-reverse-proxyPVP ok

version bump matches the API change (PVP)

Dependency ranges changed: http-reverse-proxy

API changes (from Hackage documentation)

Files

Changelog.md view
@@ -1,3 +1,8 @@+## 0.6.3++- bump stack dependencies+- fix Content-Length header for encoded HTTP responses in reverse proxy mode+ ## 0.6.2  - fixes to improve ssltest result
hprox.cabal view
@@ -5,7 +5,7 @@ -- see: https://github.com/sol/hpack  name:           hprox-version:        0.6.2+version:        0.6.3 synopsis:       a lightweight HTTP proxy server, and more description:    Please see the README on GitHub at <https://github.com/bjin/hprox#readme> category:       Web@@ -67,7 +67,7 @@     , fast-logger >=3.0     , http-client >=0.5     , http-client-tls >=0.3.4-    , http-reverse-proxy >=0.6.0.2+    , http-reverse-proxy >=0.6.0.3     , http-types >=0.12     , http2 >=4.0     , optparse-applicative >=0.14
src/Network/HProx.hs view
@@ -21,7 +21,7 @@ import Data.ByteString.Char8       qualified as BS8 import Data.Default.Class          (def) import Data.HashMap.Strict         qualified as HM-import Data.List                   (elemIndex, elemIndices, find, isSuffixOf, sortOn, (\\))+import Data.List                   (elemIndex, elemIndices, isSuffixOf, sortOn) import Data.List.NonEmpty          (NonEmpty(..)) import Data.Ord                    (Down(..)) import Data.String                 (fromString)@@ -29,7 +29,6 @@ import Network.HTTP.Client.TLS     (newTlsManager) import Network.HTTP.Types          qualified as HT import Network.TLS                 qualified as TLS-import Network.TLS.Extra.Cipher    qualified as TLS import Network.TLS.SessionManager  qualified as SM import Network.Wai                 (Application, rawPathInfo) import Network.Wai.Handler.Warp@@ -37,7 +36,7 @@     setLogger, setNoParsePath, setOnException, setPort, setServerName) import Network.Wai.Handler.WarpTLS     (OnInsecure(..), WarpTLSException, defaultTlsSettings, onInsecure, runTLS, tlsAllowedVersions,-    tlsCiphers, tlsCredentials, tlsServerHooks, tlsSessionManager)+    tlsCredentials, tlsServerHooks, tlsSessionManager)  import Control.Exception    (Exception(..)) import GHC.IO.Exception     (IOErrorType(..))@@ -46,6 +45,7 @@  #ifdef QUIC_ENABLED import Control.Concurrent.Async     (mapConcurrently_)+import Data.List                    (find) import Network.QUIC                 qualified as Q import Network.QUIC.Internal        qualified as Q import Network.Wai.Handler.Warp     (setAltSvc)@@ -320,7 +320,6 @@     -> IO () run fallback Config{..} = withLogger (getLoggerType _log) _loglevel $ \logger -> do     logger INFO $ "hprox " <> toLogStr (showVersion version) <> " started"-    logger INFO $ "bind to TCP port " <> toLogStr (fromMaybe "[::]" _bind) <> ":" <> toLogStr _port      let certfiles = _ssl @@ -354,9 +353,10 @@ #elif defined(QUIC_ENABLED)             case (dropped, _quic) of                 (True, Just qport) | qport < 1024 -> logger ERROR $ "dropping root priviledge will likely break QUIC connection over UDP port " <> toLogStr (show qport)+                (True, _) -> logger INFO "root priviledge dropped"                 _ -> return () #else-            return ()+            when dropped $ logger INFO "root priviledge dropped" #endif #endif @@ -381,24 +381,11 @@             | otherwise                           =                 logger TRACE $ "(" <> toLogStr (HT.statusCode status) <> ") " <> logRequest req -        -- https://www.ssllabs.com/ssltest-        -- https://github.com/haskell-tls/hs-tls/blob/master/core/Network/TLS/Extra/Cipher.hs-        weak_ciphers = [ TLS.cipher_ECDHE_RSA_AES256CBC_SHA384-                       , TLS.cipher_ECDHE_RSA_AES256CBC_SHA-                       , TLS.cipher_AES256CCM_SHA256-                       , TLS.cipher_AES256GCM_SHA384-                       , TLS.cipher_AES256_SHA256-                       , TLS.cipher_AES256_SHA1-                       , TLS.cipher_ECDHE_ECDSA_AES256CBC_SHA384-                       , TLS.cipher_ECDHE_ECDSA_AES256CBC_SHA-                       ]-         tlsset = defaultTlsSettings             { tlsServerHooks     = def { TLS.onServerNameIndication = onSNI }             , tlsCredentials     = Just (TLS.Credentials [head certs])             , onInsecure         = AllowInsecure             , tlsAllowedVersions = [TLS.TLS13, TLS.TLS12]-            , tlsCiphers         = TLS.ciphersuite_strong \\ weak_ciphers             , tlsSessionManager  = Just smgr             } @@ -422,7 +409,6 @@             { Q.scAddresses      = [(fromString (fromMaybe "0.0.0.0" _bind), fromIntegral qport)]             , Q.scVersions       = [Q.Version1, Q.Version2]             , Q.scCredentials    = TLS.Credentials [head certs]-            , Q.scCiphers        = Q.scCiphers Q.defaultServerConfig \\ weak_ciphers             , Q.scALPN           = Just alpn             , Q.scTlsHooks       = def { TLS.onServerNameIndication = onSNI }             , Q.scUse0RTT        = True@@ -482,6 +468,7 @@     unless (null revSorted) $ logger INFO $ "reverse proxy: " <> toLogStr (show revSorted)     forM_ _doh $ \doh -> logger INFO $ "DNS-over-HTTPS redirect: " <> toLogStr doh +    logger INFO $ "bind to TCP port " <> toLogStr (fromMaybe "[::]" _bind) <> ":" <> toLogStr _port     case _doh of         Nothing  -> runner proxy         Just doh -> createResolver doh (\resolver -> runner (dnsOverHTTPS resolver proxy))