mirror of
https://github.com/caddyserver/caddy.git
synced 2024-12-02 05:33:38 +08:00
e4a22de9d1
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) * reverseproxy: complete handle_response test * reverseproxy: Change handle_response matchers to use named matchers reverseproxy: Add support for changing status code * fastcgi: Remove obsolete TODO We already have d.Err("transport already specified") in the reverse_proxy parsing code which covers this case * reverseproxy: Fix support for "4xx" type status codes * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * caddyhttp: Reorganize response matchers * reverseproxy: Reintroduce caddyfile.Unmarshaler * reverseproxy: Add comment mentioning Finalize should be called Co-authored-by: Maxime Soulé <btik-git@scoubidou.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
401 lines
11 KiB
Go
401 lines
11 KiB
Go
// Copyright 2015 Matthew Holt and The Caddy Authors
|
||
//
|
||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||
// you may not use this file except in compliance with the License.
|
||
// You may obtain a copy of the License at
|
||
//
|
||
// http://www.apache.org/licenses/LICENSE-2.0
|
||
//
|
||
// Unless required by applicable law or agreed to in writing, software
|
||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
// See the License for the specific language governing permissions and
|
||
// limitations under the License.
|
||
|
||
package fastcgi
|
||
|
||
import (
|
||
"encoding/json"
|
||
"net/http"
|
||
"strconv"
|
||
|
||
"github.com/caddyserver/caddy/v2"
|
||
"github.com/caddyserver/caddy/v2/caddyconfig"
|
||
"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
|
||
"github.com/caddyserver/caddy/v2/caddyconfig/httpcaddyfile"
|
||
"github.com/caddyserver/caddy/v2/modules/caddyhttp"
|
||
"github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver"
|
||
"github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy"
|
||
"github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite"
|
||
)
|
||
|
||
func init() {
|
||
httpcaddyfile.RegisterDirective("php_fastcgi", parsePHPFastCGI)
|
||
}
|
||
|
||
// UnmarshalCaddyfile deserializes Caddyfile tokens into h.
|
||
//
|
||
// transport fastcgi {
|
||
// root <path>
|
||
// split <at>
|
||
// env <key> <value>
|
||
// resolve_root_symlink
|
||
// dial_timeout <duration>
|
||
// read_timeout <duration>
|
||
// write_timeout <duration>
|
||
// }
|
||
//
|
||
func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
|
||
for d.Next() {
|
||
for d.NextBlock(0) {
|
||
switch d.Val() {
|
||
case "root":
|
||
if !d.NextArg() {
|
||
return d.ArgErr()
|
||
}
|
||
t.Root = d.Val()
|
||
|
||
case "split":
|
||
t.SplitPath = d.RemainingArgs()
|
||
if len(t.SplitPath) == 0 {
|
||
return d.ArgErr()
|
||
}
|
||
|
||
case "env":
|
||
args := d.RemainingArgs()
|
||
if len(args) != 2 {
|
||
return d.ArgErr()
|
||
}
|
||
if t.EnvVars == nil {
|
||
t.EnvVars = make(map[string]string)
|
||
}
|
||
t.EnvVars[args[0]] = args[1]
|
||
|
||
case "resolve_root_symlink":
|
||
if d.NextArg() {
|
||
return d.ArgErr()
|
||
}
|
||
t.ResolveRootSymlink = true
|
||
|
||
case "dial_timeout":
|
||
if !d.NextArg() {
|
||
return d.ArgErr()
|
||
}
|
||
dur, err := caddy.ParseDuration(d.Val())
|
||
if err != nil {
|
||
return d.Errf("bad timeout value %s: %v", d.Val(), err)
|
||
}
|
||
t.DialTimeout = caddy.Duration(dur)
|
||
|
||
case "read_timeout":
|
||
if !d.NextArg() {
|
||
return d.ArgErr()
|
||
}
|
||
dur, err := caddy.ParseDuration(d.Val())
|
||
if err != nil {
|
||
return d.Errf("bad timeout value %s: %v", d.Val(), err)
|
||
}
|
||
t.ReadTimeout = caddy.Duration(dur)
|
||
|
||
case "write_timeout":
|
||
if !d.NextArg() {
|
||
return d.ArgErr()
|
||
}
|
||
dur, err := caddy.ParseDuration(d.Val())
|
||
if err != nil {
|
||
return d.Errf("bad timeout value %s: %v", d.Val(), err)
|
||
}
|
||
t.WriteTimeout = caddy.Duration(dur)
|
||
|
||
default:
|
||
return d.Errf("unrecognized subdirective %s", d.Val())
|
||
}
|
||
}
|
||
}
|
||
return nil
|
||
}
|
||
|
||
// parsePHPFastCGI parses the php_fastcgi directive, which has the same syntax
|
||
// as the reverse_proxy directive (in fact, the reverse_proxy's directive
|
||
// Unmarshaler is invoked by this function) but the resulting proxy is specially
|
||
// configured for most™️ PHP apps over FastCGI. A line such as this:
|
||
//
|
||
// php_fastcgi localhost:7777
|
||
//
|
||
// is equivalent to a route consisting of:
|
||
//
|
||
// @canonicalPath {
|
||
// file {
|
||
// try_files {path}/index.php
|
||
// }
|
||
// not {
|
||
// path */
|
||
// }
|
||
// }
|
||
// redir @canonicalPath {path}/ 308
|
||
//
|
||
// try_files {path} {path}/index.php index.php
|
||
//
|
||
// @phpFiles {
|
||
// path *.php
|
||
// }
|
||
// reverse_proxy @phpFiles localhost:7777 {
|
||
// transport fastcgi {
|
||
// split .php
|
||
// }
|
||
// }
|
||
//
|
||
// Thus, this directive produces multiple handlers, each with a different
|
||
// matcher because multiple consecutive handlers are necessary to support
|
||
// the common PHP use case. If this "common" config is not compatible
|
||
// with a user's PHP requirements, they can use a manual approach based
|
||
// on the example above to configure it precisely as they need.
|
||
//
|
||
// If a matcher is specified by the user, for example:
|
||
//
|
||
// php_fastcgi /subpath localhost:7777
|
||
//
|
||
// then the resulting handlers are wrapped in a subroute that uses the
|
||
// user's matcher as a prerequisite to enter the subroute. In other
|
||
// words, the directive's matcher is necessary, but not sufficient.
|
||
func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) {
|
||
if !h.Next() {
|
||
return nil, h.ArgErr()
|
||
}
|
||
|
||
// set up the transport for FastCGI, and specifically PHP
|
||
fcgiTransport := Transport{}
|
||
|
||
// set up the set of file extensions allowed to execute PHP code
|
||
extensions := []string{".php"}
|
||
|
||
// set the default index file for the try_files rewrites
|
||
indexFile := "index.php"
|
||
|
||
// if the user specified a matcher token, use that
|
||
// matcher in a route that wraps both of our routes;
|
||
// either way, strip the matcher token and pass
|
||
// the remaining tokens to the unmarshaler so that
|
||
// we can gain the rest of the reverse_proxy syntax
|
||
userMatcherSet, err := h.ExtractMatcherSet()
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
|
||
// make a new dispenser from the remaining tokens so that we
|
||
// can reset the dispenser back to this point for the
|
||
// reverse_proxy unmarshaler to read from it as well
|
||
dispenser := h.NewFromNextSegment()
|
||
|
||
// read the subdirectives that we allow as overrides to
|
||
// the php_fastcgi shortcut
|
||
// NOTE: we delete the tokens as we go so that the reverse_proxy
|
||
// unmarshal doesn't see these subdirectives which it cannot handle
|
||
for dispenser.Next() {
|
||
for dispenser.NextBlock(0) {
|
||
switch dispenser.Val() {
|
||
case "root":
|
||
if !dispenser.NextArg() {
|
||
return nil, dispenser.ArgErr()
|
||
}
|
||
fcgiTransport.Root = dispenser.Val()
|
||
dispenser.Delete()
|
||
dispenser.Delete()
|
||
|
||
case "split":
|
||
extensions = dispenser.RemainingArgs()
|
||
dispenser.Delete()
|
||
for range extensions {
|
||
dispenser.Delete()
|
||
}
|
||
if len(extensions) == 0 {
|
||
return nil, dispenser.ArgErr()
|
||
}
|
||
|
||
case "env":
|
||
args := dispenser.RemainingArgs()
|
||
dispenser.Delete()
|
||
for range args {
|
||
dispenser.Delete()
|
||
}
|
||
if len(args) != 2 {
|
||
return nil, dispenser.ArgErr()
|
||
}
|
||
if fcgiTransport.EnvVars == nil {
|
||
fcgiTransport.EnvVars = make(map[string]string)
|
||
}
|
||
fcgiTransport.EnvVars[args[0]] = args[1]
|
||
|
||
case "index":
|
||
args := dispenser.RemainingArgs()
|
||
dispenser.Delete()
|
||
for range args {
|
||
dispenser.Delete()
|
||
}
|
||
if len(args) != 1 {
|
||
return nil, dispenser.ArgErr()
|
||
}
|
||
indexFile = args[0]
|
||
|
||
case "resolve_root_symlink":
|
||
args := dispenser.RemainingArgs()
|
||
dispenser.Delete()
|
||
for range args {
|
||
dispenser.Delete()
|
||
}
|
||
fcgiTransport.ResolveRootSymlink = true
|
||
|
||
case "dial_timeout":
|
||
if !dispenser.NextArg() {
|
||
return nil, dispenser.ArgErr()
|
||
}
|
||
dur, err := caddy.ParseDuration(dispenser.Val())
|
||
if err != nil {
|
||
return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err)
|
||
}
|
||
fcgiTransport.DialTimeout = caddy.Duration(dur)
|
||
dispenser.Delete()
|
||
dispenser.Delete()
|
||
|
||
case "read_timeout":
|
||
if !dispenser.NextArg() {
|
||
return nil, dispenser.ArgErr()
|
||
}
|
||
dur, err := caddy.ParseDuration(dispenser.Val())
|
||
if err != nil {
|
||
return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err)
|
||
}
|
||
fcgiTransport.ReadTimeout = caddy.Duration(dur)
|
||
dispenser.Delete()
|
||
dispenser.Delete()
|
||
|
||
case "write_timeout":
|
||
if !dispenser.NextArg() {
|
||
return nil, dispenser.ArgErr()
|
||
}
|
||
dur, err := caddy.ParseDuration(dispenser.Val())
|
||
if err != nil {
|
||
return nil, dispenser.Errf("bad timeout value %s: %v", dispenser.Val(), err)
|
||
}
|
||
fcgiTransport.WriteTimeout = caddy.Duration(dur)
|
||
dispenser.Delete()
|
||
dispenser.Delete()
|
||
}
|
||
}
|
||
}
|
||
|
||
// reset the dispenser after we're done so that the reverse_proxy
|
||
// unmarshaler can read it from the start
|
||
dispenser.Reset()
|
||
|
||
// set up a route list that we'll append to
|
||
routes := caddyhttp.RouteList{}
|
||
|
||
// set the list of allowed path segments on which to split
|
||
fcgiTransport.SplitPath = extensions
|
||
|
||
// if the index is turned off, we skip the redirect and try_files
|
||
if indexFile != "off" {
|
||
// route to redirect to canonical path if index PHP file
|
||
redirMatcherSet := caddy.ModuleMap{
|
||
"file": h.JSON(fileserver.MatchFile{
|
||
TryFiles: []string{"{http.request.uri.path}/" + indexFile},
|
||
}),
|
||
"not": h.JSON(caddyhttp.MatchNot{
|
||
MatcherSetsRaw: []caddy.ModuleMap{
|
||
{
|
||
"path": h.JSON(caddyhttp.MatchPath{"*/"}),
|
||
},
|
||
},
|
||
}),
|
||
}
|
||
redirHandler := caddyhttp.StaticResponse{
|
||
StatusCode: caddyhttp.WeakString(strconv.Itoa(http.StatusPermanentRedirect)),
|
||
Headers: http.Header{"Location": []string{"{http.request.uri.path}/"}},
|
||
}
|
||
redirRoute := caddyhttp.Route{
|
||
MatcherSetsRaw: []caddy.ModuleMap{redirMatcherSet},
|
||
HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(redirHandler, "handler", "static_response", nil)},
|
||
}
|
||
|
||
// route to rewrite to PHP index file
|
||
rewriteMatcherSet := caddy.ModuleMap{
|
||
"file": h.JSON(fileserver.MatchFile{
|
||
TryFiles: []string{"{http.request.uri.path}", "{http.request.uri.path}/" + indexFile, indexFile},
|
||
SplitPath: extensions,
|
||
}),
|
||
}
|
||
rewriteHandler := rewrite.Rewrite{
|
||
URI: "{http.matchers.file.relative}",
|
||
}
|
||
rewriteRoute := caddyhttp.Route{
|
||
MatcherSetsRaw: []caddy.ModuleMap{rewriteMatcherSet},
|
||
HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(rewriteHandler, "handler", "rewrite", nil)},
|
||
}
|
||
|
||
routes = append(routes, redirRoute, rewriteRoute)
|
||
}
|
||
|
||
// route to actually reverse proxy requests to PHP files;
|
||
// match only requests that are for PHP files
|
||
pathList := []string{}
|
||
for _, ext := range extensions {
|
||
pathList = append(pathList, "*"+ext)
|
||
}
|
||
rpMatcherSet := caddy.ModuleMap{
|
||
"path": h.JSON(pathList),
|
||
}
|
||
|
||
// create the reverse proxy handler which uses our FastCGI transport
|
||
rpHandler := &reverseproxy.Handler{
|
||
TransportRaw: caddyconfig.JSONModuleObject(fcgiTransport, "protocol", "fastcgi", nil),
|
||
}
|
||
|
||
// the rest of the config is specified by the user
|
||
// using the reverse_proxy directive syntax
|
||
err = rpHandler.UnmarshalCaddyfile(dispenser)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
err = rpHandler.FinalizeUnmarshalCaddyfile(h)
|
||
if err != nil {
|
||
return nil, err
|
||
}
|
||
|
||
// create the final reverse proxy route which is
|
||
// conditional on matching PHP files
|
||
rpRoute := caddyhttp.Route{
|
||
MatcherSetsRaw: []caddy.ModuleMap{rpMatcherSet},
|
||
HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(rpHandler, "handler", "reverse_proxy", nil)},
|
||
}
|
||
|
||
subroute := caddyhttp.Subroute{
|
||
Routes: append(routes, rpRoute),
|
||
}
|
||
|
||
// the user's matcher is a prerequisite for ours, so
|
||
// wrap ours in a subroute and return that
|
||
if userMatcherSet != nil {
|
||
return []httpcaddyfile.ConfigValue{
|
||
{
|
||
Class: "route",
|
||
Value: caddyhttp.Route{
|
||
MatcherSetsRaw: []caddy.ModuleMap{userMatcherSet},
|
||
HandlersRaw: []json.RawMessage{caddyconfig.JSONModuleObject(subroute, "handler", "subroute", nil)},
|
||
},
|
||
},
|
||
}, nil
|
||
}
|
||
|
||
// otherwise, return the literal subroute instead of
|
||
// individual routes, to ensure they stay together and
|
||
// are treated as a single unit, without necessarily
|
||
// creating an actual subroute in the output
|
||
return []httpcaddyfile.ConfigValue{
|
||
{
|
||
Class: "route",
|
||
Value: subroute,
|
||
},
|
||
}, nil
|
||
}
|