proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-04-30 04:20:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,619 Commits 6 Branches 0 Tags 12 MiB
b51c9f454b
Commit Graph

67 Commits

Author SHA1 Message Date
Fabian Grünbichler
b51c9f454b pass proxied to node to proxy_request 
in addition to proxied to IP
 2016-11-17 15:52:53 +01:00
Jos Ewert
855689ff2e Add ECDH curves to use with modern ciphers 
This patch adds curves to use with TLS_ECDHE_* ciphers
They will automatically be used be the proxy as they are
in the HIGH ciphersuite.

This patch uses the prime256v1 curve, which should be supported
by most clients. openssl 1.0.1 only supports a single curve.

This also forces the use of new DHE and ECDHE keys on every
handshake. This does not seem to have an impact on performance.

Signed-Off-By: Jos Ewert flami@flami.net
 2016-11-08 09:32:40 +01:00
Dietmar Maurer
ccccbf3fdb simplify/optimize code 2016-05-25 09:59:25 +02:00
Dietmar Maurer
d5d08d2aca depend on pve-docs package 
and serve documentation files with pveproxy:

https://<HOST>:8006/pve-docs/index.html
 2016-05-25 09:41:46 +02:00
Dietmar Maurer
9cad08ca19 fix bug #575: fork at shutdown, so that partent starts new worker 2016-01-22 11:24:12 +01:00
Emmanuel Kasper
7a552a9e6c Add mime type for woff2 fonts, also update mime type for ttf fonts 
application/font-woff2 is still in discussion but works in main three browsers
This is needed for ExtJS6, which includes some woff2 fonts

ttf font mime type is taken from the official IANA assignment, and works as
well in main three browsers
 2016-01-22 11:24:11 +01:00
Wolfgang Bumiller
0e007a5dcf localhost instead of 127.0.0.1 makes ipv6 life easier 2015-05-27 08:28:51 +02:00
Wolfgang Bumiller
232ce26781 enclose ipv6 hosts in brackets in proxy_request() 2015-05-21 17:32:12 +02:00
Wolfgang Bumiller
09316f4c09 HTTPServer.pm: accept ip6 connections 2015-05-08 12:43:14 +02:00
Dietmar Maurer
9da32f1282 websocket_proxy: correctly close connection 2015-01-02 09:20:09 +01:00
Dietmar Maurer
8173360410 HTTPServer:: mark process in shutdown phase 
So that we can see what workers already closed the socket.
 2015-01-02 08:54:16 +01:00
Dietmar Maurer
a9acb2bad0 HTTPServer: add support for font files (content types) 2014-08-01 06:22:53 +02:00
Dietmar Maurer
a47df3e4fe use case insensitive match for websocket upgrade (make it work with IE) 2014-06-25 13:25:02 +02:00
Dietmar Maurer
1d7f84a1b7 do not call uri_unescape on whole url - only on path 
Because parameters are decoded with extract_params().
 2014-06-24 16:01:54 +02:00
Dietmar Maurer
e60b96472a HTTPServer: implement websockets 
We can avoid wss ceritificate errors this way (wsproxy.py throw certificate errors with firefox).
 2014-06-18 12:08:21 +02:00
Dietmar Maurer
657b2c277a HTTPServer: set content type for .html files 2014-06-13 11:25:52 +02:00
Dietmar Maurer
7e73c93e55 new html formatter PVE::API2::Formatter::HTML 
This one provides a login page and uses bootstrap for html.
 2014-05-02 11:36:11 +02:00
Dietmar Maurer
6fcbe87a35 fix typo 2014-05-02 07:10:29 +02:00
Dietmar Maurer
1370ec6145 move formater registration to HTTPServer 2014-05-02 07:03:12 +02:00
Dietmar Maurer
3ed610334e add generic formater support 2014-04-30 15:28:30 +02:00
Dietmar Maurer
c9c0cd346c allow to return HTTP::Response object from format_response_data() 
A formater can generate HTTP redirect now.
 2014-04-30 09:30:36 +02:00
Dietmar Maurer
9195c8f947 HTTPServer: correctly unescape url 2014-04-30 08:42:50 +02:00
Dietmar Maurer
d804d82f50 introduce base_handler_class 
To make the framework more generic. The final plan is to move the
generic server code to package pve-common.

Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2014-04-30 08:31:14 +02:00
Dietmar Maurer
6a123049cc remove unused code 
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
 2014-04-30 08:28:49 +02:00
Dietmar Maurer
949118487d bump version to 3.1-44, re-add spiceconfig support 2014-02-24 12:51:07 +01:00
Dietmar Maurer
36e0802d07 remove spiceconfig format 2013-12-11 08:38:22 +01:00
Dietmar Maurer
e1bae24c4c allow to use vmid 0 in spice tickets 
VMID 0 will be used by spiceterm for task that run on the host.
 2013-12-10 06:08:25 +01:00
Dietmar Maurer
8dc1715b1f delay UNAUTHORIZED response to avoid DOS attack 2013-11-18 11:19:27 +01:00
Dietmar Maurer
ce429a15b0 spice: ignore the case of the characters in hostname match 2013-10-28 08:07:00 +01:00
Dietmar Maurer
943776b047 disable SSL compression 
To avoid CRIME attacks:

http://en.wikipedia.org/wiki/CRIME_%28security_exploit%29

http://en.wikipedia.org/wiki/CRIME_%28security_exploit%29http://en.wikipedia.org/wiki/CRIME_%28security_exploit%29# with '#' will be ignored, and an empty message aborts the commit.
 2013-09-17 07:13:20 +02:00
Dietmar Maurer
e88a5cde5f add favicon.ico 2013-08-16 13:06:32 +02:00
Dietmar Maurer
64363f40c6 fix proxy loop assertion for spiceproxy 2013-07-24 12:42:30 +02:00
Dietmar Maurer
94c803f44a log handle_spice_proxy_request() errors to syslog 2013-07-24 12:40:46 +02:00
Dietmar Maurer
40ca6e9c11 fix proxy loop assertion 2013-07-23 08:34:56 +02:00
Alexandre Derumier
f60bd577b7 spiceproxy : allow only spice port range 
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
 2013-07-22 13:04:16 +02:00
Dietmar Maurer
f2c8b26931 try to detect proxy loops 2013-07-22 09:13:41 +02:00
Dietmar Maurer
c3b83ed1f9 call $rpcenv->init_request before calling remote_node_ip 
Else get get undefined values.
 2013-07-19 11:38:34 +02:00
Dietmar Maurer
8963443427 spiceproxy: forward calls to remote nodes 2013-07-18 12:27:02 +02:00
Dietmar Maurer
cffad9045e spiceproxy: code cleanups 2013-07-18 08:53:07 +02:00
Dietmar Maurer
8a223d4f74 spiceproxy: use tcp instead of unix socket 2013-07-17 11:48:02 +02:00
Dietmar Maurer
8d5310c1b0 spiceproxy: improve loggin code 
* use the same log file as pveproxy: /var/log/pveproxy/access.log

 * log early just after establishing the connection.
 2013-06-27 06:50:32 +02:00
Dietmar Maurer
33afb29b29 add spiceproxy server 2013-06-26 13:21:14 +02:00
Alexandre Derumier
6e30b52dd4 rest : handle application/x-spice-configuration response format 
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
 2013-06-25 08:22:50 +02:00
Dietmar Maurer
a49706cb78 avoid gzip http response for jar 
Java archives (.jar) are simple zip files - already compressed.
 2013-06-11 07:00:05 +02:00
Alexandre Derumier
0ebf2fa8d9 avoid gzip http response for png & gif 
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
 2013-06-11 06:58:25 +02:00
Dietmar Maurer
23699d1eee fix bug 401: disable connection timeout during API call processing 
Only enable timeouts when we really expect data to be send/received.
 2013-06-07 09:54:26 +02:00
Dietmar Maurer
139cb2dac1 avoid using HTTP_PROXY environment variable 
People run into problems on upgrades, for example:

 export http_proxy=http://172.xxx.xxx.xxx:8888/
 aptitude update && aptitude full-upgrade

This restarts pveproxy, and after that login was no longer possible.

Another way to reproduce the bug is:

 http_proxy=http://1.2.3.4:8888/ pveproxy --debug
 2013-05-23 07:24:46 +02:00
Dietmar Maurer
17c8ec6486 try to add resonable warning if client connections vanished 
The proxy call is done async, so the original connection can be
closed already. This just adds a reasonable warning message. We
can remove the message later if that turns out to work as expected.
 2013-05-22 10:54:21 +02:00
Dietmar Maurer
e3110298e3 allow to upload files with spaces in filename 2013-05-22 06:44:04 +02:00
Dietmar Maurer
1319da8142 avoid warning about uninitialized value 2013-05-21 09:40:54 +02:00