initial commit before refactor switch

2024-12-12 02:22:54 -05:00
commit db081e2699
33 changed files with 3101 additions and 0 deletions
--- a/_extras/clientinfo.env
+++ b/_extras/clientinfo.env
@@ -0,0 +1,22 @@
+# Enable debug mode.
+#CINFO_DEBUG=1
+
+# Use a different listening spec.
+# The default is 'unix:///var/run/clientinfo/fcgi.sock'
+##
+# The below example listens on UDS path /tmp/mysock.fcgi as FCGI.
+# Note the *three* slashes after the scheme. This is intentional and recommended,
+# otherwise the path will be treated as relative to current working directory.
+#CINFO_URI="unix:///tmp/mysock.fcgi"
+#
+# The below example listens on localhost port 4321 as FCGI.
+# TLS is currently not supported; use a reverse stream proxy to terminate if TLS is needed.
+#CINFO_URI="tcp://127.0.0.1:4321"
+#
+# The below example listens on localhost port 1234 as HTTP instead of FCGI.
+# HTTPS is currently not supported; use a reverse proxy to terminate if HTTPS is needed.
+# If reverse-proxying, BE SURE to set (NOT add) a header "X-ClientInfo-RealIP"
+# with a value in the form of:
+#	* "<Client IP>:<Client Port>" (IPv4)
+#	* "[<Client IP>]:<Client Port>" (IPv6)
+#CINFO_URI="http://127.0.0.1:1234"
--- a/_extras/clientinfo.service
+++ b/_extras/clientinfo.service
@@ -0,0 +1,22 @@
+# This file goes in /etc/systemd/system/.
+# DO NOT PLACE IT IN /usr/lib/systemd/system/ unless you are a packager for a Linux distribution.
+# After it's in place (or updated), run:
+#   systemctl daemon-reload
+[Unit]
+Description=Return Client Request Information
+
+[Service]
+Type=notify
+# These may also be "httpd", "nginx", etc.
+User=http
+Group=htttp
+Restart=on-failure
+RestartSec=10
+# Not required, but you may create this file and specify the associated commandline argument env vars.
+# This allows for easily changing the listen URI, debug mode, etc. without changing the systemd unit.
+# See clientinfo.env for an example.
+EnvironmentFile=-/etc/default/clientinfo
+ExecStart=/usr/local/bin/clientinfo
+
+[Install]
+WantedBy=multi-user.target
--- a/_extras/fastcgi.inc
+++ b/_extras/fastcgi.inc
@@ -0,0 +1,25 @@
+
+fastcgi_param	QUERY_STRING		$query_string;
+fastcgi_param	REQUEST_METHOD		$request_method;
+fastcgi_param	CONTENT_TYPE		$content_type;
+fastcgi_param	CONTENT_LENGTH		$content_length;
+
+fastcgi_param	SCRIPT_NAME		$fastcgi_script_name;
+fastcgi_param	REQUEST_URI		$request_uri;
+fastcgi_param	DOCUMENT_URI		$document_uri;
+fastcgi_param	DOCUMENT_ROOT		$document_root;
+fastcgi_param	SERVER_PROTOCOL		$server_protocol;
+fastcgi_param	REQUEST_SCHEME		$scheme;
+fastcgi_param	HTTPS			$https			if_not_empty;
+
+fastcgi_param	GATEWAY_INTERFACE	CGI/1.1;
+fastcgi_param	SERVER_SOFTWARE		nginx/$nginx_version;
+
+fastcgi_param	REMOTE_ADDR		$remote_addr;
+fastcgi_param	REMOTE_PORT		$remote_port;
+fastcgi_param	SERVER_ADDR		$server_addr;
+fastcgi_param	SERVER_PORT		$server_port;
+fastcgi_param	SERVER_NAME		$server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param	REDIRECT_STATUS		200;
--- a/_extras/nginx.conf
+++ b/_extras/nginx.conf
@@ -0,0 +1,74 @@
+worker_processes	1;
+
+events {
+	worker_connections	1024;
+}
+
+http {
+	default_type	application/octet-stream;
+
+	log_format		main	'$remote_addr - $remote_user [$time_local] "$request" '
+					'$status $body_bytes_sent "$http_referer" '
+					'"$http_user_agent" "$http_x_forwarded_for"';
+
+	sendfile		on;
+	keepalive_timeout	65;
+
+	server {
+		listen		[::]:80 ipv6only=off default_server;
+		server_name	localhost _;
+
+		access_log	/var/log/nginx/access.log	main;
+		error_log	/var/log/nginx/debug.log	debug;
+		error_log	/var/log/nginx/error.log;
+
+		# You MUST set this for dual-stack setups!
+		set		$client_ip_port		"$remote_addr:$remote_port";
+		if ($remote_addr ~ "^.+:.+$") {
+			set	$client_ip_port		"[$remote_addr]:$remote_port";
+		}
+
+		location / {
+			# For UDS FastCGI (the default URI).
+			# UDS FastCGI is the recommended setup, as it provides the most accuracy,
+			# requires the least amount of configuration, and is the most performant.
+			# Yes, Virginia, even more performant than localhost network ports.
+			include		fastcgi.inc;
+			fastcgi_pass	unix:/var/run/clientinfo/fcgi.sock;
+			#
+			# For TCP FastCGI. (See the clientinfo.env file for a corresponding URI.)
+			#include		fastcgi.inc;
+			#fastcgi_pass		127.0.0.1:4321;
+			#
+			# For HTTP. (See the clientinfo.env file for a corresponding URI.)
+			# BE SURE to explicitly set (NOT add) the X-ClientInfo-RealIP header
+			# if reverse-proxying, and enclose in brackets if IPv6!
+			# (FastCGI via fastcgi.inc does this automatically for fastcgi_pass.)
+			# Note that in dual-stack NGINX (as configured here), the $client_ip_port
+			# will use IPv6-mapped IPv4 (https://www.rfc-editor.org/rfc/rfc5156.html#section-2.2)
+			# for IPv4 clients, which looks like e.g. "[::ffff:<IP>]:<Port>".
+			# FastCGI will use the expected "<IP>:<Port>" format for IPv4 clients.
+			#proxy_set_header	X-ClientInfo-RealIP	"$client_ip_port";
+			#proxy_http_version	1.1;
+			#proxy_pass		http://127.0.0.1:1234;
+		}
+
+		# Alternatively, if you only wanted to return the client's IP,
+		# you don't even need ClientInfo, it can be returned directly.
+		# See https://nginx.org/en/docs/varindex.html
+		location /ip {
+			return		200	"$remote_addr";
+		}
+		# Likewise, ...
+		location /ipport {
+			return 		200	"$client_ip_port";
+		}
+		# And so forth.
+
+		error_page   500 502 503 504  /50x.html;
+
+		location = /50x.html {
+			root   /usr/share/nginx/html;
+		}
+	}
+}