Skip to content

Releases: hivesolutions/netius

1.58.1

Choose a tag to compare

@joamag joamag released this 20 Jun 20:12
a93d4ad

Fixed

  • Proxy no longer crashes when handling request data on a connection whose back-end link has already been torn down
  • Proxy no longer crashes when handling a partial request body on a connection whose back-end link has already been torn down

1.58.0

Choose a tag to compare

@joamag joamag released this 20 Jun 19:49
897521d

Added

  • ReverseProxyServer support for WebSocket (Connection: Upgrade + Upgrade: websocket) requests, which are now forwarded to the resolved back-end through a raw byte tunnel (the switching protocols response and subsequent frames flow back transparently); the back-end target honours the same regex / host / forward rule resolution and load balancing as regular HTTP requests
  • ProxyServer.is_upgrade and ProxyServer.tunnel helpers factoring out the raw tunnel establishment (back-end connection, connection mapping, optional initial request forwarding and acknowledge response) shared by the WebSocket upgrade and CONNECT code paths

Changed

  • ForwardProxyServer CONNECT handling now uses the shared ProxyServer.tunnel helper instead of an inline tunnel setup (behaviour preserved, the 200 Connection established acknowledge is still sent on tunnel establishment)

1.57.0

Choose a tag to compare

@joamag joamag released this 11 May 00:44
36f80c2

Added

  • ConsulProxyServer support for the proxy.protocol=http|https tag, controlling the scheme used when constructing backend URLs (defaults to http); applies to both the multi-port expansion and single-port code paths

1.56.1

Choose a tag to compare

@joamag joamag released this 10 May 19:45
f282c31

Fixed

  • ProxyServer now preserves the content-encoding response header when running in dynamic mode (body is forwarded byte-identical and must remain decodable by the client); non-dynamic mode keeps the existing pop behaviour since the proxy may re-encode

1.56.0

Choose a tag to compare

@joamag joamag released this 05 May 11:57
492945c

Added

  • Test scaffolding for HTTP/2 (HTTP2ParserTest covering frame size, SETTINGS / PUSH_PROMISE / PING / GOAWAY / WINDOW_UPDATE assertions and parse round-trips for SETTINGS, PING, GOAWAY and WINDOW_UPDATE; HTTP2ServerTest covering _has_hpack, _has_alpn, _has_npn, info_dict and get_protocols)
  • ConsulProxyServer support for two new redirect tags: proxy.redirect=<host> (or <host>;<protocol> tuple form) registers a host redirect for the service domain and propagates it to tag aliases and host-suffix expansions, mirroring the existing proxy.redirect-ssl=true propagation; proxy.redirect-regex=<pattern>;<target>,... registers regex redirect rules in self.redirect_regex, mirroring the shape of proxy.auth-regex

Fixed

  • HTTP2Parser.parse now flushes zero-length payload frames (eg: SETTINGS with the ACK flag, DATA with END_STREAM and no body) instead of leaving the parser stuck in PAYLOAD_STATE until subsequent bytes arrive
  • HTTP2Parser now syncs the HPACK encoder / decoder dynamic table sizes with SETTINGS_HEADER_TABLE_SIZE — the encoder is bounded by the peer's advertised value and the decoder caps max_allowed_table_size at our own; HTTP2Connection.set_settings propagates peer-driven changes to the live encoder, fixing a latent interop bug where the encoder could emit indices outside the peer's table window
  • ReverseProxyServer now initializes x_forwarded_port and x_forwarded_proto to None in __init__; previously they were only set inside on_serve under if self.env, so any embedded usage that called serve(env=False) raised AttributeError on the first inbound request
  • ConsulProxyServer._build_hosts now sweeps consul-managed alias keys from self.redirect on each rebuild cycle, so redirect entries created for tag aliases (eg: api) and host-suffix expansions (eg: api.example.com) no longer leak across rebuilds when the underlying service is removed; also incidentally fixes the same pre-existing leak for proxy.redirect-ssl=true

1.55.0

Choose a tag to compare

@joamag joamag released this 29 Apr 15:34
b7e2b3c

Added

  • on_config hook on AbstractBase that subclasses can override to react to SIGHUP reload signals (chains to the existing "config" trigger via super)
  • ConsulProxyServer.on_config override that schedules an extra _consul_tick(timeout=0) on SIGHUP, allowing operators to force a Consul service refresh without waiting for the next poll cycle

Changed

  • bind_config SIGHUP handler now defers on_config to the main event loop via delay(immediately=True) instead of running it synchronously in the signal handler context, so subclass overrides don't have to worry about signal-handler reentrancy

1.54.2

Choose a tag to compare

@joamag joamag released this 29 Apr 11:52
b7c908b

Changed

  • TLSContextDict now persists the configured domain set on self.domains and reload() defaults to it, so _ssl_reload can promote domains whose certificate files only become available after startup (eg: newly issued Let's Encrypt certs)

1.54.1

Choose a tag to compare

@joamag joamag released this 29 Apr 10:45
e2385ef

Added

  • Wire bind_config / unbind_config into AbstractBase.load and unload so the SIGHUP config reload handler is registered automatically when serve() is called

1.54.0

Choose a tag to compare

@joamag joamag released this 29 Apr 10:31
6aaa677

Added

  • bind_config and unbind_config methods on AbstractBase that bind SIGHUP to a handler triggering a "config" event, allowing agents to react to configuration reload signals (eg: TLS certificate reload)

Changed

  • SIGHUP no longer raises SystemExit via bind_signals — it is now reserved for the new "config" reload handler. Operators relying on SIGHUP for shutdown should switch to SIGINT, SIGTERM or SIGQUIT
  • Add NO_SUITABLE_KEY_SHARE to SSL_SILENT_REASONS

1.53.13

Choose a tag to compare

@joamag joamag released this 27 Apr 23:41
957f612

Fixed

  • Protocol re-usage in proxy reverse