From 0ff6671cec0bc8db106f094400425ada5d4faf7a Mon Sep 17 00:00:00 2001 From: Roland Reichwein Date: Mon, 6 Apr 2020 19:19:23 +0200 Subject: Don't use privileged ports as user --- config.cpp | 5 ++++- https.cpp | 2 +- webserver.conf | 5 +++++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/config.cpp b/config.cpp index 072b1bd..6dbd8ee 100644 --- a/config.cpp +++ b/config.cpp @@ -87,7 +87,10 @@ void Config::readConfigfile(std::string filename) } else throw std::runtime_error("Unknown element: "s + x.first); } - m_sockets.push_back(socket_struct); + if (geteuid() != 0 && stoi(socket_struct.port) < 1024) + std::cout << "Warning: Skipping privileged port " << socket_struct.port << std::endl; + else + m_sockets.push_back(socket_struct); } } } diff --git a/https.cpp b/https.cpp index 9be69a8..161efad 100644 --- a/https.cpp +++ b/https.cpp @@ -604,7 +604,7 @@ Server::Server(Config& config, boost::asio::io_context& ioc, const Socket& socke if (site.name == serve_site) { std::shared_ptr ctx {std::make_shared(tls_method)}; - std::cout << "Creating SSL context/cert for site " << serve_site << std::endl; + std::cout << "Creating SSL context/cert for site " << serve_site << " on port " << socket.port << std::endl; load_server_certificate(*ctx, site.cert_path, site.key_path); SSL_CTX_set_tlsext_servername_callback(ctx->native_handle(), servername_callback); diff --git a/webserver.conf b/webserver.conf index 38af8ab..7749739 100644 --- a/webserver.conf +++ b/webserver.conf @@ -56,6 +56,11 @@ 8081 https + +
127.0.0.1
+ 443 + https +
-- cgit v1.2.3