2012-06-04 16:48:31 +02:00
|
|
|
/*
|
2014-03-30 12:09:21 +02:00
|
|
|
* nghttp2 - HTTP/2 C Library
|
2012-06-04 16:48:31 +02:00
|
|
|
*
|
|
|
|
|
* Copyright (c) 2012 Tatsuhiro Tsujikawa
|
|
|
|
|
*
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
|
* a copy of this software and associated documentation files (the
|
|
|
|
|
* "Software"), to deal in the Software without restriction, including
|
|
|
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
|
* the following conditions:
|
|
|
|
|
*
|
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
|
* included in all copies or substantial portions of the Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
|
|
|
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
|
|
|
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
|
|
|
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
#include "shrpx.h"
|
|
|
|
|
|
|
|
|
|
#include <sys/types.h>
|
2012-08-01 17:06:41 +02:00
|
|
|
#include <sys/stat.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#ifdef HAVE_SYS_SOCKET_H
|
2012-06-04 16:48:31 +02:00
|
|
|
#include <sys/socket.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_SYS_SOCKET_H
|
2015-02-22 04:27:51 +01:00
|
|
|
#include <sys/un.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#ifdef HAVE_NETDB_H
|
2012-06-04 16:48:31 +02:00
|
|
|
#include <netdb.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_NETDB_H
|
2012-06-04 16:48:31 +02:00
|
|
|
#include <signal.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#ifdef HAVE_NETINET_IN_H
|
2012-06-06 15:43:35 +02:00
|
|
|
#include <netinet/in.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_NETINET_IN_H
|
2015-01-29 13:14:44 +01:00
|
|
|
#include <netinet/tcp.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#ifdef HAVE_ARPA_INET_H
|
2012-06-06 15:43:35 +02:00
|
|
|
#include <arpa/inet.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_ARPA_INET_H
|
|
|
|
|
#ifdef HAVE_UNISTD_H
|
2012-06-06 16:58:19 +02:00
|
|
|
#include <unistd.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_UNISTD_H
|
2012-06-06 16:58:19 +02:00
|
|
|
#include <getopt.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#ifdef HAVE_SYSLOG_H
|
2012-08-01 18:20:18 +02:00
|
|
|
#include <syslog.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_SYSLOG_H
|
2014-07-05 11:22:40 +02:00
|
|
|
#include <signal.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#ifdef HAVE_LIMITS_H
|
2014-08-12 15:22:02 +02:00
|
|
|
#include <limits.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_LIMITS_H
|
|
|
|
|
#ifdef HAVE_SYS_TIME_H
|
2015-01-10 15:17:48 +01:00
|
|
|
#include <sys/time.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_SYS_TIME_H
|
2015-01-10 15:17:48 +01:00
|
|
|
#include <sys/resource.h>
|
2015-01-26 15:41:38 +01:00
|
|
|
#include <grp.h>
|
2012-06-04 16:48:31 +02:00
|
|
|
|
2015-05-13 17:17:45 +02:00
|
|
|
#include <cinttypes>
|
2012-06-06 16:58:19 +02:00
|
|
|
#include <limits>
|
2012-06-04 16:48:31 +02:00
|
|
|
#include <cstdlib>
|
2012-06-06 16:58:19 +02:00
|
|
|
#include <iostream>
|
2012-07-31 18:51:16 +02:00
|
|
|
#include <fstream>
|
2012-08-01 17:06:41 +02:00
|
|
|
#include <vector>
|
2015-02-22 09:01:19 +01:00
|
|
|
#include <initializer_list>
|
2012-06-04 16:48:31 +02:00
|
|
|
|
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
|
#include <openssl/err.h>
|
2014-08-02 03:11:45 +02:00
|
|
|
#include <openssl/conf.h>
|
2015-01-07 16:01:09 +01:00
|
|
|
#include <openssl/rand.h>
|
2012-06-04 16:48:31 +02:00
|
|
|
|
2014-12-27 18:59:06 +01:00
|
|
|
#include <ev.h>
|
2012-06-04 16:48:31 +02:00
|
|
|
|
2013-07-12 17:19:03 +02:00
|
|
|
#include <nghttp2/nghttp2.h>
|
2012-06-04 16:48:31 +02:00
|
|
|
|
|
|
|
|
#include "shrpx_config.h"
|
2015-01-08 13:48:39 +01:00
|
|
|
#include "shrpx_connection_handler.h"
|
2012-06-08 15:41:24 +02:00
|
|
|
#include "shrpx_ssl.h"
|
2015-02-25 16:02:29 +01:00
|
|
|
#include "shrpx_log_config.h"
|
2014-08-12 15:22:02 +02:00
|
|
|
#include "shrpx_worker.h"
|
2014-12-27 18:59:06 +01:00
|
|
|
#include "shrpx_accept_handler.h"
|
2015-02-24 07:21:10 +01:00
|
|
|
#include "shrpx_http2_upstream.h"
|
|
|
|
|
#include "shrpx_http2_session.h"
|
2015-07-27 17:54:44 +02:00
|
|
|
#include "shrpx_memcached_dispatcher.h"
|
|
|
|
|
#include "shrpx_memcached_request.h"
|
2014-01-08 17:27:56 +01:00
|
|
|
#include "util.h"
|
2014-02-09 10:47:26 +01:00
|
|
|
#include "app_helper.h"
|
2014-03-04 13:33:43 +01:00
|
|
|
#include "ssl.h"
|
2015-02-05 15:21:53 +01:00
|
|
|
#include "template.h"
|
2014-01-08 17:27:56 +01:00
|
|
|
|
2014-08-12 15:22:02 +02:00
|
|
|
extern char **environ;
|
|
|
|
|
|
2014-01-08 17:27:56 +01:00
|
|
|
using namespace nghttp2;
|
2012-06-04 16:48:31 +02:00
|
|
|
|
|
|
|
|
namespace shrpx {
|
|
|
|
|
|
2014-07-05 11:22:40 +02:00
|
|
|
namespace {
|
|
|
|
|
const int REOPEN_LOG_SIGNAL = SIGUSR1;
|
2014-08-12 15:22:02 +02:00
|
|
|
const int EXEC_BINARY_SIGNAL = SIGUSR2;
|
|
|
|
|
const int GRACEFUL_SHUTDOWN_SIGNAL = SIGQUIT;
|
2014-07-05 11:22:40 +02:00
|
|
|
} // namespace
|
|
|
|
|
|
2014-08-12 15:22:02 +02:00
|
|
|
// Environment variables to tell new binary the listening socket's
|
|
|
|
|
// file descriptors. They are not close-on-exec.
|
|
|
|
|
#define ENV_LISTENER4_FD "NGHTTPX_LISTENER4_FD"
|
|
|
|
|
#define ENV_LISTENER6_FD "NGHTTPX_LISTENER6_FD"
|
|
|
|
|
|
|
|
|
|
// Environment variable to tell new binary the port number the current
|
|
|
|
|
// binary is listening to.
|
|
|
|
|
#define ENV_PORT "NGHTTPX_PORT"
|
|
|
|
|
|
2015-02-22 09:01:19 +01:00
|
|
|
// Environment variable to tell new binary the listening socket's file
|
|
|
|
|
// descriptor if frontend listens UNIX domain socket.
|
|
|
|
|
#define ENV_UNIX_FD "NGHTTP2_UNIX_FD"
|
|
|
|
|
// Environment variable to tell new binary the UNIX domain socket
|
|
|
|
|
// path.
|
|
|
|
|
#define ENV_UNIX_PATH "NGHTTP2_UNIX_PATH"
|
|
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
namespace {
|
2015-07-26 18:41:10 +02:00
|
|
|
int resolve_hostname(Address *addr, const char *hostname, uint16_t port,
|
|
|
|
|
int family) {
|
2012-06-04 16:48:31 +02:00
|
|
|
int rv;
|
2012-06-06 16:58:19 +02:00
|
|
|
|
2014-05-14 15:39:28 +02:00
|
|
|
auto service = util::utos(port);
|
2012-06-06 16:58:19 +02:00
|
|
|
|
2015-07-19 10:55:37 +02:00
|
|
|
addrinfo hints{};
|
2013-02-09 08:42:01 +01:00
|
|
|
hints.ai_family = family;
|
2012-06-04 16:48:31 +02:00
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
#ifdef AI_ADDRCONFIG
|
|
|
|
|
hints.ai_flags |= AI_ADDRCONFIG;
|
|
|
|
|
#endif // AI_ADDRCONFIG
|
2012-06-05 18:26:04 +02:00
|
|
|
addrinfo *res;
|
2012-06-06 16:58:19 +02:00
|
|
|
|
2014-05-14 15:39:28 +02:00
|
|
|
rv = getaddrinfo(hostname, service.c_str(), &hints, &res);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (rv != 0) {
|
|
|
|
|
LOG(FATAL) << "Unable to resolve address for " << hostname << ": "
|
|
|
|
|
<< gai_strerror(rv);
|
2013-02-09 08:42:01 +01:00
|
|
|
return -1;
|
2012-06-05 18:26:04 +02:00
|
|
|
}
|
2012-06-06 15:43:35 +02:00
|
|
|
|
|
|
|
|
char host[NI_MAXHOST];
|
2014-11-27 15:39:04 +01:00
|
|
|
rv = getnameinfo(res->ai_addr, res->ai_addrlen, host, sizeof(host), 0, 0,
|
|
|
|
|
NI_NUMERICHOST);
|
|
|
|
|
if (rv != 0) {
|
|
|
|
|
LOG(FATAL) << "Address resolution for " << hostname
|
|
|
|
|
<< " failed: " << gai_strerror(rv);
|
2014-07-17 17:21:15 +02:00
|
|
|
|
|
|
|
|
freeaddrinfo(res);
|
|
|
|
|
|
2013-02-09 08:42:01 +01:00
|
|
|
return -1;
|
2012-06-06 15:43:35 +02:00
|
|
|
}
|
2014-07-17 17:21:15 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
|
LOG(INFO) << "Address resolution for " << hostname
|
|
|
|
|
<< " succeeded: " << host;
|
2014-07-17 17:21:15 +02:00
|
|
|
}
|
|
|
|
|
|
2015-07-26 18:41:10 +02:00
|
|
|
memcpy(&addr->su, res->ai_addr, res->ai_addrlen);
|
|
|
|
|
addr->len = res->ai_addrlen;
|
2012-06-04 16:48:31 +02:00
|
|
|
freeaddrinfo(res);
|
2012-06-05 18:26:04 +02:00
|
|
|
return 0;
|
2012-06-04 16:48:31 +02:00
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2015-02-22 09:01:19 +01:00
|
|
|
namespace {
|
|
|
|
|
void close_env_fd(std::initializer_list<const char *> envnames) {
|
|
|
|
|
for (auto envname : envnames) {
|
|
|
|
|
auto envfd = getenv(envname);
|
|
|
|
|
if (!envfd) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
auto fd = strtol(envfd, nullptr, 10);
|
|
|
|
|
close(fd);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
|
std::unique_ptr<AcceptHandler>
|
|
|
|
|
create_unix_domain_acceptor(ConnectionHandler *handler) {
|
|
|
|
|
auto path = get_config()->host.get();
|
|
|
|
|
auto pathlen = strlen(path);
|
|
|
|
|
{
|
|
|
|
|
auto envfd = getenv(ENV_UNIX_FD);
|
|
|
|
|
auto envpath = getenv(ENV_UNIX_PATH);
|
|
|
|
|
if (envfd && envpath) {
|
|
|
|
|
auto fd = strtoul(envfd, nullptr, 10);
|
|
|
|
|
|
|
|
|
|
if (util::streq(envpath, path)) {
|
|
|
|
|
LOG(NOTICE) << "Listening on UNIX domain socket " << path;
|
|
|
|
|
|
|
|
|
|
return make_unique<AcceptHandler>(fd, handler);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LOG(WARN) << "UNIX domain socket path was changed between old binary ("
|
|
|
|
|
<< envpath << ") and new binary (" << path << ")";
|
|
|
|
|
close(fd);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef SOCK_NONBLOCK
|
|
|
|
|
auto fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0);
|
|
|
|
|
if (fd == -1) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
#else // !SOCK_NONBLOCK
|
|
|
|
|
auto fd = socket(AF_UNIX, SOCK_STREAM, 0);
|
|
|
|
|
if (fd == -1) {
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
util::make_socket_nonblocking(fd);
|
|
|
|
|
#endif // !SOCK_NONBLOCK
|
|
|
|
|
int val = 1;
|
|
|
|
|
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val,
|
|
|
|
|
static_cast<socklen_t>(sizeof(val))) == -1) {
|
|
|
|
|
close(fd);
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sockaddr_union addr;
|
|
|
|
|
addr.un.sun_family = AF_UNIX;
|
|
|
|
|
if (pathlen + 1 > sizeof(addr.un.sun_path)) {
|
|
|
|
|
LOG(FATAL) << "UNIX domain socket path " << path << " is too long > "
|
|
|
|
|
<< sizeof(addr.un.sun_path);
|
2015-02-22 09:53:12 +01:00
|
|
|
close(fd);
|
2015-02-22 09:01:19 +01:00
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
// copy path including terminal NULL
|
|
|
|
|
std::copy_n(path, pathlen + 1, addr.un.sun_path);
|
|
|
|
|
|
|
|
|
|
// unlink (remove) already existing UNIX domain socket path
|
|
|
|
|
unlink(path);
|
|
|
|
|
|
2015-02-22 09:53:12 +01:00
|
|
|
if (bind(fd, &addr.sa, sizeof(addr.un)) != 0) {
|
|
|
|
|
auto error = errno;
|
|
|
|
|
LOG(FATAL) << "Failed to bind UNIX domain socket, error=" << error;
|
|
|
|
|
close(fd);
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (listen(fd, get_config()->backlog) != 0) {
|
|
|
|
|
auto error = errno;
|
|
|
|
|
LOG(FATAL) << "Failed to listen to UNIX domain socket, error=" << error;
|
|
|
|
|
close(fd);
|
2015-02-22 09:01:19 +01:00
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LOG(NOTICE) << "Listening on UNIX domain socket " << path;
|
|
|
|
|
|
|
|
|
|
return make_unique<AcceptHandler>(fd, handler);
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2012-06-05 19:23:07 +02:00
|
|
|
namespace {
|
2015-01-08 13:48:39 +01:00
|
|
|
std::unique_ptr<AcceptHandler> create_acceptor(ConnectionHandler *handler,
|
2014-12-27 18:59:06 +01:00
|
|
|
int family) {
|
2014-08-12 15:22:02 +02:00
|
|
|
{
|
2014-11-27 15:39:04 +01:00
|
|
|
auto envfd =
|
|
|
|
|
getenv(family == AF_INET ? ENV_LISTENER4_FD : ENV_LISTENER6_FD);
|
2014-08-12 15:22:02 +02:00
|
|
|
auto envport = getenv(ENV_PORT);
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (envfd && envport) {
|
2014-08-12 15:22:02 +02:00
|
|
|
auto fd = strtoul(envfd, nullptr, 10);
|
|
|
|
|
auto port = strtoul(envport, nullptr, 10);
|
|
|
|
|
|
|
|
|
|
// Only do this iff NGHTTPX_PORT == get_config()->port.
|
|
|
|
|
// Otherwise, close fd, and create server socket as usual.
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (port == get_config()->port) {
|
2014-11-06 15:32:56 +01:00
|
|
|
LOG(NOTICE) << "Listening on port " << get_config()->port;
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2015-02-05 15:21:53 +01:00
|
|
|
return make_unique<AcceptHandler>(fd, handler);
|
2014-08-12 15:22:02 +02:00
|
|
|
}
|
|
|
|
|
|
2014-11-08 02:51:56 +01:00
|
|
|
LOG(WARN) << "Port was changed between old binary (" << port
|
|
|
|
|
<< ") and new binary (" << get_config()->port << ")";
|
2014-08-12 15:22:02 +02:00
|
|
|
close(fd);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
int fd = -1;
|
2014-07-06 12:21:18 +02:00
|
|
|
int rv;
|
2014-05-14 15:39:28 +02:00
|
|
|
|
|
|
|
|
auto service = util::utos(get_config()->port);
|
2015-07-19 10:55:37 +02:00
|
|
|
addrinfo hints{};
|
2012-06-06 15:43:35 +02:00
|
|
|
hints.ai_family = family;
|
2012-06-04 16:48:31 +02:00
|
|
|
hints.ai_socktype = SOCK_STREAM;
|
|
|
|
|
hints.ai_flags = AI_PASSIVE;
|
|
|
|
|
#ifdef AI_ADDRCONFIG
|
|
|
|
|
hints.ai_flags |= AI_ADDRCONFIG;
|
|
|
|
|
#endif // AI_ADDRCONFIG
|
2012-06-06 15:43:35 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
auto node = strcmp("*", get_config()->host.get()) == 0
|
|
|
|
|
? nullptr
|
|
|
|
|
: get_config()->host.get();
|
2014-05-25 09:15:48 +02:00
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
addrinfo *res, *rp;
|
2014-07-06 12:21:18 +02:00
|
|
|
rv = getaddrinfo(node, service.c_str(), &hints, &res);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (rv != 0) {
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
2013-01-21 14:42:49 +01:00
|
|
|
LOG(INFO) << "Unable to get IPv" << (family == AF_INET ? "4" : "6")
|
2014-06-08 14:02:40 +02:00
|
|
|
<< " address for " << get_config()->host.get() << ": "
|
2014-07-06 12:21:18 +02:00
|
|
|
<< gai_strerror(rv);
|
2013-01-21 14:42:49 +01:00
|
|
|
}
|
2014-07-06 12:21:18 +02:00
|
|
|
return nullptr;
|
2012-06-04 16:48:31 +02:00
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
for (rp = res; rp; rp = rp->ai_next) {
|
2015-01-10 16:28:00 +01:00
|
|
|
#ifdef SOCK_NONBLOCK
|
2014-12-27 18:59:06 +01:00
|
|
|
fd =
|
|
|
|
|
socket(rp->ai_family, rp->ai_socktype | SOCK_NONBLOCK, rp->ai_protocol);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (fd == -1) {
|
2015-06-06 17:02:30 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(WARN) << "socket() syscall failed, error=" << error;
|
2012-06-04 16:48:31 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
2015-01-10 16:28:00 +01:00
|
|
|
#else // !SOCK_NONBLOCK
|
|
|
|
|
fd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
|
|
|
|
|
if (fd == -1) {
|
2015-06-06 17:02:30 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(WARN) << "socket() syscall failed, error=" << error;
|
2015-01-10 16:28:00 +01:00
|
|
|
continue;
|
|
|
|
|
}
|
2015-02-07 16:49:56 +01:00
|
|
|
util::make_socket_nonblocking(fd);
|
2015-01-10 16:28:00 +01:00
|
|
|
#endif // !SOCK_NONBLOCK
|
2012-06-04 16:48:31 +02:00
|
|
|
int val = 1;
|
2014-11-27 15:39:04 +01:00
|
|
|
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val,
|
|
|
|
|
static_cast<socklen_t>(sizeof(val))) == -1) {
|
2015-06-06 17:02:30 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(WARN)
|
|
|
|
|
<< "Failed to set SO_REUSEADDR option to listener socket, error="
|
|
|
|
|
<< error;
|
2012-06-04 16:48:31 +02:00
|
|
|
close(fd);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2014-12-27 18:59:06 +01:00
|
|
|
|
2012-06-06 15:43:35 +02:00
|
|
|
#ifdef IPV6_V6ONLY
|
2014-11-27 15:39:04 +01:00
|
|
|
if (family == AF_INET6) {
|
|
|
|
|
if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &val,
|
|
|
|
|
static_cast<socklen_t>(sizeof(val))) == -1) {
|
2015-06-06 17:02:30 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(WARN)
|
|
|
|
|
<< "Failed to set IPV6_V6ONLY option to listener socket, error="
|
|
|
|
|
<< error;
|
2012-06-06 15:43:35 +02:00
|
|
|
close(fd);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif // IPV6_V6ONLY
|
2015-01-29 13:14:44 +01:00
|
|
|
|
|
|
|
|
#ifdef TCP_DEFER_ACCEPT
|
|
|
|
|
val = 3;
|
|
|
|
|
if (setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, &val,
|
|
|
|
|
static_cast<socklen_t>(sizeof(val))) == -1) {
|
|
|
|
|
LOG(WARN) << "Failed to set TCP_DEFER_ACCEPT option to listener socket";
|
|
|
|
|
}
|
|
|
|
|
#endif // TCP_DEFER_ACCEPT
|
|
|
|
|
|
2015-06-06 17:05:33 +02:00
|
|
|
// When we are executing new binary, and the old binary did not
|
|
|
|
|
// bind privileged port (< 1024) for some reason, binding to those
|
|
|
|
|
// ports will fail with permission denied error.
|
2015-06-06 17:02:30 +02:00
|
|
|
if (bind(fd, rp->ai_addr, rp->ai_addrlen) == -1) {
|
|
|
|
|
auto error = errno;
|
|
|
|
|
LOG(WARN) << "bind() syscall failed, error=" << error;
|
|
|
|
|
close(fd);
|
|
|
|
|
continue;
|
2012-06-04 16:48:31 +02:00
|
|
|
}
|
2015-06-06 17:02:30 +02:00
|
|
|
|
|
|
|
|
if (listen(fd, get_config()->backlog) == -1) {
|
|
|
|
|
auto error = errno;
|
|
|
|
|
LOG(WARN) << "listen() syscall failed, error=" << error;
|
|
|
|
|
close(fd);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
2012-06-04 16:48:31 +02:00
|
|
|
}
|
2014-07-06 12:21:18 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!rp) {
|
2014-11-08 02:51:56 +01:00
|
|
|
LOG(WARN) << "Listening " << (family == AF_INET ? "IPv4" : "IPv6")
|
|
|
|
|
<< " socket failed";
|
2014-07-06 12:21:18 +02:00
|
|
|
|
2014-07-17 17:21:15 +02:00
|
|
|
freeaddrinfo(res);
|
|
|
|
|
|
2014-07-06 12:21:18 +02:00
|
|
|
return nullptr;
|
2012-06-06 15:43:35 +02:00
|
|
|
}
|
2014-07-06 12:21:18 +02:00
|
|
|
|
|
|
|
|
char host[NI_MAXHOST];
|
2014-11-27 15:39:04 +01:00
|
|
|
rv = getnameinfo(rp->ai_addr, rp->ai_addrlen, host, sizeof(host), nullptr, 0,
|
|
|
|
|
NI_NUMERICHOST);
|
2014-07-06 12:21:18 +02:00
|
|
|
|
2014-07-17 17:21:15 +02:00
|
|
|
freeaddrinfo(res);
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (rv != 0) {
|
2014-11-08 02:51:56 +01:00
|
|
|
LOG(WARN) << gai_strerror(rv);
|
2014-07-06 12:21:18 +02:00
|
|
|
|
|
|
|
|
close(fd);
|
|
|
|
|
|
|
|
|
|
return nullptr;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-06 15:32:56 +01:00
|
|
|
LOG(NOTICE) << "Listening on " << host << ", port " << get_config()->port;
|
2012-06-06 15:43:35 +02:00
|
|
|
|
2015-02-05 15:21:53 +01:00
|
|
|
return make_unique<AcceptHandler>(fd, handler);
|
2012-06-04 16:48:31 +02:00
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2012-08-01 17:29:37 +02:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
void drop_privileges() {
|
|
|
|
|
if (getuid() == 0 && get_config()->uid != 0) {
|
2015-01-26 15:41:38 +01:00
|
|
|
if (initgroups(get_config()->user.get(), get_config()->gid) != 0) {
|
|
|
|
|
auto error = errno;
|
|
|
|
|
LOG(FATAL) << "Could not change supplementary groups: "
|
|
|
|
|
<< strerror(error);
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (setgid(get_config()->gid) != 0) {
|
2014-08-13 15:13:08 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(FATAL) << "Could not change gid: " << strerror(error);
|
2012-08-01 17:29:37 +02:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (setuid(get_config()->uid) != 0) {
|
2014-08-13 15:13:08 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(FATAL) << "Could not change uid: " << strerror(error);
|
2012-08-01 17:29:37 +02:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (setuid(0) != -1) {
|
2012-08-01 17:29:37 +02:00
|
|
|
LOG(FATAL) << "Still have root privileges?";
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2013-08-10 11:55:18 +02:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
void save_pid() {
|
2014-06-08 14:02:40 +02:00
|
|
|
std::ofstream out(get_config()->pid_file.get(), std::ios::binary);
|
2014-11-27 14:41:14 +01:00
|
|
|
out << get_config()->pid << "\n";
|
2013-08-10 11:55:18 +02:00
|
|
|
out.close();
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!out) {
|
|
|
|
|
LOG(ERROR) << "Could not save PID to file " << get_config()->pid_file.get();
|
2013-08-10 11:55:18 +02:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2014-08-12 18:53:44 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->uid != 0) {
|
|
|
|
|
if (chown(get_config()->pid_file.get(), get_config()->uid,
|
|
|
|
|
get_config()->gid) == -1) {
|
2014-08-12 18:53:44 +02:00
|
|
|
auto error = errno;
|
2014-11-27 15:39:04 +01:00
|
|
|
LOG(WARN) << "Changing owner of pid file " << get_config()->pid_file.get()
|
|
|
|
|
<< " failed: " << strerror(error);
|
2014-08-12 18:53:44 +02:00
|
|
|
}
|
|
|
|
|
}
|
2013-08-10 11:55:18 +02:00
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2014-07-05 11:22:40 +02:00
|
|
|
namespace {
|
2014-12-27 18:59:06 +01:00
|
|
|
void reopen_log_signal_cb(struct ev_loop *loop, ev_signal *w, int revents) {
|
2015-01-08 13:48:39 +01:00
|
|
|
auto conn_handler = static_cast<ConnectionHandler *>(w->data);
|
2014-07-05 11:22:40 +02:00
|
|
|
|
2015-04-10 17:08:28 +02:00
|
|
|
LOG(NOTICE) << "Reopening log files: main";
|
2014-07-05 11:22:40 +02:00
|
|
|
|
|
|
|
|
(void)reopen_log_files();
|
2015-04-08 09:59:58 +02:00
|
|
|
redirect_stderr_to_errorlog();
|
2014-07-05 11:22:40 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->num_worker > 1) {
|
2015-01-08 13:48:39 +01:00
|
|
|
conn_handler->worker_reopen_log_files();
|
2014-07-05 11:22:40 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2014-08-12 15:22:02 +02:00
|
|
|
namespace {
|
2014-12-27 18:59:06 +01:00
|
|
|
void exec_binary_signal_cb(struct ev_loop *loop, ev_signal *w, int revents) {
|
2015-01-08 13:48:39 +01:00
|
|
|
auto conn_handler = static_cast<ConnectionHandler *>(w->data);
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2014-11-06 15:32:56 +01:00
|
|
|
LOG(NOTICE) << "Executing new binary";
|
2014-08-12 15:22:02 +02:00
|
|
|
|
|
|
|
|
auto pid = fork();
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (pid == -1) {
|
2014-08-12 15:22:02 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(ERROR) << "fork() failed errno=" << error;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (pid != 0) {
|
2014-08-12 15:22:02 +02:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
auto exec_path = util::get_exec_path(get_config()->argc, get_config()->argv,
|
2014-08-12 15:22:02 +02:00
|
|
|
get_config()->cwd);
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!exec_path) {
|
2014-08-12 15:22:02 +02:00
|
|
|
LOG(ERROR) << "Could not resolve the executable path";
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-05 15:21:53 +01:00
|
|
|
auto argv = make_unique<char *[]>(get_config()->argc + 1);
|
2014-08-12 15:22:02 +02:00
|
|
|
|
|
|
|
|
argv[0] = exec_path;
|
2014-11-27 15:39:04 +01:00
|
|
|
for (int i = 1; i < get_config()->argc; ++i) {
|
2014-08-12 15:22:02 +02:00
|
|
|
argv[i] = strdup(get_config()->argv[i]);
|
|
|
|
|
}
|
|
|
|
|
argv[get_config()->argc] = nullptr;
|
|
|
|
|
|
|
|
|
|
size_t envlen = 0;
|
2014-11-27 15:39:04 +01:00
|
|
|
for (char **p = environ; *p; ++p, ++envlen)
|
|
|
|
|
;
|
2015-02-22 09:01:19 +01:00
|
|
|
// 3 for missing (fd4, fd6 and port) or (unix fd and unix path)
|
2015-02-05 15:21:53 +01:00
|
|
|
auto envp = make_unique<char *[]>(envlen + 3 + 1);
|
2014-08-12 15:22:02 +02:00
|
|
|
size_t envidx = 0;
|
|
|
|
|
|
2015-02-22 09:01:19 +01:00
|
|
|
if (get_config()->host_unix) {
|
2015-02-22 09:59:50 +01:00
|
|
|
auto acceptor = conn_handler->get_acceptor();
|
2015-02-22 09:01:19 +01:00
|
|
|
std::string fd = ENV_UNIX_FD "=";
|
|
|
|
|
fd += util::utos(acceptor->get_fd());
|
|
|
|
|
envp[envidx++] = strdup(fd.c_str());
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2015-02-22 09:01:19 +01:00
|
|
|
std::string path = ENV_UNIX_PATH "=";
|
|
|
|
|
path += get_config()->host.get();
|
|
|
|
|
envp[envidx++] = strdup(path.c_str());
|
|
|
|
|
} else {
|
2015-02-22 09:59:50 +01:00
|
|
|
auto acceptor4 = conn_handler->get_acceptor();
|
2015-02-22 09:01:19 +01:00
|
|
|
if (acceptor4) {
|
|
|
|
|
std::string fd4 = ENV_LISTENER4_FD "=";
|
|
|
|
|
fd4 += util::utos(acceptor4->get_fd());
|
|
|
|
|
envp[envidx++] = strdup(fd4.c_str());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auto acceptor6 = conn_handler->get_acceptor6();
|
|
|
|
|
if (acceptor6) {
|
|
|
|
|
std::string fd6 = ENV_LISTENER6_FD "=";
|
|
|
|
|
fd6 += util::utos(acceptor6->get_fd());
|
|
|
|
|
envp[envidx++] = strdup(fd6.c_str());
|
|
|
|
|
}
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2015-02-22 09:01:19 +01:00
|
|
|
std::string port = ENV_PORT "=";
|
|
|
|
|
port += util::utos(get_config()->port);
|
|
|
|
|
envp[envidx++] = strdup(port.c_str());
|
|
|
|
|
}
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
for (size_t i = 0; i < envlen; ++i) {
|
2015-02-22 09:01:19 +01:00
|
|
|
if (util::startsWith(environ[i], ENV_LISTENER4_FD) ||
|
|
|
|
|
util::startsWith(environ[i], ENV_LISTENER6_FD) ||
|
|
|
|
|
util::startsWith(environ[i], ENV_PORT) ||
|
|
|
|
|
util::startsWith(environ[i], ENV_UNIX_FD) ||
|
|
|
|
|
util::startsWith(environ[i], ENV_UNIX_PATH)) {
|
2014-08-12 15:22:02 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
envp[envidx++] = environ[i];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
envp[envidx++] = nullptr;
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (LOG_ENABLED(INFO)) {
|
2014-08-12 15:22:02 +02:00
|
|
|
LOG(INFO) << "cmdline";
|
2014-11-27 15:39:04 +01:00
|
|
|
for (int i = 0; argv[i]; ++i) {
|
2014-08-12 15:22:02 +02:00
|
|
|
LOG(INFO) << i << ": " << argv[i];
|
|
|
|
|
}
|
|
|
|
|
LOG(INFO) << "environ";
|
2014-11-27 15:39:04 +01:00
|
|
|
for (int i = 0; envp[i]; ++i) {
|
2014-08-12 15:22:02 +02:00
|
|
|
LOG(INFO) << i << ": " << envp[i];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-08-13 11:01:37 +02:00
|
|
|
// restores original stderr
|
|
|
|
|
util::restore_original_fds();
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (execve(argv[0], argv.get(), envp.get()) == -1) {
|
2014-08-12 15:22:02 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(ERROR) << "execve failed: errno=" << error;
|
2014-08-23 11:15:47 +02:00
|
|
|
_Exit(EXIT_FAILURE);
|
2014-08-12 15:22:02 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
namespace {
|
2014-12-27 18:59:06 +01:00
|
|
|
void graceful_shutdown_signal_cb(struct ev_loop *loop, ev_signal *w,
|
|
|
|
|
int revents) {
|
2015-01-08 13:48:39 +01:00
|
|
|
auto conn_handler = static_cast<ConnectionHandler *>(w->data);
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2015-02-25 14:53:23 +01:00
|
|
|
if (conn_handler->get_graceful_shutdown()) {
|
2015-01-21 17:46:25 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-06 15:32:56 +01:00
|
|
|
LOG(NOTICE) << "Graceful shutdown signal received";
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2015-02-25 14:53:23 +01:00
|
|
|
conn_handler->set_graceful_shutdown(true);
|
2014-08-27 15:34:00 +02:00
|
|
|
|
2015-01-08 13:48:39 +01:00
|
|
|
conn_handler->disable_acceptor();
|
2014-08-12 15:22:02 +02:00
|
|
|
|
|
|
|
|
// After disabling accepting new connection, disptach incoming
|
|
|
|
|
// connection in backlog.
|
|
|
|
|
|
2015-01-08 13:48:39 +01:00
|
|
|
conn_handler->accept_pending_connection();
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2015-01-08 13:48:39 +01:00
|
|
|
conn_handler->graceful_shutdown_worker();
|
2014-12-27 18:59:06 +01:00
|
|
|
|
2015-04-08 17:43:03 +02:00
|
|
|
if (get_config()->num_worker == 1 &&
|
|
|
|
|
conn_handler->get_single_worker()->get_worker_stat()->num_connections >
|
|
|
|
|
0) {
|
2015-01-21 17:46:25 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2014-12-27 18:59:06 +01:00
|
|
|
// We have accepted all pending connections. Shutdown main event
|
|
|
|
|
// loop.
|
|
|
|
|
ev_break(loop);
|
2014-08-12 15:22:02 +02:00
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2015-07-23 14:09:16 +02:00
|
|
|
namespace {
|
|
|
|
|
int generate_ticket_key(TicketKey &ticket_key) {
|
2015-07-28 16:49:37 +02:00
|
|
|
ticket_key.cipher = get_config()->tls_ticket_key_cipher;
|
2015-07-23 14:09:16 +02:00
|
|
|
ticket_key.hmac = EVP_sha256();
|
|
|
|
|
ticket_key.hmac_keylen = EVP_MD_size(ticket_key.hmac);
|
|
|
|
|
|
|
|
|
|
assert(static_cast<size_t>(EVP_CIPHER_key_length(ticket_key.cipher)) <=
|
2015-07-26 19:12:07 +02:00
|
|
|
ticket_key.data.enc_key.size());
|
|
|
|
|
assert(ticket_key.hmac_keylen <= ticket_key.data.hmac_key.size());
|
2015-07-23 14:09:16 +02:00
|
|
|
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
|
LOG(INFO) << "enc_keylen=" << EVP_CIPHER_key_length(ticket_key.cipher)
|
|
|
|
|
<< ", hmac_keylen=" << ticket_key.hmac_keylen;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (RAND_bytes(reinterpret_cast<unsigned char *>(&ticket_key.data),
|
|
|
|
|
sizeof(ticket_key.data)) == 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2015-01-07 16:01:09 +01:00
|
|
|
namespace {
|
|
|
|
|
void renew_ticket_key_cb(struct ev_loop *loop, ev_timer *w, int revents) {
|
2015-01-08 13:48:39 +01:00
|
|
|
auto conn_handler = static_cast<ConnectionHandler *>(w->data);
|
2015-02-11 11:18:41 +01:00
|
|
|
const auto &old_ticket_keys = conn_handler->get_ticket_keys();
|
2015-01-07 17:57:59 +01:00
|
|
|
|
2015-01-07 16:01:09 +01:00
|
|
|
auto ticket_keys = std::make_shared<TicketKeys>();
|
2015-07-23 14:09:16 +02:00
|
|
|
LOG(NOTICE) << "Renew new ticket keys";
|
|
|
|
|
|
|
|
|
|
// If old_ticket_keys is not empty, it should contain at least 2
|
|
|
|
|
// keys: one for encryption, and last one for the next encryption
|
|
|
|
|
// key but decryption only. The keys in between are old keys and
|
|
|
|
|
// decryption only. The next key is provided to ensure to mitigate
|
|
|
|
|
// possible problem when one worker encrypt new key, but one worker,
|
|
|
|
|
// which did not take the that key yet, and cannot decrypt it.
|
|
|
|
|
//
|
2015-07-24 16:59:19 +02:00
|
|
|
// We keep keys for get_config()->tls_session_timeout seconds. The
|
|
|
|
|
// default is 12 hours. Thus the maximum ticket vector size is 12.
|
2015-01-07 16:01:09 +01:00
|
|
|
if (old_ticket_keys) {
|
|
|
|
|
auto &old_keys = old_ticket_keys->keys;
|
|
|
|
|
auto &new_keys = ticket_keys->keys;
|
|
|
|
|
|
2015-07-23 16:13:29 +02:00
|
|
|
assert(!old_keys.empty());
|
2015-01-07 16:01:09 +01:00
|
|
|
|
2015-07-24 16:59:19 +02:00
|
|
|
auto max_tickets =
|
|
|
|
|
static_cast<size_t>(std::chrono::duration_cast<std::chrono::hours>(
|
|
|
|
|
get_config()->tls_session_timeout).count());
|
|
|
|
|
|
|
|
|
|
new_keys.resize(std::min(max_tickets, old_keys.size() + 1));
|
2015-07-23 16:13:29 +02:00
|
|
|
std::copy_n(std::begin(old_keys), new_keys.size() - 1,
|
2015-07-23 14:09:16 +02:00
|
|
|
std::begin(new_keys) + 1);
|
2015-01-07 16:01:09 +01:00
|
|
|
} else {
|
2015-07-23 16:13:29 +02:00
|
|
|
ticket_keys->keys.resize(1);
|
2015-01-07 16:01:09 +01:00
|
|
|
}
|
|
|
|
|
|
2015-07-23 16:13:29 +02:00
|
|
|
auto &new_key = ticket_keys->keys[0];
|
2015-07-17 18:49:20 +02:00
|
|
|
|
2015-07-23 14:09:16 +02:00
|
|
|
if (generate_ticket_key(new_key) != 0) {
|
2015-01-07 16:01:09 +01:00
|
|
|
if (LOG_ENABLED(INFO)) {
|
2015-07-23 14:09:16 +02:00
|
|
|
LOG(INFO) << "failed to generate ticket key";
|
2015-01-07 16:01:09 +01:00
|
|
|
}
|
2015-07-23 14:09:16 +02:00
|
|
|
conn_handler->set_ticket_keys(nullptr);
|
2015-07-23 16:13:29 +02:00
|
|
|
conn_handler->set_ticket_keys_to_worker(nullptr);
|
2015-01-07 16:01:09 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
|
LOG(INFO) << "ticket keys generation done";
|
2015-07-23 16:13:29 +02:00
|
|
|
assert(ticket_keys->keys.size() >= 1);
|
|
|
|
|
LOG(INFO) << 0 << " enc+dec: "
|
2015-07-23 14:09:16 +02:00
|
|
|
<< util::format_hex(ticket_keys->keys[0].data.name);
|
2015-07-23 16:13:29 +02:00
|
|
|
for (size_t i = 1; i < ticket_keys->keys.size(); ++i) {
|
2015-07-23 14:09:16 +02:00
|
|
|
auto &key = ticket_keys->keys[i];
|
2015-07-23 16:13:29 +02:00
|
|
|
LOG(INFO) << i << " dec: " << util::format_hex(key.data.name);
|
2015-01-07 16:01:09 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-11 11:18:41 +01:00
|
|
|
conn_handler->set_ticket_keys(ticket_keys);
|
2015-07-23 16:13:29 +02:00
|
|
|
conn_handler->set_ticket_keys_to_worker(ticket_keys);
|
2015-01-07 16:01:09 +01:00
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2015-07-27 17:54:44 +02:00
|
|
|
namespace {
|
|
|
|
|
void memcached_get_ticket_key_cb(struct ev_loop *loop, ev_timer *w,
|
|
|
|
|
int revents) {
|
|
|
|
|
auto conn_handler = static_cast<ConnectionHandler *>(w->data);
|
|
|
|
|
auto dispatcher = conn_handler->get_tls_ticket_key_memcached_dispatcher();
|
|
|
|
|
|
|
|
|
|
auto req = make_unique<MemcachedRequest>();
|
|
|
|
|
req->key = "nghttpx:tls-ticket-key";
|
|
|
|
|
req->op = MEMCACHED_OP_GET;
|
|
|
|
|
req->cb = [conn_handler, dispatcher, w](MemcachedRequest *req,
|
|
|
|
|
MemcachedResult res) {
|
|
|
|
|
switch (res.status_code) {
|
|
|
|
|
case MEMCACHED_ERR_NO_ERROR:
|
|
|
|
|
break;
|
|
|
|
|
case MEMCACHED_ERR_EXT_NETWORK_ERROR:
|
|
|
|
|
conn_handler->on_tls_ticket_key_network_error(w);
|
|
|
|
|
return;
|
|
|
|
|
default:
|
|
|
|
|
conn_handler->on_tls_ticket_key_not_found(w);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// |version (4bytes)|len (2bytes)|key (variable length)|...
|
|
|
|
|
// (len, key) pairs are repeated as necessary.
|
|
|
|
|
|
|
|
|
|
auto &value = res.value;
|
|
|
|
|
if (value.size() < 4) {
|
|
|
|
|
LOG(WARN) << "Memcached: tls ticket key value is too small: got "
|
|
|
|
|
<< value.size();
|
|
|
|
|
conn_handler->on_tls_ticket_key_not_found(w);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
auto p = value.data();
|
|
|
|
|
auto version = util::get_uint32(p);
|
|
|
|
|
// Currently supported version is 1.
|
|
|
|
|
if (version != 1) {
|
|
|
|
|
LOG(WARN) << "Memcached: tls ticket key version: want 1, got " << version;
|
|
|
|
|
conn_handler->on_tls_ticket_key_not_found(w);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auto end = p + value.size();
|
|
|
|
|
p += 4;
|
|
|
|
|
|
|
|
|
|
size_t expectedlen;
|
|
|
|
|
size_t enc_keylen;
|
|
|
|
|
size_t hmac_keylen;
|
2015-07-28 16:49:37 +02:00
|
|
|
if (get_config()->tls_ticket_key_cipher == EVP_aes_128_cbc()) {
|
2015-07-27 17:54:44 +02:00
|
|
|
expectedlen = 48;
|
|
|
|
|
enc_keylen = 16;
|
|
|
|
|
hmac_keylen = 16;
|
2015-07-28 16:49:37 +02:00
|
|
|
} else if (get_config()->tls_ticket_key_cipher == EVP_aes_256_cbc()) {
|
2015-07-27 17:54:44 +02:00
|
|
|
expectedlen = 80;
|
|
|
|
|
enc_keylen = 32;
|
|
|
|
|
hmac_keylen = 32;
|
|
|
|
|
} else {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
auto ticket_keys = std::make_shared<TicketKeys>();
|
|
|
|
|
|
|
|
|
|
for (; p != end;) {
|
|
|
|
|
if (end - p < 2) {
|
|
|
|
|
LOG(WARN) << "Memcached: tls ticket key data is too small";
|
|
|
|
|
conn_handler->on_tls_ticket_key_not_found(w);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
auto len = util::get_uint16(p);
|
|
|
|
|
p += 2;
|
|
|
|
|
if (len != expectedlen) {
|
|
|
|
|
LOG(WARN) << "Memcached: wrong tls ticket key size: want "
|
|
|
|
|
<< expectedlen << ", got " << len;
|
|
|
|
|
conn_handler->on_tls_ticket_key_not_found(w);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (p + len > end) {
|
|
|
|
|
LOG(WARN) << "Memcached: too short tls ticket key payload: want " << len
|
|
|
|
|
<< ", got " << (end - p);
|
|
|
|
|
conn_handler->on_tls_ticket_key_not_found(w);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
auto key = TicketKey();
|
2015-07-28 16:49:37 +02:00
|
|
|
key.cipher = get_config()->tls_ticket_key_cipher;
|
2015-07-27 17:54:44 +02:00
|
|
|
key.hmac = EVP_sha256();
|
2015-08-11 17:38:07 +02:00
|
|
|
key.hmac_keylen = hmac_keylen;
|
2015-07-27 17:54:44 +02:00
|
|
|
|
|
|
|
|
std::copy_n(p, key.data.name.size(), key.data.name.data());
|
|
|
|
|
p += key.data.name.size();
|
|
|
|
|
|
|
|
|
|
std::copy_n(p, enc_keylen, key.data.enc_key.data());
|
|
|
|
|
p += enc_keylen;
|
|
|
|
|
|
|
|
|
|
std::copy_n(p, hmac_keylen, key.data.hmac_key.data());
|
|
|
|
|
p += hmac_keylen;
|
|
|
|
|
|
|
|
|
|
ticket_keys->keys.push_back(std::move(key));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
conn_handler->on_tls_ticket_key_get_success(ticket_keys, w);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
|
LOG(INFO) << "Memcached: tls ticket key get request sent";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dispatcher->add_request(std::move(req));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2015-06-27 10:51:07 +02:00
|
|
|
namespace {
|
|
|
|
|
int call_daemon() {
|
|
|
|
|
#ifdef __sgi
|
|
|
|
|
return _daemonize(0, 0, 0, 0);
|
|
|
|
|
#else // !__sgi
|
|
|
|
|
return daemon(0, 0);
|
|
|
|
|
#endif // !__sgi
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
int event_loop() {
|
2014-12-27 18:59:06 +01:00
|
|
|
auto loop = EV_DEFAULT;
|
2012-06-06 15:43:35 +02:00
|
|
|
|
2015-02-05 15:21:53 +01:00
|
|
|
auto conn_handler = make_unique<ConnectionHandler>(loop);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->daemon) {
|
2015-06-27 10:51:07 +02:00
|
|
|
if (call_daemon() == -1) {
|
2014-08-13 15:13:08 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(FATAL) << "Failed to daemonize: " << strerror(error);
|
2012-10-28 06:29:27 +01:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2014-11-27 13:32:34 +01:00
|
|
|
|
|
|
|
|
// We get new PID after successful daemon().
|
|
|
|
|
mod_config()->pid = getpid();
|
2015-04-08 09:59:58 +02:00
|
|
|
|
|
|
|
|
// daemon redirects stderr file descriptor to /dev/null, so we
|
|
|
|
|
// need this.
|
|
|
|
|
redirect_stderr_to_errorlog();
|
2012-10-28 06:29:27 +01:00
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->pid_file) {
|
2013-08-10 11:55:18 +02:00
|
|
|
save_pid();
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-22 09:01:19 +01:00
|
|
|
if (get_config()->host_unix) {
|
|
|
|
|
close_env_fd({ENV_LISTENER4_FD, ENV_LISTENER6_FD});
|
|
|
|
|
auto acceptor = create_unix_domain_acceptor(conn_handler.get());
|
|
|
|
|
if (!acceptor) {
|
|
|
|
|
LOG(FATAL) << "Failed to listen on UNIX domain socket "
|
|
|
|
|
<< get_config()->host.get();
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2012-06-06 15:43:35 +02:00
|
|
|
|
2015-02-22 09:59:50 +01:00
|
|
|
conn_handler->set_acceptor(std::move(acceptor));
|
2015-02-22 09:01:19 +01:00
|
|
|
} else {
|
|
|
|
|
close_env_fd({ENV_UNIX_FD});
|
|
|
|
|
auto acceptor6 = create_acceptor(conn_handler.get(), AF_INET6);
|
|
|
|
|
auto acceptor4 = create_acceptor(conn_handler.get(), AF_INET);
|
|
|
|
|
if (!acceptor6 && !acceptor4) {
|
|
|
|
|
LOG(FATAL) << "Failed to listen on address " << get_config()->host.get()
|
|
|
|
|
<< ", port " << get_config()->port;
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-22 09:59:50 +01:00
|
|
|
conn_handler->set_acceptor(std::move(acceptor4));
|
2015-02-22 09:01:19 +01:00
|
|
|
conn_handler->set_acceptor6(std::move(acceptor6));
|
|
|
|
|
}
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2015-02-11 11:18:41 +01:00
|
|
|
ev_timer renew_ticket_key_timer;
|
|
|
|
|
if (!get_config()->upstream_no_tls) {
|
2015-07-27 17:54:44 +02:00
|
|
|
if (get_config()->tls_ticket_key_memcached_host) {
|
|
|
|
|
conn_handler->set_tls_ticket_key_memcached_dispatcher(
|
|
|
|
|
make_unique<MemcachedDispatcher>(
|
|
|
|
|
&get_config()->tls_ticket_key_memcached_addr, loop));
|
|
|
|
|
|
|
|
|
|
ev_timer_init(&renew_ticket_key_timer, memcached_get_ticket_key_cb, 0.,
|
|
|
|
|
0.);
|
|
|
|
|
renew_ticket_key_timer.data = conn_handler.get();
|
|
|
|
|
// Get first ticket keys.
|
|
|
|
|
memcached_get_ticket_key_cb(loop, &renew_ticket_key_timer, 0);
|
|
|
|
|
} else {
|
|
|
|
|
bool auto_tls_ticket_key = true;
|
|
|
|
|
if (!get_config()->tls_ticket_key_files.empty()) {
|
2015-07-28 16:49:37 +02:00
|
|
|
if (!get_config()->tls_ticket_key_cipher_given) {
|
2015-07-27 17:54:44 +02:00
|
|
|
LOG(WARN)
|
|
|
|
|
<< "It is strongly recommended to specify "
|
2015-07-28 16:49:37 +02:00
|
|
|
"--tls-ticket-key-cipher=aes-128-cbc (or "
|
|
|
|
|
"tls-ticket-key-cipher=aes-128-cbc in configuration file) "
|
2015-07-27 17:54:44 +02:00
|
|
|
"when --tls-ticket-key-file is used for the smooth "
|
2015-07-28 16:49:37 +02:00
|
|
|
"transition when the default value of --tls-ticket-key-cipher "
|
2015-07-27 17:54:44 +02:00
|
|
|
"becomes aes-256-cbc";
|
|
|
|
|
}
|
|
|
|
|
auto ticket_keys = read_tls_ticket_key_file(
|
2015-07-28 16:49:37 +02:00
|
|
|
get_config()->tls_ticket_key_files,
|
|
|
|
|
get_config()->tls_ticket_key_cipher, EVP_sha256());
|
2015-07-27 17:54:44 +02:00
|
|
|
if (!ticket_keys) {
|
|
|
|
|
LOG(WARN) << "Use internal session ticket key generator";
|
|
|
|
|
} else {
|
|
|
|
|
conn_handler->set_ticket_keys(std::move(ticket_keys));
|
|
|
|
|
auto_tls_ticket_key = false;
|
|
|
|
|
}
|
2015-07-17 18:49:20 +02:00
|
|
|
}
|
2015-07-27 17:54:44 +02:00
|
|
|
if (auto_tls_ticket_key) {
|
|
|
|
|
// Generate new ticket key every 1hr.
|
|
|
|
|
ev_timer_init(&renew_ticket_key_timer, renew_ticket_key_cb, 0., 1_h);
|
|
|
|
|
renew_ticket_key_timer.data = conn_handler.get();
|
|
|
|
|
ev_timer_again(loop, &renew_ticket_key_timer);
|
|
|
|
|
|
|
|
|
|
// Generate first session ticket key before running workers.
|
|
|
|
|
renew_ticket_key_cb(loop, &renew_ticket_key_timer, 0);
|
2015-02-11 11:18:41 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-04-19 13:58:58 +02:00
|
|
|
// ListenHandler loads private key, and we listen on a priveleged port.
|
|
|
|
|
// After that, we drop the root privileges if needed.
|
|
|
|
|
drop_privileges();
|
|
|
|
|
|
2014-12-27 18:59:06 +01:00
|
|
|
int rv;
|
2015-09-12 17:42:59 +02:00
|
|
|
|
|
|
|
|
#ifndef NOTHREADS
|
2014-07-05 11:22:40 +02:00
|
|
|
sigset_t signals;
|
|
|
|
|
sigemptyset(&signals);
|
|
|
|
|
sigaddset(&signals, REOPEN_LOG_SIGNAL);
|
2014-08-12 15:22:02 +02:00
|
|
|
sigaddset(&signals, EXEC_BINARY_SIGNAL);
|
|
|
|
|
sigaddset(&signals, GRACEFUL_SHUTDOWN_SIGNAL);
|
2014-07-05 11:22:40 +02:00
|
|
|
rv = pthread_sigmask(SIG_BLOCK, &signals, nullptr);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (rv != 0) {
|
2014-08-12 15:22:02 +02:00
|
|
|
LOG(ERROR) << "Blocking signals failed: " << strerror(rv);
|
2014-07-05 11:22:40 +02:00
|
|
|
}
|
2014-07-05 12:43:39 +02:00
|
|
|
#endif // !NOTHREADS
|
2014-07-05 11:22:40 +02:00
|
|
|
|
2015-02-11 11:18:41 +01:00
|
|
|
if (get_config()->num_worker == 1) {
|
2015-09-01 17:19:32 +02:00
|
|
|
rv = conn_handler->create_single_worker();
|
2014-08-19 16:36:04 +02:00
|
|
|
} else {
|
2015-09-01 17:19:32 +02:00
|
|
|
rv = conn_handler->create_worker_thread(get_config()->num_worker);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (rv != 0) {
|
|
|
|
|
return -1;
|
2012-06-05 18:26:04 +02:00
|
|
|
}
|
2012-06-06 15:43:35 +02:00
|
|
|
|
2014-07-05 12:43:39 +02:00
|
|
|
#ifndef NOTHREADS
|
2014-07-05 11:22:40 +02:00
|
|
|
rv = pthread_sigmask(SIG_UNBLOCK, &signals, nullptr);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (rv != 0) {
|
2014-08-12 15:22:02 +02:00
|
|
|
LOG(ERROR) << "Unblocking signals failed: " << strerror(rv);
|
2014-07-05 11:22:40 +02:00
|
|
|
}
|
2014-07-05 12:43:39 +02:00
|
|
|
#endif // !NOTHREADS
|
2014-07-05 11:22:40 +02:00
|
|
|
|
2014-12-27 18:59:06 +01:00
|
|
|
ev_signal reopen_log_sig;
|
|
|
|
|
ev_signal_init(&reopen_log_sig, reopen_log_signal_cb, REOPEN_LOG_SIGNAL);
|
2015-01-08 13:48:39 +01:00
|
|
|
reopen_log_sig.data = conn_handler.get();
|
2014-12-27 18:59:06 +01:00
|
|
|
ev_signal_start(loop, &reopen_log_sig);
|
2014-07-05 12:40:30 +02:00
|
|
|
|
2014-12-27 18:59:06 +01:00
|
|
|
ev_signal exec_bin_sig;
|
|
|
|
|
ev_signal_init(&exec_bin_sig, exec_binary_signal_cb, EXEC_BINARY_SIGNAL);
|
2015-01-08 13:48:39 +01:00
|
|
|
exec_bin_sig.data = conn_handler.get();
|
2014-12-27 18:59:06 +01:00
|
|
|
ev_signal_start(loop, &exec_bin_sig);
|
2014-07-05 12:40:30 +02:00
|
|
|
|
2014-12-27 18:59:06 +01:00
|
|
|
ev_signal graceful_shutdown_sig;
|
|
|
|
|
ev_signal_init(&graceful_shutdown_sig, graceful_shutdown_signal_cb,
|
|
|
|
|
GRACEFUL_SHUTDOWN_SIGNAL);
|
2015-01-08 13:48:39 +01:00
|
|
|
graceful_shutdown_sig.data = conn_handler.get();
|
2014-12-27 18:59:06 +01:00
|
|
|
ev_signal_start(loop, &graceful_shutdown_sig);
|
2014-07-05 12:40:30 +02:00
|
|
|
|
2015-03-30 16:20:40 +02:00
|
|
|
if (!get_config()->upstream_no_tls && !get_config()->no_ocsp) {
|
2015-04-08 17:25:47 +02:00
|
|
|
conn_handler->proceed_next_cert_ocsp();
|
2015-03-30 16:20:40 +02:00
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (LOG_ENABLED(INFO)) {
|
2012-06-04 16:48:31 +02:00
|
|
|
LOG(INFO) << "Entering event loop";
|
|
|
|
|
}
|
2014-12-27 18:59:06 +01:00
|
|
|
|
|
|
|
|
ev_run(loop, 0);
|
2014-07-05 11:22:40 +02:00
|
|
|
|
2015-01-08 13:48:39 +01:00
|
|
|
conn_handler->join_worker();
|
2015-04-08 17:25:47 +02:00
|
|
|
conn_handler->cancel_ocsp_update();
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2012-08-01 17:06:41 +02:00
|
|
|
namespace {
|
|
|
|
|
// Returns true if regular file or symbolic link |path| exists.
|
2014-11-27 15:39:04 +01:00
|
|
|
bool conf_exists(const char *path) {
|
2012-08-01 17:06:41 +02:00
|
|
|
struct stat buf;
|
|
|
|
|
int rv = stat(path, &buf);
|
|
|
|
|
return rv == 0 && (buf.st_mode & (S_IFREG | S_IFLNK));
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2013-09-23 13:55:39 +02:00
|
|
|
namespace {
|
2015-05-31 11:44:37 +02:00
|
|
|
constexpr char DEFAULT_NPN_LIST[] = "h2,h2-16,h2-14,"
|
2013-09-23 13:55:39 +02:00
|
|
|
#ifdef HAVE_SPDYLAY
|
2015-05-31 11:44:37 +02:00
|
|
|
"spdy/3.1,"
|
2013-09-23 13:55:39 +02:00
|
|
|
#endif // HAVE_SPDYLAY
|
2015-05-31 11:44:37 +02:00
|
|
|
"http/1.1";
|
2013-09-23 13:55:39 +02:00
|
|
|
} // namespace
|
|
|
|
|
|
2014-01-02 03:49:38 +01:00
|
|
|
namespace {
|
2015-05-31 11:44:37 +02:00
|
|
|
constexpr char DEFAULT_TLS_PROTO_LIST[] = "TLSv1.2,TLSv1.1";
|
2014-01-02 03:49:38 +01:00
|
|
|
} // namespace
|
|
|
|
|
|
2014-11-18 16:56:44 +01:00
|
|
|
namespace {
|
2015-05-31 11:44:37 +02:00
|
|
|
constexpr char DEFAULT_ACCESSLOG_FORMAT[] =
|
|
|
|
|
R"($remote_addr - - [$time_local] )"
|
|
|
|
|
R"("$request" $status $body_bytes_sent )"
|
|
|
|
|
R"("$http_referer" "$http_user_agent")";
|
2014-11-18 16:56:44 +01:00
|
|
|
} // namespace
|
|
|
|
|
|
2014-12-06 10:31:46 +01:00
|
|
|
namespace {
|
2015-05-31 11:44:37 +02:00
|
|
|
constexpr char DEFAULT_DOWNSTREAM_HOST[] = "127.0.0.1";
|
2014-12-06 10:31:46 +01:00
|
|
|
int16_t DEFAULT_DOWNSTREAM_PORT = 80;
|
|
|
|
|
} // namespace;
|
|
|
|
|
|
2012-06-06 16:58:19 +02:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
void fill_default_config() {
|
2015-07-19 10:55:37 +02:00
|
|
|
*mod_config() = {};
|
2012-11-22 15:35:10 +01:00
|
|
|
|
|
|
|
|
mod_config()->verbose = false;
|
2012-06-06 17:03:05 +02:00
|
|
|
mod_config()->daemon = false;
|
|
|
|
|
|
2013-07-26 14:42:39 +02:00
|
|
|
mod_config()->server_name = "nghttpx nghttp2/" NGHTTP2_VERSION;
|
2014-06-08 14:02:40 +02:00
|
|
|
mod_config()->host = strcopy("*");
|
2012-06-04 16:48:31 +02:00
|
|
|
mod_config()->port = 3000;
|
2014-06-08 14:02:40 +02:00
|
|
|
mod_config()->private_key_file = nullptr;
|
|
|
|
|
mod_config()->private_key_passwd = nullptr;
|
|
|
|
|
mod_config()->cert_file = nullptr;
|
2012-06-04 16:48:31 +02:00
|
|
|
|
2013-11-04 10:22:29 +01:00
|
|
|
// Read timeout for HTTP2 upstream connection
|
2015-06-21 07:51:32 +02:00
|
|
|
mod_config()->http2_upstream_read_timeout = 3_min;
|
2012-07-17 17:13:11 +02:00
|
|
|
|
2013-11-04 10:22:29 +01:00
|
|
|
// Read timeout for non-HTTP2 upstream connection
|
2015-06-21 07:51:32 +02:00
|
|
|
mod_config()->upstream_read_timeout = 3_min;
|
2012-06-04 16:48:31 +02:00
|
|
|
|
2013-11-04 10:22:29 +01:00
|
|
|
// Write timeout for HTTP2/non-HTTP2 upstream connection
|
2014-12-27 18:59:06 +01:00
|
|
|
mod_config()->upstream_write_timeout = 30.;
|
2012-06-04 16:48:31 +02:00
|
|
|
|
2012-07-17 17:13:11 +02:00
|
|
|
// Read/Write timeouts for downstream connection
|
2015-06-21 07:51:32 +02:00
|
|
|
mod_config()->downstream_read_timeout = 3_min;
|
2014-12-27 18:59:06 +01:00
|
|
|
mod_config()->downstream_write_timeout = 30.;
|
2012-06-04 16:48:31 +02:00
|
|
|
|
2014-08-09 11:47:45 +02:00
|
|
|
// Read timeout for HTTP/2 stream
|
2014-12-27 18:59:06 +01:00
|
|
|
mod_config()->stream_read_timeout = 0.;
|
2014-08-09 11:47:45 +02:00
|
|
|
|
|
|
|
|
// Write timeout for HTTP/2 stream
|
2014-12-27 18:59:06 +01:00
|
|
|
mod_config()->stream_write_timeout = 0.;
|
2014-08-09 11:47:45 +02:00
|
|
|
|
2012-07-17 17:13:11 +02:00
|
|
|
// Timeout for pooled (idle) connections
|
2015-01-27 16:46:16 +01:00
|
|
|
mod_config()->downstream_idle_read_timeout = 2.;
|
2012-06-12 16:02:01 +02:00
|
|
|
|
2014-03-30 12:09:21 +02:00
|
|
|
// window bits for HTTP/2 and SPDY upstream/downstream connection
|
|
|
|
|
// per stream. 2**16-1 = 64KiB-1, which is HTTP/2 default. Please
|
2013-08-03 12:53:07 +02:00
|
|
|
// note that SPDY/3 default is 64KiB.
|
2013-11-04 10:14:05 +01:00
|
|
|
mod_config()->http2_upstream_window_bits = 16;
|
|
|
|
|
mod_config()->http2_downstream_window_bits = 16;
|
2012-07-26 16:18:37 +02:00
|
|
|
|
2014-03-30 12:09:21 +02:00
|
|
|
// HTTP/2 SPDY/3.1 has connection-level flow control. The default
|
2013-11-20 16:15:17 +01:00
|
|
|
// window size for HTTP/2 is 64KiB - 1. SPDY/3's default is 64KiB
|
|
|
|
|
mod_config()->http2_upstream_connection_window_bits = 16;
|
|
|
|
|
mod_config()->http2_downstream_connection_window_bits = 16;
|
|
|
|
|
|
2013-08-03 12:01:57 +02:00
|
|
|
mod_config()->upstream_no_tls = false;
|
|
|
|
|
mod_config()->downstream_no_tls = false;
|
2013-02-22 13:54:07 +01:00
|
|
|
|
2012-06-06 19:09:59 +02:00
|
|
|
mod_config()->num_worker = 1;
|
2013-11-04 10:14:05 +01:00
|
|
|
mod_config()->http2_max_concurrent_streams = 100;
|
2012-08-01 18:32:33 +02:00
|
|
|
mod_config()->add_x_forwarded_for = false;
|
2014-10-24 15:24:17 +02:00
|
|
|
mod_config()->strip_incoming_x_forwarded_for = false;
|
2013-01-09 14:01:25 +01:00
|
|
|
mod_config()->no_via = false;
|
2014-07-05 11:22:40 +02:00
|
|
|
mod_config()->accesslog_file = nullptr;
|
|
|
|
|
mod_config()->accesslog_syslog = false;
|
2014-11-18 16:56:44 +01:00
|
|
|
mod_config()->accesslog_format = parse_log_format(DEFAULT_ACCESSLOG_FORMAT);
|
2014-07-05 11:22:40 +02:00
|
|
|
mod_config()->errorlog_file = strcopy("/dev/stderr");
|
|
|
|
|
mod_config()->errorlog_syslog = false;
|
2014-06-08 14:02:40 +02:00
|
|
|
mod_config()->conf_path = strcopy("/etc/nghttpx/nghttpx.conf");
|
2012-08-01 18:20:18 +02:00
|
|
|
mod_config()->syslog_facility = LOG_DAEMON;
|
2012-08-01 18:28:59 +02:00
|
|
|
// Default accept() backlog
|
2015-01-14 13:24:12 +01:00
|
|
|
mod_config()->backlog = 512;
|
2014-06-08 14:02:40 +02:00
|
|
|
mod_config()->ciphers = nullptr;
|
2013-11-04 10:14:05 +01:00
|
|
|
mod_config()->http2_proxy = false;
|
|
|
|
|
mod_config()->http2_bridge = false;
|
2012-11-21 14:10:35 +01:00
|
|
|
mod_config()->client_proxy = false;
|
|
|
|
|
mod_config()->client = false;
|
2012-11-18 13:23:13 +01:00
|
|
|
mod_config()->client_mode = false;
|
2012-11-22 13:46:15 +01:00
|
|
|
mod_config()->insecure = false;
|
2014-06-08 14:02:40 +02:00
|
|
|
mod_config()->cacert = nullptr;
|
|
|
|
|
mod_config()->pid_file = nullptr;
|
2015-01-26 15:41:38 +01:00
|
|
|
mod_config()->user = nullptr;
|
2012-11-22 15:35:10 +01:00
|
|
|
mod_config()->uid = 0;
|
|
|
|
|
mod_config()->gid = 0;
|
2014-11-24 06:34:43 +01:00
|
|
|
mod_config()->pid = getpid();
|
2012-11-23 13:11:01 +01:00
|
|
|
mod_config()->backend_ipv4 = false;
|
|
|
|
|
mod_config()->backend_ipv6 = false;
|
2014-06-08 14:02:40 +02:00
|
|
|
mod_config()->downstream_http_proxy_userinfo = nullptr;
|
|
|
|
|
mod_config()->downstream_http_proxy_host = nullptr;
|
2013-02-09 08:42:01 +01:00
|
|
|
mod_config()->downstream_http_proxy_port = 0;
|
2014-08-17 09:17:10 +02:00
|
|
|
mod_config()->read_rate = 0;
|
2014-12-27 18:59:06 +01:00
|
|
|
mod_config()->read_burst = 0;
|
2014-08-17 09:17:10 +02:00
|
|
|
mod_config()->write_rate = 0;
|
|
|
|
|
mod_config()->write_burst = 0;
|
2014-03-09 06:53:28 +01:00
|
|
|
mod_config()->worker_read_rate = 0;
|
|
|
|
|
mod_config()->worker_read_burst = 0;
|
|
|
|
|
mod_config()->worker_write_rate = 0;
|
|
|
|
|
mod_config()->worker_write_burst = 0;
|
2013-11-01 17:10:18 +01:00
|
|
|
mod_config()->verify_client = false;
|
2013-11-02 13:30:32 +01:00
|
|
|
mod_config()->verify_client_cacert = nullptr;
|
2013-11-02 14:58:02 +01:00
|
|
|
mod_config()->client_private_key_file = nullptr;
|
|
|
|
|
mod_config()->client_cert_file = nullptr;
|
2013-11-17 15:52:19 +01:00
|
|
|
mod_config()->http2_upstream_dump_request_header = nullptr;
|
|
|
|
|
mod_config()->http2_upstream_dump_response_header = nullptr;
|
2013-11-17 16:03:55 +01:00
|
|
|
mod_config()->http2_no_cookie_crumbling = false;
|
2014-02-09 10:47:26 +01:00
|
|
|
mod_config()->upstream_frame_debug = false;
|
2014-02-11 09:23:22 +01:00
|
|
|
mod_config()->padding = 0;
|
2014-06-26 15:55:22 +02:00
|
|
|
mod_config()->worker_frontend_connections = 0;
|
2014-04-03 06:20:50 +02:00
|
|
|
|
2015-02-24 07:21:10 +01:00
|
|
|
mod_config()->http2_upstream_callbacks = create_http2_upstream_callbacks();
|
|
|
|
|
mod_config()->http2_downstream_callbacks =
|
|
|
|
|
create_http2_downstream_callbacks();
|
|
|
|
|
|
2014-04-04 14:57:47 +02:00
|
|
|
nghttp2_option_new(&mod_config()->http2_option);
|
2015-02-04 16:51:14 +01:00
|
|
|
nghttp2_option_set_no_auto_window_update(get_config()->http2_option, 1);
|
2015-04-05 15:35:40 +02:00
|
|
|
nghttp2_option_set_no_recv_client_magic(get_config()->http2_option, 1);
|
2014-04-04 14:57:47 +02:00
|
|
|
|
2015-02-04 16:51:14 +01:00
|
|
|
nghttp2_option_new(&mod_config()->http2_client_option);
|
|
|
|
|
nghttp2_option_set_no_auto_window_update(get_config()->http2_client_option,
|
|
|
|
|
1);
|
|
|
|
|
nghttp2_option_set_peer_max_concurrent_streams(
|
|
|
|
|
get_config()->http2_client_option, 100);
|
2014-06-08 15:52:27 +02:00
|
|
|
|
|
|
|
|
mod_config()->tls_proto_mask = 0;
|
2014-08-10 05:39:27 +02:00
|
|
|
mod_config()->no_location_rewrite = false;
|
2015-07-23 16:54:56 +02:00
|
|
|
mod_config()->no_host_rewrite = true;
|
2014-08-12 15:22:02 +02:00
|
|
|
mod_config()->argc = 0;
|
|
|
|
|
mod_config()->argv = nullptr;
|
2014-12-04 17:07:00 +01:00
|
|
|
mod_config()->downstream_connections_per_host = 8;
|
2015-01-02 04:53:27 +01:00
|
|
|
mod_config()->downstream_connections_per_frontend = 0;
|
2014-12-27 18:59:06 +01:00
|
|
|
mod_config()->listener_disable_timeout = 0.;
|
2015-06-21 07:32:47 +02:00
|
|
|
mod_config()->downstream_request_buffer_size = 16_k;
|
|
|
|
|
mod_config()->downstream_response_buffer_size = 16_k;
|
2015-02-08 08:19:12 +01:00
|
|
|
mod_config()->no_server_push = false;
|
2015-02-22 09:01:19 +01:00
|
|
|
mod_config()->host_unix = false;
|
2015-03-10 15:11:22 +01:00
|
|
|
mod_config()->http2_downstream_connections_per_worker = 0;
|
2015-03-30 16:20:40 +02:00
|
|
|
// ocsp update interval = 14400 secs = 4 hours, borrowed from h2o
|
2015-06-21 07:51:32 +02:00
|
|
|
mod_config()->ocsp_update_interval = 4_h;
|
2015-03-30 16:20:40 +02:00
|
|
|
mod_config()->fetch_ocsp_response_file =
|
|
|
|
|
strcopy(PKGDATADIR "/fetch-ocsp-response");
|
|
|
|
|
mod_config()->no_ocsp = false;
|
2015-06-21 07:32:47 +02:00
|
|
|
mod_config()->header_field_buffer = 64_k;
|
2015-04-29 14:10:59 +02:00
|
|
|
mod_config()->max_header_fields = 100;
|
2015-07-09 19:52:11 +02:00
|
|
|
mod_config()->downstream_addr_group_catch_all = 0;
|
2015-07-28 16:49:37 +02:00
|
|
|
mod_config()->tls_ticket_key_cipher = EVP_aes_128_cbc();
|
|
|
|
|
mod_config()->tls_ticket_key_cipher_given = false;
|
2015-07-24 16:59:19 +02:00
|
|
|
mod_config()->tls_session_timeout = std::chrono::hours(12);
|
2015-07-27 17:54:44 +02:00
|
|
|
mod_config()->tls_ticket_key_memcached_max_retry = 3;
|
|
|
|
|
mod_config()->tls_ticket_key_memcached_max_fail = 2;
|
|
|
|
|
mod_config()->tls_ticket_key_memcached_interval = 10_min;
|
2013-09-13 14:23:55 +02:00
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2012-11-22 15:08:36 +01:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
void print_version(std::ostream &out) {
|
2012-11-22 15:08:36 +01:00
|
|
|
out << get_config()->server_name << std::endl;
|
|
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2012-06-06 16:58:19 +02:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
void print_usage(std::ostream &out) {
|
2014-03-22 14:03:13 +01:00
|
|
|
out << R"(Usage: nghttpx [OPTIONS]... [<PRIVATE_KEY> <CERT>]
|
|
|
|
|
A reverse proxy for HTTP/2, HTTP/1 and SPDY.)" << std::endl;
|
2012-06-06 16:58:19 +02:00
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
void print_help(std::ostream &out) {
|
2012-06-06 16:58:19 +02:00
|
|
|
print_usage(out);
|
2014-03-22 14:03:13 +01:00
|
|
|
out << R"(
|
2015-01-13 15:02:18 +01:00
|
|
|
<PRIVATE_KEY>
|
|
|
|
|
Set path to server's private key. Required unless -p,
|
|
|
|
|
--client or --frontend-no-tls are given.
|
|
|
|
|
<CERT> Set path to server's certificate. Required unless -p,
|
2015-03-30 16:20:40 +02:00
|
|
|
--client or --frontend-no-tls are given. To make OCSP
|
|
|
|
|
stapling work, this must be absolute path.
|
2015-01-13 15:02:18 +01:00
|
|
|
|
2014-03-22 14:03:13 +01:00
|
|
|
Options:
|
|
|
|
|
The options are categorized into several groups.
|
|
|
|
|
|
|
|
|
|
Connections:
|
2015-07-14 16:44:58 +02:00
|
|
|
-b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;<PATTERN>[:...]]
|
2015-03-10 13:54:29 +01:00
|
|
|
Set backend host and port. The multiple backend
|
|
|
|
|
addresses are accepted by repeating this option. UNIX
|
|
|
|
|
domain socket can be specified by prefixing path name
|
2015-07-11 05:43:48 +02:00
|
|
|
with "unix:" (e.g., unix:/var/run/backend.sock).
|
|
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
Optionally, if <PATTERN>s are given, the backend address
|
2015-07-12 15:16:20 +02:00
|
|
|
is only used if request matches the pattern. If -s or
|
|
|
|
|
-p is used, <PATTERN>s are ignored. The pattern
|
|
|
|
|
matching is closely designed to ServeMux in net/http
|
|
|
|
|
package of Go programming language. <PATTERN> consists
|
2015-07-14 16:44:58 +02:00
|
|
|
of path, host + path or just host. The path must start
|
|
|
|
|
with "/". If it ends with "/", it matches all request
|
|
|
|
|
path in its subtree. To deal with the request to the
|
|
|
|
|
directory without trailing slash, the path which ends
|
|
|
|
|
with "/" also matches the request path which only lacks
|
|
|
|
|
trailing '/' (e.g., path "/foo/" matches request path
|
|
|
|
|
"/foo"). If it does not end with "/", it performs exact
|
|
|
|
|
match against the request path. If host is given, it
|
|
|
|
|
performs exact match against the request host. If host
|
|
|
|
|
alone is given, "/" is appended to it, so that it
|
|
|
|
|
matches all request paths under the host (e.g.,
|
|
|
|
|
specifying "nghttp2.org" equals to "nghttp2.org/").
|
|
|
|
|
|
|
|
|
|
Patterns with host take precedence over patterns with
|
|
|
|
|
just path. Then, longer patterns take precedence over
|
2015-07-11 09:45:07 +02:00
|
|
|
shorter ones, breaking a tie by the order of the
|
|
|
|
|
appearance in the configuration.
|
2015-07-11 05:43:48 +02:00
|
|
|
|
|
|
|
|
If <PATTERN> is omitted, "/" is used as pattern, which
|
2015-07-14 16:44:58 +02:00
|
|
|
matches all request paths (catch-all pattern). The
|
|
|
|
|
catch-all backend must be given.
|
2015-07-11 05:43:48 +02:00
|
|
|
|
|
|
|
|
When doing a match, nghttpx made some normalization to
|
|
|
|
|
pattern, request host and path. For host part, they are
|
|
|
|
|
converted to lower case. For path part, percent-encoded
|
|
|
|
|
unreserved characters defined in RFC 3986 are decoded,
|
|
|
|
|
and any dot-segments (".." and ".") are resolved and
|
|
|
|
|
removed.
|
|
|
|
|
|
|
|
|
|
For example, -b'127.0.0.1,8080;nghttp2.org/httpbin/'
|
|
|
|
|
matches the request host "nghttp2.org" and the request
|
|
|
|
|
path "/httpbin/get", but does not match the request host
|
|
|
|
|
"nghttp2.org" and the request path "/index.html".
|
|
|
|
|
|
|
|
|
|
The multiple <PATTERN>s can be specified, delimiting
|
|
|
|
|
them by ":". Specifying
|
2015-07-09 19:52:11 +02:00
|
|
|
-b'127.0.0.1,8080;nghttp2.org:www.nghttp2.org' has the
|
|
|
|
|
same effect to specify -b'127.0.0.1,8080;nghttp2.org'
|
2015-07-14 16:44:58 +02:00
|
|
|
and -b'127.0.0.1,8080;www.nghttp2.org'.
|
2015-07-11 05:43:48 +02:00
|
|
|
|
|
|
|
|
The backend addresses sharing same <PATTERN> are grouped
|
2015-07-14 16:44:58 +02:00
|
|
|
together forming load balancing group.
|
|
|
|
|
|
|
|
|
|
Since ";" and ":" are used as delimiter, <PATTERN> must
|
|
|
|
|
not contain these characters. Since ";" has special
|
|
|
|
|
meaning in shell, the option value must be quoted.
|
|
|
|
|
|
2015-01-13 15:02:18 +01:00
|
|
|
Default: )" << DEFAULT_DOWNSTREAM_HOST << ","
|
2015-01-09 16:37:42 +01:00
|
|
|
<< DEFAULT_DOWNSTREAM_PORT << R"(
|
2015-07-14 16:44:58 +02:00
|
|
|
-f, --frontend=(<HOST>,<PORT>|unix:<PATH>)
|
2015-01-13 15:02:18 +01:00
|
|
|
Set frontend host and port. If <HOST> is '*', it
|
2015-02-22 09:01:19 +01:00
|
|
|
assumes all addresses including both IPv4 and IPv6.
|
|
|
|
|
UNIX domain socket can be specified by prefixing path
|
2015-02-22 10:09:37 +01:00
|
|
|
name with "unix:" (e.g., unix:/var/run/nghttpx.sock)
|
2015-01-13 15:02:18 +01:00
|
|
|
Default: )" << get_config()->host.get() << ","
|
2015-01-09 16:37:42 +01:00
|
|
|
<< get_config()->port << R"(
|
2015-01-13 15:02:18 +01:00
|
|
|
--backlog=<N>
|
|
|
|
|
Set listen backlog size.
|
|
|
|
|
Default: )" << get_config()->backlog << R"(
|
|
|
|
|
--backend-ipv4
|
|
|
|
|
Resolve backend hostname to IPv4 address only.
|
|
|
|
|
--backend-ipv6
|
|
|
|
|
Resolve backend hostname to IPv6 address only.
|
2014-08-27 16:37:54 +02:00
|
|
|
--backend-http-proxy-uri=<URI>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify proxy URI in the form
|
|
|
|
|
http://[<USER>:<PASS>@]<PROXY>:<PORT>. If a proxy
|
|
|
|
|
requires authentication, specify <USER> and <PASS>.
|
|
|
|
|
Note that they must be properly percent-encoded. This
|
|
|
|
|
proxy is used when the backend connection is HTTP/2.
|
|
|
|
|
First, make a CONNECT request to the proxy and it
|
|
|
|
|
connects to the backend on behalf of nghttpx. This
|
|
|
|
|
forms tunnel. After that, nghttpx performs SSL/TLS
|
|
|
|
|
handshake with the downstream through the tunnel. The
|
|
|
|
|
timeouts when connecting and making CONNECT request can
|
|
|
|
|
be specified by --backend-read-timeout and
|
|
|
|
|
--backend-write-timeout options.
|
2015-09-06 16:27:07 +02:00
|
|
|
--accept-proxy-protocol
|
|
|
|
|
Accept PROXY protocol version 1 on frontend connection.
|
2014-03-22 14:03:13 +01:00
|
|
|
|
|
|
|
|
Performance:
|
2015-01-13 14:39:35 +01:00
|
|
|
-n, --workers=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set the number of worker threads.
|
|
|
|
|
Default: )" << get_config()->num_worker << R"(
|
2015-01-13 13:54:53 +01:00
|
|
|
--read-rate=<SIZE>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum average read rate on frontend connection.
|
|
|
|
|
Setting 0 to this option means read rate is unlimited.
|
|
|
|
|
Default: )" << get_config()->read_rate << R"(
|
2014-08-17 09:17:10 +02:00
|
|
|
--read-burst=<SIZE>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum read burst size on frontend connection.
|
|
|
|
|
Setting 0 to this option means read burst size is
|
|
|
|
|
unlimited.
|
|
|
|
|
Default: )" << get_config()->read_burst << R"(
|
2015-01-13 13:54:53 +01:00
|
|
|
--write-rate=<SIZE>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum average write rate on frontend connection.
|
|
|
|
|
Setting 0 to this option means write rate is unlimited.
|
|
|
|
|
Default: )" << get_config()->write_rate << R"(
|
2014-08-17 09:17:10 +02:00
|
|
|
--write-burst=<SIZE>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum write burst size on frontend connection.
|
|
|
|
|
Setting 0 to this option means write burst size is
|
|
|
|
|
unlimited.
|
|
|
|
|
Default: )" << get_config()->write_burst << R"(
|
2015-01-13 13:54:53 +01:00
|
|
|
--worker-read-rate=<SIZE>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum average read rate on frontend connection per
|
|
|
|
|
worker. Setting 0 to this option means read rate is
|
|
|
|
|
unlimited. Not implemented yet.
|
|
|
|
|
Default: )" << get_config()->worker_read_rate << R"(
|
2014-03-22 14:03:13 +01:00
|
|
|
--worker-read-burst=<SIZE>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum read burst size on frontend connection per
|
|
|
|
|
worker. Setting 0 to this option means read burst size
|
|
|
|
|
is unlimited. Not implemented yet.
|
|
|
|
|
Default: )" << get_config()->worker_read_burst << R"(
|
2015-01-13 13:54:53 +01:00
|
|
|
--worker-write-rate=<SIZE>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum average write rate on frontend connection
|
|
|
|
|
per worker. Setting 0 to this option means write rate
|
|
|
|
|
is unlimited. Not implemented yet.
|
|
|
|
|
Default: )" << get_config()->worker_write_rate << R"(
|
2014-03-22 14:03:13 +01:00
|
|
|
--worker-write-burst=<SIZE>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum write burst size on frontend connection per
|
|
|
|
|
worker. Setting 0 to this option means write burst size
|
|
|
|
|
is unlimited. Not implemented yet.
|
|
|
|
|
Default: )" << get_config()->worker_write_burst << R"(
|
2015-01-13 14:39:35 +01:00
|
|
|
--worker-frontend-connections=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum number of simultaneous connections frontend
|
|
|
|
|
accepts. Setting 0 means unlimited.
|
|
|
|
|
Default: )" << get_config()->worker_frontend_connections << R"(
|
2015-03-10 15:43:25 +01:00
|
|
|
--backend-http2-connections-per-worker=<N>
|
2015-07-12 15:16:20 +02:00
|
|
|
Set maximum number of backend HTTP/2 physical
|
|
|
|
|
connections per worker. If pattern is used in -b
|
|
|
|
|
option, this limit is applied to each pattern group (in
|
|
|
|
|
other words, each pattern group can have maximum <N>
|
|
|
|
|
HTTP/2 connections). The default value is 0, which
|
|
|
|
|
means that the value is adjusted to the number of
|
|
|
|
|
backend addresses. If pattern is used, this adjustment
|
|
|
|
|
is done for each pattern group.
|
2015-01-13 14:39:35 +01:00
|
|
|
--backend-http1-connections-per-host=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum number of backend concurrent HTTP/1
|
2015-06-22 14:09:39 +02:00
|
|
|
connections per origin host. This option is meaningful
|
|
|
|
|
when -s option is used. The origin host is determined
|
|
|
|
|
by authority portion of requset URI (or :authority
|
|
|
|
|
header field for HTTP/2). To limit the number of
|
|
|
|
|
connections per frontend for default mode, use
|
2015-01-13 15:02:18 +01:00
|
|
|
--backend-http1-connections-per-frontend.
|
|
|
|
|
Default: )" << get_config()->downstream_connections_per_host
|
|
|
|
|
<< R"(
|
2015-01-13 14:39:35 +01:00
|
|
|
--backend-http1-connections-per-frontend=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum number of backend concurrent HTTP/1
|
|
|
|
|
connections per frontend. This option is only used for
|
|
|
|
|
default mode. 0 means unlimited. To limit the number
|
|
|
|
|
of connections per host for HTTP/2 or SPDY proxy mode
|
|
|
|
|
(-s option), use --backend-http1-connections-per-host.
|
|
|
|
|
Default: )" << get_config()->downstream_connections_per_frontend
|
|
|
|
|
<< R"(
|
2015-01-10 15:17:48 +01:00
|
|
|
--rlimit-nofile=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set maximum number of open files (RLIMIT_NOFILE) to <N>.
|
|
|
|
|
If 0 is given, nghttpx does not set the limit.
|
|
|
|
|
Default: )" << get_config()->rlimit_nofile << R"(
|
2015-01-13 15:30:28 +01:00
|
|
|
--backend-request-buffer=<SIZE>
|
|
|
|
|
Set buffer size used to store backend request.
|
|
|
|
|
Default: )"
|
|
|
|
|
<< util::utos_with_unit(get_config()->downstream_request_buffer_size)
|
|
|
|
|
<< R"(
|
2015-01-13 15:20:06 +01:00
|
|
|
--backend-response-buffer=<SIZE>
|
|
|
|
|
Set buffer size used to store backend response.
|
|
|
|
|
Default: )"
|
|
|
|
|
<< util::utos_with_unit(get_config()->downstream_response_buffer_size)
|
|
|
|
|
<< R"(
|
2014-03-22 14:03:13 +01:00
|
|
|
|
|
|
|
|
Timeout:
|
2015-01-29 15:23:30 +01:00
|
|
|
--frontend-http2-read-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify read timeout for HTTP/2 and SPDY frontend
|
|
|
|
|
connection.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->http2_upstream_read_timeout) << R"(
|
2015-01-29 15:23:30 +01:00
|
|
|
--frontend-read-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify read timeout for HTTP/1.1 frontend connection.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->upstream_read_timeout) << R"(
|
2015-01-29 15:23:30 +01:00
|
|
|
--frontend-write-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify write timeout for all frontend connections.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->upstream_write_timeout) << R"(
|
2015-01-29 15:23:30 +01:00
|
|
|
--stream-read-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify read timeout for HTTP/2 and SPDY streams. 0
|
|
|
|
|
means no timeout.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->stream_read_timeout) << R"(
|
2015-01-29 15:23:30 +01:00
|
|
|
--stream-write-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify write timeout for HTTP/2 and SPDY streams. 0
|
|
|
|
|
means no timeout.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->stream_write_timeout) << R"(
|
2015-01-29 15:23:30 +01:00
|
|
|
--backend-read-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify read timeout for backend connection.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->downstream_read_timeout) << R"(
|
2015-01-29 15:23:30 +01:00
|
|
|
--backend-write-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify write timeout for backend connection.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->downstream_write_timeout) << R"(
|
2015-01-29 15:23:30 +01:00
|
|
|
--backend-keep-alive-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify keep-alive timeout for backend connection.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->downstream_idle_read_timeout) << R"(
|
2015-01-29 15:23:30 +01:00
|
|
|
--listener-disable-timeout=<DURATION>
|
2015-01-13 15:02:18 +01:00
|
|
|
After accepting connection failed, connection listener
|
2015-01-27 16:36:44 +01:00
|
|
|
is disabled for a given amount of time. Specifying 0
|
2015-01-13 15:02:18 +01:00
|
|
|
disables this feature.
|
2015-01-27 16:36:44 +01:00
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->listener_disable_timeout) << R"(
|
2014-03-22 14:03:13 +01:00
|
|
|
|
|
|
|
|
SSL/TLS:
|
2015-01-13 15:02:18 +01:00
|
|
|
--ciphers=<SUITE>
|
|
|
|
|
Set allowed cipher list. The format of the string is
|
|
|
|
|
described in OpenSSL ciphers(1).
|
2014-03-22 14:03:13 +01:00
|
|
|
-k, --insecure
|
2015-01-13 15:02:18 +01:00
|
|
|
Don't verify backend server's certificate if -p,
|
|
|
|
|
--client or --http2-bridge are given and
|
|
|
|
|
--backend-no-tls is not given.
|
|
|
|
|
--cacert=<PATH>
|
|
|
|
|
Set path to trusted CA certificate file if -p, --client
|
|
|
|
|
or --http2-bridge are given and --backend-no-tls is not
|
|
|
|
|
given. The file must be in PEM format. It can contain
|
|
|
|
|
multiple certificates. If the linked OpenSSL is
|
|
|
|
|
configured to load system wide certificates, they are
|
|
|
|
|
loaded at startup regardless of this option.
|
2015-01-13 14:39:35 +01:00
|
|
|
--private-key-passwd-file=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Path to file that contains password for the server's
|
|
|
|
|
private key. If none is given and the private key is
|
|
|
|
|
password protected it'll be requested interactively.
|
2014-03-22 14:03:13 +01:00
|
|
|
--subcert=<KEYPATH>:<CERTPATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify additional certificate and private key file.
|
|
|
|
|
nghttpx will choose certificates based on the hostname
|
|
|
|
|
indicated by client using TLS SNI extension. This
|
2015-03-30 16:20:40 +02:00
|
|
|
option can be used multiple times. To make OCSP
|
|
|
|
|
stapling work, <CERTPATH> must be absolute path.
|
2014-03-22 14:03:13 +01:00
|
|
|
--backend-tls-sni-field=<HOST>
|
2015-01-13 15:02:18 +01:00
|
|
|
Explicitly set the content of the TLS SNI extension.
|
|
|
|
|
This will default to the backend HOST name.
|
2014-03-22 14:03:13 +01:00
|
|
|
--dh-param-file=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Path to file that contains DH parameters in PEM format.
|
|
|
|
|
Without this option, DHE cipher suites are not
|
|
|
|
|
available.
|
|
|
|
|
--npn-list=<LIST>
|
|
|
|
|
Comma delimited list of ALPN protocol identifier sorted
|
|
|
|
|
in the order of preference. That means most desirable
|
|
|
|
|
protocol comes first. This is used in both ALPN and
|
|
|
|
|
NPN. The parameter must be delimited by a single comma
|
|
|
|
|
only and any white spaces are treated as a part of
|
|
|
|
|
protocol string.
|
|
|
|
|
Default: )" << DEFAULT_NPN_LIST << R"(
|
|
|
|
|
--verify-client
|
|
|
|
|
Require and verify client certificate.
|
2014-03-22 14:03:13 +01:00
|
|
|
--verify-client-cacert=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Path to file that contains CA certificates to verify
|
|
|
|
|
client certificate. The file must be in PEM format. It
|
|
|
|
|
can contain multiple certificates.
|
2014-03-22 14:03:13 +01:00
|
|
|
--client-private-key-file=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Path to file that contains client private key used in
|
|
|
|
|
backend client authentication.
|
2014-03-22 14:03:13 +01:00
|
|
|
--client-cert-file=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Path to file that contains client certificate used in
|
|
|
|
|
backend client authentication.
|
2014-03-22 14:03:13 +01:00
|
|
|
--tls-proto-list=<LIST>
|
2015-01-13 15:02:18 +01:00
|
|
|
Comma delimited list of SSL/TLS protocol to be enabled.
|
|
|
|
|
The following protocols are available: TLSv1.2, TLSv1.1
|
|
|
|
|
and TLSv1.0. The name matching is done in
|
|
|
|
|
case-insensitive manner. The parameter must be
|
|
|
|
|
delimited by a single comma only and any white spaces
|
|
|
|
|
are treated as a part of protocol string.
|
|
|
|
|
Default: )" << DEFAULT_TLS_PROTO_LIST << R"(
|
2015-01-13 14:39:35 +01:00
|
|
|
--tls-ticket-key-file=<PATH>
|
2015-07-17 18:49:20 +02:00
|
|
|
Path to file that contains random data to construct TLS
|
|
|
|
|
session ticket parameters. If aes-128-cbc is given in
|
2015-07-28 16:49:37 +02:00
|
|
|
--tls-ticket-key-cipher, the file must contain exactly
|
|
|
|
|
48 bytes. If aes-256-cbc is given in
|
|
|
|
|
--tls-ticket-key-cipher, the file must contain exactly
|
|
|
|
|
80 bytes. This options can be used repeatedly to
|
|
|
|
|
specify multiple ticket parameters. If several files
|
|
|
|
|
are given, only the first key is used to encrypt TLS
|
|
|
|
|
session tickets. Other keys are accepted but server
|
|
|
|
|
will issue new session ticket with first key. This
|
|
|
|
|
allows session key rotation. Please note that key
|
|
|
|
|
rotation does not occur automatically. User should
|
|
|
|
|
rearrange files or change options values and restart
|
|
|
|
|
nghttpx gracefully. If opening or reading given file
|
|
|
|
|
fails, all loaded keys are discarded and it is treated
|
|
|
|
|
as if none of this option is given. If this option is
|
|
|
|
|
not given or an error occurred while opening or reading
|
|
|
|
|
a file, key is generated every 1 hour internally and
|
|
|
|
|
they are valid for 12 hours. This is recommended if
|
|
|
|
|
ticket key sharing between nghttpx instances is not
|
|
|
|
|
required.
|
2015-07-27 17:54:44 +02:00
|
|
|
--tls-ticket-key-memcached=<HOST>,<PORT>
|
|
|
|
|
Specify address of memcached server to store session
|
|
|
|
|
cache. This enables shared TLS ticket key between
|
|
|
|
|
multiple nghttpx instances. nghttpx does not set TLS
|
|
|
|
|
ticket key to memcached. The external ticket key
|
|
|
|
|
generator is required. nghttpx just gets TLS ticket
|
|
|
|
|
keys from memcached, and use them, possibly replacing
|
|
|
|
|
current set of keys. It is up to extern TLS ticket key
|
2015-07-28 17:00:43 +02:00
|
|
|
generator to rotate keys frequently. See "TLS SESSION
|
|
|
|
|
TICKET RESUMPTION" section in manual page to know the
|
|
|
|
|
data format in memcached entry.
|
2015-07-27 18:02:33 +02:00
|
|
|
--tls-ticket-key-memcached-interval=<DURATION>
|
|
|
|
|
Set interval to get TLS ticket keys from memcached.
|
|
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->tls_ticket_key_memcached_interval)
|
|
|
|
|
<< R"(
|
2015-07-27 18:17:29 +02:00
|
|
|
--tls-ticket-key-memcached-max-retry=<N>
|
|
|
|
|
Set maximum number of consecutive retries before
|
|
|
|
|
abandoning TLS ticket key retrieval. If this number is
|
|
|
|
|
reached, the attempt is considered as failure, and
|
|
|
|
|
"failure" count is incremented by 1, which contributed
|
|
|
|
|
to the value controlled
|
|
|
|
|
--tls-ticket-key-memcached-max-fail option.
|
|
|
|
|
Default: )" << get_config()->tls_ticket_key_memcached_max_retry
|
|
|
|
|
<< R"(
|
|
|
|
|
--tls-ticket-key-memcached-max-fail=<N>
|
|
|
|
|
Set maximum number of consecutive failure before
|
|
|
|
|
disabling TLS ticket until next scheduled key retrieval.
|
|
|
|
|
Default: )" << get_config()->tls_ticket_key_memcached_max_fail
|
|
|
|
|
<< R"(
|
2015-07-28 16:49:37 +02:00
|
|
|
--tls-ticket-key-cipher=<CIPHER>
|
2015-07-28 16:43:32 +02:00
|
|
|
Specify cipher to encrypt TLS session ticket. Specify
|
|
|
|
|
either aes-128-cbc or aes-256-cbc. By default,
|
|
|
|
|
aes-128-cbc is used.
|
|
|
|
|
--fetch-ocsp-response-file=<PATH>
|
|
|
|
|
Path to fetch-ocsp-response script file. It should be
|
|
|
|
|
absolute path.
|
|
|
|
|
Default: )" << get_config()->fetch_ocsp_response_file.get() << R"(
|
|
|
|
|
--ocsp-update-interval=<DURATION>
|
|
|
|
|
Set interval to update OCSP response cache.
|
|
|
|
|
Default: )"
|
|
|
|
|
<< util::duration_str(get_config()->ocsp_update_interval) << R"(
|
|
|
|
|
--no-ocsp Disable OCSP stapling.
|
|
|
|
|
--tls-session-cache-memcached=<HOST>,<PORT>
|
|
|
|
|
Specify address of memcached server to store session
|
|
|
|
|
cache. This enables shared session cache between
|
|
|
|
|
multiple nghttpx instances.
|
2014-03-22 14:03:13 +01:00
|
|
|
|
|
|
|
|
HTTP/2 and SPDY:
|
2015-01-13 14:39:35 +01:00
|
|
|
-c, --http2-max-concurrent-streams=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set the maximum number of the concurrent streams in one
|
|
|
|
|
HTTP/2 and SPDY session.
|
|
|
|
|
Default: )" << get_config()->http2_max_concurrent_streams << R"(
|
2014-03-22 14:03:13 +01:00
|
|
|
--frontend-http2-window-bits=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Sets the per-stream initial window size of HTTP/2 SPDY
|
|
|
|
|
frontend connection. For HTTP/2, the size is 2**<N>-1.
|
|
|
|
|
For SPDY, the size is 2**<N>.
|
|
|
|
|
Default: )" << get_config()->http2_upstream_window_bits << R"(
|
2014-03-22 14:03:13 +01:00
|
|
|
--frontend-http2-connection-window-bits=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Sets the per-connection window size of HTTP/2 and SPDY
|
|
|
|
|
frontend connection. For HTTP/2, the size is
|
|
|
|
|
2**<N>-1. For SPDY, the size is 2**<N>.
|
|
|
|
|
Default: )" << get_config()->http2_upstream_connection_window_bits
|
2014-11-27 15:39:04 +01:00
|
|
|
<< R"(
|
2015-01-13 15:02:18 +01:00
|
|
|
--frontend-no-tls
|
|
|
|
|
Disable SSL/TLS on frontend connections.
|
|
|
|
|
--backend-http2-window-bits=<N>
|
|
|
|
|
Sets the initial window size of HTTP/2 backend
|
|
|
|
|
connection to 2**<N>-1.
|
|
|
|
|
Default: )" << get_config()->http2_downstream_window_bits << R"(
|
2014-03-22 14:03:13 +01:00
|
|
|
--backend-http2-connection-window-bits=<N>
|
2015-01-13 15:02:18 +01:00
|
|
|
Sets the per-connection window size of HTTP/2 backend
|
|
|
|
|
connection to 2**<N>-1.
|
|
|
|
|
Default: )"
|
2014-03-22 14:03:13 +01:00
|
|
|
<< get_config()->http2_downstream_connection_window_bits << R"(
|
2015-01-13 15:02:18 +01:00
|
|
|
--backend-no-tls
|
|
|
|
|
Disable SSL/TLS on backend connections.
|
2014-03-22 14:03:13 +01:00
|
|
|
--http2-no-cookie-crumbling
|
2015-01-13 15:02:18 +01:00
|
|
|
Don't crumble cookie header field.
|
|
|
|
|
--padding=<N>
|
|
|
|
|
Add at most <N> bytes to a HTTP/2 frame payload as
|
|
|
|
|
padding. Specify 0 to disable padding. This option is
|
|
|
|
|
meant for debugging purpose and not intended to enhance
|
|
|
|
|
protocol security.
|
2015-02-08 08:19:12 +01:00
|
|
|
--no-server-push
|
|
|
|
|
Disable HTTP/2 server push. Server push is only
|
|
|
|
|
supported by default mode and HTTP/2 frontend. SPDY
|
|
|
|
|
frontend does not support server push.
|
2014-03-22 14:03:13 +01:00
|
|
|
|
|
|
|
|
Mode:
|
2015-01-13 15:02:18 +01:00
|
|
|
(default mode)
|
|
|
|
|
Accept HTTP/2, SPDY and HTTP/1.1 over SSL/TLS. If
|
|
|
|
|
--frontend-no-tls is used, accept HTTP/2 and HTTP/1.1.
|
|
|
|
|
The incoming HTTP/1.1 connection can be upgraded to
|
|
|
|
|
HTTP/2 through HTTP Upgrade. The protocol to the
|
|
|
|
|
backend is HTTP/1.1.
|
|
|
|
|
-s, --http2-proxy
|
|
|
|
|
Like default mode, but enable secure proxy mode.
|
|
|
|
|
--http2-bridge
|
|
|
|
|
Like default mode, but communicate with the backend in
|
|
|
|
|
HTTP/2 over SSL/TLS. Thus the incoming all connections
|
|
|
|
|
are converted to HTTP/2 connection and relayed to the
|
|
|
|
|
backend. See --backend-http-proxy-uri option if you are
|
|
|
|
|
behind the proxy and want to connect to the outside
|
|
|
|
|
HTTP/2 proxy.
|
|
|
|
|
--client Accept HTTP/2 and HTTP/1.1 without SSL/TLS. The
|
|
|
|
|
incoming HTTP/1.1 connection can be upgraded to HTTP/2
|
|
|
|
|
connection through HTTP Upgrade. The protocol to the
|
|
|
|
|
backend is HTTP/2. To use nghttpx as a forward proxy,
|
|
|
|
|
use -p option instead.
|
2014-03-22 14:03:13 +01:00
|
|
|
-p, --client-proxy
|
2015-01-13 15:02:18 +01:00
|
|
|
Like --client option, but it also requires the request
|
|
|
|
|
path from frontend must be an absolute URI, suitable for
|
|
|
|
|
use as a forward proxy.
|
2014-03-22 14:03:13 +01:00
|
|
|
|
|
|
|
|
Logging:
|
|
|
|
|
-L, --log-level=<LEVEL>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set the severity level of log output. <LEVEL> must be
|
|
|
|
|
one of INFO, NOTICE, WARN, ERROR and FATAL.
|
|
|
|
|
Default: NOTICE
|
2014-07-05 11:22:40 +02:00
|
|
|
--accesslog-file=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set path to write access log. To reopen file, send USR1
|
|
|
|
|
signal to nghttpx.
|
2014-07-05 11:22:40 +02:00
|
|
|
--accesslog-syslog
|
2015-01-13 15:02:18 +01:00
|
|
|
Send access log to syslog. If this option is used,
|
|
|
|
|
--accesslog-file option is ignored.
|
2014-11-18 16:56:44 +01:00
|
|
|
--accesslog-format=<FORMAT>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify format string for access log. The default
|
|
|
|
|
format is combined format. The following variables are
|
|
|
|
|
available:
|
|
|
|
|
|
|
|
|
|
* $remote_addr: client IP address.
|
|
|
|
|
* $time_local: local time in Common Log format.
|
|
|
|
|
* $time_iso8601: local time in ISO 8601 format.
|
|
|
|
|
* $request: HTTP request line.
|
|
|
|
|
* $status: HTTP response status code.
|
|
|
|
|
* $body_bytes_sent: the number of bytes sent to client
|
|
|
|
|
as response body.
|
|
|
|
|
* $http_<VAR>: value of HTTP request header <VAR> where
|
|
|
|
|
'_' in <VAR> is replaced with '-'.
|
|
|
|
|
* $remote_port: client port.
|
|
|
|
|
* $server_port: server port.
|
|
|
|
|
* $request_time: request processing time in seconds with
|
|
|
|
|
milliseconds resolution.
|
|
|
|
|
* $pid: PID of the running process.
|
|
|
|
|
* $alpn: ALPN identifier of the protocol which generates
|
|
|
|
|
the response. For HTTP/1, ALPN is always http/1.1,
|
|
|
|
|
regardless of minor version.
|
2015-06-28 09:37:17 +02:00
|
|
|
* $ssl_cipher: cipher used for SSL/TLS connection.
|
|
|
|
|
* $ssl_protocol: protocol for SSL/TLS connection.
|
|
|
|
|
* $ssl_session_id: session ID for SSL/TLS connection.
|
2015-06-28 15:15:04 +02:00
|
|
|
* $ssl_session_reused: "r" if SSL/TLS session was
|
|
|
|
|
reused. Otherwise, "."
|
2015-01-13 15:02:18 +01:00
|
|
|
|
2015-07-14 15:25:52 +02:00
|
|
|
The variable can be enclosed by "{" and "}" for
|
|
|
|
|
disambiguation (e.g., ${remote_addr}).
|
|
|
|
|
|
2015-01-13 15:02:18 +01:00
|
|
|
Default: )" << DEFAULT_ACCESSLOG_FORMAT << R"(
|
2014-07-05 11:22:40 +02:00
|
|
|
--errorlog-file=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set path to write error log. To reopen file, send USR1
|
2015-04-08 10:33:18 +02:00
|
|
|
signal to nghttpx. stderr will be redirected to the
|
|
|
|
|
error log file unless --errorlog-syslog is used.
|
2015-01-13 15:02:18 +01:00
|
|
|
Default: )" << get_config()->errorlog_file.get() << R"(
|
|
|
|
|
--errorlog-syslog
|
|
|
|
|
Send error log to syslog. If this option is used,
|
|
|
|
|
--errorlog-file option is ignored.
|
2014-03-22 14:03:13 +01:00
|
|
|
--syslog-facility=<FACILITY>
|
2015-01-13 15:02:18 +01:00
|
|
|
Set syslog facility to <FACILITY>.
|
|
|
|
|
Default: )" << str_syslog_facility(get_config()->syslog_facility)
|
|
|
|
|
<< R"(
|
2014-03-22 14:03:13 +01:00
|
|
|
|
2015-01-15 15:19:35 +01:00
|
|
|
HTTP:
|
2014-03-22 14:03:13 +01:00
|
|
|
--add-x-forwarded-for
|
2015-01-13 15:02:18 +01:00
|
|
|
Append X-Forwarded-For header field to the downstream
|
|
|
|
|
request.
|
2014-10-24 15:24:17 +02:00
|
|
|
--strip-incoming-x-forwarded-for
|
2015-01-13 15:02:18 +01:00
|
|
|
Strip X-Forwarded-For header field from inbound client
|
|
|
|
|
requests.
|
|
|
|
|
--no-via Don't append to Via header field. If Via header field
|
|
|
|
|
is received, it is left unaltered.
|
2014-08-10 05:39:27 +02:00
|
|
|
--no-location-rewrite
|
2015-01-13 15:02:18 +01:00
|
|
|
Don't rewrite location header field on --http2-bridge,
|
|
|
|
|
--client and default mode. For --http2-proxy and
|
|
|
|
|
--client-proxy mode, location header field will not be
|
|
|
|
|
altered regardless of this option.
|
2015-07-23 16:54:56 +02:00
|
|
|
--host-rewrite
|
|
|
|
|
Rewrite host and :authority header fields on
|
2015-02-03 17:41:20 +01:00
|
|
|
--http2-bridge, --client and default mode. For
|
|
|
|
|
--http2-proxy and --client-proxy mode, these headers
|
|
|
|
|
will not be altered regardless of this option.
|
2014-04-08 15:28:50 +02:00
|
|
|
--altsvc=<PROTOID,PORT[,HOST,[ORIGIN]]>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify protocol ID, port, host and origin of
|
|
|
|
|
alternative service. <HOST> and <ORIGIN> are optional.
|
2015-03-22 15:22:06 +01:00
|
|
|
They are advertised in alt-svc header field only in
|
|
|
|
|
HTTP/1.1 frontend. This option can be used multiple
|
|
|
|
|
times to specify multiple alternative services.
|
|
|
|
|
Example: --altsvc=h2,443
|
2015-06-05 16:04:20 +02:00
|
|
|
--add-request-header=<HEADER>
|
|
|
|
|
Specify additional header field to add to request header
|
|
|
|
|
set. This option just appends header field and won't
|
|
|
|
|
replace anything already set. This option can be used
|
|
|
|
|
several times to specify multiple header fields.
|
|
|
|
|
Example: --add-request-header="foo: bar"
|
2014-04-26 07:56:08 +02:00
|
|
|
--add-response-header=<HEADER>
|
2015-01-13 15:02:18 +01:00
|
|
|
Specify additional header field to add to response
|
|
|
|
|
header set. This option just appends header field and
|
|
|
|
|
won't replace anything already set. This option can be
|
|
|
|
|
used several times to specify multiple header fields.
|
|
|
|
|
Example: --add-response-header="foo: bar"
|
2015-04-29 14:10:59 +02:00
|
|
|
--header-field-buffer=<SIZE>
|
|
|
|
|
Set maximum buffer size for incoming HTTP header field
|
|
|
|
|
list. This is the sum of header name and value in
|
|
|
|
|
bytes.
|
|
|
|
|
Default: )"
|
|
|
|
|
<< util::utos_with_unit(get_config()->header_field_buffer) << R"(
|
|
|
|
|
--max-header-fields=<N>
|
|
|
|
|
Set maximum number of incoming HTTP header fields, which
|
|
|
|
|
appear in one request or response header field list.
|
|
|
|
|
Default: )" << get_config()->max_header_fields << R"(
|
2015-01-15 15:19:35 +01:00
|
|
|
|
|
|
|
|
Debug:
|
2014-03-22 14:03:13 +01:00
|
|
|
--frontend-http2-dump-request-header=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Dumps request headers received by HTTP/2 frontend to the
|
|
|
|
|
file denoted in <PATH>. The output is done in HTTP/1
|
|
|
|
|
header field format and each header block is followed by
|
|
|
|
|
an empty line. This option is not thread safe and MUST
|
|
|
|
|
NOT be used with option -n<N>, where <N> >= 2.
|
2014-03-22 14:03:13 +01:00
|
|
|
--frontend-http2-dump-response-header=<PATH>
|
2015-01-13 15:02:18 +01:00
|
|
|
Dumps response headers sent from HTTP/2 frontend to the
|
|
|
|
|
file denoted in <PATH>. The output is done in HTTP/1
|
|
|
|
|
header field format and each header block is followed by
|
|
|
|
|
an empty line. This option is not thread safe and MUST
|
|
|
|
|
NOT be used with option -n<N>, where <N> >= 2.
|
2014-03-22 14:03:13 +01:00
|
|
|
-o, --frontend-frame-debug
|
2015-01-13 15:02:18 +01:00
|
|
|
Print HTTP/2 frames in frontend to stderr. This option
|
|
|
|
|
is not thread safe and MUST NOT be used with option
|
|
|
|
|
-n=N, where N >= 2.
|
2015-01-15 15:19:35 +01:00
|
|
|
|
|
|
|
|
Process:
|
2014-03-22 14:03:13 +01:00
|
|
|
-D, --daemon
|
2015-01-13 15:02:18 +01:00
|
|
|
Run in a background. If -D is used, the current working
|
|
|
|
|
directory is changed to '/'.
|
|
|
|
|
--pid-file=<PATH>
|
|
|
|
|
Set path to save PID of this program.
|
|
|
|
|
--user=<USER>
|
|
|
|
|
Run this program as <USER>. This option is intended to
|
|
|
|
|
be used to drop root privileges.
|
2015-01-15 15:19:35 +01:00
|
|
|
|
2015-09-02 18:37:47 +02:00
|
|
|
Scripting:
|
2015-09-03 18:19:57 +02:00
|
|
|
--request-phase-file=<PATH>
|
2015-09-02 18:37:47 +02:00
|
|
|
Set mruby script file which will be executed when
|
|
|
|
|
request header fields are completely received from
|
2015-09-03 18:19:57 +02:00
|
|
|
frontend. This hook is called request phase hook.
|
|
|
|
|
--response-phase-file=<PATH>
|
2015-09-02 18:37:47 +02:00
|
|
|
Set mruby script file which will be executed when
|
|
|
|
|
response header fields are completely received from
|
2015-09-03 18:19:57 +02:00
|
|
|
backend. This hook is called response phase hook.
|
2015-09-02 18:37:47 +02:00
|
|
|
|
2015-01-15 15:19:35 +01:00
|
|
|
Misc:
|
2015-01-13 15:02:18 +01:00
|
|
|
--conf=<PATH>
|
|
|
|
|
Load configuration from <PATH>.
|
|
|
|
|
Default: )" << get_config()->conf_path.get() << R"(
|
2015-07-12 16:18:36 +02:00
|
|
|
--include=<PATH>
|
|
|
|
|
Load additional configurations from <PATH>. File <PATH>
|
|
|
|
|
is read when configuration parser encountered this
|
|
|
|
|
option. This option can be used multiple times, or even
|
|
|
|
|
recursively.
|
2015-01-13 15:02:18 +01:00
|
|
|
-v, --version
|
|
|
|
|
Print version and exit.
|
|
|
|
|
-h, --help Print this help and exit.
|
2015-01-13 14:42:52 +01:00
|
|
|
|
2015-03-30 17:21:52 +02:00
|
|
|
--
|
|
|
|
|
|
2015-01-13 14:42:52 +01:00
|
|
|
The <SIZE> argument is an integer and an optional unit (e.g., 10K is
|
2015-01-27 16:36:44 +01:00
|
|
|
10 * 1024). Units are K, M and G (powers of 1024).
|
|
|
|
|
|
2015-01-29 15:23:30 +01:00
|
|
|
The <DURATION> argument is an integer and an optional unit (e.g., 1s
|
2015-03-30 16:20:40 +02:00
|
|
|
is 1 second and 500ms is 500 milliseconds). Units are h, m, s or ms
|
|
|
|
|
(hours, minutes, seconds and milliseconds, respectively). If a unit
|
|
|
|
|
is omitted, a second is used as unit.)" << std::endl;
|
2012-06-06 16:58:19 +02:00
|
|
|
}
|
|
|
|
|
} // namespace
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
int main(int argc, char **argv) {
|
2015-05-22 17:23:38 +02:00
|
|
|
#ifndef NOTHREADS
|
|
|
|
|
nghttp2::ssl::LibsslGlobalLock lock;
|
|
|
|
|
#endif // NOTHREADS
|
|
|
|
|
// Initialize OpenSSL before parsing options because we create
|
|
|
|
|
// SSL_CTX there.
|
|
|
|
|
SSL_load_error_strings();
|
|
|
|
|
SSL_library_init();
|
|
|
|
|
OpenSSL_add_all_algorithms();
|
|
|
|
|
OPENSSL_config(nullptr);
|
|
|
|
|
|
2014-11-06 15:32:56 +01:00
|
|
|
Log::set_severity_level(NOTICE);
|
2012-06-06 16:58:19 +02:00
|
|
|
create_config();
|
|
|
|
|
fill_default_config();
|
|
|
|
|
|
2015-08-13 11:01:37 +02:00
|
|
|
// make copy of stderr
|
|
|
|
|
util::store_original_fds();
|
|
|
|
|
|
2015-07-23 17:32:19 +02:00
|
|
|
// First open log files with default configuration, so that we can
|
|
|
|
|
// log errors/warnings while reading configuration files.
|
|
|
|
|
reopen_log_files();
|
|
|
|
|
|
2014-08-12 15:22:02 +02:00
|
|
|
// We have to copy argv, since getopt_long may change its content.
|
|
|
|
|
mod_config()->argc = argc;
|
2014-11-27 15:39:04 +01:00
|
|
|
mod_config()->argv = new char *[argc];
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
for (int i = 0; i < argc; ++i) {
|
2014-08-12 15:22:02 +02:00
|
|
|
mod_config()->argv[i] = strdup(argv[i]);
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-30 22:23:27 +02:00
|
|
|
mod_config()->cwd = getcwd(nullptr, 0);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (mod_config()->cwd == nullptr) {
|
2014-08-12 15:22:02 +02:00
|
|
|
auto error = errno;
|
|
|
|
|
LOG(FATAL) << "failed to get current working directory: errno=" << error;
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
std::vector<std::pair<const char *, const char *>> cmdcfgs;
|
|
|
|
|
while (1) {
|
2014-04-30 15:44:51 +02:00
|
|
|
static int flag = 0;
|
2012-06-06 16:58:19 +02:00
|
|
|
static option long_options[] = {
|
2015-05-29 15:48:46 +02:00
|
|
|
{SHRPX_OPT_DAEMON, no_argument, nullptr, 'D'},
|
|
|
|
|
{SHRPX_OPT_LOG_LEVEL, required_argument, nullptr, 'L'},
|
|
|
|
|
{SHRPX_OPT_BACKEND, required_argument, nullptr, 'b'},
|
|
|
|
|
{SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS, required_argument, nullptr,
|
|
|
|
|
'c'},
|
|
|
|
|
{SHRPX_OPT_FRONTEND, required_argument, nullptr, 'f'},
|
2014-11-27 15:39:04 +01:00
|
|
|
{"help", no_argument, nullptr, 'h'},
|
2015-05-29 15:48:46 +02:00
|
|
|
{SHRPX_OPT_INSECURE, no_argument, nullptr, 'k'},
|
|
|
|
|
{SHRPX_OPT_WORKERS, required_argument, nullptr, 'n'},
|
|
|
|
|
{SHRPX_OPT_CLIENT_PROXY, no_argument, nullptr, 'p'},
|
|
|
|
|
{SHRPX_OPT_HTTP2_PROXY, no_argument, nullptr, 's'},
|
2014-11-27 15:39:04 +01:00
|
|
|
{"version", no_argument, nullptr, 'v'},
|
2015-05-29 15:48:46 +02:00
|
|
|
{SHRPX_OPT_FRONTEND_FRAME_DEBUG, no_argument, nullptr, 'o'},
|
|
|
|
|
{SHRPX_OPT_ADD_X_FORWARDED_FOR, no_argument, &flag, 1},
|
|
|
|
|
{SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT, required_argument, &flag, 2},
|
|
|
|
|
{SHRPX_OPT_FRONTEND_READ_TIMEOUT, required_argument, &flag, 3},
|
|
|
|
|
{SHRPX_OPT_FRONTEND_WRITE_TIMEOUT, required_argument, &flag, 4},
|
|
|
|
|
{SHRPX_OPT_BACKEND_READ_TIMEOUT, required_argument, &flag, 5},
|
|
|
|
|
{SHRPX_OPT_BACKEND_WRITE_TIMEOUT, required_argument, &flag, 6},
|
|
|
|
|
{SHRPX_OPT_ACCESSLOG_FILE, required_argument, &flag, 7},
|
|
|
|
|
{SHRPX_OPT_BACKEND_KEEP_ALIVE_TIMEOUT, required_argument, &flag, 8},
|
|
|
|
|
{SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS, required_argument, &flag, 9},
|
|
|
|
|
{SHRPX_OPT_PID_FILE, required_argument, &flag, 10},
|
|
|
|
|
{SHRPX_OPT_USER, required_argument, &flag, 11},
|
2014-11-27 15:39:04 +01:00
|
|
|
{"conf", required_argument, &flag, 12},
|
2015-05-29 15:48:46 +02:00
|
|
|
{SHRPX_OPT_SYSLOG_FACILITY, required_argument, &flag, 14},
|
|
|
|
|
{SHRPX_OPT_BACKLOG, required_argument, &flag, 15},
|
|
|
|
|
{SHRPX_OPT_CIPHERS, required_argument, &flag, 16},
|
|
|
|
|
{SHRPX_OPT_CLIENT, no_argument, &flag, 17},
|
|
|
|
|
{SHRPX_OPT_BACKEND_HTTP2_WINDOW_BITS, required_argument, &flag, 18},
|
|
|
|
|
{SHRPX_OPT_CACERT, required_argument, &flag, 19},
|
|
|
|
|
{SHRPX_OPT_BACKEND_IPV4, no_argument, &flag, 20},
|
|
|
|
|
{SHRPX_OPT_BACKEND_IPV6, no_argument, &flag, 21},
|
|
|
|
|
{SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE, required_argument, &flag, 22},
|
|
|
|
|
{SHRPX_OPT_NO_VIA, no_argument, &flag, 23},
|
|
|
|
|
{SHRPX_OPT_SUBCERT, required_argument, &flag, 24},
|
|
|
|
|
{SHRPX_OPT_HTTP2_BRIDGE, no_argument, &flag, 25},
|
|
|
|
|
{SHRPX_OPT_BACKEND_HTTP_PROXY_URI, required_argument, &flag, 26},
|
|
|
|
|
{SHRPX_OPT_BACKEND_NO_TLS, no_argument, &flag, 27},
|
|
|
|
|
{SHRPX_OPT_FRONTEND_NO_TLS, no_argument, &flag, 29},
|
|
|
|
|
{SHRPX_OPT_BACKEND_TLS_SNI_FIELD, required_argument, &flag, 31},
|
|
|
|
|
{SHRPX_OPT_DH_PARAM_FILE, required_argument, &flag, 33},
|
|
|
|
|
{SHRPX_OPT_READ_RATE, required_argument, &flag, 34},
|
|
|
|
|
{SHRPX_OPT_READ_BURST, required_argument, &flag, 35},
|
|
|
|
|
{SHRPX_OPT_WRITE_RATE, required_argument, &flag, 36},
|
|
|
|
|
{SHRPX_OPT_WRITE_BURST, required_argument, &flag, 37},
|
|
|
|
|
{SHRPX_OPT_NPN_LIST, required_argument, &flag, 38},
|
|
|
|
|
{SHRPX_OPT_VERIFY_CLIENT, no_argument, &flag, 39},
|
|
|
|
|
{SHRPX_OPT_VERIFY_CLIENT_CACERT, required_argument, &flag, 40},
|
|
|
|
|
{SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE, required_argument, &flag, 41},
|
|
|
|
|
{SHRPX_OPT_CLIENT_CERT_FILE, required_argument, &flag, 42},
|
|
|
|
|
{SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER, required_argument, &flag,
|
|
|
|
|
43},
|
|
|
|
|
{SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER, required_argument,
|
|
|
|
|
&flag, 44},
|
|
|
|
|
{SHRPX_OPT_HTTP2_NO_COOKIE_CRUMBLING, no_argument, &flag, 45},
|
|
|
|
|
{SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS, required_argument,
|
|
|
|
|
&flag, 46},
|
|
|
|
|
{SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_BITS, required_argument,
|
|
|
|
|
&flag, 47},
|
|
|
|
|
{SHRPX_OPT_TLS_PROTO_LIST, required_argument, &flag, 48},
|
|
|
|
|
{SHRPX_OPT_PADDING, required_argument, &flag, 49},
|
|
|
|
|
{SHRPX_OPT_WORKER_READ_RATE, required_argument, &flag, 50},
|
|
|
|
|
{SHRPX_OPT_WORKER_READ_BURST, required_argument, &flag, 51},
|
|
|
|
|
{SHRPX_OPT_WORKER_WRITE_RATE, required_argument, &flag, 52},
|
|
|
|
|
{SHRPX_OPT_WORKER_WRITE_BURST, required_argument, &flag, 53},
|
|
|
|
|
{SHRPX_OPT_ALTSVC, required_argument, &flag, 54},
|
|
|
|
|
{SHRPX_OPT_ADD_RESPONSE_HEADER, required_argument, &flag, 55},
|
|
|
|
|
{SHRPX_OPT_WORKER_FRONTEND_CONNECTIONS, required_argument, &flag, 56},
|
|
|
|
|
{SHRPX_OPT_ACCESSLOG_SYSLOG, no_argument, &flag, 57},
|
|
|
|
|
{SHRPX_OPT_ERRORLOG_FILE, required_argument, &flag, 58},
|
|
|
|
|
{SHRPX_OPT_ERRORLOG_SYSLOG, no_argument, &flag, 59},
|
|
|
|
|
{SHRPX_OPT_STREAM_READ_TIMEOUT, required_argument, &flag, 60},
|
|
|
|
|
{SHRPX_OPT_STREAM_WRITE_TIMEOUT, required_argument, &flag, 61},
|
|
|
|
|
{SHRPX_OPT_NO_LOCATION_REWRITE, no_argument, &flag, 62},
|
|
|
|
|
{SHRPX_OPT_BACKEND_HTTP1_CONNECTIONS_PER_HOST, required_argument, &flag,
|
|
|
|
|
63},
|
|
|
|
|
{SHRPX_OPT_LISTENER_DISABLE_TIMEOUT, required_argument, &flag, 64},
|
|
|
|
|
{SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_FOR, no_argument, &flag, 65},
|
|
|
|
|
{SHRPX_OPT_ACCESSLOG_FORMAT, required_argument, &flag, 66},
|
|
|
|
|
{SHRPX_OPT_BACKEND_HTTP1_CONNECTIONS_PER_FRONTEND, required_argument,
|
|
|
|
|
&flag, 67},
|
|
|
|
|
{SHRPX_OPT_TLS_TICKET_KEY_FILE, required_argument, &flag, 68},
|
|
|
|
|
{SHRPX_OPT_RLIMIT_NOFILE, required_argument, &flag, 69},
|
|
|
|
|
{SHRPX_OPT_BACKEND_RESPONSE_BUFFER, required_argument, &flag, 71},
|
|
|
|
|
{SHRPX_OPT_BACKEND_REQUEST_BUFFER, required_argument, &flag, 72},
|
|
|
|
|
{SHRPX_OPT_NO_HOST_REWRITE, no_argument, &flag, 73},
|
|
|
|
|
{SHRPX_OPT_NO_SERVER_PUSH, no_argument, &flag, 74},
|
|
|
|
|
{SHRPX_OPT_BACKEND_HTTP2_CONNECTIONS_PER_WORKER, required_argument,
|
|
|
|
|
&flag, 76},
|
|
|
|
|
{SHRPX_OPT_FETCH_OCSP_RESPONSE_FILE, required_argument, &flag, 77},
|
|
|
|
|
{SHRPX_OPT_OCSP_UPDATE_INTERVAL, required_argument, &flag, 78},
|
|
|
|
|
{SHRPX_OPT_NO_OCSP, no_argument, &flag, 79},
|
|
|
|
|
{SHRPX_OPT_HEADER_FIELD_BUFFER, required_argument, &flag, 80},
|
|
|
|
|
{SHRPX_OPT_MAX_HEADER_FIELDS, required_argument, &flag, 81},
|
2015-06-05 16:04:20 +02:00
|
|
|
{SHRPX_OPT_ADD_REQUEST_HEADER, required_argument, &flag, 82},
|
2015-07-12 16:18:36 +02:00
|
|
|
{SHRPX_OPT_INCLUDE, required_argument, &flag, 83},
|
2015-07-28 16:49:37 +02:00
|
|
|
{SHRPX_OPT_TLS_TICKET_KEY_CIPHER, required_argument, &flag, 84},
|
2015-07-23 16:54:56 +02:00
|
|
|
{SHRPX_OPT_HOST_REWRITE, no_argument, &flag, 85},
|
2015-07-25 15:22:17 +02:00
|
|
|
{SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED, required_argument, &flag, 86},
|
2015-07-27 17:54:44 +02:00
|
|
|
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, required_argument, &flag, 87},
|
2015-07-27 18:02:33 +02:00
|
|
|
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL, required_argument, &flag,
|
|
|
|
|
88},
|
2015-07-27 18:17:29 +02:00
|
|
|
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY, required_argument, &flag,
|
|
|
|
|
89},
|
|
|
|
|
{SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL, required_argument, &flag,
|
|
|
|
|
90},
|
2015-09-03 18:19:57 +02:00
|
|
|
{SHRPX_OPT_REQUEST_PHASE_FILE, required_argument, &flag, 91},
|
|
|
|
|
{SHRPX_OPT_RESPONSE_PHASE_FILE, required_argument, &flag, 92},
|
2015-09-06 11:39:32 +02:00
|
|
|
{SHRPX_OPT_ACCEPT_PROXY_PROTOCOL, no_argument, &flag, 93},
|
2014-11-27 15:39:04 +01:00
|
|
|
{nullptr, 0, nullptr, 0}};
|
2013-11-02 14:58:02 +01:00
|
|
|
|
2012-06-06 16:58:19 +02:00
|
|
|
int option_index = 0;
|
2014-02-09 10:47:26 +01:00
|
|
|
int c = getopt_long(argc, argv, "DL:b:c:f:hkn:opsv", long_options,
|
2012-06-06 16:58:19 +02:00
|
|
|
&option_index);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (c == -1) {
|
2012-06-06 16:58:19 +02:00
|
|
|
break;
|
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
switch (c) {
|
2012-06-06 16:58:19 +02:00
|
|
|
case 'D':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_DAEMON, "yes");
|
2012-06-06 16:58:19 +02:00
|
|
|
break;
|
|
|
|
|
case 'L':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_LOG_LEVEL, optarg);
|
2012-06-06 16:58:19 +02:00
|
|
|
break;
|
|
|
|
|
case 'b':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND, optarg);
|
2012-06-06 16:58:19 +02:00
|
|
|
break;
|
2012-11-22 14:05:52 +01:00
|
|
|
case 'c':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_HTTP2_MAX_CONCURRENT_STREAMS, optarg);
|
2012-11-22 14:05:52 +01:00
|
|
|
break;
|
2012-06-06 16:58:19 +02:00
|
|
|
case 'f':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND, optarg);
|
2012-06-06 16:58:19 +02:00
|
|
|
break;
|
2012-11-22 14:05:52 +01:00
|
|
|
case 'h':
|
|
|
|
|
print_help(std::cout);
|
|
|
|
|
exit(EXIT_SUCCESS);
|
2012-11-22 13:46:15 +01:00
|
|
|
case 'k':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_INSECURE, "yes");
|
2012-11-22 13:46:15 +01:00
|
|
|
break;
|
2012-06-06 16:58:19 +02:00
|
|
|
case 'n':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_WORKERS, optarg);
|
2012-06-06 16:58:19 +02:00
|
|
|
break;
|
2014-02-09 10:47:26 +01:00
|
|
|
case 'o':
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_FRAME_DEBUG, "yes");
|
|
|
|
|
break;
|
2012-11-22 14:05:52 +01:00
|
|
|
case 'p':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_PROXY, "yes");
|
2012-06-06 16:58:19 +02:00
|
|
|
break;
|
2012-07-11 09:20:16 +02:00
|
|
|
case 's':
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_HTTP2_PROXY, "yes");
|
2012-07-11 09:20:16 +02:00
|
|
|
break;
|
2012-11-22 15:08:36 +01:00
|
|
|
case 'v':
|
|
|
|
|
print_version(std::cout);
|
|
|
|
|
exit(EXIT_SUCCESS);
|
2012-06-06 16:58:19 +02:00
|
|
|
case '?':
|
2014-01-08 17:27:56 +01:00
|
|
|
util::show_candidates(argv[optind - 1], long_options);
|
2012-06-06 16:58:19 +02:00
|
|
|
exit(EXIT_FAILURE);
|
2012-07-12 16:39:11 +02:00
|
|
|
case 0:
|
2014-11-27 15:39:04 +01:00
|
|
|
switch (flag) {
|
2012-07-12 16:39:11 +02:00
|
|
|
case 1:
|
|
|
|
|
// --add-x-forwarded-for
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ADD_X_FORWARDED_FOR, "yes");
|
2012-07-12 16:39:11 +02:00
|
|
|
break;
|
2012-08-01 17:06:41 +02:00
|
|
|
case 2:
|
2013-11-04 10:14:05 +01:00
|
|
|
// --frontend-http2-read-timeout
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_HTTP2_READ_TIMEOUT, optarg);
|
2012-07-17 17:13:11 +02:00
|
|
|
break;
|
2012-08-01 17:06:41 +02:00
|
|
|
case 3:
|
2012-07-17 17:13:11 +02:00
|
|
|
// --frontend-read-timeout
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_READ_TIMEOUT, optarg);
|
2012-07-17 17:13:11 +02:00
|
|
|
break;
|
2012-08-01 17:06:41 +02:00
|
|
|
case 4:
|
2012-07-17 17:13:11 +02:00
|
|
|
// --frontend-write-timeout
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_WRITE_TIMEOUT, optarg);
|
2012-07-17 17:13:11 +02:00
|
|
|
break;
|
2012-08-01 17:06:41 +02:00
|
|
|
case 5:
|
2012-07-17 17:13:11 +02:00
|
|
|
// --backend-read-timeout
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_READ_TIMEOUT, optarg);
|
2012-07-17 17:13:11 +02:00
|
|
|
break;
|
2012-08-01 17:06:41 +02:00
|
|
|
case 6:
|
2012-07-17 17:13:11 +02:00
|
|
|
// --backend-write-timeout
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_WRITE_TIMEOUT, optarg);
|
2012-07-17 17:13:11 +02:00
|
|
|
break;
|
2012-07-17 18:08:05 +02:00
|
|
|
case 7:
|
2014-07-05 11:22:40 +02:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ACCESSLOG_FILE, optarg);
|
2012-07-17 18:08:05 +02:00
|
|
|
break;
|
2012-08-01 17:06:41 +02:00
|
|
|
case 8:
|
2012-07-26 16:08:51 +02:00
|
|
|
// --backend-keep-alive-timeout
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_KEEP_ALIVE_TIMEOUT, optarg);
|
2012-07-26 16:08:51 +02:00
|
|
|
break;
|
2012-08-01 17:06:41 +02:00
|
|
|
case 9:
|
2013-11-04 10:14:05 +01:00
|
|
|
// --frontend-http2-window-bits
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_HTTP2_WINDOW_BITS, optarg);
|
2012-07-26 16:18:37 +02:00
|
|
|
break;
|
2012-07-31 18:51:16 +02:00
|
|
|
case 10:
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_PID_FILE, optarg);
|
2012-07-31 18:51:16 +02:00
|
|
|
break;
|
2012-08-01 17:06:41 +02:00
|
|
|
case 11:
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_USER, optarg);
|
2012-08-01 17:06:41 +02:00
|
|
|
break;
|
|
|
|
|
case 12:
|
|
|
|
|
// --conf
|
2014-06-08 14:02:40 +02:00
|
|
|
mod_config()->conf_path = strcopy(optarg);
|
2012-07-31 18:51:16 +02:00
|
|
|
break;
|
2012-08-01 18:20:18 +02:00
|
|
|
case 14:
|
|
|
|
|
// --syslog-facility
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_SYSLOG_FACILITY, optarg);
|
2012-08-01 18:20:18 +02:00
|
|
|
break;
|
2012-08-01 18:28:59 +02:00
|
|
|
case 15:
|
|
|
|
|
// --backlog
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKLOG, optarg);
|
2012-08-01 18:28:59 +02:00
|
|
|
break;
|
2012-08-20 14:50:03 +02:00
|
|
|
case 16:
|
|
|
|
|
// --ciphers
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_CIPHERS, optarg);
|
2012-08-20 14:50:03 +02:00
|
|
|
break;
|
2012-11-18 13:23:13 +01:00
|
|
|
case 17:
|
2012-11-21 14:10:35 +01:00
|
|
|
// --client
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT, "yes");
|
2012-11-18 13:23:13 +01:00
|
|
|
break;
|
2012-11-21 15:47:48 +01:00
|
|
|
case 18:
|
2013-11-04 10:14:05 +01:00
|
|
|
// --backend-http2-window-bits
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_HTTP2_WINDOW_BITS, optarg);
|
2012-11-21 15:47:48 +01:00
|
|
|
break;
|
2012-11-22 13:46:15 +01:00
|
|
|
case 19:
|
|
|
|
|
// --cacert
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_CACERT, optarg);
|
2012-11-22 13:46:15 +01:00
|
|
|
break;
|
2012-11-23 13:11:01 +01:00
|
|
|
case 20:
|
|
|
|
|
// --backend-ipv4
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_IPV4, "yes");
|
2012-11-23 13:11:01 +01:00
|
|
|
break;
|
|
|
|
|
case 21:
|
|
|
|
|
// --backend-ipv6
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_IPV6, "yes");
|
2012-11-23 13:11:01 +01:00
|
|
|
break;
|
2012-12-03 07:33:04 +01:00
|
|
|
case 22:
|
|
|
|
|
// --private-key-passwd-file
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_PRIVATE_KEY_PASSWD_FILE, optarg);
|
2012-12-03 07:33:04 +01:00
|
|
|
break;
|
2013-01-09 14:01:25 +01:00
|
|
|
case 23:
|
|
|
|
|
// --no-via
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_NO_VIA, "yes");
|
2013-01-09 14:01:25 +01:00
|
|
|
break;
|
2013-02-06 15:27:05 +01:00
|
|
|
case 24:
|
|
|
|
|
// --subcert
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_SUBCERT, optarg);
|
2013-02-06 15:27:05 +01:00
|
|
|
break;
|
2013-02-08 13:46:58 +01:00
|
|
|
case 25:
|
2013-11-04 10:14:05 +01:00
|
|
|
// --http2-bridge
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_HTTP2_BRIDGE, "yes");
|
2013-02-08 13:46:58 +01:00
|
|
|
break;
|
2013-02-09 08:42:01 +01:00
|
|
|
case 26:
|
|
|
|
|
// --backend-http-proxy-uri
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_HTTP_PROXY_URI, optarg);
|
2013-02-09 08:42:01 +01:00
|
|
|
break;
|
2013-02-22 13:54:07 +01:00
|
|
|
case 27:
|
2013-08-03 11:58:14 +02:00
|
|
|
// --backend-no-tls
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_NO_TLS, "yes");
|
2013-02-22 13:54:07 +01:00
|
|
|
break;
|
2013-03-24 13:03:39 +01:00
|
|
|
case 29:
|
2013-08-03 11:58:14 +02:00
|
|
|
// --frontend-no-tls
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_NO_TLS, "yes");
|
2013-03-24 13:03:39 +01:00
|
|
|
break;
|
2013-03-29 14:06:33 +01:00
|
|
|
case 31:
|
|
|
|
|
// --backend-tls-sni-field
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_TLS_SNI_FIELD, optarg);
|
2013-03-29 14:06:33 +01:00
|
|
|
break;
|
2013-08-30 15:07:42 +02:00
|
|
|
case 33:
|
|
|
|
|
// --dh-param-file
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_DH_PARAM_FILE, optarg);
|
2013-08-30 15:07:42 +02:00
|
|
|
break;
|
2014-08-17 09:17:10 +02:00
|
|
|
case 34:
|
|
|
|
|
// --read-rate
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_READ_RATE, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 35:
|
|
|
|
|
// --read-burst
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_READ_BURST, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 36:
|
|
|
|
|
// --write-rate
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_WRITE_RATE, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 37:
|
|
|
|
|
// --write-burst
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_WRITE_BURST, optarg);
|
|
|
|
|
break;
|
2013-09-23 13:55:39 +02:00
|
|
|
case 38:
|
|
|
|
|
// --npn-list
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_NPN_LIST, optarg);
|
2013-09-23 13:55:39 +02:00
|
|
|
break;
|
2013-11-01 17:10:18 +01:00
|
|
|
case 39:
|
|
|
|
|
// --verify-client
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_VERIFY_CLIENT, "yes");
|
2013-11-01 17:10:18 +01:00
|
|
|
break;
|
2013-11-02 13:30:32 +01:00
|
|
|
case 40:
|
|
|
|
|
// --verify-client-cacert
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_VERIFY_CLIENT_CACERT, optarg);
|
2013-11-02 13:30:32 +01:00
|
|
|
break;
|
2013-11-02 14:58:02 +01:00
|
|
|
case 41:
|
|
|
|
|
// --client-private-key-file
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_PRIVATE_KEY_FILE, optarg);
|
2013-11-02 14:58:02 +01:00
|
|
|
break;
|
|
|
|
|
case 42:
|
|
|
|
|
// --client-cert-file
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_CLIENT_CERT_FILE, optarg);
|
2013-11-02 14:58:02 +01:00
|
|
|
break;
|
2013-11-17 15:52:19 +01:00
|
|
|
case 43:
|
|
|
|
|
// --frontend-http2-dump-request-header
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_HTTP2_DUMP_REQUEST_HEADER,
|
|
|
|
|
optarg);
|
2013-11-17 15:52:19 +01:00
|
|
|
break;
|
|
|
|
|
case 44:
|
|
|
|
|
// --frontend-http2-dump-response-header
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_HTTP2_DUMP_RESPONSE_HEADER,
|
|
|
|
|
optarg);
|
2013-11-17 15:52:19 +01:00
|
|
|
break;
|
2013-11-17 16:03:55 +01:00
|
|
|
case 45:
|
|
|
|
|
// --http2-no-cookie-crumbling
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_HTTP2_NO_COOKIE_CRUMBLING, "yes");
|
2013-11-17 16:03:55 +01:00
|
|
|
break;
|
2013-11-20 16:15:17 +01:00
|
|
|
case 46:
|
|
|
|
|
// --frontend-http2-connection-window-bits
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FRONTEND_HTTP2_CONNECTION_WINDOW_BITS,
|
|
|
|
|
optarg);
|
2013-11-20 16:15:17 +01:00
|
|
|
break;
|
|
|
|
|
case 47:
|
|
|
|
|
// --backend-http2-connection-window-bits
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_HTTP2_CONNECTION_WINDOW_BITS,
|
|
|
|
|
optarg);
|
2013-11-20 16:15:17 +01:00
|
|
|
break;
|
2014-01-02 03:49:38 +01:00
|
|
|
case 48:
|
|
|
|
|
// --tls-proto-list
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_PROTO_LIST, optarg);
|
2014-01-02 03:49:38 +01:00
|
|
|
break;
|
2014-02-11 09:23:22 +01:00
|
|
|
case 49:
|
|
|
|
|
// --padding
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_PADDING, optarg);
|
|
|
|
|
break;
|
2014-03-09 06:53:28 +01:00
|
|
|
case 50:
|
|
|
|
|
// --worker-read-rate
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_WORKER_READ_RATE, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 51:
|
|
|
|
|
// --worker-read-burst
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_WORKER_READ_BURST, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 52:
|
|
|
|
|
// --worker-write-rate
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_WORKER_WRITE_RATE, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 53:
|
|
|
|
|
// --worker-write-burst
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_WORKER_WRITE_BURST, optarg);
|
|
|
|
|
break;
|
2014-04-03 06:20:50 +02:00
|
|
|
case 54:
|
2014-04-08 15:28:50 +02:00
|
|
|
// --altsvc
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ALTSVC, optarg);
|
2014-04-03 06:20:50 +02:00
|
|
|
break;
|
2014-04-26 07:56:08 +02:00
|
|
|
case 55:
|
|
|
|
|
// --add-response-header
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ADD_RESPONSE_HEADER, optarg);
|
|
|
|
|
break;
|
2014-06-26 15:55:22 +02:00
|
|
|
case 56:
|
|
|
|
|
// --worker-frontend-connections
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_WORKER_FRONTEND_CONNECTIONS, optarg);
|
|
|
|
|
break;
|
2014-07-05 11:22:40 +02:00
|
|
|
case 57:
|
|
|
|
|
// --accesslog-syslog
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ACCESSLOG_SYSLOG, "yes");
|
|
|
|
|
break;
|
|
|
|
|
case 58:
|
|
|
|
|
// --errorlog-file
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ERRORLOG_FILE, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 59:
|
|
|
|
|
// --errorlog-syslog
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ERRORLOG_SYSLOG, "yes");
|
|
|
|
|
break;
|
2014-08-09 11:47:45 +02:00
|
|
|
case 60:
|
|
|
|
|
// --stream-read-timeout
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_STREAM_READ_TIMEOUT, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 61:
|
|
|
|
|
// --stream-write-timeout
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_STREAM_WRITE_TIMEOUT, optarg);
|
|
|
|
|
break;
|
2014-08-10 05:39:27 +02:00
|
|
|
case 62:
|
|
|
|
|
// --no-location-rewrite
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_NO_LOCATION_REWRITE, "yes");
|
|
|
|
|
break;
|
2014-08-16 14:29:20 +02:00
|
|
|
case 63:
|
2014-12-04 17:07:00 +01:00
|
|
|
// --backend-http1-connections-per-host
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_HTTP1_CONNECTIONS_PER_HOST,
|
2014-08-16 14:29:20 +02:00
|
|
|
optarg);
|
|
|
|
|
break;
|
2014-08-27 15:34:00 +02:00
|
|
|
case 64:
|
|
|
|
|
// --listener-disable-timeout
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_LISTENER_DISABLE_TIMEOUT, optarg);
|
|
|
|
|
break;
|
2014-10-24 15:24:17 +02:00
|
|
|
case 65:
|
|
|
|
|
// --strip-incoming-x-forwarded-for
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_FOR, "yes");
|
|
|
|
|
break;
|
2014-11-18 16:56:44 +01:00
|
|
|
case 66:
|
|
|
|
|
// --accesslog-format
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ACCESSLOG_FORMAT, optarg);
|
|
|
|
|
break;
|
2015-01-02 04:53:27 +01:00
|
|
|
case 67:
|
|
|
|
|
// --backend-http1-connections-per-frontend
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_HTTP1_CONNECTIONS_PER_FRONTEND,
|
|
|
|
|
optarg);
|
|
|
|
|
break;
|
2015-01-07 17:26:30 +01:00
|
|
|
case 68:
|
|
|
|
|
// --tls-ticket-key-file
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_FILE, optarg);
|
|
|
|
|
break;
|
2015-01-10 15:17:48 +01:00
|
|
|
case 69:
|
|
|
|
|
// --rlimit-nofile
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_RLIMIT_NOFILE, optarg);
|
|
|
|
|
break;
|
2015-01-13 15:20:06 +01:00
|
|
|
case 71:
|
|
|
|
|
// --backend-response-buffer
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_RESPONSE_BUFFER, optarg);
|
|
|
|
|
break;
|
2015-01-13 15:30:28 +01:00
|
|
|
case 72:
|
|
|
|
|
// --backend-request-buffer
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_REQUEST_BUFFER, optarg);
|
|
|
|
|
break;
|
2015-02-03 17:41:20 +01:00
|
|
|
case 73:
|
|
|
|
|
// --no-host-rewrite
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_NO_HOST_REWRITE, "yes");
|
|
|
|
|
break;
|
2015-02-08 08:19:12 +01:00
|
|
|
case 74:
|
|
|
|
|
// --no-server-push
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_NO_SERVER_PUSH, "yes");
|
|
|
|
|
break;
|
2015-03-10 15:43:25 +01:00
|
|
|
case 76:
|
|
|
|
|
// --backend-http2-connections-per-worker
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_BACKEND_HTTP2_CONNECTIONS_PER_WORKER,
|
|
|
|
|
optarg);
|
|
|
|
|
break;
|
2015-03-30 16:20:40 +02:00
|
|
|
case 77:
|
|
|
|
|
// --fetch-ocsp-response-file
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_FETCH_OCSP_RESPONSE_FILE, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 78:
|
|
|
|
|
// --ocsp-update-interval
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_OCSP_UPDATE_INTERVAL, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 79:
|
|
|
|
|
// --no-ocsp
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_NO_OCSP, "yes");
|
|
|
|
|
break;
|
2015-04-29 14:10:59 +02:00
|
|
|
case 80:
|
|
|
|
|
// --header-field-buffer
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_HEADER_FIELD_BUFFER, optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 81:
|
|
|
|
|
// --max-header-fields
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_MAX_HEADER_FIELDS, optarg);
|
|
|
|
|
break;
|
2015-06-05 16:04:20 +02:00
|
|
|
case 82:
|
|
|
|
|
// --add-request-header
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ADD_REQUEST_HEADER, optarg);
|
|
|
|
|
break;
|
2015-07-12 16:18:36 +02:00
|
|
|
case 83:
|
|
|
|
|
// --include
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_INCLUDE, optarg);
|
|
|
|
|
break;
|
2015-07-17 18:49:20 +02:00
|
|
|
case 84:
|
2015-07-28 16:49:37 +02:00
|
|
|
// --tls-ticket-key-cipher
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_CIPHER, optarg);
|
2015-07-17 18:49:20 +02:00
|
|
|
break;
|
2015-07-23 16:54:56 +02:00
|
|
|
case 85:
|
|
|
|
|
// --host-rewrite
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_HOST_REWRITE, "yes");
|
|
|
|
|
break;
|
2015-07-25 15:22:17 +02:00
|
|
|
case 86:
|
|
|
|
|
// --tls-session-cache-memcached
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_SESSION_CACHE_MEMCACHED, optarg);
|
|
|
|
|
break;
|
2015-07-27 17:54:44 +02:00
|
|
|
case 87:
|
|
|
|
|
// --tls-ticket-key-memcached
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED, optarg);
|
|
|
|
|
break;
|
2015-07-27 18:02:33 +02:00
|
|
|
case 88:
|
|
|
|
|
// --tls-ticket-key-memcached-interval
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_INTERVAL,
|
|
|
|
|
optarg);
|
|
|
|
|
break;
|
2015-07-27 18:17:29 +02:00
|
|
|
case 89:
|
|
|
|
|
// --tls-ticket-key-memcached-max-retry
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_RETRY,
|
|
|
|
|
optarg);
|
|
|
|
|
break;
|
|
|
|
|
case 90:
|
|
|
|
|
// --tls-ticket-key-memcached-max-fail
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_TLS_TICKET_KEY_MEMCACHED_MAX_FAIL,
|
|
|
|
|
optarg);
|
|
|
|
|
break;
|
2015-09-01 17:19:32 +02:00
|
|
|
case 91:
|
2015-09-03 18:19:57 +02:00
|
|
|
// --request-phase-file
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_REQUEST_PHASE_FILE, optarg);
|
2015-09-01 17:19:32 +02:00
|
|
|
break;
|
2015-09-02 18:32:15 +02:00
|
|
|
case 92:
|
2015-09-03 18:19:57 +02:00
|
|
|
// --response-phase-file
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_RESPONSE_PHASE_FILE, optarg);
|
2015-09-06 11:34:10 +02:00
|
|
|
break;
|
2015-09-06 11:39:32 +02:00
|
|
|
case 93:
|
|
|
|
|
// --accept-proxy-protocol
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_ACCEPT_PROXY_PROTOCOL, "yes");
|
|
|
|
|
break;
|
2012-07-12 16:39:11 +02:00
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
2012-06-06 16:58:19 +02:00
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (conf_exists(get_config()->conf_path.get())) {
|
2015-07-13 14:44:06 +02:00
|
|
|
std::set<std::string> include_set;
|
|
|
|
|
if (load_config(get_config()->conf_path.get(), include_set) == -1) {
|
2012-08-01 17:26:24 +02:00
|
|
|
LOG(FATAL) << "Failed to load configuration from "
|
2014-06-08 14:02:40 +02:00
|
|
|
<< get_config()->conf_path.get();
|
2012-08-01 17:06:41 +02:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2015-07-13 14:44:06 +02:00
|
|
|
assert(include_set.empty());
|
2012-08-01 17:06:41 +02:00
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (argc - optind >= 2) {
|
2014-01-18 08:32:22 +01:00
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_PRIVATE_KEY_FILE, argv[optind++]);
|
|
|
|
|
cmdcfgs.emplace_back(SHRPX_OPT_CERTIFICATE_FILE, argv[optind++]);
|
2012-08-01 17:06:41 +02:00
|
|
|
}
|
2012-06-06 17:03:05 +02:00
|
|
|
|
2015-07-23 17:32:19 +02:00
|
|
|
// Reopen log files using configurations in file
|
2014-08-17 15:37:30 +02:00
|
|
|
reopen_log_files();
|
|
|
|
|
|
2015-07-13 14:44:06 +02:00
|
|
|
{
|
|
|
|
|
std::set<std::string> include_set;
|
|
|
|
|
|
|
|
|
|
for (size_t i = 0, len = cmdcfgs.size(); i < len; ++i) {
|
|
|
|
|
if (parse_config(cmdcfgs[i].first, cmdcfgs[i].second, include_set) ==
|
|
|
|
|
-1) {
|
|
|
|
|
LOG(FATAL) << "Failed to parse command-line argument.";
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2012-08-01 17:06:41 +02:00
|
|
|
}
|
2015-07-13 14:44:06 +02:00
|
|
|
|
|
|
|
|
assert(include_set.empty());
|
2012-08-01 17:06:41 +02:00
|
|
|
}
|
2012-06-06 17:03:05 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->accesslog_syslog || get_config()->errorlog_syslog) {
|
2014-06-12 14:46:25 +02:00
|
|
|
openlog("nghttpx", LOG_NDELAY | LOG_NOWAIT | LOG_PID,
|
|
|
|
|
get_config()->syslog_facility);
|
2014-07-05 11:22:40 +02:00
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (reopen_log_files() != 0) {
|
2014-07-05 11:22:40 +02:00
|
|
|
LOG(FATAL) << "Failed to open log file";
|
|
|
|
|
exit(EXIT_FAILURE);
|
2014-06-12 14:46:25 +02:00
|
|
|
}
|
|
|
|
|
|
2015-04-08 09:59:58 +02:00
|
|
|
redirect_stderr_to_errorlog();
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->uid != 0) {
|
2015-03-03 17:09:15 +01:00
|
|
|
if (log_config()->accesslog_fd != -1 &&
|
|
|
|
|
fchown(log_config()->accesslog_fd, get_config()->uid,
|
2014-11-27 15:39:04 +01:00
|
|
|
get_config()->gid) == -1) {
|
2014-08-10 13:58:02 +02:00
|
|
|
auto error = errno;
|
2014-11-08 02:51:56 +01:00
|
|
|
LOG(WARN) << "Changing owner of access log file failed: "
|
|
|
|
|
<< strerror(error);
|
2014-08-10 13:58:02 +02:00
|
|
|
}
|
2015-03-03 17:09:15 +01:00
|
|
|
if (log_config()->errorlog_fd != -1 &&
|
2015-03-04 17:57:18 +01:00
|
|
|
fchown(log_config()->errorlog_fd, get_config()->uid,
|
|
|
|
|
get_config()->gid) == -1) {
|
2014-08-10 13:58:02 +02:00
|
|
|
auto error = errno;
|
2014-11-08 02:51:56 +01:00
|
|
|
LOG(WARN) << "Changing owner of error log file failed: "
|
|
|
|
|
<< strerror(error);
|
2014-08-10 13:58:02 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->http2_upstream_dump_request_header_file) {
|
2014-08-12 18:53:44 +02:00
|
|
|
auto path = get_config()->http2_upstream_dump_request_header_file.get();
|
|
|
|
|
auto f = open_file_for_write(path);
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (f == nullptr) {
|
2014-08-12 18:53:44 +02:00
|
|
|
LOG(FATAL) << "Failed to open http2 upstream request header file: "
|
|
|
|
|
<< path;
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mod_config()->http2_upstream_dump_request_header = f;
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->uid != 0) {
|
|
|
|
|
if (chown(path, get_config()->uid, get_config()->gid) == -1) {
|
2014-08-12 18:53:44 +02:00
|
|
|
auto error = errno;
|
2014-11-08 02:51:56 +01:00
|
|
|
LOG(WARN) << "Changing owner of http2 upstream request header file "
|
2014-11-27 15:39:04 +01:00
|
|
|
<< path << " failed: " << strerror(error);
|
2014-08-12 18:53:44 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->http2_upstream_dump_response_header_file) {
|
2014-08-12 18:53:44 +02:00
|
|
|
auto path = get_config()->http2_upstream_dump_response_header_file.get();
|
|
|
|
|
auto f = open_file_for_write(path);
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (f == nullptr) {
|
2014-08-12 18:53:44 +02:00
|
|
|
LOG(FATAL) << "Failed to open http2 upstream response header file: "
|
|
|
|
|
<< path;
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
mod_config()->http2_upstream_dump_response_header = f;
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->uid != 0) {
|
|
|
|
|
if (chown(path, get_config()->uid, get_config()->gid) == -1) {
|
2014-08-12 18:53:44 +02:00
|
|
|
auto error = errno;
|
2014-11-08 02:51:56 +01:00
|
|
|
LOG(WARN) << "Changing owner of http2 upstream response header file"
|
2014-11-27 15:39:04 +01:00
|
|
|
<< " " << path << " failed: " << strerror(error);
|
2014-08-12 18:53:44 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->npn_list.empty()) {
|
2014-06-08 15:52:27 +02:00
|
|
|
mod_config()->npn_list = parse_config_str_list(DEFAULT_NPN_LIST);
|
2013-09-23 13:55:39 +02:00
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->tls_proto_list.empty()) {
|
|
|
|
|
mod_config()->tls_proto_list =
|
|
|
|
|
parse_config_str_list(DEFAULT_TLS_PROTO_LIST);
|
2014-01-02 03:49:38 +01:00
|
|
|
}
|
2013-09-23 13:55:39 +02:00
|
|
|
|
2014-06-08 15:52:27 +02:00
|
|
|
mod_config()->tls_proto_mask =
|
2014-11-27 15:39:04 +01:00
|
|
|
ssl::create_tls_proto_mask(get_config()->tls_proto_list);
|
2014-06-08 15:52:27 +02:00
|
|
|
|
2014-06-10 16:15:29 +02:00
|
|
|
mod_config()->alpn_prefs = ssl::set_alpn_prefs(get_config()->npn_list);
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->backend_ipv4 && get_config()->backend_ipv6) {
|
2012-11-23 13:11:01 +01:00
|
|
|
LOG(FATAL) << "--backend-ipv4 and --backend-ipv6 cannot be used at the "
|
|
|
|
|
<< "same time.";
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->worker_frontend_connections == 0) {
|
2014-06-26 15:55:22 +02:00
|
|
|
mod_config()->worker_frontend_connections =
|
2014-11-27 15:39:04 +01:00
|
|
|
std::numeric_limits<size_t>::max();
|
2014-06-26 15:55:22 +02:00
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->http2_proxy + get_config()->http2_bridge +
|
|
|
|
|
get_config()->client_proxy + get_config()->client >
|
|
|
|
|
1) {
|
2013-11-04 10:14:05 +01:00
|
|
|
LOG(FATAL) << "--http2-proxy, --http2-bridge, --client-proxy and --client "
|
2013-02-08 13:46:58 +01:00
|
|
|
<< "cannot be used at the same time.";
|
2012-11-21 14:10:35 +01:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->client || get_config()->client_proxy) {
|
2012-11-21 14:10:35 +01:00
|
|
|
mod_config()->client_mode = true;
|
2015-02-11 11:18:41 +01:00
|
|
|
mod_config()->upstream_no_tls = true;
|
2012-11-21 14:10:35 +01:00
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->client_mode || get_config()->http2_bridge) {
|
2013-11-04 10:15:56 +01:00
|
|
|
mod_config()->downstream_proto = PROTO_HTTP2;
|
2013-02-22 13:54:07 +01:00
|
|
|
} else {
|
|
|
|
|
mod_config()->downstream_proto = PROTO_HTTP;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-11 11:18:41 +01:00
|
|
|
if (!get_config()->upstream_no_tls &&
|
|
|
|
|
(!get_config()->private_key_file || !get_config()->cert_file)) {
|
|
|
|
|
print_usage(std::cerr);
|
|
|
|
|
LOG(FATAL) << "Too few arguments";
|
|
|
|
|
exit(EXIT_FAILURE);
|
2012-11-18 13:23:13 +01:00
|
|
|
}
|
|
|
|
|
|
2015-03-30 16:20:40 +02:00
|
|
|
if (!get_config()->upstream_no_tls && !get_config()->no_ocsp) {
|
|
|
|
|
struct stat buf;
|
|
|
|
|
if (stat(get_config()->fetch_ocsp_response_file.get(), &buf) != 0) {
|
|
|
|
|
mod_config()->no_ocsp = true;
|
|
|
|
|
LOG(WARN) << "--fetch-ocsp-response-file: "
|
|
|
|
|
<< get_config()->fetch_ocsp_response_file.get()
|
|
|
|
|
<< " not found. OCSP stapling has been disabled.";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
if (get_config()->downstream_addr_groups.empty()) {
|
2014-12-06 10:31:46 +01:00
|
|
|
DownstreamAddr addr;
|
|
|
|
|
addr.host = strcopy(DEFAULT_DOWNSTREAM_HOST);
|
|
|
|
|
addr.port = DEFAULT_DOWNSTREAM_PORT;
|
2014-05-14 15:39:28 +02:00
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
DownstreamAddrGroup g("/");
|
|
|
|
|
g.addrs.push_back(std::move(addr));
|
|
|
|
|
mod_config()->downstream_addr_groups.push_back(std::move(g));
|
2015-07-12 15:16:20 +02:00
|
|
|
} else if (get_config()->http2_proxy || get_config()->client_proxy) {
|
2015-07-09 19:52:11 +02:00
|
|
|
// We don't support host mapping in these cases. Move all
|
2015-07-12 15:16:20 +02:00
|
|
|
// non-catch-all patterns to catch-all pattern.
|
2015-07-09 19:52:11 +02:00
|
|
|
DownstreamAddrGroup catch_all("/");
|
|
|
|
|
for (auto &g : mod_config()->downstream_addr_groups) {
|
|
|
|
|
std::move(std::begin(g.addrs), std::end(g.addrs),
|
|
|
|
|
std::back_inserter(catch_all.addrs));
|
|
|
|
|
}
|
|
|
|
|
std::vector<DownstreamAddrGroup>().swap(
|
|
|
|
|
mod_config()->downstream_addr_groups);
|
|
|
|
|
mod_config()->downstream_addr_groups.push_back(std::move(catch_all));
|
2014-12-06 10:31:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
|
LOG(INFO) << "Resolving backend address";
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
ssize_t catch_all_group = -1;
|
|
|
|
|
for (size_t i = 0; i < mod_config()->downstream_addr_groups.size(); ++i) {
|
|
|
|
|
auto &g = mod_config()->downstream_addr_groups[i];
|
|
|
|
|
if (g.pattern == "/") {
|
|
|
|
|
catch_all_group = i;
|
|
|
|
|
}
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
|
LOG(INFO) << "Host-path pattern: group " << i << ": '" << g.pattern
|
|
|
|
|
<< "'";
|
|
|
|
|
for (auto &addr : g.addrs) {
|
|
|
|
|
LOG(INFO) << "group " << i << " -> " << addr.host.get()
|
|
|
|
|
<< (addr.host_unix ? "" : ":" + util::utos(addr.port));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-05-14 15:39:28 +02:00
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
if (catch_all_group == -1) {
|
|
|
|
|
LOG(FATAL) << "-b: No catch-all backend address is configured";
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
mod_config()->downstream_addr_group_catch_all = catch_all_group;
|
2014-05-14 15:39:28 +02:00
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
|
LOG(INFO) << "Catch-all pattern is group " << catch_all_group;
|
|
|
|
|
}
|
2014-05-14 15:39:28 +02:00
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
for (auto &g : mod_config()->downstream_addr_groups) {
|
|
|
|
|
for (auto &addr : g.addrs) {
|
2015-02-22 04:27:51 +01:00
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
if (addr.host_unix) {
|
|
|
|
|
// for AF_UNIX socket, we use "localhost" as host for backend
|
|
|
|
|
// hostport. This is used as Host header field to backend and
|
|
|
|
|
// not going to be passed to any syscalls.
|
|
|
|
|
addr.hostport =
|
|
|
|
|
strcopy(util::make_hostport("localhost", get_config()->port));
|
2014-05-14 15:39:28 +02:00
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
auto path = addr.host.get();
|
|
|
|
|
auto pathlen = strlen(path);
|
2015-02-22 04:27:51 +01:00
|
|
|
|
2015-07-26 18:41:10 +02:00
|
|
|
if (pathlen + 1 > sizeof(addr.addr.su.un.sun_path)) {
|
2015-07-09 19:52:11 +02:00
|
|
|
LOG(FATAL) << "UNIX domain socket path " << path << " is too long > "
|
2015-07-26 18:41:10 +02:00
|
|
|
<< sizeof(addr.addr.su.un.sun_path);
|
2015-07-09 19:52:11 +02:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2014-05-14 15:39:28 +02:00
|
|
|
|
2015-07-09 19:52:11 +02:00
|
|
|
LOG(INFO) << "Use UNIX domain socket path " << path
|
|
|
|
|
<< " for backend connection";
|
2012-06-06 16:58:19 +02:00
|
|
|
|
2015-07-26 18:41:10 +02:00
|
|
|
addr.addr.su.un.sun_family = AF_UNIX;
|
2015-07-09 19:52:11 +02:00
|
|
|
// copy path including terminal NULL
|
2015-07-26 18:41:10 +02:00
|
|
|
std::copy_n(path, pathlen + 1, addr.addr.su.un.sun_path);
|
|
|
|
|
addr.addr.len = sizeof(addr.addr.su.un);
|
2015-07-09 19:52:11 +02:00
|
|
|
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addr.hostport = strcopy(util::make_hostport(addr.host.get(), addr.port));
|
|
|
|
|
|
|
|
|
|
if (resolve_hostname(
|
2015-07-26 18:41:10 +02:00
|
|
|
&addr.addr, addr.host.get(), addr.port,
|
2015-07-09 19:52:11 +02:00
|
|
|
get_config()->backend_ipv4 ? AF_INET : (get_config()->backend_ipv6
|
|
|
|
|
? AF_INET6
|
|
|
|
|
: AF_UNSPEC)) == -1) {
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
2014-12-06 10:31:46 +01:00
|
|
|
}
|
2012-06-04 16:48:31 +02:00
|
|
|
}
|
2012-06-05 18:26:04 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->downstream_http_proxy_host) {
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
2013-02-09 08:42:01 +01:00
|
|
|
LOG(INFO) << "Resolving backend http proxy address";
|
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (resolve_hostname(&mod_config()->downstream_http_proxy_addr,
|
|
|
|
|
get_config()->downstream_http_proxy_host.get(),
|
|
|
|
|
get_config()->downstream_http_proxy_port,
|
|
|
|
|
AF_UNSPEC) == -1) {
|
2013-02-09 08:42:01 +01:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-25 15:22:17 +02:00
|
|
|
if (get_config()->session_cache_memcached_host) {
|
|
|
|
|
if (resolve_hostname(&mod_config()->session_cache_memcached_addr,
|
|
|
|
|
get_config()->session_cache_memcached_host.get(),
|
|
|
|
|
get_config()->session_cache_memcached_port,
|
|
|
|
|
AF_UNSPEC) == -1) {
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-27 17:54:44 +02:00
|
|
|
if (get_config()->tls_ticket_key_memcached_host) {
|
|
|
|
|
if (resolve_hostname(&mod_config()->tls_ticket_key_memcached_addr,
|
|
|
|
|
get_config()->tls_ticket_key_memcached_host.get(),
|
|
|
|
|
get_config()->tls_ticket_key_memcached_port,
|
|
|
|
|
AF_UNSPEC) == -1) {
|
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-10 15:17:48 +01:00
|
|
|
if (get_config()->rlimit_nofile) {
|
2015-02-21 08:56:41 +01:00
|
|
|
struct rlimit lim = {static_cast<rlim_t>(get_config()->rlimit_nofile),
|
|
|
|
|
static_cast<rlim_t>(get_config()->rlimit_nofile)};
|
2015-01-10 15:17:48 +01:00
|
|
|
if (setrlimit(RLIMIT_NOFILE, &lim) != 0) {
|
|
|
|
|
auto error = errno;
|
|
|
|
|
LOG(WARN) << "Setting rlimit-nofile failed: " << strerror(error);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (get_config()->upstream_frame_debug) {
|
2014-02-09 10:47:26 +01:00
|
|
|
// To make it sync to logging
|
|
|
|
|
set_output(stderr);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (isatty(fileno(stdout))) {
|
2014-02-09 10:47:26 +01:00
|
|
|
set_color_output(true);
|
|
|
|
|
}
|
|
|
|
|
reset_timer();
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-19 10:55:37 +02:00
|
|
|
struct sigaction act {};
|
2012-06-06 16:58:19 +02:00
|
|
|
act.sa_handler = SIG_IGN;
|
2014-08-16 17:05:24 +02:00
|
|
|
sigaction(SIGPIPE, &act, nullptr);
|
2012-06-06 16:58:19 +02:00
|
|
|
|
2015-09-01 17:19:32 +02:00
|
|
|
if (event_loop() != 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2012-06-08 15:41:24 +02:00
|
|
|
|
2014-11-06 15:32:56 +01:00
|
|
|
LOG(NOTICE) << "Shutdown momentarily";
|
2014-08-12 15:22:02 +02:00
|
|
|
|
2015-09-01 19:07:29 +02:00
|
|
|
delete log_config();
|
|
|
|
|
|
2012-06-04 16:48:31 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace shrpx
|
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
int main(int argc, char **argv) { return shrpx::main(argc, argv); }
|
