nghttpx: Fix bug that old config is used during reloading config

This commit is contained in:
Tatsuhiro Tsujikawa 2017-02-16 22:46:22 +09:00
parent cfb39171a7
commit e5b84fad09
53 changed files with 98 additions and 56 deletions

View File

@ -45,6 +45,7 @@
#include "shrpx_config.h" #include "shrpx_config.h"
#include "ssl.h" #include "ssl.h"
#include "shrpx_router_test.h" #include "shrpx_router_test.h"
#include "shrpx_log.h"
static int init_suite1(void) { return 0; } static int init_suite1(void) { return 0; }

View File

@ -85,6 +85,7 @@
#include "shrpx_process.h" #include "shrpx_process.h"
#include "shrpx_signal.h" #include "shrpx_signal.h"
#include "shrpx_connection.h" #include "shrpx_connection.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "app_helper.h" #include "app_helper.h"
#include "ssl.h" #include "ssl.h"
@ -299,13 +300,6 @@ int worker_process_last_pid() {
} }
} // namespace } // namespace
namespace {
int chown_to_running_user(const char *path) {
auto config = get_config();
return chown(path, config->uid, config->gid);
}
} // namespace
namespace { namespace {
int save_pid() { int save_pid() {
std::array<char, STRERROR_BUFSIZE> errbuf; std::array<char, STRERROR_BUFSIZE> errbuf;
@ -361,7 +355,7 @@ int save_pid() {
} }
if (config->uid != 0) { if (config->uid != 0) {
if (chown_to_running_user(pid_file.c_str()) == -1) { if (chown(pid_file.c_str(), config->uid, config->gid) == -1) {
auto error = errno; auto error = errno;
LOG(WARN) << "Changing owner of pid file " << pid_file << " failed: " LOG(WARN) << "Changing owner of pid file " << pid_file << " failed: "
<< xsi_strerror(error, errbuf.data(), errbuf.size()); << xsi_strerror(error, errbuf.data(), errbuf.size());
@ -558,8 +552,11 @@ namespace {
void reopen_log(WorkerProcess *wp) { void reopen_log(WorkerProcess *wp) {
LOG(NOTICE) << "Reopening log files: master process"; LOG(NOTICE) << "Reopening log files: master process";
(void)reopen_log_files(); auto config = get_config();
redirect_stderr_to_errorlog(); auto &loggingconf = config->logging;
(void)reopen_log_files(loggingconf);
redirect_stderr_to_errorlog(loggingconf);
ipc_send(wp, SHRPX_IPC_REOPEN_LOG); ipc_send(wp, SHRPX_IPC_REOPEN_LOG);
} }
} // namespace } // namespace
@ -1112,7 +1109,7 @@ int create_acceptor_socket(Config *config, std::vector<InheritedAddr> &iaddrs) {
if (config->uid != 0) { if (config->uid != 0) {
// fd is not associated to inode, so we cannot use fchown(2) // fd is not associated to inode, so we cannot use fchown(2)
// here. https://lkml.org/lkml/2004/11/1/84 // here. https://lkml.org/lkml/2004/11/1/84
if (chown_to_running_user(addr.host.c_str()) == -1) { if (chown(addr.host.c_str(), config->uid, config->gid) == -1) {
auto error = errno; auto error = errno;
LOG(WARN) << "Changing owner of UNIX domain socket " << addr.host LOG(WARN) << "Changing owner of UNIX domain socket " << addr.host
<< " failed: " << " failed: "
@ -1297,7 +1294,7 @@ int event_loop() {
// daemon redirects stderr file descriptor to /dev/null, so we // daemon redirects stderr file descriptor to /dev/null, so we
// need this. // need this.
redirect_stderr_to_errorlog(); redirect_stderr_to_errorlog(config->logging);
} }
// update systemd PID tracking // update systemd PID tracking
@ -2646,7 +2643,7 @@ int process_options(Config *config,
} }
// Reopen log files using configurations in file // Reopen log files using configurations in file
reopen_log_files(); reopen_log_files(config->logging);
{ {
std::set<StringRef> include_set; std::set<StringRef> include_set;
@ -2668,12 +2665,12 @@ int process_options(Config *config,
loggingconf.syslog_facility); loggingconf.syslog_facility);
} }
if (reopen_log_files() != 0) { if (reopen_log_files(config->logging) != 0) {
LOG(FATAL) << "Failed to open log file"; LOG(FATAL) << "Failed to open log file";
return -1; return -1;
} }
redirect_stderr_to_errorlog(); redirect_stderr_to_errorlog(loggingconf);
if (config->uid != 0) { if (config->uid != 0) {
if (log_config()->accesslog_fd != -1 && if (log_config()->accesslog_fd != -1 &&
@ -2707,7 +2704,7 @@ int process_options(Config *config,
dumpconf.request_header = f; dumpconf.request_header = f;
if (config->uid != 0) { if (config->uid != 0) {
if (chown_to_running_user(path) == -1) { if (chown(path, config->uid, config->gid) == -1) {
auto error = errno; auto error = errno;
LOG(WARN) << "Changing owner of http2 upstream request header file " LOG(WARN) << "Changing owner of http2 upstream request header file "
<< path << " failed: " << path << " failed: "
@ -2729,7 +2726,7 @@ int process_options(Config *config,
dumpconf.response_header = f; dumpconf.response_header = f;
if (config->uid != 0) { if (config->uid != 0) {
if (chown_to_running_user(path) == -1) { if (chown(path, config->uid, config->gid) == -1) {
auto error = errno; auto error = errno;
LOG(WARN) << "Changing owner of http2 upstream response header file" LOG(WARN) << "Changing owner of http2 upstream response header file"
<< " " << path << " failed: " << " " << path << " failed: "
@ -2781,14 +2778,14 @@ int process_options(Config *config,
upstreamconf.worker_connections = std::numeric_limits<size_t>::max(); upstreamconf.worker_connections = std::numeric_limits<size_t>::max();
} }
if (ssl::upstream_tls_enabled() && if (ssl::upstream_tls_enabled(config->conn) &&
(tlsconf.private_key_file.empty() || tlsconf.cert_file.empty())) { (tlsconf.private_key_file.empty() || tlsconf.cert_file.empty())) {
print_usage(std::cerr); print_usage(std::cerr);
LOG(FATAL) << "Too few arguments"; LOG(FATAL) << "Too few arguments";
return -1; return -1;
} }
if (ssl::upstream_tls_enabled() && !tlsconf.ocsp.disabled) { if (ssl::upstream_tls_enabled(config->conn) && !tlsconf.ocsp.disabled) {
struct stat buf; struct stat buf;
if (stat(tlsconf.ocsp.fetch_ocsp_response_file.c_str(), &buf) != 0) { if (stat(tlsconf.ocsp.fetch_ocsp_response_file.c_str(), &buf) != 0) {
tlsconf.ocsp.disabled = true; tlsconf.ocsp.disabled = true;
@ -3005,7 +3002,7 @@ int main(int argc, char **argv) {
// First open log files with default configuration, so that we can // First open log files with default configuration, so that we can
// log errors/warnings while reading configuration files. // log errors/warnings while reading configuration files.
reopen_log_files(); reopen_log_files(get_config()->logging);
suconfig.original_argv = argv; suconfig.original_argv = argv;

View File

@ -42,8 +42,6 @@
#define nghttp2_Exit(status) _Exit(status) #define nghttp2_Exit(status) _Exit(status)
#endif // HAVE__EXIT #endif // HAVE__EXIT
#include "shrpx_log.h"
#define DIE() nghttp2_Exit(EXIT_FAILURE) #define DIE() nghttp2_Exit(EXIT_FAILURE)
#if defined(HAVE_DECL_INITGROUPS) && !HAVE_DECL_INITGROUPS #if defined(HAVE_DECL_INITGROUPS) && !HAVE_DECL_INITGROUPS

View File

@ -32,6 +32,7 @@
#include "shrpx_connection_handler.h" #include "shrpx_connection_handler.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
using namespace nghttp2; using namespace nghttp2;

View File

@ -29,6 +29,7 @@
#include "shrpx_downstream.h" #include "shrpx_downstream.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_connection_handler.h" #include "shrpx_connection_handler.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -50,6 +50,7 @@
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
#include "shrpx_api_downstream_connection.h" #include "shrpx_api_downstream_connection.h"
#include "shrpx_health_monitor_downstream_connection.h" #include "shrpx_health_monitor_downstream_connection.h"
#include "shrpx_log.h"
#ifdef HAVE_SPDYLAY #ifdef HAVE_SPDYLAY
#include "shrpx_spdy_upstream.h" #include "shrpx_spdy_upstream.h"
#endif // HAVE_SPDYLAY #endif // HAVE_SPDYLAY

View File

@ -49,6 +49,7 @@ class HttpsUpstream;
class ConnectBlocker; class ConnectBlocker;
class DownstreamConnectionPool; class DownstreamConnectionPool;
class Worker; class Worker;
class Downstream;
struct WorkerStat; struct WorkerStat;
struct DownstreamAddrGroup; struct DownstreamAddrGroup;
struct DownstreamAddr; struct DownstreamAddr;

View File

@ -33,6 +33,7 @@
#include <CUnit/CUnit.h> #include <CUnit/CUnit.h>
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -24,6 +24,7 @@
*/ */
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -28,6 +28,7 @@
#include "shrpx.h" #include "shrpx.h"
#include <random> #include <random>
#include <functional>
#include <ev.h> #include <ev.h>

View File

@ -35,6 +35,7 @@
#include "shrpx_ssl.h" #include "shrpx_ssl.h"
#include "shrpx_memcached_request.h" #include "shrpx_memcached_request.h"
#include "shrpx_log.h"
#include "memchunk.h" #include "memchunk.h"
#include "util.h" #include "util.h"
#include "ssl_compat.h" #include "ssl_compat.h"

View File

@ -44,6 +44,7 @@
#include "shrpx_accept_handler.h" #include "shrpx_accept_handler.h"
#include "shrpx_memcached_dispatcher.h" #include "shrpx_memcached_dispatcher.h"
#include "shrpx_signal.h" #include "shrpx_signal.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "template.h" #include "template.h"
@ -351,7 +352,7 @@ void ConnectionHandler::graceful_shutdown_worker() {
ev_async_start(loop_, &thread_join_asyncev_); ev_async_start(loop_, &thread_join_asyncev_);
thread_join_fut_ = std::async(std::launch::async, [this]() { thread_join_fut_ = std::async(std::launch::async, [this]() {
(void)reopen_log_files(); (void)reopen_log_files(get_config()->logging);
join_worker(); join_worker();
ev_async_send(get_loop(), &thread_join_asyncev_); ev_async_send(get_loop(), &thread_join_asyncev_);
delete_log_config(); delete_log_config();

View File

@ -24,6 +24,7 @@
*/ */
#include "shrpx_dns_tracker.h" #include "shrpx_dns_tracker.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
namespace shrpx { namespace shrpx {

View File

@ -36,6 +36,7 @@
#include "shrpx_downstream_queue.h" #include "shrpx_downstream_queue.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
#include "shrpx_log.h"
#ifdef HAVE_MRUBY #ifdef HAVE_MRUBY
#include "shrpx_mruby.h" #include "shrpx_mruby.h"
#endif // HAVE_MRUBY #endif // HAVE_MRUBY

View File

@ -38,6 +38,7 @@
#include <nghttp2/nghttp2.h> #include <nghttp2/nghttp2.h>
#include "shrpx_io_control.h" #include "shrpx_io_control.h"
#include "shrpx_log_config.h"
#include "http2.h" #include "http2.h"
#include "memchunk.h" #include "memchunk.h"
#include "allocator.h" #include "allocator.h"

View File

@ -26,6 +26,7 @@
#include "shrpx_client_handler.h" #include "shrpx_client_handler.h"
#include "shrpx_downstream.h" #include "shrpx_downstream.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -27,6 +27,8 @@
#include "shrpx.h" #include "shrpx.h"
#include <memory>
#include "shrpx_io_control.h" #include "shrpx_io_control.h"
namespace shrpx { namespace shrpx {

View File

@ -27,6 +27,7 @@
#include <cerrno> #include <cerrno>
#include "shrpx_signal.h" #include "shrpx_signal.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "template.h" #include "template.h"

View File

@ -27,7 +27,7 @@
#include "shrpx_client_handler.h" #include "shrpx_client_handler.h"
#include "shrpx_upstream.h" #include "shrpx_upstream.h"
#include "shrpx_downstream.h" #include "shrpx_downstream.h"
//#include "shrpx_connection_handler.h" #include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -34,6 +34,8 @@
#include "util.h" #include "util.h"
#include "allocator.h" #include "allocator.h"
using namespace nghttp2;
namespace shrpx { namespace shrpx {
namespace http { namespace http {

View File

@ -38,6 +38,7 @@
#include "shrpx_http.h" #include "shrpx_http.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_log.h"
#include "http2.h" #include "http2.h"
#include "util.h" #include "util.h"

View File

@ -43,6 +43,7 @@
#include "shrpx_http.h" #include "shrpx_http.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
#include "shrpx_log.h"
#include "http2.h" #include "http2.h"
#include "util.h" #include "util.h"
#include "base64.h" #include "base64.h"

View File

@ -48,6 +48,7 @@ namespace shrpx {
class Http2DownstreamConnection; class Http2DownstreamConnection;
class Worker; class Worker;
class Downstream;
struct DownstreamAddrGroup; struct DownstreamAddrGroup;
struct DownstreamAddr; struct DownstreamAddr;
struct DNSQuery; struct DNSQuery;

View File

@ -37,6 +37,7 @@
#include "shrpx_http.h" #include "shrpx_http.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
#include "shrpx_log.h"
#ifdef HAVE_MRUBY #ifdef HAVE_MRUBY
#include "shrpx_mruby.h" #include "shrpx_mruby.h"
#endif // HAVE_MRUBY #endif // HAVE_MRUBY

View File

@ -36,6 +36,7 @@
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
#include "shrpx_ssl.h" #include "shrpx_ssl.h"
#include "shrpx_log.h"
#include "http2.h" #include "http2.h"
#include "util.h" #include "util.h"

View File

@ -34,6 +34,7 @@
#include "shrpx_http.h" #include "shrpx_http.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -37,6 +37,7 @@
#include "shrpx_log_config.h" #include "shrpx_log_config.h"
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
#include "shrpx_log.h"
#ifdef HAVE_MRUBY #ifdef HAVE_MRUBY
#include "shrpx_mruby.h" #include "shrpx_mruby.h"
#endif // HAVE_MRUBY #endif // HAVE_MRUBY

View File

@ -26,6 +26,7 @@
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
#include "shrpx_ssl.h" #include "shrpx_ssl.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -456,15 +456,14 @@ void upstream_accesslog(const std::vector<LogFragment> &lfv,
; ;
} }
int reopen_log_files() { int reopen_log_files(const LoggingConfig &loggingconf) {
int res = 0; int res = 0;
int new_accesslog_fd = -1; int new_accesslog_fd = -1;
int new_errorlog_fd = -1; int new_errorlog_fd = -1;
auto lgconf = log_config(); auto lgconf = log_config();
auto config = get_config(); auto &accessconf = loggingconf.access;
auto &accessconf = config->logging.access; auto &errorconf = loggingconf.error;
auto &errorconf = config->logging.error;
if (!accessconf.syslog && !accessconf.file.empty()) { if (!accessconf.syslog && !accessconf.file.empty()) {
new_accesslog_fd = open_log_file(accessconf.file.c_str()); new_accesslog_fd = open_log_file(accessconf.file.c_str());
@ -524,9 +523,9 @@ void log_chld(pid_t pid, int rstatus, const char *msg) {
<< (signalstr.empty() ? "" : signalstr.c_str()); << (signalstr.empty() ? "" : signalstr.c_str());
} }
void redirect_stderr_to_errorlog() { void redirect_stderr_to_errorlog(const LoggingConfig &loggingconf) {
auto lgconf = log_config(); auto lgconf = log_config();
auto &errorconf = get_config()->logging.error; auto &errorconf = loggingconf.error;
if (errorconf.syslog || lgconf->errorlog_fd == -1) { if (errorconf.syslog || lgconf->errorlog_fd == -1) {
return; return;

View File

@ -34,6 +34,7 @@
#include <vector> #include <vector>
#include <chrono> #include <chrono>
#include "shrpx_config.h"
#include "shrpx_log_config.h" #include "shrpx_log_config.h"
#include "ssl.h" #include "ssl.h"
#include "template.h" #include "template.h"
@ -157,13 +158,13 @@ struct LogSpec {
void upstream_accesslog(const std::vector<LogFragment> &lf, void upstream_accesslog(const std::vector<LogFragment> &lf,
const LogSpec &lgsp); const LogSpec &lgsp);
int reopen_log_files(); int reopen_log_files(const LoggingConfig &loggingconf);
// Logs message when process whose pid is |pid| and exist status is // Logs message when process whose pid is |pid| and exist status is
// |rstatus| exited. The |msg| is prepended to the log message. // |rstatus| exited. The |msg| is prepended to the log message.
void log_chld(pid_t pid, int rstatus, const char *msg); void log_chld(pid_t pid, int rstatus, const char *msg);
void redirect_stderr_to_errorlog(); void redirect_stderr_to_errorlog(const LoggingConfig &loggingconf);
// Makes internal copy of stderr (and possibly stdout in the future), // Makes internal copy of stderr (and possibly stdout in the future),
// which is then used as pointer to /dev/stderr or /proc/self/fd/2 // which is then used as pointer to /dev/stderr or /proc/self/fd/2

View File

@ -33,6 +33,7 @@
#include "shrpx_memcached_result.h" #include "shrpx_memcached_result.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_ssl.h" #include "shrpx_ssl.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
namespace shrpx { namespace shrpx {

View File

@ -27,6 +27,7 @@
#include "shrpx_memcached_request.h" #include "shrpx_memcached_request.h"
#include "shrpx_memcached_connection.h" #include "shrpx_memcached_connection.h"
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -37,6 +37,8 @@
#include "memchunk.h" #include "memchunk.h"
#include "network.h" #include "network.h"
using namespace nghttp2;
namespace shrpx { namespace shrpx {
struct MemcachedRequest; struct MemcachedRequest;

View File

@ -31,6 +31,7 @@
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_mruby_module.h" #include "shrpx_mruby_module.h"
#include "shrpx_downstream_connection.h" #include "shrpx_downstream_connection.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -38,6 +38,8 @@ using namespace nghttp2;
namespace shrpx { namespace shrpx {
class Downstream;
namespace mruby { namespace mruby {
class MRubyContext { class MRubyContext {

View File

@ -33,6 +33,7 @@
#include "shrpx_client_handler.h" #include "shrpx_client_handler.h"
#include "shrpx_mruby.h" #include "shrpx_mruby.h"
#include "shrpx_mruby_module.h" #include "shrpx_mruby_module.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -29,8 +29,6 @@
#include <mruby.h> #include <mruby.h>
using namespace nghttp2;
namespace shrpx { namespace shrpx {
namespace mruby { namespace mruby {

View File

@ -34,6 +34,7 @@
#include "shrpx_client_handler.h" #include "shrpx_client_handler.h"
#include "shrpx_mruby.h" #include "shrpx_mruby.h"
#include "shrpx_mruby_module.h" #include "shrpx_mruby_module.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "http2.h" #include "http2.h"

View File

@ -29,8 +29,6 @@
#include <mruby.h> #include <mruby.h>
using namespace nghttp2;
namespace shrpx { namespace shrpx {
namespace mruby { namespace mruby {

View File

@ -34,6 +34,7 @@
#include "shrpx_client_handler.h" #include "shrpx_client_handler.h"
#include "shrpx_mruby.h" #include "shrpx_mruby.h"
#include "shrpx_mruby_module.h" #include "shrpx_mruby_module.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "http2.h" #include "http2.h"

View File

@ -29,8 +29,6 @@
#include <mruby.h> #include <mruby.h>
using namespace nghttp2;
namespace shrpx { namespace shrpx {
namespace mruby { namespace mruby {

View File

@ -27,6 +27,7 @@
#include <limits> #include <limits>
#include "shrpx_connection.h" #include "shrpx_connection.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -27,6 +27,7 @@
#include <algorithm> #include <algorithm>
#include "shrpx_config.h" #include "shrpx_config.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {

View File

@ -32,6 +32,8 @@
#include "allocator.h" #include "allocator.h"
using namespace nghttp2;
namespace shrpx { namespace shrpx {
struct RNode { struct RNode {

View File

@ -26,6 +26,7 @@
#include <cerrno> #include <cerrno>
#include "shrpx_log.h"
#include "template.h" #include "template.h"
using namespace nghttp2; using namespace nghttp2;

View File

@ -41,6 +41,7 @@
#endif // HAVE_MRUBY #endif // HAVE_MRUBY
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_http2_session.h" #include "shrpx_http2_session.h"
#include "shrpx_log.h"
#include "http2.h" #include "http2.h"
#include "util.h" #include "util.h"
#include "template.h" #include "template.h"

View File

@ -1525,8 +1525,8 @@ bool in_proto_list(const std::vector<StringRef> &protos,
return false; return false;
} }
bool upstream_tls_enabled() { bool upstream_tls_enabled(const ConnectionConfig &connconf) {
const auto &faddrs = get_config()->conn.listener.addrs; const auto &faddrs = connconf.listener.addrs;
return std::any_of(std::begin(faddrs), std::end(faddrs), return std::any_of(std::begin(faddrs), std::end(faddrs),
[](const UpstreamAddr &faddr) { return faddr.tls; }); [](const UpstreamAddr &faddr) { return faddr.tls; });
} }
@ -1560,11 +1560,13 @@ setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
neverbleed_t *nb neverbleed_t *nb
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
) { ) {
if (!upstream_tls_enabled()) { auto config = get_config();
if (!upstream_tls_enabled(config->conn)) {
return nullptr; return nullptr;
} }
auto &tlsconf = get_config()->tls; auto &tlsconf = config->tls;
auto ssl_ctx = auto ssl_ctx =
ssl::create_ssl_context(tlsconf.private_key_file.c_str(), ssl::create_ssl_context(tlsconf.private_key_file.c_str(),
@ -1644,7 +1646,8 @@ void setup_downstream_http1_alpn(SSL *ssl) {
} }
std::unique_ptr<CertLookupTree> create_cert_lookup_tree() { std::unique_ptr<CertLookupTree> create_cert_lookup_tree() {
if (!upstream_tls_enabled() || get_config()->tls.subcerts.empty()) { auto config = get_config();
if (!upstream_tls_enabled(config->conn) || config->tls.subcerts.empty()) {
return nullptr; return nullptr;
} }
return make_unique<CertLookupTree>(); return make_unique<CertLookupTree>();

View File

@ -40,6 +40,7 @@
#endif // HAVE_NEVERBLEED #endif // HAVE_NEVERBLEED
#include "network.h" #include "network.h"
#include "shrpx_config.h"
#include "shrpx_router.h" #include "shrpx_router.h"
namespace shrpx { namespace shrpx {
@ -235,7 +236,7 @@ std::unique_ptr<CertLookupTree> create_cert_lookup_tree();
SSL *create_ssl(SSL_CTX *ssl_ctx); SSL *create_ssl(SSL_CTX *ssl_ctx);
// Returns true if SSL/TLS is enabled on upstream // Returns true if SSL/TLS is enabled on upstream
bool upstream_tls_enabled(); bool upstream_tls_enabled(const ConnectionConfig &connconf);
// Performs TLS hostname match. |pattern| can contain wildcard // Performs TLS hostname match. |pattern| can contain wildcard
// character '*', which matches prefix of target hostname. There are // character '*', which matches prefix of target hostname. There are

View File

@ -27,6 +27,7 @@
#include <CUnit/CUnit.h> #include <CUnit/CUnit.h>
#include "shrpx_ssl.h" #include "shrpx_ssl.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "template.h" #include "template.h"

View File

@ -311,7 +311,7 @@ void Worker::wait() {
void Worker::run_async() { void Worker::run_async() {
#ifndef NOTHREADS #ifndef NOTHREADS
fut_ = std::async(std::launch::async, [this] { fut_ = std::async(std::launch::async, [this] {
(void)reopen_log_files(); (void)reopen_log_files(get_config()->logging);
ev_run(loop_); ev_run(loop_);
delete_log_config(); delete_log_config();
}); });
@ -349,7 +349,9 @@ void Worker::process_events() {
ev_timer_start(loop_, &proc_wev_timer_); ev_timer_start(loop_, &proc_wev_timer_);
auto worker_connections = get_config()->conn.upstream.worker_connections; auto config = get_config();
auto worker_connections = config->conn.upstream.worker_connections;
switch (wev.type) { switch (wev.type) {
case NEW_CONNECTION: { case NEW_CONNECTION: {
@ -390,7 +392,7 @@ void Worker::process_events() {
WLOG(NOTICE, this) << "Reopening log files: worker process (thread " << this WLOG(NOTICE, this) << "Reopening log files: worker process (thread " << this
<< ")"; << ")";
reopen_log_files(); reopen_log_files(config->logging);
break; break;
case GRACEFUL_SHUTDOWN: case GRACEFUL_SHUTDOWN:

View File

@ -52,6 +52,7 @@
#include "shrpx_memcached_request.h" #include "shrpx_memcached_request.h"
#include "shrpx_process.h" #include "shrpx_process.h"
#include "shrpx_ssl.h" #include "shrpx_ssl.h"
#include "shrpx_log.h"
#include "util.h" #include "util.h"
#include "app_helper.h" #include "app_helper.h"
#include "template.h" #include "template.h"
@ -137,8 +138,11 @@ namespace {
void reopen_log(ConnectionHandler *conn_handler) { void reopen_log(ConnectionHandler *conn_handler) {
LOG(NOTICE) << "Reopening log files: worker process (thread main)"; LOG(NOTICE) << "Reopening log files: worker process (thread main)";
(void)reopen_log_files(); auto config = get_config();
redirect_stderr_to_errorlog(); auto &loggingconf = config->logging;
(void)reopen_log_files(loggingconf);
redirect_stderr_to_errorlog(loggingconf);
if (get_config()->num_worker > 1) { if (get_config()->num_worker > 1) {
conn_handler->worker_reopen_log_files(); conn_handler->worker_reopen_log_files();
@ -399,7 +403,9 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
std::array<char, STRERROR_BUFSIZE> errbuf; std::array<char, STRERROR_BUFSIZE> errbuf;
(void)errbuf; (void)errbuf;
if (reopen_log_files() != 0) { auto config = get_config();
if (reopen_log_files(config->logging) != 0) {
LOG(FATAL) << "Failed to open log file"; LOG(FATAL) << "Failed to open log file";
return -1; return -1;
} }
@ -416,8 +422,6 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
ConnectionHandler conn_handler(loop, gen); ConnectionHandler conn_handler(loop, gen);
auto config = get_config();
for (auto &addr : config->conn.listener.addrs) { for (auto &addr : config->conn.listener.addrs) {
conn_handler.add_acceptor(make_unique<AcceptHandler>(&addr, &conn_handler)); conn_handler.add_acceptor(make_unique<AcceptHandler>(&addr, &conn_handler));
} }
@ -450,7 +454,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
MemchunkPool mcpool; MemchunkPool mcpool;
ev_timer renew_ticket_key_timer; ev_timer renew_ticket_key_timer;
if (ssl::upstream_tls_enabled()) { if (ssl::upstream_tls_enabled(config->conn)) {
auto &ticketconf = config->tls.ticket; auto &ticketconf = config->tls.ticket;
auto &memcachedconf = ticketconf.memcached; auto &memcachedconf = ticketconf.memcached;
@ -549,7 +553,7 @@ int worker_process_event_loop(WorkerProcessConfig *wpconf) {
ipcev.data = &conn_handler; ipcev.data = &conn_handler;
ev_io_start(loop, &ipcev); ev_io_start(loop, &ipcev);
if (ssl::upstream_tls_enabled() && !config->tls.ocsp.disabled) { if (ssl::upstream_tls_enabled(config->conn) && !config->tls.ocsp.disabled) {
conn_handler.proceed_next_cert_ocsp(); conn_handler.proceed_next_cert_ocsp();
} }

View File

@ -27,8 +27,6 @@
#include "shrpx.h" #include "shrpx.h"
using namespace nghttp2;
namespace shrpx { namespace shrpx {
class ConnectionHandler; class ConnectionHandler;

View File

@ -34,6 +34,7 @@
#include "shrpx_worker.h" #include "shrpx_worker.h"
#include "shrpx_connect_blocker.h" #include "shrpx_connect_blocker.h"
#include "shrpx_log.h"
namespace shrpx { namespace shrpx {