To achieve host-path backend routing, we changed behaviour of
--backend-http2-connections-per-worker. It now sets the number of
HTTP/2 physical connections per pattern group if pattern is used in -b
option.
Fixes GH-292
There are many requests which changes its meaning when we rewrite
path. This is due to bad percent-encoding in URI; reserved characters
are just used without percent encoding. It seems this is common in ad
services, but I suspect more to come. For reverse proxying situation,
sane service most likely encodes URI properly, so probably this is not
an issue.
If pattern ends with '/', and pattern and path matches without that
slash, we consider they match to deal with request to the directory
without trailing slash. That is if pattern is "/foo/" and path is
"/foo", we consider they match.
-b option syntax is now <HOST>,<PORT>[;<PATTERN>[:...]]. The optional
<PATTERN>s specify the request host and path it is used for. The
<PATTERN> can contain path, host + path or host. The matching rule is
closely designed to ServeMux in Go programming language.
This commit add following 3 log variables to SSL/TLS connection:
$ssl_cipher, $ssl_protocol, $ssl_session_id. If no information is
available for them, '-' is produced for each.
It seems that HAR 1.2 does not have a proper representaion for pushed objects. I could´t just add a custom parameter so I think a comment at response will not hurt anybody.
This commit adds special handling of IPv6 literal with zone ID as per
RFC 6874. Still IPv6 link local address does not work, since URI
parser from http-parser does not allow this syntax.
This commit makes sure that WebSocket upgrade works for HTTP/1.1
frontend and backend pair. Actually, this implementation probably
supports other upgrade as well, other than HTTP/2 Upgrade, which is
handled specially in other place.
From autoconf manual, section 5.6.1 Portability of Headers, says:
"""
The C99 standard says that inttypes.h includes stdint.h, so there's no
need to include stdint.h separately in a standard environment. Some
implementations have inttypes.h but not stdint.h (e.g., Solaris 7),
but we don't know of any implementation that has stdint.h but not
inttypes.h.
"""
Previously h2load used default flow control window as described in
HTTP/2 and SPDY specification. The window size is 64KiB, which is a
bit small, and cannot utilize full server performance when response
size is not too small. Basically, we do this kind of benchmarking
test to measure server's throughput, and optimal performance. Smaller
window certainly degrades performance even in local testing because
server is so fast that it has to wait for WINDOW_UPDATE from h2load.
To make default behaviour suitable for peak performance test, we
decided to disable flow control in h2load by setting large enough
window size.
Most users used h2load without -w or -W options, so they were
implicitly throttled by flow control and the result was affected by
that negatively. Now flow control is disabled by default, the result
may improve depending on the implementations.
Implement fd caching for static files. The response body for such as
404 was dynamically generated previously, but now it is written in
temporally file and its fd is cached. Currently, cache is reference
counted and expired when count becomes 0. This makes caching is not
effective other than "busy" period, but we don't need this feature if
we are not busy.
In this commit, we made --dep-idle behaviour by default. This is
because the previous default behaviour is not reflect current usage of
dependency priority and never will be because of fragility of tree due
to stream closure.
nghttp2 library now use Literal Header Field never Indexed for
"authorization" header field and small "cookie" header field,
regardless of nghttp2_nv.flags.
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
Previously we send RST_STREAM when we send DATA with END_STREAM flag
set. With this commit, we also do this when we send HEADERS with
END_STREAM flag set.
This is same issue described in https://github.com/h2o/h2o/issues/268.
That is if SSL object has decrypted data buffered inside it, and
application does not read it for some reason (e.g., rate limit), we
have to check the existence of data using SSL_pending. This is
because buffered data inside SSL is not notified by io watcher. It is
obvious, but we totally missed it.
nghttpx code normally reads everything until SSL_read returns error
(want-read). But if rate limit is involved, we stop reading early.
Also in HTTP/1 code, while processing one request, we just read until
buffer is filled up. In these cases, we may suffer from this problem.
This commit fixes this problem, by performing SSL_pending() and if it
has buffered data and read io watcher is enabled, we feed event using
ev_feed_event().
Previously nghttp2_session_send() and nghttp2_session_mem_send() did
not send 24 bytes client magic byte string (MAGIC). We made
nghttp2_session_recv() and nghttp2_session_mem_recv() process MAGIC by
default, so it is natural to make library send MAGIC as well. This
commit makes nghttp2_session_send() and nghttp2_session_mem_send()
send MAGIC. This commit also replace "connection preface" with
"client magic", since we call MAGIC as "connection preface" but it is
just a part of connection preface. NGHTTP2_CLIENT_CONNECTION_PREFACE
macro was replaced with NGHTTP2_CLIENT_MAGIC. The already deprecated
NGHTTP2_CLIENT_CONNECTION_HEADER macro was removed permanently.
nghttp2_option_set_no_recv_client_preface() was renamed as
nghttp2_option_set_no_recv_client_magic(). NGHTTP2_ERR_BAD_PREFACE
was renamed as NGHTTP2_ERR_BAD_CLIENT_MAGIC.
Since HTTP/2 spec requires for client to send connection preface, it
is reasonable to make this option enabled by default. It is still a
use case to disable this, so replace this option with
nghttp2_option_set_no_recv_client_preface().
HTTP/2 and HPACK are going to be published as RFC, but ALTSVC is still
in draft state. To make our API stable, it would be better to remove
ALTSVC API for 1.0.0 release.
To avoid buffer copy in nghttp2_data_source_read_callback, this commit
introduces NGHTTP2_DATA_FLAG_NO_COPY and nghttp2_send_data_callback.
By using NGHTTP2_DATA_FLAG_NO_COPY in
nghttp2_data_source_read_callback, application can avoid to copy
application data to given buffer. Instead, application has to
implement nghttp2_send_data_callback to send complete DATA frame by
itself. We see noticeable performance increase in nghttpd and
tiny-nghttpd using this new feature. On the other hand, nghttpx does
not show such difference, probably because buffer copy is not
bottleneck. Using nghttp2_send_data_callback adds complexity, so it
is recommended to measure the performance to see whether this extra
complexity worth it.
It turns out that the cause of complication in backend request line
construction is a absolute-form in HTTP/1 request. In HTTP/2, we have
separated pseudo-header fields and no problem at all. In this commit,
we parse request URI in HTTP/1 frontend and extract values from it to
make backend logic simpler. This patch removes host header field
emission in HTTP/2 backend if :authority is emitted. It also rewrites
host header field with authority part in absolute-form URI as per RFC
7230.
Currently, we use same number of HTTP/2 sessions per worker with given
backend addresses. New option to specify the number of HTTP/2 session
per worker will follow.
It seems that we don't care about this since we don't change buffer
pointer between would-block write/read and next write/read. Somehow
we decided we need these fields. As a precaution, we set
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER in SSL_set_mode() for both server
and client contexts.
It turns out that writing successfully to network is not enough.
After apparently successful network write, read fails and then we
first know network has been lost (at least my android mobile network).
In this change, we say connection check is successful only when
successful read. We already send PING in this case, so we just wait
PING ACK with short timeout. If timeout has expired, drop connection.
Since waiting for PING ACK could degrade performance for fast reliably
connected network, we decided to disable connection check by default.
Use --backend-http2-connection-check to enable it.