Tatsuhiro Tsujikawa
aced5b3b6c
nghttpx: Fix memory leak from CertLookupTree
2016-06-25 23:47:22 +09:00
Tatsuhiro Tsujikawa
f7c0d48152
nghttpx: Rewrite CertLookupTree using Router
2016-06-25 22:52:01 +09:00
Tatsuhiro Tsujikawa
fa8bccbae2
nghttpx: Move api enabled to APIConfig
2016-06-17 00:09:15 +09:00
Tatsuhiro Tsujikawa
af9662f971
nghttpx: Make API processing one of alternative mode
2016-06-16 23:30:35 +09:00
Tatsuhiro Tsujikawa
6f025619de
nghttpx: Use dedicated worker for API processing
...
Some API processing is very slow (e.g., getaddrinfo). To avoid to
slow down regular request handling, if multi threaded configuration is
enabled, we allocate dedicated worker for API.
2016-06-16 21:22:36 +09:00
Tatsuhiro Tsujikawa
2867f03861
nghttpx: Close TODO comments
2016-06-05 23:02:50 +09:00
Tatsuhiro Tsujikawa
0ca7c4cb38
nghttpx: Send notice to replace downstream via ConnectionHandler
2016-06-04 01:02:57 +09:00
Tatsuhiro Tsujikawa
d39335829d
nghttpx: Enable kqueue by default
...
We enabled libev kqueue backend in nghttpx by default. Since it might
not work on some platforms, we also added --no-kqueue option to
disable it.
2016-05-06 23:10:09 +09:00
Tatsuhiro Tsujikawa
752b5b3d44
nghttpx: Just call execv instead of execve
2016-05-05 23:08:42 +09:00
Tatsuhiro Tsujikawa
70e8dc3761
ngttpx: Pass environ to execve
2016-05-02 23:39:14 +09:00
Tatsuhiro Tsujikawa
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa
52f6417813
nghttpx: Use ImmutableString for tls.cacert
2016-02-14 22:17:00 +09:00
Tatsuhiro Tsujikawa
660bc389e6
nghttpx: Use ImmutableString for fetch_ocsp_response_file
2016-02-14 21:01:54 +09:00
Tatsuhiro Tsujikawa
3a41e4dd1a
nghttpx: Add encryption support for TLS ticket key retrieval
2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa
3297a303bf
nghttpx: Add client auth options for session cache memcached TLS connection
2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa
f1580f95d4
nghttpx: Add TLS support for session cache memcached connection
2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa
82f942c3a3
nghttpx: Parameterize configuration values for client side TLS context
2016-02-11 18:34:31 +09:00
Tatsuhiro Tsujikawa
6d49110a33
Rename FrontendAddr as UpstreamAddr
2016-02-07 17:51:53 +09:00
Tatsuhiro Tsujikawa
aa07fe7fa6
nghttpx: Support multiple frontend addresses
...
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
Tatsuhiro Tsujikawa
85bb37ab7c
Enable ConstructorInitializerAllOnOneLineOrOnePerLine for better diff
2016-01-27 21:14:07 +09:00
Tatsuhiro Tsujikawa
2f9946327a
nghttpx: Fix bug that --listener-disable-timeout option is not used
2016-01-19 17:03:01 +09:00
Tatsuhiro Tsujikawa
0402481be4
nghttpx: Organize connection related configuration into struct
2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa
f3e1dc7a4f
nghttpx: Structured TLS related configurations
2016-01-18 14:21:09 +09:00
Tatsuhiro Tsujikawa
1550d709e0
nghttpx: Use std::mt19937 instead of std::random_device directly
2016-01-15 18:48:14 +09:00
Tatsuhiro Tsujikawa
c6ef1c02b9
Switch to clang-format-3.6
2015-11-13 00:53:29 +09:00
Tatsuhiro Tsujikawa
f0d2c9f94b
Compile with BoringSSL
...
Compile with BoringSSL except for neverbleed and libnghttp2_asio. The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL. The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa
49ef571ecf
nghttpx: Stop watchers in ConnectionHandler dtor
2015-09-29 00:45:31 +09:00
Tatsuhiro Tsujikawa
75ff04f87a
nghttpx: Don't stop default loop of worker process on graceful shutdown
...
To keep ipc channel being read from worker process, default loop
should not be stopped. To join all worker threads, now we use
dedicated thread to do this. When all worker threads are joined,
ev_async_send sends message to default loop, and it is finally
stopped.
2015-09-29 00:40:33 +09:00
Tatsuhiro Tsujikawa
566b0476d7
nghttpx: Enable neverbleed for client private key; don't run nb without TLS
2015-09-26 21:28:46 +09:00
Tatsuhiro Tsujikawa
044385ab6e
Add neverbleed support
...
neverbleed is disabled by default. To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa
c44587a70c
nghttpx: Use _Exit when exiting from child process
2015-09-24 23:57:24 +09:00
Tatsuhiro Tsujikawa
389a96483a
nghttpx: Fix improper signal handling
2015-09-24 23:43:24 +09:00
Tatsuhiro Tsujikawa
da9e535c7a
nghttpx: Log worker thread creating in NOTICE level
2015-09-18 23:35:25 +09:00
Tatsuhiro Tsujikawa
4ad00200a2
Merge branch 'master' into nghttpx-mruby
2015-09-04 22:22:06 +09:00
Tatsuhiro Tsujikawa
6b38f7e0d2
nghttpx: Fix crash with multi workers and QUIT signal
2015-09-04 22:21:10 +09:00
Tatsuhiro Tsujikawa
d044c58558
nghttpx: Detect mruby presence and guard mruby related code with ifdef
2015-09-04 00:54:41 +09:00
Tatsuhiro Tsujikawa
1508c50a45
nghttpx: Add basic infrastructure for mruby support
2015-09-02 02:45:15 +09:00
Tatsuhiro Tsujikawa
f1b163a32c
nghttpx: Log notice level when TLS ticket key was retrieved from memcached
2015-07-28 02:19:14 +09:00
Tatsuhiro Tsujikawa
2f2a300e83
nghttpx: Add TLS ticket key sharing among nghttpx instances using memcached
2015-07-28 00:54:44 +09:00
Tatsuhiro Tsujikawa
04bd25d468
nghttpx: Simplify ticket handling between workers just using mutex
2015-07-23 23:13:29 +09:00
Tatsuhiro Tsujikawa
5dc060c1a2
src: Use C++11 value-initialization, instead of memset-ing 0
2015-07-19 17:55:37 +09:00
Tatsuhiro Tsujikawa
285c74c394
nghttpx: Fix crash with --http2-bridge and both frontend and backend TLS
2015-06-24 21:31:17 +09:00
Tatsuhiro Tsujikawa
39f89f4a60
src: Use user-defined literals for k, m, and g.
2015-06-21 14:32:47 +09:00
Tatsuhiro Tsujikawa
532bffdb01
nghttpx: Minimize critical section for shared ocsp response
2015-06-12 21:27:12 +09:00
Tatsuhiro Tsujikawa
d4d7597efb
nghttpx: Delete SSL_CTX on quit
2015-06-10 21:31:58 +09:00
Tatsuhiro Tsujikawa
38cfc5c47c
Check more headers and funcs
2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa
889e705f35
nghttpx: Add logging for somewhat important events (logs, tickets, and ocsp)
2015-04-11 00:08:28 +09:00
Tatsuhiro Tsujikawa
b873930802
nghttpx: Now ocsp works without threads
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa
bc53c81616
nghttpx: Replace posix_spawn functions with fork + dup2 + execve
...
Although posx_spawn is very convenient and useful, we have platform
which don't have these functions (e.g., Android NDK r10d).
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa
d247470da2
nghttpx: Rewrite ocsp without thread
...
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa
1442b1bd0a
nghttpx: Remove --tls-ctx-per-worker option
...
--tls-ctx-per-worker option does not work well of OCSP stapling. Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
Tatsuhiro Tsujikawa
4bc9afe20a
nghttpx: Add OCSP stapling feature
2015-03-30 23:58:28 +09:00
Tatsuhiro Tsujikawa
1c0d617742
nghttpx: Rename WorkerConfig as LogConfig
...
This is a sign that we only use thread-local storage for logging only.
2015-02-26 00:02:29 +09:00
Tatsuhiro Tsujikawa
b161dfe573
nghttpx: Move graceful_shutdown flag from WorkerConfig to Worker
...
A part of an effort to eliminate thread_local WorkerConfig
2015-02-25 22:53:53 +09:00
Tatsuhiro Tsujikawa
df32a534fc
nghttpx: Rename ConnectionHandler::acceptor4_ as acceptor_
...
This change is motivated by that fact that we use it for UNIX domain
socket as well as IPv4.
2015-02-22 17:59:50 +09:00
Tatsuhiro Tsujikawa
ae0100a9ab
nghttpx: Refactor worker interface
2015-02-11 22:49:03 +09:00
Tatsuhiro Tsujikawa
54851ef7a6
src: Move make_unique to nghttp2 namespace
2015-02-06 00:15:43 +09:00
Tatsuhiro Tsujikawa
1e4f8f27fd
nghttpx: Add --tls-ctx-per-worker option
...
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it. We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine. Good side of sharing SSL_CTX across threads is
we can share session ID pool.
If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks. The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread. But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
Tatsuhiro Tsujikawa
53604782e5
nghttpx: Clean up worker_event handling
2015-01-08 22:24:29 +09:00
Tatsuhiro Tsujikawa
0173929538
nghttpx: Rename ListenHandler as ConnectionHandler
2015-01-08 21:48:39 +09:00