Commit Graph

110 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa aced5b3b6c nghttpx: Fix memory leak from CertLookupTree 2016-06-25 23:47:22 +09:00
Tatsuhiro Tsujikawa f7c0d48152 nghttpx: Rewrite CertLookupTree using Router 2016-06-25 22:52:01 +09:00
Tatsuhiro Tsujikawa fa8bccbae2 nghttpx: Move api enabled to APIConfig 2016-06-17 00:09:15 +09:00
Tatsuhiro Tsujikawa af9662f971 nghttpx: Make API processing one of alternative mode 2016-06-16 23:30:35 +09:00
Tatsuhiro Tsujikawa 6f025619de nghttpx: Use dedicated worker for API processing
Some API processing is very slow (e.g., getaddrinfo).  To avoid to
slow down regular request handling, if multi threaded configuration is
enabled, we allocate dedicated worker for API.
2016-06-16 21:22:36 +09:00
Tatsuhiro Tsujikawa 2867f03861 nghttpx: Close TODO comments 2016-06-05 23:02:50 +09:00
Tatsuhiro Tsujikawa 0ca7c4cb38 nghttpx: Send notice to replace downstream via ConnectionHandler 2016-06-04 01:02:57 +09:00
Tatsuhiro Tsujikawa d39335829d nghttpx: Enable kqueue by default
We enabled libev kqueue backend in nghttpx by default.  Since it might
not work on some platforms, we also added --no-kqueue option to
disable it.
2016-05-06 23:10:09 +09:00
Tatsuhiro Tsujikawa 752b5b3d44 nghttpx: Just call execv instead of execve 2016-05-05 23:08:42 +09:00
Tatsuhiro Tsujikawa 70e8dc3761 ngttpx: Pass environ to execve 2016-05-02 23:39:14 +09:00
Tatsuhiro Tsujikawa 1832f78684 nghttpx: Move downstream proto to DownstreamAddrGroup 2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa 52f6417813 nghttpx: Use ImmutableString for tls.cacert 2016-02-14 22:17:00 +09:00
Tatsuhiro Tsujikawa 660bc389e6 nghttpx: Use ImmutableString for fetch_ocsp_response_file 2016-02-14 21:01:54 +09:00
Tatsuhiro Tsujikawa 3a41e4dd1a nghttpx: Add encryption support for TLS ticket key retrieval 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa 3297a303bf nghttpx: Add client auth options for session cache memcached TLS connection 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa f1580f95d4 nghttpx: Add TLS support for session cache memcached connection 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa 82f942c3a3 nghttpx: Parameterize configuration values for client side TLS context 2016-02-11 18:34:31 +09:00
Tatsuhiro Tsujikawa 6d49110a33 Rename FrontendAddr as UpstreamAddr 2016-02-07 17:51:53 +09:00
Tatsuhiro Tsujikawa aa07fe7fa6 nghttpx: Support multiple frontend addresses
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
Tatsuhiro Tsujikawa 85bb37ab7c Enable ConstructorInitializerAllOnOneLineOrOnePerLine for better diff 2016-01-27 21:14:07 +09:00
Tatsuhiro Tsujikawa 2f9946327a nghttpx: Fix bug that --listener-disable-timeout option is not used 2016-01-19 17:03:01 +09:00
Tatsuhiro Tsujikawa 0402481be4 nghttpx: Organize connection related configuration into struct 2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa f3e1dc7a4f nghttpx: Structured TLS related configurations 2016-01-18 14:21:09 +09:00
Tatsuhiro Tsujikawa 1550d709e0 nghttpx: Use std::mt19937 instead of std::random_device directly 2016-01-15 18:48:14 +09:00
Tatsuhiro Tsujikawa c6ef1c02b9 Switch to clang-format-3.6 2015-11-13 00:53:29 +09:00
Tatsuhiro Tsujikawa f0d2c9f94b Compile with BoringSSL
Compile with BoringSSL except for neverbleed and libnghttp2_asio.  The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL.  The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa 49ef571ecf nghttpx: Stop watchers in ConnectionHandler dtor 2015-09-29 00:45:31 +09:00
Tatsuhiro Tsujikawa 75ff04f87a nghttpx: Don't stop default loop of worker process on graceful shutdown
To keep ipc channel being read from worker process, default loop
should not be stopped.  To join all worker threads, now we use
dedicated thread to do this.  When all worker threads are joined,
ev_async_send sends message to default loop, and it is finally
stopped.
2015-09-29 00:40:33 +09:00
Tatsuhiro Tsujikawa 566b0476d7 nghttpx: Enable neverbleed for client private key; don't run nb without TLS 2015-09-26 21:28:46 +09:00
Tatsuhiro Tsujikawa 044385ab6e Add neverbleed support
neverbleed is disabled by default.  To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa c44587a70c nghttpx: Use _Exit when exiting from child process 2015-09-24 23:57:24 +09:00
Tatsuhiro Tsujikawa 389a96483a nghttpx: Fix improper signal handling 2015-09-24 23:43:24 +09:00
Tatsuhiro Tsujikawa da9e535c7a nghttpx: Log worker thread creating in NOTICE level 2015-09-18 23:35:25 +09:00
Tatsuhiro Tsujikawa 4ad00200a2 Merge branch 'master' into nghttpx-mruby 2015-09-04 22:22:06 +09:00
Tatsuhiro Tsujikawa 6b38f7e0d2 nghttpx: Fix crash with multi workers and QUIT signal 2015-09-04 22:21:10 +09:00
Tatsuhiro Tsujikawa d044c58558 nghttpx: Detect mruby presence and guard mruby related code with ifdef 2015-09-04 00:54:41 +09:00
Tatsuhiro Tsujikawa 1508c50a45 nghttpx: Add basic infrastructure for mruby support 2015-09-02 02:45:15 +09:00
Tatsuhiro Tsujikawa f1b163a32c nghttpx: Log notice level when TLS ticket key was retrieved from memcached 2015-07-28 02:19:14 +09:00
Tatsuhiro Tsujikawa 2f2a300e83 nghttpx: Add TLS ticket key sharing among nghttpx instances using memcached 2015-07-28 00:54:44 +09:00
Tatsuhiro Tsujikawa 04bd25d468 nghttpx: Simplify ticket handling between workers just using mutex 2015-07-23 23:13:29 +09:00
Tatsuhiro Tsujikawa 5dc060c1a2 src: Use C++11 value-initialization, instead of memset-ing 0 2015-07-19 17:55:37 +09:00
Tatsuhiro Tsujikawa 285c74c394 nghttpx: Fix crash with --http2-bridge and both frontend and backend TLS 2015-06-24 21:31:17 +09:00
Tatsuhiro Tsujikawa 39f89f4a60 src: Use user-defined literals for k, m, and g. 2015-06-21 14:32:47 +09:00
Tatsuhiro Tsujikawa 532bffdb01 nghttpx: Minimize critical section for shared ocsp response 2015-06-12 21:27:12 +09:00
Tatsuhiro Tsujikawa d4d7597efb nghttpx: Delete SSL_CTX on quit 2015-06-10 21:31:58 +09:00
Tatsuhiro Tsujikawa 38cfc5c47c Check more headers and funcs 2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa 889e705f35 nghttpx: Add logging for somewhat important events (logs, tickets, and ocsp) 2015-04-11 00:08:28 +09:00
Tatsuhiro Tsujikawa b873930802 nghttpx: Now ocsp works without threads 2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa bc53c81616 nghttpx: Replace posix_spawn functions with fork + dup2 + execve
Although posx_spawn is very convenient and useful, we have platform
which don't have these functions (e.g., Android NDK r10d).
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa d247470da2 nghttpx: Rewrite ocsp without thread
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa 1442b1bd0a nghttpx: Remove --tls-ctx-per-worker option
--tls-ctx-per-worker option does not work well of OCSP stapling.  Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
Tatsuhiro Tsujikawa 4bc9afe20a nghttpx: Add OCSP stapling feature 2015-03-30 23:58:28 +09:00
Tatsuhiro Tsujikawa 1c0d617742 nghttpx: Rename WorkerConfig as LogConfig
This is a sign that we only use thread-local storage for logging only.
2015-02-26 00:02:29 +09:00
Tatsuhiro Tsujikawa b161dfe573 nghttpx: Move graceful_shutdown flag from WorkerConfig to Worker
A part of an effort to eliminate thread_local WorkerConfig
2015-02-25 22:53:53 +09:00
Tatsuhiro Tsujikawa df32a534fc nghttpx: Rename ConnectionHandler::acceptor4_ as acceptor_
This change is motivated by that fact that we use it for UNIX domain
socket as well as IPv4.
2015-02-22 17:59:50 +09:00
Tatsuhiro Tsujikawa ae0100a9ab nghttpx: Refactor worker interface 2015-02-11 22:49:03 +09:00
Tatsuhiro Tsujikawa 54851ef7a6 src: Move make_unique to nghttp2 namespace 2015-02-06 00:15:43 +09:00
Tatsuhiro Tsujikawa 1e4f8f27fd nghttpx: Add --tls-ctx-per-worker option
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it.  We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine.  Good side of sharing SSL_CTX across threads is
we can share session ID pool.

If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks.  The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread.  But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
Tatsuhiro Tsujikawa 53604782e5 nghttpx: Clean up worker_event handling 2015-01-08 22:24:29 +09:00
Tatsuhiro Tsujikawa 0173929538 nghttpx: Rename ListenHandler as ConnectionHandler 2015-01-08 21:48:39 +09:00