Commit Graph

6161 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 24fb640a55 nghttpx: Fix stream wtimer handling 2017-02-20 22:08:39 +09:00
Tatsuhiro Tsujikawa e6a05cb66d Update bash_completion 2017-02-20 00:17:00 +09:00
Tatsuhiro Tsujikawa 12f9b09845 Update man pages 2017-02-20 00:16:44 +09:00
Tatsuhiro Tsujikawa 102b98813f Merge branch 'nghttpx-configrevision-api' 2017-02-20 00:15:33 +09:00
Tatsuhiro Tsujikawa 1f55e5d34d nghttpx: Document configrevision API 2017-02-19 23:40:06 +09:00
Tatsuhiro Tsujikawa 5618e1bbc9 integration: Add configrevision API tests 2017-02-19 23:40:06 +09:00
Tatsuhiro Tsujikawa 450ffaa6f0 nghttpx: Add configrevision API endpoint
This commit adds configuration revision, which is considered opaque
string, and changes after reloading configuration with SIGHUP.  This
revision is returned as a response to configrevision API endpoint.
This allows external application to know whether nghttpx has finished
reloading new configuration or not.  Note that this revision does not
change on backendconfig API calls.
2017-02-19 23:40:06 +09:00
Tatsuhiro Tsujikawa dc15832030 nghttpx: Refactor API downstream connection to allow more endpoints 2017-02-19 22:49:53 +09:00
Tatsuhiro Tsujikawa 0797e89a90 Merge pull request #819 from nghttp2/nghttpx-https-redirect
nghttpx: Redirect to HTTPS URI with redirect-if-no-tls parameter in backend option
2017-02-19 21:02:32 +09:00
Tatsuhiro Tsujikawa 9f1543f81e integration: Add https redirect tests 2017-02-18 22:32:45 +09:00
Tatsuhiro Tsujikawa a7c780a732 nghttpx: Redirect to HTTPS URI with redirect-if-not-tls param
This commit removes frontend-tls parameter, and adds
redirect-if-not-tls parameter parameter to --backend option.  nghttpx
now responds to the request with 308 status code to redirect the
request to https URI if frontend connection is not TLS encrypted, and
redirect-if-no-tls parameter is used in --backend option.  The port
number in Location header field is 443 by default (thus omitted), but
it can be configurable using --redirect-https-port option.
2017-02-18 22:32:27 +09:00
Tatsuhiro Tsujikawa 1bd6893084 integration: Fix deprecation warnings 2017-02-18 22:29:59 +09:00
Tatsuhiro Tsujikawa ae21130b13 integration: Redirect nghttpx stdout/stderr to test driver's stdout/stderr 2017-02-18 22:29:25 +09:00
Tatsuhiro Tsujikawa e06ed85747 nghttpx: Fix travis gcc compile error 2017-02-17 00:42:25 +09:00
Tatsuhiro Tsujikawa 83fd72c97e nghttpx: Use std::chrono::duration_cast 2017-02-17 00:33:26 +09:00
Tatsuhiro Tsujikawa ace40f298d nghttpx: Update log time stamp in millisecond interval 2017-02-17 00:18:07 +09:00
Tatsuhiro Tsujikawa 1133cc0bbc nghttpx: Don't call get_config() repeatedly 2017-02-16 23:41:23 +09:00
Tatsuhiro Tsujikawa 6960039aee nghttpx: C++ style cast 2017-02-16 23:02:19 +09:00
Tatsuhiro Tsujikawa bf5eeb831b nghttpx: Better error message when private key and certificate are missing 2017-02-16 23:00:25 +09:00
Tatsuhiro Tsujikawa e5b84fad09 nghttpx: Fix bug that old config is used during reloading config 2017-02-16 22:46:22 +09:00
Tatsuhiro Tsujikawa cfb39171a7 nghttpx: Remove redundant StringRef ctor invocation 2017-02-16 22:45:55 +09:00
Tatsuhiro Tsujikawa 2f6e1ac336 Merge pull request #816 from nghttp2/tls13
Add TLSv1.3 support
2017-02-15 23:23:25 +09:00
Tatsuhiro Tsujikawa 9e8d9d658a src: Enable TLSv1.3 if OpenSSL supports it
If OpenSSL supports TLSv1.3, enable it by default for all applications
under src.  BoringSSL can work at the moment although it does not
unlock all the features nghttpx offers.  OpenSSL's TLSv1.3 support is
still WIP at the time of writing.
2017-02-15 22:34:53 +09:00
Tatsuhiro Tsujikawa 6ecfac6954 nghttpx: Parse default TLS min and max versions from string 2017-02-15 21:28:40 +09:00
Tatsuhiro Tsujikawa 368775c2ed Merge pull request #814 from alagoutte/pvs
nghttp2_session: fix The 'then' statement is equivalent to the subseq…
2017-02-15 21:15:43 +09:00
Tatsuhiro Tsujikawa 1e9a094edd Merge pull request #811 from nghttp2/nghttp2_option_no_closed_streams
Add nghttp2_option_no_closed_streams
2017-02-15 21:11:17 +09:00
Alexis La Goutte ceb4dcf3b2 nghttp2_session: fix The 'then' statement is equivalent to the subsequent code fragment found by PVS Studio (V523) 2017-02-14 17:40:51 +01:00
Tatsuhiro Tsujikawa d2ef80fe3a Update bash_completion 2017-02-14 22:36:11 +09:00
Tatsuhiro Tsujikawa 79ae5aed67 Update man pages 2017-02-14 22:35:54 +09:00
Tatsuhiro Tsujikawa 56e86cd944 src: h2 requires >= TLSv1.2 2017-02-14 22:21:35 +09:00
Tatsuhiro Tsujikawa 19a311ad62 Merge branch 'nghttpx-tls-min-max-proto-version' 2017-02-14 22:17:13 +09:00
Tatsuhiro Tsujikawa b36e53cccd nghttpx: Specify TLS protocol by version range
This commit deprecates --tls-proto-list option, and adds 2 new
options: --tls-min-proto-version and --tls-max-proto-version to
specify minimum and maximum protocol version respectively.  Versions
between the two are enabled.  The deprecated --tls-proto-list has
empty default value, and acts like enabling only specific protocol
versions in the range for now.
2017-02-14 00:01:09 +09:00
Tatsuhiro Tsujikawa f3a5a0a0ec Add nghttp2_option_no_closed_streams
nghttp2_option_no_closed_streams controls whether closed streams are
retained or not.  If nonzero is passed to that function's parameter
val, a session does not retain closed streams.  It may hurt the shape
of priority tree, but can save memory.
2017-02-13 22:33:29 +09:00
Tatsuhiro Tsujikawa 001d45efad Merge branch 'nghttpx-graceful-sigusr2' 2017-02-12 23:52:03 +09:00
Tatsuhiro Tsujikawa 56c455bca4 nghttpx: Send SIGQUIT to the original master process
Previously, after sending SIGUSR2 to the original master process, and
the new master process gets ready, user has to send SIGQUIT to the
original master process to shut it down gracefully.  With this commit,
the new master process sends SIGQUIT to the original master process
when it is ready to serve requests, eliminating for user to send
SIGQUIT manually.

This works nicely with systemd, because now you can replace nghttpx
binary with new one by "systemctl kill -s USR2 --kill-who=main
nghttpx".
2017-02-12 23:29:44 +09:00
Tatsuhiro Tsujikawa 4bf3cb2cc0 Revert "nghttpx: Don't capitalize h1 header fields"
This reverts commit f994664934.
2017-02-12 23:27:38 +09:00
Tatsuhiro Tsujikawa c78528d54b nghttpx: Restrict HTTP major and minor in 0 or 1 2017-02-11 18:42:29 +09:00
Tatsuhiro Tsujikawa f994664934 nghttpx: Don't capitalize h1 header fields 2017-02-11 18:41:52 +09:00
Tatsuhiro Tsujikawa 44e290da66 clang-format 2017-02-11 13:08:08 +09:00
Tatsuhiro Tsujikawa 8aed101585 Merge pull request #805 from pakdel/graceful_stop
graceful stop of nghttp2::asio_http2::server::http2
2017-02-11 13:07:10 +09:00
Tatsuhiro Tsujikawa 54ba1bebf2 Update doc 2017-02-10 22:40:57 +09:00
Tatsuhiro Tsujikawa e44c58282e Drop privilege of neverbleed daemon first 2017-02-10 17:43:19 +09:00
Tatsuhiro Tsujikawa c02b1041d9 nghttpx: Use nullptr instead of NULL 2017-02-10 17:14:47 +09:00
Tatsuhiro Tsujikawa 0d20e07436 Show SYSTEMD_CFLAGS in summary 2017-02-10 17:13:34 +09:00
Tatsuhiro Tsujikawa b7f956c967 Add --with-systemd option to configure 2017-02-10 17:13:16 +09:00
Tatsuhiro Tsujikawa 786f52a81c Document about systemd support in README 2017-02-10 17:02:52 +09:00
Tatsuhiro Tsujikawa 23209baaf5 clang-format 2017-02-10 17:02:46 +09:00
Tatsuhiro Tsujikawa 9d2503f9c0 Merge pull request #802 from zdzichu/master
nghttpx: add systemd support
2017-02-10 16:17:01 +09:00
Amir Pakdel 1c31213aef More graceful stop of nghttp2::asio_http2::server::http2
Explicit io_service::stop() will prevent running streams from
finishing their task. That means if there are already reposnes
that we have called end(std::string) on them and they have not
finished sending back their data, they will be closed with a
NGHTTP2_INTERNAL_ERROR
Instead, we can stop accepting connections and destroy all
io_service::work objects to signals end of work.
2017-02-09 23:34:19 -05:00
Tomasz Torcz fdb75ba5fe nghttpx: add systemd support
Add systemd's Type=notify support by sending information about
 master process PID around forks.
  Add some hardening option to service unit.
2017-02-09 18:58:00 +01:00