Commit Graph

76 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 058122b804 nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa f6301714db nghttpx: Avoid copy of std::mt19937 which is huge 2017-03-26 21:14:34 +09:00
Tatsuhiro Tsujikawa 1e1d908c12 nghttpx: Eliminate global std::random_device 2017-03-17 22:25:10 +09:00
Tatsuhiro Tsujikawa a7c780a732 nghttpx: Redirect to HTTPS URI with redirect-if-not-tls param
This commit removes frontend-tls parameter, and adds
redirect-if-not-tls parameter parameter to --backend option.  nghttpx
now responds to the request with 308 status code to redirect the
request to https URI if frontend connection is not TLS encrypted, and
redirect-if-no-tls parameter is used in --backend option.  The port
number in Location header field is 443 by default (thus omitted), but
it can be configurable using --redirect-https-port option.
2017-02-18 22:32:27 +09:00
Tatsuhiro Tsujikawa 0b1ddad62b nghttpx: Add frontend-tls parameter to backend to require client TLS 2017-01-28 22:19:14 +09:00
Tatsuhiro Tsujikawa 540853bde8 nghttpx: Fix typo 2017-01-28 22:18:17 +09:00
Tatsuhiro Tsujikawa 38b5cad4e3 nghttpx: Lookup backend host name dynamically
We have added "dns" parameter to backend option.  If specified, name
lookup is done dynamically.  If not, name lookup is done at start up,
or configuration reloading.  nghttpx caches DNS result including error
case in 30 seconds in this commit.  Later commit makes this
configurable.

DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
Tatsuhiro Tsujikawa f5285d1f5a nghttpx: Add BlockAllocator to SharedDownstreamAddr 2016-10-02 22:28:43 +09:00
Tatsuhiro Tsujikawa e1dfff8929 Use std::atomic_* overloads for std::shared_ptr if available 2016-09-20 22:39:01 +09:00
Tatsuhiro Tsujikawa 1dabe43ff4 nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1, and 7.2
std::make_shared in Xcode 7, 7.1, and 7.2 does not perform
value-initialization, and causes undefined behaviour if struct does
not have user defined default constructor.  This workaround explicitly
defines user defined default constructor, and initializes values.
2016-09-04 23:30:24 +09:00
Tatsuhiro Tsujikawa 2bbe4422d2 nghttpx: Use consistent hashing for client IP based session affinity
We use technique described in https://github.com/RJ/ketama
2016-07-06 23:31:10 +09:00
Tatsuhiro Tsujikawa 2a4733857f nghttpx: Reduce TTFB with large number of incoming connections
To reduce TTFB with large number of incoming connections, we now
intentionally accept one connection at a time, so that it does not
delay the TTFB of the existing connection.  This is significant
especially for TLS connections.
2016-06-25 11:50:33 +09:00
Tatsuhiro Tsujikawa c06e8c89ff nghttpx: Use BlockAllocator in match_downstream_addr_group 2016-06-11 18:41:43 +09:00
Tatsuhiro Tsujikawa a809da68a3 nghttpx: Aggregate router configuration into one struct 2016-06-11 18:25:38 +09:00
Tatsuhiro Tsujikawa 288449b9bc nghttpx: Rewrite wildcard router 2016-06-10 23:43:44 +09:00
Tatsuhiro Tsujikawa f9897f8ccd nghttpx: Fix bugs and crash when affinity is enabled 2016-06-09 23:17:41 +09:00
Tatsuhiro Tsujikawa 143d0b69b7 nghttpx: Implement client IP based session affinity 2016-06-09 22:35:59 +09:00
Tatsuhiro Tsujikawa cb7269f334 nghttpx: Close and disallow h1 backend connection on backend replacement 2016-06-04 12:16:31 +09:00
Tatsuhiro Tsujikawa 0ca7c4cb38 nghttpx: Send notice to replace downstream via ConnectionHandler 2016-06-04 01:02:57 +09:00
Tatsuhiro Tsujikawa 845aa7a710 nghttpx: Share downstream config object
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
Tatsuhiro Tsujikawa fe58614b23 nghttpx: Use std::shared_ptr for downstream addresses so that we can swap them 2016-06-03 01:20:49 +09:00
Tatsuhiro Tsujikawa e0491c2ee8 nghttpx: Refactor protocol selection in backend 2016-05-25 23:07:04 +09:00
Tatsuhiro Tsujikawa 2a4bf9f615 nghttpx: Allow mixed protocol and TLS settings among backends under same pattern 2016-05-24 23:36:43 +09:00
Tatsuhiro Tsujikawa fd801864e3 nghttpx: Add sni keyword to --backend option
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option.  But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
Tatsuhiro Tsujikawa 4aa4fe56e1 nghttpx: Destroy SSL object, and always lookup TLS session cache 2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa 9e64d10223 nghttpx: Move fall/rise configuration to --backend option
This commit removes --backend-fall and --backend-rise options.  The
these configurations are now set as fall and rise parameters in
--backend option.
2016-04-09 21:58:08 +09:00
Tatsuhiro Tsujikawa f9b872ab78 nghttpx: Detect online/offline state of backend servers 2016-04-08 23:07:17 +09:00
Tatsuhiro Tsujikawa 46514074a4 nghttpx: Better load balancing between backend HTTP/2 servers 2016-04-03 15:09:01 +09:00
Tatsuhiro Tsujikawa 58b06f32a2 nghttpx: Configure TLS per backend routing pattern
We added "tls" parameter to --backend option to enable TLS on that
backend connection.  --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
Tatsuhiro Tsujikawa 0f9ed40bd9 nghttpx: Share connection among different patterns if address set are same 2016-03-23 00:01:27 +09:00
Tatsuhiro Tsujikawa 34d209b30b nghttpx: Add wildcard host routing
This change allows host pattern in --backend to include '*' to
indicate wildcard match.  The wildcard match is made in suffix match
only.
2016-03-13 01:01:34 +09:00
Tatsuhiro Tsujikawa 1832f78684 nghttpx: Move downstream proto to DownstreamAddrGroup 2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa 8ca3e5f6ba nghttpx: Separate Downstream address group from config to runtime 2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa 21007da392 nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
Previously, we use one Http2Session object per DownstreamAddrGroup.
This is not flexible, and we have to provision how many HTTP/2
connection is required in advance.  The new strategy is we add
Http2Session object on demand.  We measure the number of attached
downstream connection object and server advertised concurrency limit.
As long as former is smaller than the latter, we attach new downstream
connection to it.  Once the limit is reached, we create new
Http2Session object.  If the number lowers the limit, we start to
share Http2Session object again.
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa f2a7275700 nghttpx: Cache TLS session inside DownstreamAddr object 2016-02-21 16:35:43 +09:00
Tatsuhiro Tsujikawa 11c8803b92 nghttpx: Worker wide blocker which is used when socket(2) is failed 2016-02-21 15:27:19 +09:00
Tatsuhiro Tsujikawa c9a4f293a1 nghttpx: ConnectBlocker per backend address 2016-02-21 14:53:06 +09:00
Tatsuhiro Tsujikawa f1580f95d4 nghttpx: Add TLS support for session cache memcached connection 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa b624ca6dcd nghttpx: Rename client TLS session cache field 2016-02-11 17:12:57 +09:00
Tatsuhiro Tsujikawa ba4c268172 nghttpx: Single SSL_SESSION cache entry for each address 2016-02-11 17:07:48 +09:00
Tatsuhiro Tsujikawa 00175eac33 nghttpx: Use Address* as a key for client side session cache 2016-02-11 12:40:15 +09:00
Tatsuhiro Tsujikawa 6d49110a33 Rename FrontendAddr as UpstreamAddr 2016-02-07 17:51:53 +09:00
Tatsuhiro Tsujikawa e7de5e9f6c nghttpx: Rename cl_tls_session as downstream_tls_session 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa 5c10534b88 nghttpx: Fix crash when reusing cached SSL session 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa 2e38208d74 nghttpx: Fixups for HTTP/1 backend TLS support 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa 26d49c1dc3 nghttpx: Cache client session 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa aa07fe7fa6 nghttpx: Support multiple frontend addresses
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
Tatsuhiro Tsujikawa 5c3f74b424 nghttpx: Add RFC 7239 Forwarded header field support 2016-01-16 11:32:14 +09:00
Tatsuhiro Tsujikawa d044c58558 nghttpx: Detect mruby presence and guard mruby related code with ifdef 2015-09-04 00:54:41 +09:00
Tatsuhiro Tsujikawa 1508c50a45 nghttpx: Add basic infrastructure for mruby support 2015-09-02 02:45:15 +09:00