058122b804
nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
...
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
f6301714db
nghttpx: Avoid copy of std::mt19937 which is huge
2017-03-26 21:14:34 +09:00
1e1d908c12
nghttpx: Eliminate global std::random_device
2017-03-17 22:25:10 +09:00
a7c780a732
nghttpx: Redirect to HTTPS URI with redirect-if-not-tls param
...
This commit removes frontend-tls parameter, and adds
redirect-if-not-tls parameter parameter to --backend option. nghttpx
now responds to the request with 308 status code to redirect the
request to https URI if frontend connection is not TLS encrypted, and
redirect-if-no-tls parameter is used in --backend option. The port
number in Location header field is 443 by default (thus omitted), but
it can be configurable using --redirect-https-port option.
2017-02-18 22:32:27 +09:00
0b1ddad62b
nghttpx: Add frontend-tls parameter to backend to require client TLS
2017-01-28 22:19:14 +09:00
540853bde8
nghttpx: Fix typo
2017-01-28 22:18:17 +09:00
38b5cad4e3
nghttpx: Lookup backend host name dynamically
...
We have added "dns" parameter to backend option. If specified, name
lookup is done dynamically. If not, name lookup is done at start up,
or configuration reloading. nghttpx caches DNS result including error
case in 30 seconds in this commit. Later commit makes this
configurable.
DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
f5285d1f5a
nghttpx: Add BlockAllocator to SharedDownstreamAddr
2016-10-02 22:28:43 +09:00
e1dfff8929
Use std::atomic_* overloads for std::shared_ptr if available
2016-09-20 22:39:01 +09:00
1dabe43ff4
nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1, and 7.2
...
std::make_shared in Xcode 7, 7.1, and 7.2 does not perform
value-initialization, and causes undefined behaviour if struct does
not have user defined default constructor. This workaround explicitly
defines user defined default constructor, and initializes values.
2016-09-04 23:30:24 +09:00
2bbe4422d2
nghttpx: Use consistent hashing for client IP based session affinity
...
We use technique described in https://github.com/RJ/ketama
2016-07-06 23:31:10 +09:00
2a4733857f
nghttpx: Reduce TTFB with large number of incoming connections
...
To reduce TTFB with large number of incoming connections, we now
intentionally accept one connection at a time, so that it does not
delay the TTFB of the existing connection. This is significant
especially for TLS connections.
2016-06-25 11:50:33 +09:00
c06e8c89ff
nghttpx: Use BlockAllocator in match_downstream_addr_group
2016-06-11 18:41:43 +09:00
a809da68a3
nghttpx: Aggregate router configuration into one struct
2016-06-11 18:25:38 +09:00
288449b9bc
nghttpx: Rewrite wildcard router
2016-06-10 23:43:44 +09:00
f9897f8ccd
nghttpx: Fix bugs and crash when affinity is enabled
2016-06-09 23:17:41 +09:00
143d0b69b7
nghttpx: Implement client IP based session affinity
2016-06-09 22:35:59 +09:00
cb7269f334
nghttpx: Close and disallow h1 backend connection on backend replacement
2016-06-04 12:16:31 +09:00
0ca7c4cb38
nghttpx: Send notice to replace downstream via ConnectionHandler
2016-06-04 01:02:57 +09:00
845aa7a710
nghttpx: Share downstream config object
...
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
fe58614b23
nghttpx: Use std::shared_ptr for downstream addresses so that we can swap them
2016-06-03 01:20:49 +09:00
e0491c2ee8
nghttpx: Refactor protocol selection in backend
2016-05-25 23:07:04 +09:00
2a4bf9f615
nghttpx: Allow mixed protocol and TLS settings among backends under same pattern
2016-05-24 23:36:43 +09:00
fd801864e3
nghttpx: Add sni keyword to --backend option
...
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option. But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
4aa4fe56e1
nghttpx: Destroy SSL object, and always lookup TLS session cache
2016-04-28 22:25:55 +09:00
9e64d10223
nghttpx: Move fall/rise configuration to --backend option
...
This commit removes --backend-fall and --backend-rise options. The
these configurations are now set as fall and rise parameters in
--backend option.
2016-04-09 21:58:08 +09:00
f9b872ab78
nghttpx: Detect online/offline state of backend servers
2016-04-08 23:07:17 +09:00
46514074a4
nghttpx: Better load balancing between backend HTTP/2 servers
2016-04-03 15:09:01 +09:00
58b06f32a2
nghttpx: Configure TLS per backend routing pattern
...
We added "tls" parameter to --backend option to enable TLS on that
backend connection. --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
0f9ed40bd9
nghttpx: Share connection among different patterns if address set are same
2016-03-23 00:01:27 +09:00
34d209b30b
nghttpx: Add wildcard host routing
...
This change allows host pattern in --backend to include '*' to
indicate wildcard match. The wildcard match is made in suffix match
only.
2016-03-13 01:01:34 +09:00
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
8ca3e5f6ba
nghttpx: Separate Downstream address group from config to runtime
2016-02-28 00:19:18 +09:00
21007da392
nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
...
Previously, we use one Http2Session object per DownstreamAddrGroup.
This is not flexible, and we have to provision how many HTTP/2
connection is required in advance. The new strategy is we add
Http2Session object on demand. We measure the number of attached
downstream connection object and server advertised concurrency limit.
As long as former is smaller than the latter, we attach new downstream
connection to it. Once the limit is reached, we create new
Http2Session object. If the number lowers the limit, we start to
share Http2Session object again.
2016-02-28 00:19:18 +09:00
f2a7275700
nghttpx: Cache TLS session inside DownstreamAddr object
2016-02-21 16:35:43 +09:00
11c8803b92
nghttpx: Worker wide blocker which is used when socket(2) is failed
2016-02-21 15:27:19 +09:00
c9a4f293a1
nghttpx: ConnectBlocker per backend address
2016-02-21 14:53:06 +09:00
f1580f95d4
nghttpx: Add TLS support for session cache memcached connection
2016-02-13 18:46:07 +09:00
b624ca6dcd
nghttpx: Rename client TLS session cache field
2016-02-11 17:12:57 +09:00
ba4c268172
nghttpx: Single SSL_SESSION cache entry for each address
2016-02-11 17:07:48 +09:00
00175eac33
nghttpx: Use Address* as a key for client side session cache
2016-02-11 12:40:15 +09:00
6d49110a33
Rename FrontendAddr as UpstreamAddr
2016-02-07 17:51:53 +09:00
e7de5e9f6c
nghttpx: Rename cl_tls_session as downstream_tls_session
2016-02-07 17:43:30 +09:00
5c10534b88
nghttpx: Fix crash when reusing cached SSL session
2016-02-07 17:43:30 +09:00
2e38208d74
nghttpx: Fixups for HTTP/1 backend TLS support
2016-02-07 17:43:30 +09:00
26d49c1dc3
nghttpx: Cache client session
2016-02-07 17:43:30 +09:00
aa07fe7fa6
nghttpx: Support multiple frontend addresses
...
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
5c3f74b424
nghttpx: Add RFC 7239 Forwarded header field support
2016-01-16 11:32:14 +09:00
d044c58558
nghttpx: Detect mruby presence and guard mruby related code with ifdef
2015-09-04 00:54:41 +09:00
1508c50a45
nghttpx: Add basic infrastructure for mruby support
2015-09-02 02:45:15 +09:00
Tatsuhiro Tsujikawa