This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --add-x-forwarded-proto option makes nghttpx append
X-Forwarded-Proto value. The --strip-incoming-x-forwarded-proto
option makes nghttpx to strip the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit changes this behaviour. Now nghttpx
does not strip, and append X-Forwarded-Proto header field by default.
The X-Forwarded-For, and Forwarded header fields are also handled in
the same way. To recover the old behaviour, use
--add-x-forwarded-proto and --strip-incoming-x-forwarded-proto
options.
This commit removes frontend-tls parameter, and adds
redirect-if-not-tls parameter parameter to --backend option. nghttpx
now responds to the request with 308 status code to redirect the
request to https URI if frontend connection is not TLS encrypted, and
redirect-if-no-tls parameter is used in --backend option. The port
number in Location header field is 443 by default (thus omitted), but
it can be configurable using --redirect-https-port option.
--accesslog-write-early option is analogous to HAProxy's logasap. If
used, nghttpx writes access log when response header fields are
received from backend rather than when request transaction finishes.
Because of bidirectional nature of TCP, we may fail write(2), but have
still pending read in TCP buffer, which may contain response body. To
forward them, we should keep reading until get EOF from backend.
To avoid stalling HTTP/1 upload when request buffer is full, and we
have received complete response from backend, drop connection in that
case.
We have added "dns" parameter to backend option. If specified, name
lookup is done dynamically. If not, name lookup is done at start up,
or configuration reloading. nghttpx caches DNS result including error
case in 30 seconds in this commit. Later commit makes this
configurable.
DNS resolution is done asynchronously using c-ares library.
For HTTP/2, read timer starts when there is no downstream, and timer
stops when there is at least one downstream. For HTTP/1, read timer
starts when request handling finished, and timer stops when request
handling starts.
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option. But it will be removed in the future release.
Tatsuhiro Tsujikawa