Commit Graph

565 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 9b63fc011e nghttpx: Open log files by default configuration 2015-07-24 00:32:19 +09:00
Tatsuhiro Tsujikawa cab6c7871c nghttpx: Don't rewrite host header field by default
In reverse proxy usage, backend server most likely wants to see the
original header field.  So this commit turns off host header rewrite
by default.  --no-host-rewrite option is deprecated, and if it is
used, warning message is displayed.  --host-rewrite option is added to
enable host rewrite.
2015-07-23 23:54:56 +09:00
Tatsuhiro Tsujikawa 04bd25d468 nghttpx: Simplify ticket handling between workers just using mutex 2015-07-23 23:13:29 +09:00
Tatsuhiro Tsujikawa cd2c751f82 nghttpx: Generate new ticket key every 1hr and its life time is now 12hrs 2015-07-23 21:14:38 +09:00
Tatsuhiro Tsujikawa ca3444c34c Fix compile error/warnings with gcc-4.7 2015-07-19 20:50:14 +09:00
Tatsuhiro Tsujikawa 5dc060c1a2 src: Use C++11 value-initialization, instead of memset-ing 0 2015-07-19 17:55:37 +09:00
Tatsuhiro Tsujikawa e8167ceea7 nghttpx: Add AES-256-CBC encryption for TLS session ticket 2015-07-18 02:02:33 +09:00
Tatsuhiro Tsujikawa a2c78cfc69 nghttpx: Update doc 2015-07-14 23:44:58 +09:00
Tatsuhiro Tsujikawa 7f7b6d641d nghttpx: Allow log variable to be enclosed by curly braces 2015-07-14 22:25:52 +09:00
Tatsuhiro Tsujikawa fb7775e382 nghttpx: Detect loop in --include paths 2015-07-13 21:44:06 +09:00
Tatsuhiro Tsujikawa 3097547491 nghttpx: Add --include option to read additional configuration from given file 2015-07-12 23:18:36 +09:00
Tatsuhiro Tsujikawa 6307f96fb3 nghttpx: Enable host-path backend routing in HTTP/2 backend
To achieve host-path backend routing, we changed behaviour of
--backend-http2-connections-per-worker.  It now sets the number of
HTTP/2 physical connections per pattern group if pattern is used in -b
option.

Fixes GH-292
2015-07-12 23:02:30 +09:00
Tatsuhiro Tsujikawa 7c216c6df8 nghttpx: Document that patterns with host take precedence 2015-07-11 16:46:13 +09:00
Tatsuhiro Tsujikawa c2e4ed9624 nghttpx: Deal with the path without trailing slash on pattern match
If pattern ends with '/', and pattern and path matches without that
slash, we consider they match to deal with request to the directory
without trailing slash.  That is if pattern is "/foo/" and path is
"/foo", we consider they match.
2015-07-11 12:43:48 +09:00
Tatsuhiro Tsujikawa 3119fc259c Select backend based on request host and path by extending -b option
-b option syntax is now <HOST>,<PORT>[;<PATTERN>[:...]].  The optional
<PATTERN>s specify the request host and path it is used for.  The
<PATTERN> can contain path, host + path or host.  The matching rule is
closely designed to ServeMux in Go programming language.
2015-07-11 00:15:52 +09:00
Tatsuhiro Tsujikawa 515c313073 nghttpx: Add $ssl_session_reused log variable
The syntax for this variable is the same as nginx: if SSL/TLS session
was reused, "r" is produced.  Otherwise ".".
2015-06-28 22:15:04 +09:00
Tatsuhiro Tsujikawa 197493afd4 nghttpx: Add log variables related to SSL/TLS connection
This commit add following 3 log variables to SSL/TLS connection:
$ssl_cipher, $ssl_protocol, $ssl_session_id.  If no information is
available for them, '-' is produced for each.
2015-06-28 16:44:34 +09:00
Tatsuhiro Tsujikawa b06e339dbb Prepare for IRIX support, port relevant change from spdylay 2015-06-27 17:51:07 +09:00
Tatsuhiro Tsujikawa f3b7f4140b nghttpx: Clarify origin host for --backend-http1-connection-per-host 2015-06-22 21:09:39 +09:00
Tatsuhiro Tsujikawa cebfdacc5a src: Use user-defined literals for time (hours and minutes) 2015-06-21 14:51:32 +09:00
Tatsuhiro Tsujikawa 39f89f4a60 src: Use user-defined literals for k, m, and g. 2015-06-21 14:32:47 +09:00
Tatsuhiro Tsujikawa 6d537c419e nghttpx: Document failure case on bind() 2015-06-07 00:05:33 +09:00
Tatsuhiro Tsujikawa 4894e24dc8 nghttpx: Add error logging for listener socket creation failure 2015-06-07 00:02:30 +09:00
Tatsuhiro Tsujikawa 00efa86fb6 nghttpx: Add --add-request-header option 2015-06-05 23:04:20 +09:00
Tatsuhiro Tsujikawa ee4d53a9e4 More constexpr 2015-05-31 18:44:37 +09:00
Tatsuhiro Tsujikawa 3d59c6c0b7 nghttpx: Use defined string iteral when defining long_options 2015-05-29 22:48:46 +09:00
Tatsuhiro Tsujikawa 791660ef8d Fix up OpenSSL initialization
Use the example presented at
http://en.wikibooks.org/wiki/OpenSSL/Initialization
2015-05-23 00:23:38 +09:00
Tatsuhiro Tsujikawa 0b27f005e0 Merge branch 'master' into v1.0.0
Conflicts:
	src/HttpServer.cc
2015-05-15 23:24:19 +09:00
Tatsuhiro Tsujikawa 53bfc70c9e Include inttypes.h (or cintypes for C++) instead of stdint.h
From autoconf manual, section 5.6.1 Portability of Headers, says:

"""
The C99 standard says that inttypes.h includes stdint.h, so there's no
need to include stdint.h separately in a standard environment. Some
implementations have inttypes.h but not stdint.h (e.g., Solaris 7),
but we don't know of any implementation that has stdint.h but not
inttypes.h.
"""
2015-05-14 00:17:45 +09:00
Tatsuhiro Tsujikawa 38cfc5c47c Check more headers and funcs 2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa e63d6e490a Merge branch 'master' into v1.0.0
Conflicts:
	lib/nghttp2_option.h
	lib/nghttp2_session.h
	src/HttpServer.cc
2015-05-08 19:21:51 +09:00
Tatsuhiro Tsujikawa 552f675466 nghttpx: Add --header-field-buffer and --max-header-fields options 2015-04-29 21:10:59 +09:00
Tatsuhiro Tsujikawa 5937b4b6f7 Merge branch 'master' into v1.0.0 2015-04-19 23:13:38 +09:00
Tatsuhiro Tsujikawa 889e705f35 nghttpx: Add logging for somewhat important events (logs, tickets, and ocsp) 2015-04-11 00:08:28 +09:00
Tatsuhiro Tsujikawa b873930802 nghttpx: Now ocsp works without threads 2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa 09c485e712 nghttpx: Eliminate 1 second refresh timer 2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa d247470da2 nghttpx: Rewrite ocsp without thread
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa cf0576253f Merge branch 'master' into v1.0.0 2015-04-08 18:10:04 +09:00
Tatsuhiro Tsujikawa 1fcd881395 nghttpx: Document that stderr is redirected to error log file 2015-04-08 17:33:18 +09:00
Tatsuhiro Tsujikawa dd435b51ab nghttpx: Redirect stderr to errorlog file 2015-04-08 16:59:58 +09:00
Tatsuhiro Tsujikawa 3e50ef439d Announce h2, final HTTP/2 ALPN identifier 2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa d0c27d5229 Send 24 bytes client magic byte string by library
Previously nghttp2_session_send() and nghttp2_session_mem_send() did
not send 24 bytes client magic byte string (MAGIC).  We made
nghttp2_session_recv() and nghttp2_session_mem_recv() process MAGIC by
default, so it is natural to make library send MAGIC as well.  This
commit makes nghttp2_session_send() and nghttp2_session_mem_send()
send MAGIC.  This commit also replace "connection preface" with
"client magic", since we call MAGIC as "connection preface" but it is
just a part of connection preface.  NGHTTP2_CLIENT_CONNECTION_PREFACE
macro was replaced with NGHTTP2_CLIENT_MAGIC.  The already deprecated
NGHTTP2_CLIENT_CONNECTION_HEADER macro was removed permanently.
nghttp2_option_set_no_recv_client_preface() was renamed as
nghttp2_option_set_no_recv_client_magic().  NGHTTP2_ERR_BAD_PREFACE
was renamed as NGHTTP2_ERR_BAD_CLIENT_MAGIC.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 250ea53e4b Deal with 24 bytes client connection preface by default
Since HTTP/2 spec requires for client to send connection preface, it
is reasonable to make this option enabled by default.  It is still a
use case to disable this, so replace this option with
nghttp2_option_set_no_recv_client_preface().
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 01af6ea70c Remove ALTSVC related code
HTTP/2 and HPACK are going to be published as RFC, but ALTSVC is still
in draft state.  To make our API stable, it would be better to remove
ALTSVC API for 1.0.0 release.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 1442b1bd0a nghttpx: Remove --tls-ctx-per-worker option
--tls-ctx-per-worker option does not work well of OCSP stapling.  Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
Tatsuhiro Tsujikawa cc94632b29 src: Use separator "--" to mark start of the footer without ambiguity 2015-03-31 00:21:52 +09:00
Tatsuhiro Tsujikawa 4bc9afe20a nghttpx: Add OCSP stapling feature 2015-03-30 23:58:28 +09:00
Tatsuhiro Tsujikawa 93013f4205 nghttpx: Remove --backend-http2-connection-check option, enable it by default 2015-03-11 00:22:05 +09:00
Tatsuhiro Tsujikawa 0e3ae63965 nghttpx: Add --backend-http2-connections-per-worker 2015-03-10 23:43:25 +09:00
Tatsuhiro Tsujikawa 446de923f3 nghttpx: Support multiple HTTP/2 session per worker
Currently, we use same number of HTTP/2 sessions per worker with given
backend addresses.  New option to specify the number of HTTP/2 session
per worker will follow.
2015-03-10 23:20:21 +09:00
Tatsuhiro Tsujikawa c5860fc6f4 nghttpx: Support multiple -b option for HTTP/2 backend 2015-03-10 21:54:29 +09:00
Tatsuhiro Tsujikawa 41e266181e nghttpx: Attempt to improve HTTP/2 backend connection check
It turns out that writing successfully to network is not enough.
After apparently successful network write, read fails and then we
first know network has been lost (at least my android mobile network).
In this change, we say connection check is successful only when
successful read.  We already send PING in this case, so we just wait
PING ACK with short timeout.  If timeout has expired, drop connection.
Since waiting for PING ACK could degrade performance for fast reliably
connected network, we decided to disable connection check by default.
Use --backend-http2-connection-check to enable it.
2015-03-09 23:37:54 +09:00
Tatsuhiro Tsujikawa c2426bc732 Merge branch 'pthread-getspecific' of https://github.com/icing/nghttp2 into icing-pthread-getspecific 2015-03-05 02:04:56 +09:00
Stefan Eissing 1fd44b1567 replacing thread_local, which does not exist on OS X, with pthread_getspecific call 2015-03-03 17:09:15 +01:00
Tatsuhiro Tsujikawa 1c0d617742 nghttpx: Rename WorkerConfig as LogConfig
This is a sign that we only use thread-local storage for logging only.
2015-02-26 00:02:29 +09:00
Tatsuhiro Tsujikawa b161dfe573 nghttpx: Move graceful_shutdown flag from WorkerConfig to Worker
A part of an effort to eliminate thread_local WorkerConfig
2015-02-25 22:53:53 +09:00
Tatsuhiro Tsujikawa 1a2bccd71c nghttpx: Share nghttp2_session_callbacks between objects 2015-02-24 15:21:10 +09:00
Tatsuhiro Tsujikawa 8b533e19bb nghttpx: Remove option name from unix path sample since it is a bit strange 2015-02-22 18:09:37 +09:00
Tatsuhiro Tsujikawa df32a534fc nghttpx: Rename ConnectionHandler::acceptor4_ as acceptor_
This change is motivated by that fact that we use it for UNIX domain
socket as well as IPv4.
2015-02-22 17:59:50 +09:00
Tatsuhiro Tsujikawa e583a25a8b nghttpx: Fix error found by coverity scan 2015-02-22 17:53:12 +09:00
Tatsuhiro Tsujikawa da2376effd nghttpx: Add host_unix field to DownstreamAddr to tell it is UNIX domain sock 2015-02-22 17:25:23 +09:00
Tatsuhiro Tsujikawa 0c4ae3dea5 nghttpx: Support UNIX domain socket on frontend
This commit also fixes environment variables used to tell inherited
file descriptors to new binary are stacked up each time new binary is
executed.
2015-02-22 17:25:23 +09:00
Tatsuhiro Tsujikawa 997f9233bc nghttpx: Support UNIX domain socket in backend connections 2015-02-22 12:27:51 +09:00
Tatsuhiro Tsujikawa a26a597453 nghttpx: Cast configuration value to rlim_t to avoid compile error on 32bit 2015-02-21 16:57:02 +09:00
Tatsuhiro Tsujikawa ab93a700ce src: Announce h2 ALPN 2015-02-20 23:50:17 +09:00
Tatsuhiro Tsujikawa ae0100a9ab nghttpx: Refactor worker interface 2015-02-11 22:49:03 +09:00
Tatsuhiro Tsujikawa 502b552b68 nghttpx: Add --no-server-push option 2015-02-08 16:19:12 +09:00
Tatsuhiro Tsujikawa 4dea318b5b nghttpx: Fix compile error if SOCK_NONBLOCK is undefined 2015-02-08 00:49:56 +09:00
Tatsuhiro Tsujikawa 54851ef7a6 src: Move make_unique to nghttp2 namespace 2015-02-06 00:15:43 +09:00
Tatsuhiro Tsujikawa 7c75d9db98 nghttpx: Set nghttp2_option_set_peer_max_concurrent_streams for HTTP/2 backend 2015-02-05 03:05:34 +09:00
Tatsuhiro Tsujikawa a68c4c1e3c nghttpx: Add --no-host-rewrite option 2015-02-04 01:42:26 +09:00
Tatsuhiro Tsujikawa e03f36eeeb nghttpx: Use <DURATION> instead of <T> 2015-01-29 23:23:30 +09:00
Tatsuhiro Tsujikawa 00555dc7bb nghttpx: Use TCP_DEFER_ACCEPT if available 2015-01-29 21:14:44 +09:00
Tatsuhiro Tsujikawa d1a4002b22 nghttpx: Remove --accept-delay and --num-accept options 2015-01-29 20:58:47 +09:00
Tatsuhiro Tsujikawa 96e66b1a81 nghttpx: Make num_accept 0 on graceful shutdown
Make num_accept unlimited so that we can accept all pending
connections waiting in listen queue.
2015-01-28 21:02:31 +09:00
Tatsuhiro Tsujikawa 19429abd07 nghttpx: Make --accept-delay default to 10ms 2015-01-28 21:00:47 +09:00
Fabian Möller 3167aa4081 nghttpx: set the supplementary group access list 2015-01-28 20:56:05 +09:00
Tatsuhiro Tsujikawa f8765be817 nghttpx: Make --backend-keep-alive-timeout default to 2s 2015-01-28 00:47:09 +09:00
Tatsuhiro Tsujikawa f0c7839f25 nghttpx: Clarify --num-accept=0 case 2015-01-28 00:39:56 +09:00
Tatsuhiro Tsujikawa 6a39de0ae5 nghttpx: Accept s or ms as unit for <T> argument 2015-01-28 00:36:44 +09:00
Tatsuhiro Tsujikawa 402ebb277f nghttpx: Add --num-accept and --accept-delay options 2015-01-27 23:47:56 +09:00
Tatsuhiro Tsujikawa f604cbae70 nghttpx: Fix shutdown too early with QUIT signal if num_worker == 1 2015-01-22 01:46:25 +09:00
Tatsuhiro Tsujikawa 8997e4369d nghttpx: Adjust backend buffers 2015-01-21 01:47:43 +09:00
Tatsuhiro Tsujikawa 5d204fc3aa nghttpx: Add more option categories 2015-01-15 23:19:35 +09:00
Tatsuhiro Tsujikawa 8fe093de1d nghttpx: Set initial backlog to 512 2015-01-14 21:24:12 +09:00
Tatsuhiro Tsujikawa f004361ef2 nghttpx: Add --backend-request-buffer option 2015-01-13 23:30:28 +09:00
Tatsuhiro Tsujikawa c88a5291b7 nghttpx: Add --backend-response-buffer option 2015-01-13 23:20:06 +09:00
Tatsuhiro Tsujikawa 0d614cf103 nghttpx: Longer help message 2015-01-13 23:02:18 +09:00
Tatsuhiro Tsujikawa 29d6cfae80 nghttpx: Add explanation about units in <SIZE> 2015-01-13 22:42:52 +09:00
Tatsuhiro Tsujikawa c48a6e73e8 nghttpx: Clean up metavar 2015-01-13 22:39:35 +09:00
Tatsuhiro Tsujikawa 956c11388c nghttpx: Allow units (k, m, and g) in --{read,write}-{rate,burst}
So that you can specify --read-rate=1M --read-burst=4M
2015-01-13 21:54:53 +09:00
Tatsuhiro Tsujikawa 5e8eb926f2 nghttpx: Fix server error with -n1 and --tls-ctx-per-worker 2015-01-13 21:53:53 +09:00
Tatsuhiro Tsujikawa 1e4f8f27fd nghttpx: Add --tls-ctx-per-worker option
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it.  We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine.  Good side of sharing SSL_CTX across threads is
we can share session ID pool.

If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks.  The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread.  But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
Tatsuhiro Tsujikawa e048deb64c nghttpx: Fix error message 2015-01-12 22:35:45 +09:00
Tatsuhiro Tsujikawa f7455d48cc Compile with android NDK
This also fixes the bug that nghttpx's acceptor fd is blocking if
SOCK_NONBLOCK is undefined.
2015-01-11 00:28:00 +09:00
Tatsuhiro Tsujikawa 0ca979b453 nghttpx: Add --rlimit-nofile option 2015-01-10 23:17:48 +09:00
Tatsuhiro Tsujikawa bc17f95c80 src: Move ipv6_numeric_addr to util and add test 2015-01-10 21:33:53 +09:00
Tatsuhiro Tsujikawa a3dcf1e004 Produce man pages using sphinx
Previously to create manual page for bundled programs, we use help2man
to create man page from program's help output.  Then our man2rst.py
script converts man page to rst document.  Sphinx generates html from
rst documents.

Now help2rst.py produces rst document from programs output.  We use
Sphinx solely to produce both man pages and html files.
2015-01-10 00:37:42 +09:00
Tatsuhiro Tsujikawa 019f1e9fc7 nghttpx: Remove useless comments 2015-01-08 22:28:30 +09:00
Tatsuhiro Tsujikawa 0173929538 nghttpx: Rename ListenHandler as ConnectionHandler 2015-01-08 21:48:39 +09:00
Tatsuhiro Tsujikawa fcddb5c06c nghttpx: Distribute session ticket keys to workers without mutex 2015-01-08 21:15:45 +09:00
Tatsuhiro Tsujikawa 5d3544185c nghttpx: Fix crash in SSL_CTX_set_tlsext_ticket_key_cb
It seems that returning 0 when enc == 0 crashes OpenSSL.
2015-01-08 20:46:35 +09:00
Tatsuhiro Tsujikawa 5dce9501a6 Fix compile error with libstdc++ and/or --disable-threads 2015-01-08 01:57:59 +09:00
Tatsuhiro Tsujikawa 08e8cc1915 nghttpx: Add --tls-ticket-key-file option
This option specifies files contains 48 random bytes to construct
session ticket key data.  This option can be used repeatedly to
specify multiple keys, but only the first one is used to encrypt
tickets.
2015-01-08 01:26:30 +09:00
Tatsuhiro Tsujikawa 52f3572d5b nghttpx: Enable TLS session tickets with session key rotation every 12hrs 2015-01-08 00:01:09 +09:00
Tatsuhiro Tsujikawa ba795d86f0 nghttpx: Don't cache time for logging
Update is done by main event loop which is stopped after graceful
shutdown is commenced, which means time is no longer update.  To avoid
this situation, we just avoid caching and get time for each logging.
2015-01-06 23:17:09 +09:00
Tatsuhiro Tsujikawa 94e69d5e30 nghttpx: Remove commented lines 2015-01-06 22:55:01 +09:00
Tatsuhiro Tsujikawa 7db1864766 nghttpx: Add --backend-http1-connections-per-frontend option 2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa a55a07940c nghttpx: Show not implemented warning for per wroker rate limit 2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa bfac015d61 src: Use libev for rest of the applications 2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa d695d2ccc0 nghttp, nghttpx, nghttpd, h2load: Support h2-16 in NPN/ALPN
The nghttp2 library itself is still h2-14.  To experiment with the
implementations to require h2-16 to test new features (e.g.,
prioritization), nghttp, nghttpx, nghttpd and h2load now support h2-16
as well as h2-14.  Cleartext HTTP Upgrade is still limited to h2-14
however.
2014-12-16 22:57:58 +09:00
Tatsuhiro Tsujikawa b607a22076 nghttpx: Support multiple HTTP/1 backend address
For HTTP/1 backend, -b option can be used several times to specify
multiple backend address.  HTTP/2 backend does not support multiple
addresses and only uses first address even if multiple addresses are
specified.
2014-12-06 19:30:27 +09:00
Tatsuhiro Tsujikawa 9614611969 nghttpx: Limit # of downstream connections per host when h2 proxy is used
This commit limits the number of concurrent HTTP/1 downstream
connections to same host.  By defualt, it is limited to 8 connections.
--backend-connections-per-frontend option was replaced with
--backend-http1-connections-per-host, which changes the maximum number
of connections per host.  This limitation only kicks in when h2 proxy
is used (-s option).
2014-12-05 01:47:03 +09:00
Tatsuhiro Tsujikawa f178b78816 nghttpx: Longer read timeouts 2014-12-03 23:45:44 +09:00
Tatsuhiro Tsujikawa e180d8e594 nghttpx: Longer downstream HTTP/1 idle connection timeout 2014-12-03 23:00:53 +09:00
Tatsuhiro Tsujikawa b1f807abd1 Reformat lines with clang-format-3.5 2014-11-27 23:56:30 +09:00
Tatsuhiro Tsujikawa c67ccad74d nghttpx: Use cached get_config()->pid in save_pid() 2014-11-27 22:41:14 +09:00
Tatsuhiro Tsujikawa 04dae32509 nghttpx: Store PID to Config again after daemon() 2014-11-27 21:32:34 +09:00
Tatsuhiro Tsujikawa 9bba616426 nghttpx: Add $alpn variable to accesslog formatting
$alpn is a variable which represents ALPN identifier of the protocol
which generates the response.
2014-11-24 15:24:09 +09:00
Tatsuhiro Tsujikawa 1fe50f272b nghttpx: Add $pid to --accesslog-format variable
$pid refers to the PID of the running process.
2014-11-24 14:34:43 +09:00
Tatsuhiro Tsujikawa 93023acc6c nghttpx: Make --accesslog-format usage doc help2man friendly
This is unfortunate but help2man behaves badly when there is indented
lines in help messages in commnad-line args.  We removed indentations
to make help2man happy.
2014-11-24 14:16:48 +09:00
Tatsuhiro Tsujikawa daf659c64e nghttpx: Note the conversion made in <VAR> 2014-11-24 14:04:37 +09:00
Lucas Pardue 9cf1a0c77c Add features to logging, client and server port,
time_iso8601 and request_time.
2014-11-23 20:37:51 +00:00
Tatsuhiro Tsujikawa 958cd0de64 nghttpx: Add configurable access logging format
This commit adds functionality to customize access logging format in
nghttpx.  The format variables are inspired by nginx.  The default
format is combined format.
2014-11-19 01:29:55 +09:00
Tatsuhiro Tsujikawa 5ce8ae79f0 nghttpx: Disable spdy/3 and spdy/2 by default 2014-11-14 23:16:06 +09:00
Tatsuhiro Tsujikawa ce71e65aee nghttpx: Replace WARNING with WARN for consistency 2014-11-08 10:51:56 +09:00
Tatsuhiro Tsujikawa 1119701071 nghttpx: Fix -L option help message
WARNING should be WARN.
2014-11-08 10:45:58 +09:00
Lucas Pardue a067eb02a5 Add LOG_NOTICE level logging for application lifecycle events 2014-11-06 14:32:56 +00:00
Tatsuhiro Tsujikawa be1a513c59 nghttpx: Shut up scan-build 2014-10-30 22:36:22 +09:00
Lucas Pardue 9ea4905f68 Added X-Forwarded-For header stripping option to nghttpx 2014-10-27 10:23:20 +00:00
Tatsuhiro Tsujikawa c6cfcc3c30 src: Disable insecure SSLv3 2014-10-22 23:14:07 +09:00
Tatsuhiro Tsujikawa 8fffa05513 src: Fix possible heap-use-after free for OpenSSL global locking
This is simply programming error, but it is interesting that using
libstdc++ does not reveal this error.  With clang++-libc++, we got
std::system_error: mutex lock faild: Invalid argument.  This is
because we did not give a name to lock object, so it is immediately
destructed.  I think this will fix the reported crash on Mac OSX.
2014-10-14 21:47:07 +09:00
Svante Signell df875db989 Avoid PATH_MAX by using getcwd(nullptr, 0) as supported by modern glibc-based OSes. 2014-10-03 21:58:15 +09:00
Tatsuhiro Tsujikawa f8471a5f45 nghttpx: Move --backend-http-proxy-uri to Connections section 2014-08-27 23:37:54 +09:00
Tatsuhiro Tsujikawa 822ec75814 nghttpx: Add --listener-disable-timeout option 2014-08-27 22:34:00 +09:00
Tatsuhiro Tsujikawa 9ad2c0887e nghttpx: Use _Exit() instead of exit() when execve is failed in child process 2014-08-23 18:15:47 +09:00
Tatsuhiro Tsujikawa c7e9fe8154 nghttpx: Implement connection blocker for HTTP/1 backend 2014-08-19 23:36:04 +09:00
Tatsuhiro Tsujikawa fb62a5ed4f nghttpx: Use pointer for worker_config 2014-08-19 22:29:44 +09:00
Tatsuhiro Tsujikawa 2fb675f13c nghttpx: Open default log files for errors occurred while parsing options 2014-08-17 22:37:30 +09:00
Tatsuhiro Tsujikawa eebd1f5492 nghttpx: Add some more info about prohibition of --read-burst=0 2014-08-17 22:31:44 +09:00
Tatsuhiro Tsujikawa 86dd1519b4 nghttpx: Android specific hack for special files for logging
Android lacks /dev/stderr, so directly use /proc/self/fd/2 as default
errorlog-file.  Android does not like O_APPEND for /proc/self/fd/1 and
/proc/self/fd/2, so omit the flag for these paths.
2014-08-17 19:01:51 +09:00
Tatsuhiro Tsujikawa 5d2390deba nghttpx: Bring per-connection rate limit back
--read-burst=0 still does not work.  But specifying n > 0 workarounds
this.
2014-08-17 16:17:10 +09:00
Tatsuhiro Tsujikawa 3c056973a1 nghttpx: Ignore SIGCHLD not to create zombie on SIGUSR2 if -D is used 2014-08-17 00:05:24 +09:00
Tatsuhiro Tsujikawa 0e8419ac37 nghttpx: Add backend-connections-per-frontend option
This option limits the number of backend connections per frontend.
This is meaningful for the combination of HTTP/2 and SPDY frontend and
HTTP/1 backend.
2014-08-16 22:24:17 +09:00
Tatsuhiro Tsujikawa 7b85f6c50d nghttpx: Store errno to a variable temporarly 2014-08-13 22:13:08 +09:00
Tatsuhiro Tsujikawa ca680c16e3 nghttpx: Chown file to effective user 2014-08-13 01:53:44 +09:00
Tatsuhiro Tsujikawa bf13d91264 nghttpx: Add hot deploy feature
nghttpx supports hot deploy feature using signals.  The host deploy in
nghttpx is multi step process.  First send USR2 signal to nghttpx
process.  It will do fork and execute new executable, using same
command-line arguments and environment variables.  At this point, both
current and new processes can accept requests.  To gracefully shutdown
current process, send QUIT signal to current nghttpx process.  When
all existing frontend connections are done, the current process will
exit.  At this point, only new nghttpx process exists and serves
incoming requests.
2014-08-13 00:43:54 +09:00
Tatsuhiro Tsujikawa 8aa6580d89 nghttpx: Chown log files with --user 2014-08-10 20:58:02 +09:00
Tatsuhiro Tsujikawa 24cfb52b5a nghttpx: Add --no-location-rewrite option
--no-location-rewrite option disallows location header rewrite on
--http2-bridge, --client and default mode.  This option is useful when
connecting nghttpx proxy with --http2-bridge to backend nghttpx with
http2-proxy mode.
2014-08-10 12:39:27 +09:00
Tatsuhiro Tsujikawa 93ed89df5f nghttpx: Make stream timeout disable by default
It might be useful to clean the unused stream out to make up the room
for new streams.  On the other hand, proxy should maintain the
connection between upstream client and downstream server and they have
the timeout for their own.  Proxy just reacts to their decision.
2014-08-10 00:08:44 +09:00
Tatsuhiro Tsujikawa 1a2e50ca08 nghttpx: Lower timeouts 2014-08-09 22:59:31 +09:00
Tatsuhiro Tsujikawa 76703f79fa nghttpx: Add stream level timeout for HTTP/2 and SPDY upstream/downstream 2014-08-09 22:56:27 +09:00
Tatsuhiro Tsujikawa 455d911f61 src, examples: Call OPENSSL_config() 2014-08-02 10:11:45 +09:00
Tatsuhiro Tsujikawa 079db14d45 Add nghttp2_session_consume() API
Reworked no automatic WINDOW_UPDATE feature.  We added new API
nghttp2_session_consume() which tells the library how many bytes are
consumed by the application.  Instead of submitting WINDOW_UPDATE by
the application, the library is now responsible to submit
WINDOW_UPDATE based on consumed bytes.  This is more reliable method,
since it enables us to properly send WINDOW_UPDATE for stream and
connection individually.  The previous implementation of nghttpx had
broken connection window management.
2014-07-31 23:05:53 +09:00
Tatsuhiro Tsujikawa 8dc47c6750 Fix resource leaks 2014-07-18 00:31:32 +09:00
Tatsuhiro Tsujikawa 9f1c819242 nghttpx: Cleanup create_evlistener 2014-07-06 19:21:18 +09:00
Tatsuhiro Tsujikawa a02624c9ed nghttpx: Use std::shared_ptr to share cached time
To ensure that cached time buffer is not altered while referencing it,
we rely on inerlocking in std::shared_ptr to acheive this.
2014-07-06 13:27:51 +09:00
Tatsuhiro Tsujikawa 933e24d412 nghttpx: Use std::atomic for Config::cached_time 2014-07-05 23:50:32 +09:00
Tatsuhiro Tsujikawa 9841f778a9 nghttpx: Do not compile pthread_sigmask if NOTHREADS is defined 2014-07-05 19:43:39 +09:00
Tatsuhiro Tsujikawa bf4042ce98 nghttpx: Cache time for logging 2014-07-05 19:40:30 +09:00
Tatsuhiro Tsujikawa 0ce848a611 nghttpx: Rewrite logging system
This change rewrites logging system of nghttpx.  Previously access log
and error log are written to stderr or syslog and there was no option
to change stderr to something else.  With this change, file path of
access log and error log can be configured separately and logging to
regular file is now added.  To support rotating log, if SIGUSR1 signal
is received by nghttpx, it closes the current log files and reopen it
with the same name.  The format of access log is changed and has same
look of apache's.  But not all columns are not supported yet.
2014-07-05 18:43:24 +09:00
Tatsuhiro Tsujikawa 479e15469c nghttpx: Add worker-frontend-connections option 2014-06-26 22:55:22 +09:00
Tatsuhiro Tsujikawa 133c3d66be nghttpx: Remove TLSv1.0 from default TLS proto list 2014-06-19 23:21:53 +09:00
Tatsuhiro Tsujikawa 266a15ccd3 nghttpx: Remove per-connection rate limit
It looks like setting read-rate and read-burst to 0 makes busy loop.
It seems a bug.  On the other hand, we most likely want per-thread
rate limit rather than per-connection.  So we decided to drop them.
2014-06-19 23:19:14 +09:00
Tatsuhiro Tsujikawa 1af9a9cee0 nghttpx: Don't stderr log if syslog is used
This change also reverts previous commits and tty is set to false if
syslog is used.
2014-06-12 21:47:00 +09:00
Tatsuhiro Tsujikawa 6a2950aef0 nghttpx: Make tty to false when daemonized 2014-06-12 00:19:46 +09:00
Tatsuhiro Tsujikawa c204861dec nghttpx: Create NPN prefs only once 2014-06-10 23:22:23 +09:00
Tatsuhiro Tsujikawa 7b0ed5d9bd nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2
Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD).  Now
default cipher list is the one recommended by Mozilla web site.  The
--honor-cipher-order option is removed and now it is always assumed.
2014-06-10 22:47:22 +09:00
Tatsuhiro Tsujikawa 0fd5b2aa32 nghttpx: Use std::vector for tls_proto_list and npn_list
Now SSL/TLS option mask to disable particular SSL/TLS protocol
versions are pre-calculated and stored in Config.
2014-06-08 23:09:44 +09:00
Tatsuhiro Tsujikawa 1f58be423d nghttpx: Use nullptr instead of 0 2014-06-08 21:05:36 +09:00
Tatsuhiro Tsujikawa 14b818efc8 nghttpx: Use std::unique_ptr<char[]> instead of char* 2014-06-08 21:02:40 +09:00
Tatsuhiro Tsujikawa 1fa5852f8f nghttpx: Treat '*' in <HOST> parameter of --frontend as wildcard explicitly
It seems that specifyig '*' to node parameter in getaddrinfo() is
treated as specifying NULL, but it is not documented.  So rather than
relying on this feature, we explicitly treat '*' as "wildcard" address
and specify NULL to node parameter in getaddrinfo().

Now '*,3000' is a default value of --frontend option.  Specyfing '*'
binds all addresses including both IPv4 and IPv6.
2014-05-25 16:15:48 +09:00
Tatsuhiro Tsujikawa 672ad82849 nghttpx: Clarify that --npn-list is used in both ALPN and NPN 2014-05-21 21:28:58 +09:00
Tatsuhiro Tsujikawa 2ae1da113e src: Use C++ style comments for C++ source code 2014-05-14 23:22:23 +09:00
Tatsuhiro Tsujikawa e47b976691 src: Eliminate use of snprintf 2014-05-14 22:39:28 +09:00
Nicholas Hurley f3f9210dae Add --disable-threads option for configure
This allows users of OS X 10.9 to run nghttpd (and friends) with
threading entirely disabled, to avoid crashes on startup related to
std::mutex.
2014-05-01 17:18:29 -07:00
Tatsuhiro Tsujikawa abe74f869f Ditto 7730b13e5a 2014-04-30 22:44:51 +09:00
Tatsuhiro Tsujikawa a8a2236da9 nghttpx: Add --add-response-header option 2014-04-26 14:56:08 +09:00
Tatsuhiro Tsujikawa 6326aec089 nghttpx: Return std::unique_ptr from parse_config_str_list 2014-04-08 22:44:30 +09:00
Tatsuhiro Tsujikawa f9f6cdc93d nghttpx: Specify altsvc info in one option and allow multiple occurrences 2014-04-08 22:28:50 +09:00
Tatsuhiro Tsujikawa 5b55874d4d Fix static analysis error 2014-04-05 20:04:09 +09:00
Tatsuhiro Tsujikawa d668d2448b Hide session option from public API
To make adding new option easier, we decided to make the details of
option struct private and hide it from public API.  We provide
functions to set individual option value.
2014-04-04 21:57:47 +09:00
Tatsuhiro Tsujikawa db6c41a219 nghttpx: Add altsvc related options
To advertise alternative serive, at least --altsvc-port and
--altsvc-protocol-id must be specified.
2014-04-03 13:20:50 +09:00
Tatsuhiro Tsujikawa ab2dc5967d Replace HTTP/2.0 with HTTP/2 2014-03-30 19:26:37 +09:00
Tatsuhiro Tsujikawa 8ccb6e463d nghttpx: Use raw-string iteral to output help 2014-03-22 22:03:13 +09:00
Tatsuhiro Tsujikawa d074cb611f nghttpx: Add rate limit per worker thread
The existing options --{read,write}-{rate,burst} are per connection.
The new options --worker-{read,write}-{rate,burst} are per worker
thread, which is overall rate limit of all connections worker handles.
2014-03-09 14:53:28 +09:00
Tatsuhiro Tsujikawa d4ea2418d8 nghttpx: Use LibsslGlobalLock 2014-03-04 21:33:43 +09:00
Tatsuhiro Tsujikawa f5342494f4 src: Format help message and add --version to make man page generation easier 2014-02-16 19:39:41 +09:00
Tatsuhiro Tsujikawa 7504d89f9b src: Add at most N bytes as padding if --padding option is used 2014-02-15 16:40:32 +09:00
Tatsuhiro Tsujikawa c280cc7c4d nghttpx: Add --padding option for debugging purpose 2014-02-11 17:23:22 +09:00
Tatsuhiro Tsujikawa c7c283f3a9 nghttpx: Add --frontend-frame-debug option to debug HTTP/2 frame in upstream
The output format is the same one with nghttp/nghttpd. The output
is made into stderr to make it sync with logging.
2014-02-09 18:47:26 +09:00
Tatsuhiro Tsujikawa dfbea797bd src: Use static_cast instead of reinterpret_cast if possible 2014-01-19 21:18:37 +09:00
Tatsuhiro Tsujikawa 50dd7ada50 nghttpx: Code cleanup 2014-01-18 16:32:22 +09:00
Tatsuhiro Tsujikawa 90ea7ba92a src: Add command-line option guess 2014-01-09 01:27:56 +09:00
Tatsuhiro Tsujikawa 7ce3065f32 nghttpx: Add --tls-proto-list option to enable SSL/TLS protocol selectively 2014-01-02 13:08:54 +09:00
Tatsuhiro Tsujikawa 3e21bed4f9 nghttpx: Make parse_config_npn_list generic 2014-01-02 13:08:54 +09:00
Tatsuhiro Tsujikawa 20877b1107 nghttpx: Don't allow application protocol not listed in --npn-list option 2014-01-02 00:53:07 +09:00
Tatsuhiro Tsujikawa ad369ec299 nghttpx: Use -1 as default value of --backlog 2013-12-26 21:39:00 +09:00
Tatsuhiro Tsujikawa 1f0dfd4316 nghttpx: Update doc 2013-12-01 20:55:16 +09:00
Tatsuhiro Tsujikawa 93ad48fe6c nghttpx: Update usage 2013-11-29 22:59:49 +09:00
Tatsuhiro Tsujikawa 01f7162be3 nghttpx: Add connection-level flow control window size options
This commit also changes SPDY's flow control size. Previously,
the size for SPDY is the same amount of bytes with HTTP/2.
For example, --frontend-http2-upstream-window-bits=N,
the window size is 2**N - 1. Now SPDY code uses 2**N.
2013-11-21 00:15:17 +09:00
Tatsuhiro Tsujikawa 53b3fba05b nghttpx: Add --http2-no-cookie-crumbling option 2013-11-18 00:03:55 +09:00
Tatsuhiro Tsujikawa faedc4381d nghttpx: Add options to dump HTTP headers in HTTP/2.0 upstream 2013-11-17 23:52:19 +09:00
Tatsuhiro Tsujikawa 58beaa371d nghttpx: Support spdy/3.1, require spdylay >= 1.2.0 2013-11-12 11:03:46 +09:00
Tatsuhiro Tsujikawa b1905c5815 nghttpx: More replacement of spdy with http2 2013-11-04 18:22:29 +09:00
Tatsuhiro Tsujikawa 0fcd14300a nghttpx: Rename PROTO_SPDY with PROTO_HTTP2 for backend protocol name 2013-11-04 18:15:56 +09:00
Tatsuhiro Tsujikawa ba3db66cec nghttpx: Replace "spdy" in option name with "http2" 2013-11-04 18:14:05 +09:00
Tatsuhiro Tsujikawa f3d71aa5bb nghttpx: Rename Spdy{Session,DownstreamConnection} to Http2{*} 2013-11-04 17:53:57 +09:00
Tatsuhiro Tsujikawa 69967aeef8 nghttpx: Add --client-private-key-file and --client-cert-file options 2013-11-02 23:34:25 +09:00
Tatsuhiro Tsujikawa 5bb7066474 nghttpx: Add --verify-client-cacert option
Using --cacert to load certificate for client certificate authentication
is problematic since, --cacert is also used for client mode.
This commit adds --verify-client-cacert option which specify the CA
certficate file used only for client certificate validation.
This change also removes the default certficate load function for
client certificate validation.
2013-11-02 21:41:05 +09:00
Tatsuhiro Tsujikawa 02acfd7d70 nghttpx: Add --verify-client option
This option requires client certificate and successful verification.
Use --cacert option to add CA certificates as necessary.
2013-11-02 01:10:18 +09:00
Tatsuhiro Tsujikawa a0326b3f2b nghttpx: Handle error from bufferevent_socket_new and event_base_new 2013-09-24 23:17:53 +09:00
Tatsuhiro Tsujikawa 2572fb6fb4 shrpx.cc: Code cleanup 2013-09-24 21:34:59 +09:00
Tatsuhiro Tsujikawa ab39ae849f nghttpx: Add --npn-list option 2013-09-23 20:55:39 +09:00
Tatsuhiro Tsujikawa c48a1d7516 nghttpx: Add rate limit options 2013-09-13 21:23:55 +09:00
Tatsuhiro Tsujikawa 0f75997839 nghttpx: Share ev_token_bucket_cfg across ClientHandlers 2013-09-13 00:25:24 +09:00
Tatsuhiro Tsujikawa 9e703170cd nghttpx: Enable --honor-cipher-order automatically when --ciphers is used 2013-08-30 23:02:47 +09:00
Tatsuhiro Tsujikawa aea036c9d4 nghttpx: Support ECDHE and DHE cipher suites
Use --dh-param-file option to specify a file including DH parameters
in PEM format.

For example, you can create DH parameters with 1024 bit key using
following command:

$ openssl dhparam -outform PEM -out dhparam.pem 1024
2013-08-30 22:07:42 +09:00
Tatsuhiro Tsujikawa 47ee8e3c79 src: Code cleanup 2013-08-23 03:33:05 +09:00
Tatsuhiro Tsujikawa 989d613448 nghttpx: Save pid file after daemon() call 2013-08-10 18:55:18 +09:00
Tatsuhiro Tsujikawa f613f68a13 src: Make window size - 1
To match the -w16 to 65535, which is HTTP/2.0 default initial window
size, decrement 1 from (1 << window_bits).
2013-08-03 19:53:07 +09:00
Tatsuhiro Tsujikawa 6bcfb99cc0 nghttpx: Update help messages 2013-08-03 19:19:04 +09:00
Tatsuhiro Tsujikawa d1bc3c89a7 nghttpx: Code cleanup 2013-08-03 19:04:44 +09:00
Tatsuhiro Tsujikawa 0150312022 nghttpx: Rename spdy_{upstream,downstream}_no_tls as {upstream,downstream}_no_tls 2013-08-03 19:01:57 +09:00
Tatsuhiro Tsujikawa 564e6b9ffc nghttpx: Rename --{front,back}end-spdy-no-tls as --{front,back}end-no-tls 2013-08-03 18:58:14 +09:00
Tatsuhiro Tsujikawa f620655d08 nghttp, nghttpx: Add HTTP Upgrade from HTTP/1.1 to HTTP/2.0
nghttpx does not perform upgrade if the request has request body.
2013-08-03 18:51:01 +09:00
Tatsuhiro Tsujikawa 90b06e8572 nghttpx: Add HTTP/2.0 word in help message 2013-07-26 21:55:08 +09:00
Tatsuhiro Tsujikawa 5ccf647df9 Rename shrpx as nghttpx superficially 2013-07-26 21:42:39 +09:00
Tatsuhiro Tsujikawa 18f450fd2a Port shrpx to nghttp2 use 2013-07-26 19:33:25 +09:00
Tatsuhiro Tsujikawa 0edce70343 Rebranding nghttp2 2013-07-13 00:43:06 +09:00
Tatsuhiro Tsujikawa 7b59a11480 shrpx: Create default SSL context once 2013-06-21 23:17:46 +09:00
Tatsuhiro Tsujikawa d1b9af0268 shrpx: Fix usage doc 2013-06-09 23:09:49 +09:00
moparisthebest aa13b9b980 Drop priveleges only after listening on possibly priveleged port 2013-04-19 07:58:58 -04:00
moparisthebest 7dfa559bc4 Add --honor-cipher-order option to mitigate BEAST attacks 2013-04-18 14:25:48 -04:00
snnn 4c238c5b36 fix building on mac os x. "error: invalid suffix on literal; C++11 requires a space between literal and identifier" 2013-04-17 14:33:55 +08:00
Tatsuhiro Tsujikawa 34e119fde2 shrpx: Remove useless backend spdy version check
It is unnecessary because spdy version at this point is always valid.
2013-03-29 22:16:50 +09:00
Tatsuhiro Tsujikawa a9f475fb88 spdycat, shrpx: TLS SNI enhancements
shrpx:
* Added an option to set the TLS SNI extension between shrpx and the
  origin on the command line

spdycat:
* If the user set an explicit host header ( using --headers ) use that
  name for the TLS SNI extension.
* Added the handshake completion time to the verbose output
* The gettimeofday call in get_time was using the incorrect structure
  ( I believe )
* In update_html_parser it was submitting the request regardless of
  the return value of add_request.

Patch from Stephen Ludin
2013-03-29 22:06:33 +09:00
Tatsuhiro Tsujikawa 7d709fa3ff shrpx: Support non-TLS SPDY in frontend connection 2013-03-24 21:03:39 +09:00
Tatsuhiro Tsujikawa c487d152b2 shrpx: Add non-TLS SPDY backend connection support
Use --backend-spdy-no-tls to disable TLS on backend SPDY connection.
The SPDY protocol used there must be configured by
--backend-spdy-proto option.
2013-02-22 22:54:54 +09:00
Tatsuhiro Tsujikawa 8b6fbbf3a6 shrpx: Update --backend-http-proxy-uri usage 2013-02-09 19:08:02 +09:00
Tatsuhiro Tsujikawa ceba5539a1 shrpx: Fix client mode does not work 2013-02-09 17:45:57 +09:00
Tatsuhiro Tsujikawa 99b687ceca shrpx: Documented --spdy-bridge 2013-02-09 16:55:49 +09:00
Tatsuhiro Tsujikawa cb8b8050b5 shprx: Add --backend-http-proxy-uri option
Specify proxy URI in the form http://[USER:PASS]PROXY:PORT. USER and
PASS are optional and if they exist they must be properly
percent-encoded. This proxy is used when the backend connection is
SPDY. First, make a CONNECT request to the proxy and it connects to
the backend on behalf of shrpx. This forms tunnel. After that, shrpx
performs SSL/TLS handshake with the downstream through the tunnel. The
timeouts when connecting and making CONNECT request can be specified
by --backend-read-timeout and --backend-write-timeout options.
2013-02-09 16:55:39 +09:00
Tatsuhiro Tsujikawa 9ba19df813 shrpx: Add --spdy-bridge option
With --spdy-bridge option, it listens SPDY/HTTPS connections from
front end and forwards them to the backend in SPDY. The usage will be
written later. This change fixes the crash when more than 2
outstanding SpdyDownstreamConnection objects are added to SpdySession
and establishing connection to SPDY backend is failed.
2013-02-08 21:46:58 +09:00
Tatsuhiro Tsujikawa c707125839 shrpx: Explicitly hold server SSL_CTX and client SSL_CTX 2013-02-07 21:13:36 +09:00
Tatsuhiro Tsujikawa b18af854af shrpx: Add --subcert option to add additional certificate/private key
This option specifies additional certificate and private key
file. Shrpx will choose certificates based on the hostname indicated
by client using TLS SNI extension. This option can be used multiple
times.
2013-02-06 23:41:28 +09:00
Tatsuhiro Tsujikawa 29bec93eb9 shrpx: Don't run expensive INFO log code
INFO log and its surrounding code are now guarded by
LOG_ENABLED(SEVERITY) macro so that they don't run if log level
threshold is higher. This increases performance because log formatting
is somewhat expensive.
2013-01-21 22:48:08 +09:00
Tatsuhiro Tsujikawa dc2fe52e57 shrpx: Add missing \n to help message 2013-01-12 16:42:48 +09:00
Tatsuhiro Tsujikawa c45fa16f94 shrpx: Add --no-via option
If --no-via option is given, shrpx does not append to Via header
field. If Via header field is received, it is left unaltered.
2013-01-09 22:03:49 +09:00
Tatsuhiro Tsujikawa 4d1f1f2395 shrpx: Log IP version number when getaddrinfo failed 2013-01-09 22:03:34 +09:00
Tatsuhiro Tsujikawa 9b1f36d274 shrpx: Color severity level in terminal
Color severity level if stderr refers to a terminal.
2012-12-09 21:02:48 +09:00
Raul Gutierrez Segales cbf8ccf7d1 [shrpx] read private key's passwd from a file
This avoids the need to provide the password for your
private key interactively.

It can be used via --private-key-passwd-file or private-key-passwd-file
in the given config file. The first line in the file
(without \n) will be treated as the passwd. There isn't
any validation and all lines after the first one (if any)
are ignored.

The security model behind this is a bit simplistic so I
am open to better ideas. Basically your password file
should be root:root (700) and you *should* drop root
and run as an unprivileged user.

If the file exists and a line can be read then a callback
will be set for the SSL ctxt and it'll feed the passwd
when the private key is read (if password is needed).

If the file exists with the wrong permisions it'll be
logged and ignored.
2012-12-03 21:55:32 -08:00
Tatsuhiro Tsujikawa baf2dc3ddf shrpx: Add --backend-ipv4 and --backend-ipv6 options. 2012-11-23 21:11:01 +09:00
Tatsuhiro Tsujikawa 7a21905312 shrpx: Remove Config ctor and fill all initial values in fill_default_config() 2012-11-22 23:35:10 +09:00
Tatsuhiro Tsujikawa c1332a35a5 shrpx: Add -v, --version option 2012-11-22 23:08:36 +09:00
Tatsuhiro Tsujikawa 774e64d2b4 shrpx: Group up options in -h output 2012-11-22 23:04:27 +09:00
Tatsuhiro Tsujikawa 9c70c1b867 shrpx: Code cleanup 2012-11-22 22:05:52 +09:00
Tatsuhiro Tsujikawa 4349d42988 shrpx: Add usage for <PRIVATE_KEY> <CERT> 2012-11-22 22:00:38 +09:00
Tatsuhiro Tsujikawa d589f4c74c shrpx: Verify backend server's certificate in client mode
The -k, --insecure option is added to skip this verification.  The
system wide trusted CA certificates will be loaded at startup. The
--cacert option is added to specify the trusted CA certificate file.
2012-11-22 21:46:15 +09:00
Tatsuhiro Tsujikawa 81adb6bc7f shrpx: Implement downstream SPDY flow control 2012-11-21 23:47:48 +09:00
Tatsuhiro Tsujikawa 0bf15a7694 Rename --client-mode as --client and add --client-proxy
With --client-proxy option, shrpx makes sure that the request path is
an absolute URI, otherwise it will return 400 status code.
2012-11-21 22:10:35 +09:00
Tatsuhiro Tsujikawa fa552c6788 shrpx: Share SPDY session among multiple frontend connections per thread
In client mode, now SPDY connection to the backend server is
established per thread.  The frontend connections which belong to the
same thread share the SPDY connection.
2012-11-21 01:29:39 +09:00
Tatsuhiro Tsujikawa 026f4ca3a2 Add --client-mode option
With --client-mode option, shrpx now accepts unencrypted HTTP
connections and communicates with backend server in SPDY.  In short,
this is the "reversed" operation mode against normal mode.  This may
be useful for testing purpose because it can sit between HTTP client
and shrpx "normal" mode.
2012-11-18 21:46:07 +09:00
Raul Gutierrez Segales 6f6f6ffc41 [shrpx] fix password handling for certs keys
We should only call daemon() after ListenHandler is
instantiated, where  SSL_CTX_use_PrivateKey_file is called,
otherwise we have no stdin/stdout to get the password for
keyfile.
2012-10-27 22:29:27 -07:00
Tatsuhiro Tsujikawa b0fcd68783 Move spdycat, spdyd and shrpx from examples to src
To distinguish the to-be-installed programs and non-installable
example source code, the former programs, spdycat, spdydyd and shrpx,
were moved to src directory. spdynative was removed from Makefile
because it does not appeal to any users much.
2012-09-10 21:39:51 +09:00