Commit Graph

87 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa a7c780a732 nghttpx: Redirect to HTTPS URI with redirect-if-not-tls param
This commit removes frontend-tls parameter, and adds
redirect-if-not-tls parameter parameter to --backend option.  nghttpx
now responds to the request with 308 status code to redirect the
request to https URI if frontend connection is not TLS encrypted, and
redirect-if-no-tls parameter is used in --backend option.  The port
number in Location header field is 443 by default (thus omitted), but
it can be configurable using --redirect-https-port option.
2017-02-18 22:32:27 +09:00
Tatsuhiro Tsujikawa e5b84fad09 nghttpx: Fix bug that old config is used during reloading config 2017-02-16 22:46:22 +09:00
Tatsuhiro Tsujikawa 68a724cf7b nghttpx: Select certificate by client's supported signature algo
nghttpx supports multiple certificates using --subcert option.
Previously, SNI hostname is used to select certificate.  With this
commit, signature algorithm presented by client is also taken into
consideration.  nghttpx now accepts certificates which share the same
hostname (CN, SAN), but have different signature algorithm (e.g.,
ECDSA+SHA256, RSA+SHA256).

Currently, this feature requires OpenSSL >= 1.0.2.  BoringSSL, and
LibreSSL do not work since they lack required APIs.
2017-02-04 23:37:24 +09:00
Tatsuhiro Tsujikawa 83c759572c nghttpx: Add --psk-secret option to enable PSK in frontend connection 2017-01-08 00:35:54 +09:00
Tatsuhiro Tsujikawa 8471c9e92e nghttpx: Parse te header field a bit more properly 2016-11-07 22:47:48 +09:00
Tatsuhiro Tsujikawa e1a865c406 nghttpx: Add BlockAllocator version of util::formax_hex 2016-10-02 22:28:42 +09:00
Tatsuhiro Tsujikawa 8a9810ed32 nghttpx: Add BlockAllocator to ClientHandler 2016-10-01 22:54:17 +09:00
Tatsuhiro Tsujikawa f7c0d48152 nghttpx: Rewrite CertLookupTree using Router 2016-06-25 22:52:01 +09:00
Tatsuhiro Tsujikawa 084206bace nghttpx: Handle edge case wildcard pattern and add tests
Suppose the wildcard patterns follows:

- *.nghttp2.org/foo
- *.img.nghttp2.org/bar

Previously, s.img.nghttp2.org/foo does not match anything.  Now it
matches first pattern.
2016-06-11 13:33:59 +09:00
Tatsuhiro Tsujikawa 79968c6374 src: Rewrite strifind 2016-03-25 00:27:59 +09:00
Tatsuhiro Tsujikawa 67569486d1 src: Rewrite http:create_via_header_value 2016-03-12 21:13:09 +09:00
Tatsuhiro Tsujikawa d64051fedc src: Return StringRef from http2::stringify_status 2016-03-12 21:13:09 +09:00
Tatsuhiro Tsujikawa eb393985b7 nghttpx: Make a copy before adding header to Downstream 2016-03-12 21:12:26 +09:00
Tatsuhiro Tsujikawa 7a412df9a5 nghttpx: Fix tests 2016-03-12 21:12:26 +09:00
Tatsuhiro Tsujikawa 124d4c9fad src: Fix tests 2016-02-29 00:05:32 +09:00
Tatsuhiro Tsujikawa 9672bc322f src: Remove unused functions 2016-02-21 16:51:46 +09:00
Tatsuhiro Tsujikawa 23ecfd412d nghttpx: Fix mruby compile error, clean up add_header interface 2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa eb0c82d91f nghttpx: More log output when resolving addresses for better debugging 2016-02-13 23:21:32 +09:00
Tatsuhiro Tsujikawa 1cfdf386ff src: Faster base64 2016-01-27 15:31:09 +09:00
Tatsuhiro Tsujikawa acb38b726f nghttpx: Don't quote Forwarded params if it is not required 2016-01-19 22:43:56 +09:00
Tatsuhiro Tsujikawa 39c0a71065 src: Add tests for ImmutableString and StringRef 2016-01-17 16:32:55 +09:00
Tatsuhiro Tsujikawa dbbf3a4a10 nghttpx: Refactor TLS hostname match 2016-01-16 23:54:21 +09:00
Tatsuhiro Tsujikawa 3b8889a2a1 nghttpx: Extract response related fields to Response struct 2016-01-14 01:05:10 +09:00
Tatsuhiro Tsujikawa fe8005327a src: Make util::utos_with_unit and utos_with_funit names shorter 2016-01-11 18:12:31 +09:00
Tatsuhiro Tsujikawa f0d2c9f94b Compile with BoringSSL
Compile with BoringSSL except for neverbleed and libnghttp2_asio.  The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL.  The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Lucas Pardue ec47dfb9b8 Initial HTTP/1.1 capability. Add npn-list option to h2load. Make NPN/ALPN more runtime dependent 2015-09-17 14:49:27 +00:00
Tatsuhiro Tsujikawa ef1595672c nghttpx: Add Request#push in mruby scripting
Refactor Http2Upstream so that we can share code between link header
field based push and mruby push.
2015-09-06 00:05:07 +09:00
Tatsuhiro Tsujikawa e91a576179 nghttpx: Rewrite TLS async handshake using memchunk buffers 2015-08-13 00:42:59 +09:00
Tatsuhiro Tsujikawa 90b4b48c7e nghttpx: Add shared session cache using memcached 2015-07-26 23:33:06 +09:00
Tatsuhiro Tsujikawa e8167ceea7 nghttpx: Add AES-256-CBC encryption for TLS session ticket 2015-07-18 02:02:33 +09:00
Tatsuhiro Tsujikawa 19e47a1922 nghttpx: Normalize path when setting it to Downstream 2015-07-11 16:12:35 +09:00
Tatsuhiro Tsujikawa 3119fc259c Select backend based on request host and path by extending -b option
-b option syntax is now <HOST>,<PORT>[;<PATTERN>[:...]].  The optional
<PATTERN>s specify the request host and path it is used for.  The
<PATTERN> can contain path, host + path or host.  The matching rule is
closely designed to ServeMux in Go programming language.
2015-07-11 00:15:52 +09:00
Tatsuhiro Tsujikawa 51ef646678 src: Always use our own faster simpler timegm, use it to calculate gmtoff 2015-06-29 23:14:54 +09:00
Tatsuhiro Tsujikawa 38cfc5c47c Check more headers and funcs 2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa c64bb62ffe asio: Make redirect_handler use passed uri as is and percent-encode path part 2015-03-05 23:23:17 +09:00
Tatsuhiro Tsujikawa 7fa62c9904 src: Clean up string utlity functions 2015-02-10 23:16:34 +09:00
Tatsuhiro Tsujikawa d151759f8a nghttpx: Fix location rewrite, take 2 2015-02-08 21:26:47 +09:00
Tatsuhiro Tsujikawa 807d39abe3 nghttpx: Fix location rewrite does not work 2015-02-08 18:54:24 +09:00
Tatsuhiro Tsujikawa c55d7343ca nghttpx: Support server push using Link header field
nghttpx server push is initiated by looking for Link header field from
backend server response.  Currently we only enable server push for
HTTP/1 backend and without HTTP/2 proxy mode.  The URIs which have
rel=preload are eligible to resource to be pushed.
2015-02-08 16:10:00 +09:00
Tatsuhiro Tsujikawa 795a22a320 src: Remove ringbuf.h, use buffer.h instead 2015-02-06 23:40:34 +09:00
Tatsuhiro Tsujikawa a91e0de06c h2load: Add request stats (time for request min, max, mean and sd) 2015-01-31 23:49:30 +09:00
Tatsuhiro Tsujikawa 0a0618baac nghttpx: Add test for util::duration_str, rename util::parse_duration_with_unit 2015-01-29 23:28:47 +09:00
Tatsuhiro Tsujikawa 6b1ef95d3f nghttpx: Replace RingBuf with sequential Buffer
It turns out that we don't need circular buffer functionality.  We
replaced RingBuf with simple sequential Buffer.
2015-01-29 22:57:56 +09:00
Tatsuhiro Tsujikawa 6a39de0ae5 nghttpx: Accept s or ms as unit for <T> argument 2015-01-28 00:36:44 +09:00
Tatsuhiro Tsujikawa 2a56a3d9ea nghttpx: Fix te request header handling
Checking against "trailers" is enough for now.
2015-01-25 22:58:43 +09:00
Tatsuhiro Tsujikawa 434e80dc7b nghttpx: Reset stream if TE header field contains other than trailer 2015-01-24 15:31:59 +09:00
Tatsuhiro Tsujikawa d142830109 nghttpd: Issue RST_STREAM if content-length does not match uploaded bytes 2015-01-15 23:07:25 +09:00
Tatsuhiro Tsujikawa 956c11388c nghttpx: Allow units (k, m, and g) in --{read,write}-{rate,burst}
So that you can specify --read-rate=1M --read-burst=4M
2015-01-13 21:54:53 +09:00
Tatsuhiro Tsujikawa 91b40d1e84 src: Add test for memchunk.h 2015-01-10 23:01:03 +09:00
Tatsuhiro Tsujikawa bc17f95c80 src: Move ipv6_numeric_addr to util and add test 2015-01-10 21:33:53 +09:00