Commit Graph

33 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa e5b84fad09 nghttpx: Fix bug that old config is used during reloading config 2017-02-16 22:46:22 +09:00
Tatsuhiro Tsujikawa e44c58282e Drop privilege of neverbleed daemon first 2017-02-10 17:43:19 +09:00
Tatsuhiro Tsujikawa ba9f2c3ae2 Compile with Android NDK r13b using clang 2017-01-23 00:32:51 +09:00
Tatsuhiro Tsujikawa 264a98d106 nghttpx: Call c-ares initialization/cleanup functions 2016-12-10 21:41:03 +09:00
Tatsuhiro Tsujikawa 85ba33c08f nghttpx: Wait for child process to exit
Normally, we don't have wait for child process to exit, since init can
take care of them.  But in containerized environment, pid 0 init might
not be available, and defunct processes can be piled up.  This commit
ensures that OCSP and neverbleed processes are waited for before
worker process exits.
2016-11-30 22:59:02 +09:00
Tatsuhiro Tsujikawa 10a84f3e3d nghttpx: Rename errbuf for neverbleed as nb_errbuf for clarification 2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa c42715ed6a nghttpx: Fix compile error with --disable-threads 2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa 8b64e7b4e1 src: Add XSI-compliant version strerror_r 2016-10-16 22:47:56 +09:00
Tatsuhiro Tsujikawa 0cf6848646 clang-format-3.9 2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa 1b4ccd0d51 nghttpx: Don't call get_config() repeatedly 2016-10-08 11:37:18 +09:00
Tatsuhiro Tsujikawa 33153010c5 nghttpx: Retry memcached connection
Previously, we didn't retry request on connection failure.  Sometimes
we hit the edge case where connection is about to lost just when we
write request.  To avoid this situation, we now retry request to
failed attempt.  We also add ConnectBlocker to MemcachedConnection not
to attempt to connect to memcached if connection could not be made
previously.
2016-07-08 23:41:53 +09:00
Tatsuhiro Tsujikawa 66ca8272ca nghttpx: Clean up neverbleed AF_UNIX socket 2016-06-23 23:04:47 +09:00
Tatsuhiro Tsujikawa 845aa7a710 nghttpx: Share downstream config object
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
Tatsuhiro Tsujikawa 7a3c656adf nghttpx: Refactor 2016-05-15 21:05:20 +09:00
Tatsuhiro Tsujikawa eec0b04a33 nghttpx: Enable/disable TLS per frontend address
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option.  We removed --frontend-no-tls in
favor of this new feature.
2016-03-23 23:56:09 +09:00
Tatsuhiro Tsujikawa 7aabc6b125 nghttpx: Use ImmutableString for user 2016-02-14 22:21:55 +09:00
Tatsuhiro Tsujikawa bfc26e8299 nghttpx: Use ImmutableString to store memcached server host 2016-02-14 20:59:10 +09:00
Tatsuhiro Tsujikawa 3a41e4dd1a nghttpx: Add encryption support for TLS ticket key retrieval 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa f1580f95d4 nghttpx: Add TLS support for session cache memcached connection 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa aa07fe7fa6 nghttpx: Support multiple frontend addresses
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
Tatsuhiro Tsujikawa a390bd4ce0 nghttpx: Fix compile error with --with-neverbleed 2016-01-19 19:04:24 +09:00
Tatsuhiro Tsujikawa 0402481be4 nghttpx: Organize connection related configuration into struct 2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa f3e1dc7a4f nghttpx: Structured TLS related configurations 2016-01-18 14:21:09 +09:00
Vernon Tang 6fddefe252 shrpx_worker_process: worker_process_event_loop: Fix FD test.
This fixes a crash in nghttpx when running on IPv6 only.
2016-01-12 17:38:17 +00:00
Tatsuhiro Tsujikawa 8919c8c139 Check initgroups with AC_CHECK_DECLS for cygwin 2015-12-24 21:15:46 +09:00
Tatsuhiro Tsujikawa 5de2c7a8c1 Detect availability of initgroups 2015-12-23 14:21:31 +09:00
Tatsuhiro Tsujikawa 75ff04f87a nghttpx: Don't stop default loop of worker process on graceful shutdown
To keep ipc channel being read from worker process, default loop
should not be stopped.  To join all worker threads, now we use
dedicated thread to do this.  When all worker threads are joined,
ev_async_send sends message to default loop, and it is finally
stopped.
2015-09-29 00:40:33 +09:00
Tatsuhiro Tsujikawa 3fca142e5f nghttpx: Exit immediately if IPC channel read failed on worker process 2015-09-29 00:08:46 +09:00
Tatsuhiro Tsujikawa 566b0476d7 nghttpx: Enable neverbleed for client private key; don't run nb without TLS 2015-09-26 21:28:46 +09:00
Tatsuhiro Tsujikawa 044385ab6e Add neverbleed support
neverbleed is disabled by default.  To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa c749ae0cac Add doc 2015-09-26 18:54:38 +09:00
Tatsuhiro Tsujikawa 389a96483a nghttpx: Fix improper signal handling 2015-09-24 23:43:24 +09:00
Tatsuhiro Tsujikawa ce1b11e3a0 nghttpx: Split monolithic one process into control and worker processes
The control process handles signals, reads configuration, reads
private keys, and bind port (which may be privileged one).  It never
drop privileges, so that it can execute new binary with the same
privilege.  It forks worker process.  The worker process handles all
incoming connections.  It drops privilege.
2015-09-18 23:28:26 +09:00