4be5de1163
src: Move log related functions from util.cc to shrpx_log.cc
2017-01-09 19:34:40 +09:00
6595ae26ea
src: Add constexpr to const objects
2017-01-09 17:11:37 +09:00
cbca2e35b5
nghttpx: Show default cipher list in -h
2017-01-09 14:43:13 +09:00
ac399e41ac
nghttpx: Update doc
...
Mention client-ciphers, and no-http2-cipher-black-list options in
psk-secrets and client-psk-secrets options.
2017-01-08 23:04:07 +09:00
9c7e54d9b5
nghttpx: Add client-ciphers option
...
Previously, ciphers option sets cipher list for both frontend and
backend TLS connections. With this commit, ciphers option only sets
cipher list for frontend connections. The new client-ciphers option
sets cipher list for backend connection.
2017-01-08 22:40:58 +09:00
3c03024881
nghttpx: Add client-no-http2-cipher-black-list option
...
This commit adds client-no-http2-cipher-black-list option to disable
enforcement of HTTP/2 cipher black list on backend HTTP/2 connection.
Previously, existing no-http2-cipher-black-list option disables it for
both frontend and backend connections. Now no-http2-cipher-black-list
option only disables it for frontend connection.
2017-01-08 22:33:19 +09:00
79a24f5dd9
nghttpx: Add --client-psk-secret option to enable PSK in backend
2017-01-08 00:35:55 +09:00
83c759572c
nghttpx: Add --psk-secret option to enable PSK in frontend connection
2017-01-08 00:35:54 +09:00
b313386988
nghttpx: Add proxyproto to frontend option to accept PROXY protocol
...
Previously, global accept-proxy-protocol option enables PROXY protocol
support for all frontend listeners, but this was inflexible. To fix
this issue, accept-proxy-protocol option is now deprecated, and
instead proxyproto parameter in frontend option enables PROXY protocol
support per frontend.
2017-01-03 12:47:03 +09:00
3c600c103f
nghttpx: Add frontend-keep-alive-timeout option
2016-12-23 11:01:29 +09:00
841ac75c3e
nghttpx: Clarify that backend-keep-alive-timeout applies to h1 only
2016-12-23 10:49:39 +09:00
a06a8c36a4
nghttpx: Add --dns-lookup-timeout and --dns-max-try options
2016-12-11 00:50:16 +09:00
d66377d4b6
nghttpx: Add dns-cache-timeout option
...
This option controls how long cached DNS entries remain valid.
2016-12-10 21:09:51 +09:00
38b5cad4e3
nghttpx: Lookup backend host name dynamically
...
We have added "dns" parameter to backend option. If specified, name
lookup is done dynamically. If not, name lookup is done at start up,
or configuration reloading. nghttpx caches DNS result including error
case in 30 seconds in this commit. Later commit makes this
configurable.
DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
5b9cacc2d7
nghttpx: Discard iaddrs early
2016-10-23 19:55:58 +09:00
177d51ddab
nghttpx: Use thread_local if it is available
2016-10-23 19:26:22 +09:00
8b64e7b4e1
src: Add XSI-compliant version strerror_r
2016-10-16 22:47:56 +09:00
0cf6848646
clang-format-3.9
2016-10-15 18:36:04 +09:00
00a8c378d4
nghttpx: Add --backend-connect-timeout option
2016-10-10 22:50:41 +09:00
412c8f9e67
nghttpx: Add TLS signed_certificate_timestamp extension support
2016-10-09 18:43:36 +09:00
175c7886ea
nghttpx: Update doc
2016-10-09 17:18:29 +09:00
cdb1d6b462
nghttpx: Add P-384 and P-521 to the default of --ecdh-curves option
2016-10-08 11:44:03 +09:00
1b4ccd0d51
nghttpx: Don't call get_config() repeatedly
2016-10-08 11:37:18 +09:00
8babaac8c3
nghttpx: Add --ecdh-curves option to specify list of named curves
...
This option requires OpenSSL >= 1.0.2. With OpenSSL 1.0.2, the
default value is "P-256". With OpenSSL 1.1.0 or later, the default
value is "X25519:P-256".
2016-10-08 10:50:56 +09:00
96ff3be5e6
nghttpx: Use allocator of new config since this may happen multiple times
2016-10-03 22:09:46 +09:00
3d5d76ba74
nghttpx: Update doc
2016-10-03 22:09:46 +09:00
97843e3874
nghttpx: Use StringRef for tls_proto_list
2016-10-03 22:09:45 +09:00
5dd2704051
nghttpx: Use StringRef for tls.npn_list
2016-10-03 22:09:45 +09:00
99a91e3172
nghttpx: Add BlockAllocator to Config object
2016-10-03 22:09:45 +09:00
8a9810ed32
nghttpx: Add BlockAllocator to ClientHandler
2016-10-01 22:54:17 +09:00
03ba399176
nghttpx: Update doc
2016-09-17 22:38:06 +09:00
f4016644a9
nghttpx: Add option to specify HPACK encoder/decoder dynamic table size
2016-09-12 22:53:02 +09:00
f5a2f1da25
nghttpx: Add --frontend-http2-window-size option, and its family
...
We added --frontend-http2-window-size,
--frontend-http2-connection-window-size, --backend-http2-window-size,
and --backend-http2-connection-window-size option to replace existing
*-bits options. The old options are not flexible because they only
specify number of bits. Now we can specify integer value, with
possible g, m, and k unit. The old options are still available for
backend compatibility, but are deprecated.
2016-09-10 16:27:48 +09:00
27b250ac8e
nghttpx: Add experimental TCP optimization for h2 frontend
2016-09-10 16:27:48 +09:00
136aae725f
nghttpx: Add --no-server-rewrite option not to rewrite server header field
2016-08-31 23:47:15 +09:00
13d3f785bd
Make ImmutableString(const std::string&) explicit
2016-08-26 22:52:08 +09:00
39c068974d
Make ImmutableString(const char*) explicit
2016-08-26 22:40:59 +09:00
0d4d1a63d4
nghttpx: Add --server-name option to change server response header field
2016-08-26 22:28:09 +09:00
4749e66c67
nghttpx: Disallow copying Config
2016-08-25 22:55:12 +09:00
ad3d43b8be
nghttpx: Add access log variable for backend host and port
...
Use $backend_host and $backend_port. $backend_host is backend host
name given in --backend option. It could be a path to UNIX domain
socket.
2016-08-05 00:04:47 +09:00
54f640f3e1
nghttpx: Update doc
2016-07-31 20:50:07 +09:00
e2906025c8
nghttpx: Don't exit from save_pid and set_alpn_prefs
2016-07-31 20:35:10 +09:00
9a8e9815c9
nghttpx: Cleanup
2016-07-31 20:26:03 +09:00
8c3e864989
nghttpx: Define ~Config for automatic clean up with std::unique_ptr
...
Now config global is backed with std::unique_ptr. configuration
swapping dance is now a bit cleaner, but YMMV.
2016-07-31 19:01:29 +09:00
22570b7260
nghttpx: Close fd when error occurred in reload operation
...
This commit also fixes the bug that old configuration is still used
for worker process. The another bug fix is that inherited, but not
used fd is not closed in worker process. That makes reloading next
configuration fail if it contains the address which are leaked into
worker process.
2016-07-31 18:47:03 +09:00
fb49182c29
nghttpx: Move original_argv, argv, argc, and cmdcfgs to StartupConfig
2016-07-31 16:34:55 +09:00
b9b648e0ed
nghttpx: Remove last_worker_pid from Config
...
The last_worker_pid is known by inspecting the last entry of
worker_processes.
2016-07-31 16:20:00 +09:00
494775a25d
nghttpx: Rename SignalServer with WorkerProcess
2016-07-31 16:16:23 +09:00
1214f9e23b
nghttpx: Reload configuration with SIGHUP
...
This commit implements configuration reloading with SIGHUP.
There are rough edges left:
* Rename SignalServer with more meaningful name, say, WorkerProcess.
* We should introduce global configuration object which is not
affected by configuration reloading. It should hold cmdcfgs, argc,
argv, and last worker PID.
* We should close the listener file descriptor when some operation was
failed after that.
2016-07-31 15:57:41 +09:00
a54cda22ab
nghttpx: Do creation of InheritedAddr in a dedicated function for reuse
2016-07-31 00:35:15 +09:00
6fd4dd99da
nghttpx: Update doc
2016-06-26 22:33:17 +09:00
aa16412850
nghttpx: Add --backend-max-backoff option
2016-06-22 00:13:43 +09:00
e2bdf1d734
nghttpx: Enforce the fact that api and healthmon are mutually exclusive
2016-06-21 22:44:26 +09:00
56e7cd4be2
nghttpx: Add healthmon parameter to -f option to enable health monitor mode
2016-06-17 00:00:37 +09:00
af9662f971
nghttpx: Make API processing one of alternative mode
2016-06-16 23:30:35 +09:00
143d0b69b7
nghttpx: Implement client IP based session affinity
2016-06-09 22:35:59 +09:00
708c99c052
nghttpx: Describe api parameter in --frontend option
2016-06-04 18:48:16 +09:00
8288f5713b
nghttpx: Add --api-max-request-body option to set maximum API request body size
2016-06-04 17:24:54 +09:00
845aa7a710
nghttpx: Share downstream config object
...
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
fe58614b23
nghttpx: Use std::shared_ptr for downstream addresses so that we can swap them
2016-06-03 01:20:49 +09:00
2fd095d036
nghttpx: Share the code to configure backends
2016-06-03 00:22:55 +09:00
09150a7927
nghttpx: Pass pointer to Config object to store parsed configurations
2016-06-02 23:59:59 +09:00
667c8b0e27
nghttpx: Add APIDownstreamConnection to handle API request
...
For those connections via frontend with api parameter, they use solely
APIDownstreamConnection.
In this commit, APIDownstreamConnection just consumes all request
body, and do nothing. The next few commits implements our first API
endpoint: /v1/api/dynamicconfig.
2016-06-02 23:50:56 +09:00
2a4bf9f615
nghttpx: Allow mixed protocol and TLS settings among backends under same pattern
2016-05-24 23:36:43 +09:00
98396f00ff
nghttpx: Cleane up bit more of save_pid()
2016-05-24 01:32:11 +09:00
e7d5cfff30
nghttpx: Fix crash introduced in the previous commit
2016-05-24 00:10:53 +09:00
c308be39de
nghttpx: Write PID in temporary file then rename
...
Write PID in temporary file first. Then rename it as the real
destination. It will avoid the issue that the external process may
read the empty PID file because of race condition.
2016-05-23 22:39:38 +09:00
0fca352114
nghttpx: Make SETTINGS timeout value configurable
...
SETTINGS timeout can be configurable using
--frontend-http2-settings-timeout and
--backend-http2-settings-timeout.
2016-05-21 14:13:57 +09:00
9f770fec36
nghttpx: Save PID file after it is ready to accept connections
2016-05-21 10:42:09 +09:00
6d22898936
src: Compile with OpenSSL 1.1.0-pre5
...
* don't use CRYPTO_LOCK stuff (they are sorted out by openssl, and no
application intervention is required, just like boringSSL)
* don't use OPENSSL_config
* use provided API to access BIO member
2016-05-07 16:18:58 +09:00
d39335829d
nghttpx: Enable kqueue by default
...
We enabled libev kqueue backend in nghttpx by default. Since it might
not work on some platforms, we also added --no-kqueue option to
disable it.
2016-05-06 23:10:09 +09:00
3712c89a66
nghttpx: Use parameter instead of keyword for consistency
2016-04-29 22:47:49 +09:00
fd801864e3
nghttpx: Add sni keyword to --backend option
...
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option. But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
f939000ad9
Update man pages
2016-04-25 21:58:37 +09:00
00bf701600
nghttpx: Truncate too long -b option signature
2016-04-18 23:45:33 +09:00
9e64d10223
nghttpx: Move fall/rise configuration to --backend option
...
This commit removes --backend-fall and --backend-rise options. The
these configurations are now set as fall and rise parameters in
--backend option.
2016-04-09 21:58:08 +09:00
7bc35044c7
nghttpx: Add --backend-fall and --backend-rise options
...
These options are analogous to fall and rise parameter found in
haproxy.
2016-04-08 23:07:17 +09:00
757bcf1310
nghttpx: Fix bug that backend tls keyword did not work with -s option
2016-03-27 17:11:44 +09:00
44af3dab50
nghttpx: Update doc
2016-03-25 02:14:39 +09:00
22128767e6
nghttpx: Fix formatting issue on manual page
2016-03-25 02:08:25 +09:00
186d440168
nghttpx: More StringRef-fy
2016-03-25 01:19:42 +09:00
a9e365ad7d
fixup! nghttpx: More StringRef-fy
2016-03-25 01:10:48 +09:00
a5029d1eed
nghttpx: More StringRef-fy
2016-03-25 01:07:22 +09:00
17ccbae084
src: Don't compare against c-string
2016-03-25 00:07:21 +09:00
13596bde90
nghttpx: Refactor option handling using StringRef
2016-03-24 22:15:58 +09:00
144ae3af9d
nghttpx: Memcached connection encryption with tls keyword
...
Like frontend and backend options, encryption for memcached
connections is configured using tls keyword in
tls-session-cache-memcached and tls-ticket-key-memcached options.
tls-session-cache-memcached-tls and tls-ticket-key-memcached-tls
options are deprecated.
2016-03-24 00:22:13 +09:00
eec0b04a33
nghttpx: Enable/disable TLS per frontend address
...
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option. We removed --frontend-no-tls in
favor of this new feature.
2016-03-23 23:56:09 +09:00
58b06f32a2
nghttpx: Configure TLS per backend routing pattern
...
We added "tls" parameter to --backend option to enable TLS on that
backend connection. --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
4bb88b35ec
nghttpx: "*" must match at least one character
2016-03-22 22:40:23 +09:00
04145e22a2
Revert "nghttpx: Call setsid after executing new binary"
...
This reverts commit 6680d8b792
2016-03-22 00:21:32 +09:00
d2b55ad1a2
nghttpx: Allow '*' in --error-page to be used as wildcard
2016-03-19 23:49:15 +09:00
d7051f5207
nghttpx: Add custom error pages
2016-03-19 23:41:21 +09:00
34d209b30b
nghttpx: Add wildcard host routing
...
This change allows host pattern in --backend to include '*' to
indicate wildcard match. The wildcard match is made in suffix match
only.
2016-03-13 01:01:34 +09:00
df6466cfbd
nghttpx: Update doc
2016-02-28 23:15:57 +09:00
2326337d32
nghttpx: Deprecate backend-http1-connections-per-host in favor of backend-connections-per-host
2016-02-28 22:15:49 +09:00
06921f35f3
nghttpx: Restructure mode settings
...
It is very hard to support multiple protocols in backend while
retaining multiple mode settings. Therefore, we dropped modes except
for default and HTTP/2 proxy mode. The other removed modes can be
emulated using combinations of options. Now the backend connection is
not encrypted by default. To enable encryption on backend connection,
use --backend-tls option.
2016-02-28 21:35:26 +09:00
44d3801760
nghttpx: Deprecate backend-http1-connections-per-frontend in favor of backend-connections-per-frontend
2016-02-28 17:11:12 +09:00
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
36f6a009b8
nghttpx: Effectively disable backend HTTP/2 connection flow control
...
This is required to avoid session stall because of too slow frontend
connection.
2016-02-28 00:19:18 +09:00
aafcc55006
nghttpx: Deprecate --http2-max-concurrent-streams option
...
We added 2 new option instead: --frontend-http2-max-concurrent-streams
and --backend-http2-max-concurrent-streams.
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa