Tatsuhiro Tsujikawa
1442b1bd0a
nghttpx: Remove --tls-ctx-per-worker option
...
--tls-ctx-per-worker option does not work well of OCSP stapling. Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
Tatsuhiro Tsujikawa
cc94632b29
src: Use separator "--" to mark start of the footer without ambiguity
2015-03-31 00:21:52 +09:00
Tatsuhiro Tsujikawa
4bc9afe20a
nghttpx: Add OCSP stapling feature
2015-03-30 23:58:28 +09:00
Tatsuhiro Tsujikawa
93013f4205
nghttpx: Remove --backend-http2-connection-check option, enable it by default
2015-03-11 00:22:05 +09:00
Tatsuhiro Tsujikawa
0e3ae63965
nghttpx: Add --backend-http2-connections-per-worker
2015-03-10 23:43:25 +09:00
Tatsuhiro Tsujikawa
446de923f3
nghttpx: Support multiple HTTP/2 session per worker
...
Currently, we use same number of HTTP/2 sessions per worker with given
backend addresses. New option to specify the number of HTTP/2 session
per worker will follow.
2015-03-10 23:20:21 +09:00
Tatsuhiro Tsujikawa
c5860fc6f4
nghttpx: Support multiple -b option for HTTP/2 backend
2015-03-10 21:54:29 +09:00
Tatsuhiro Tsujikawa
41e266181e
nghttpx: Attempt to improve HTTP/2 backend connection check
...
It turns out that writing successfully to network is not enough.
After apparently successful network write, read fails and then we
first know network has been lost (at least my android mobile network).
In this change, we say connection check is successful only when
successful read. We already send PING in this case, so we just wait
PING ACK with short timeout. If timeout has expired, drop connection.
Since waiting for PING ACK could degrade performance for fast reliably
connected network, we decided to disable connection check by default.
Use --backend-http2-connection-check to enable it.
2015-03-09 23:37:54 +09:00
Tatsuhiro Tsujikawa
c2426bc732
Merge branch 'pthread-getspecific' of https://github.com/icing/nghttp2 into icing-pthread-getspecific
2015-03-05 02:04:56 +09:00
Stefan Eissing
1fd44b1567
replacing thread_local, which does not exist on OS X, with pthread_getspecific call
2015-03-03 17:09:15 +01:00
Tatsuhiro Tsujikawa
1c0d617742
nghttpx: Rename WorkerConfig as LogConfig
...
This is a sign that we only use thread-local storage for logging only.
2015-02-26 00:02:29 +09:00
Tatsuhiro Tsujikawa
b161dfe573
nghttpx: Move graceful_shutdown flag from WorkerConfig to Worker
...
A part of an effort to eliminate thread_local WorkerConfig
2015-02-25 22:53:53 +09:00
Tatsuhiro Tsujikawa
1a2bccd71c
nghttpx: Share nghttp2_session_callbacks between objects
2015-02-24 15:21:10 +09:00
Tatsuhiro Tsujikawa
8b533e19bb
nghttpx: Remove option name from unix path sample since it is a bit strange
2015-02-22 18:09:37 +09:00
Tatsuhiro Tsujikawa
df32a534fc
nghttpx: Rename ConnectionHandler::acceptor4_ as acceptor_
...
This change is motivated by that fact that we use it for UNIX domain
socket as well as IPv4.
2015-02-22 17:59:50 +09:00
Tatsuhiro Tsujikawa
e583a25a8b
nghttpx: Fix error found by coverity scan
2015-02-22 17:53:12 +09:00
Tatsuhiro Tsujikawa
da2376effd
nghttpx: Add host_unix field to DownstreamAddr to tell it is UNIX domain sock
2015-02-22 17:25:23 +09:00
Tatsuhiro Tsujikawa
0c4ae3dea5
nghttpx: Support UNIX domain socket on frontend
...
This commit also fixes environment variables used to tell inherited
file descriptors to new binary are stacked up each time new binary is
executed.
2015-02-22 17:25:23 +09:00
Tatsuhiro Tsujikawa
997f9233bc
nghttpx: Support UNIX domain socket in backend connections
2015-02-22 12:27:51 +09:00
Tatsuhiro Tsujikawa
a26a597453
nghttpx: Cast configuration value to rlim_t to avoid compile error on 32bit
2015-02-21 16:57:02 +09:00
Tatsuhiro Tsujikawa
ab93a700ce
src: Announce h2 ALPN
2015-02-20 23:50:17 +09:00
Tatsuhiro Tsujikawa
ae0100a9ab
nghttpx: Refactor worker interface
2015-02-11 22:49:03 +09:00
Tatsuhiro Tsujikawa
502b552b68
nghttpx: Add --no-server-push option
2015-02-08 16:19:12 +09:00
Tatsuhiro Tsujikawa
4dea318b5b
nghttpx: Fix compile error if SOCK_NONBLOCK is undefined
2015-02-08 00:49:56 +09:00
Tatsuhiro Tsujikawa
54851ef7a6
src: Move make_unique to nghttp2 namespace
2015-02-06 00:15:43 +09:00
Tatsuhiro Tsujikawa
7c75d9db98
nghttpx: Set nghttp2_option_set_peer_max_concurrent_streams for HTTP/2 backend
2015-02-05 03:05:34 +09:00
Tatsuhiro Tsujikawa
a68c4c1e3c
nghttpx: Add --no-host-rewrite option
2015-02-04 01:42:26 +09:00
Tatsuhiro Tsujikawa
e03f36eeeb
nghttpx: Use <DURATION> instead of <T>
2015-01-29 23:23:30 +09:00
Tatsuhiro Tsujikawa
00555dc7bb
nghttpx: Use TCP_DEFER_ACCEPT if available
2015-01-29 21:14:44 +09:00
Tatsuhiro Tsujikawa
d1a4002b22
nghttpx: Remove --accept-delay and --num-accept options
2015-01-29 20:58:47 +09:00
Tatsuhiro Tsujikawa
96e66b1a81
nghttpx: Make num_accept 0 on graceful shutdown
...
Make num_accept unlimited so that we can accept all pending
connections waiting in listen queue.
2015-01-28 21:02:31 +09:00
Tatsuhiro Tsujikawa
19429abd07
nghttpx: Make --accept-delay default to 10ms
2015-01-28 21:00:47 +09:00
Fabian Möller
3167aa4081
nghttpx: set the supplementary group access list
2015-01-28 20:56:05 +09:00
Tatsuhiro Tsujikawa
f8765be817
nghttpx: Make --backend-keep-alive-timeout default to 2s
2015-01-28 00:47:09 +09:00
Tatsuhiro Tsujikawa
f0c7839f25
nghttpx: Clarify --num-accept=0 case
2015-01-28 00:39:56 +09:00
Tatsuhiro Tsujikawa
6a39de0ae5
nghttpx: Accept s or ms as unit for <T> argument
2015-01-28 00:36:44 +09:00
Tatsuhiro Tsujikawa
402ebb277f
nghttpx: Add --num-accept and --accept-delay options
2015-01-27 23:47:56 +09:00
Tatsuhiro Tsujikawa
f604cbae70
nghttpx: Fix shutdown too early with QUIT signal if num_worker == 1
2015-01-22 01:46:25 +09:00
Tatsuhiro Tsujikawa
8997e4369d
nghttpx: Adjust backend buffers
2015-01-21 01:47:43 +09:00
Tatsuhiro Tsujikawa
5d204fc3aa
nghttpx: Add more option categories
2015-01-15 23:19:35 +09:00
Tatsuhiro Tsujikawa
8fe093de1d
nghttpx: Set initial backlog to 512
2015-01-14 21:24:12 +09:00
Tatsuhiro Tsujikawa
f004361ef2
nghttpx: Add --backend-request-buffer option
2015-01-13 23:30:28 +09:00
Tatsuhiro Tsujikawa
c88a5291b7
nghttpx: Add --backend-response-buffer option
2015-01-13 23:20:06 +09:00
Tatsuhiro Tsujikawa
0d614cf103
nghttpx: Longer help message
2015-01-13 23:02:18 +09:00
Tatsuhiro Tsujikawa
29d6cfae80
nghttpx: Add explanation about units in <SIZE>
2015-01-13 22:42:52 +09:00
Tatsuhiro Tsujikawa
c48a6e73e8
nghttpx: Clean up metavar
2015-01-13 22:39:35 +09:00
Tatsuhiro Tsujikawa
956c11388c
nghttpx: Allow units (k, m, and g) in --{read,write}-{rate,burst}
...
So that you can specify --read-rate=1M --read-burst=4M
2015-01-13 21:54:53 +09:00
Tatsuhiro Tsujikawa
5e8eb926f2
nghttpx: Fix server error with -n1 and --tls-ctx-per-worker
2015-01-13 21:53:53 +09:00
Tatsuhiro Tsujikawa
1e4f8f27fd
nghttpx: Add --tls-ctx-per-worker option
...
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it. We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine. Good side of sharing SSL_CTX across threads is
we can share session ID pool.
If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks. The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread. But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
Tatsuhiro Tsujikawa
e048deb64c
nghttpx: Fix error message
2015-01-12 22:35:45 +09:00
Tatsuhiro Tsujikawa
f7455d48cc
Compile with android NDK
...
This also fixes the bug that nghttpx's acceptor fd is blocking if
SOCK_NONBLOCK is undefined.
2015-01-11 00:28:00 +09:00
Tatsuhiro Tsujikawa
0ca979b453
nghttpx: Add --rlimit-nofile option
2015-01-10 23:17:48 +09:00
Tatsuhiro Tsujikawa
bc17f95c80
src: Move ipv6_numeric_addr to util and add test
2015-01-10 21:33:53 +09:00
Tatsuhiro Tsujikawa
a3dcf1e004
Produce man pages using sphinx
...
Previously to create manual page for bundled programs, we use help2man
to create man page from program's help output. Then our man2rst.py
script converts man page to rst document. Sphinx generates html from
rst documents.
Now help2rst.py produces rst document from programs output. We use
Sphinx solely to produce both man pages and html files.
2015-01-10 00:37:42 +09:00
Tatsuhiro Tsujikawa
019f1e9fc7
nghttpx: Remove useless comments
2015-01-08 22:28:30 +09:00
Tatsuhiro Tsujikawa
0173929538
nghttpx: Rename ListenHandler as ConnectionHandler
2015-01-08 21:48:39 +09:00
Tatsuhiro Tsujikawa
fcddb5c06c
nghttpx: Distribute session ticket keys to workers without mutex
2015-01-08 21:15:45 +09:00
Tatsuhiro Tsujikawa
5d3544185c
nghttpx: Fix crash in SSL_CTX_set_tlsext_ticket_key_cb
...
It seems that returning 0 when enc == 0 crashes OpenSSL.
2015-01-08 20:46:35 +09:00
Tatsuhiro Tsujikawa
5dce9501a6
Fix compile error with libstdc++ and/or --disable-threads
2015-01-08 01:57:59 +09:00
Tatsuhiro Tsujikawa
08e8cc1915
nghttpx: Add --tls-ticket-key-file option
...
This option specifies files contains 48 random bytes to construct
session ticket key data. This option can be used repeatedly to
specify multiple keys, but only the first one is used to encrypt
tickets.
2015-01-08 01:26:30 +09:00
Tatsuhiro Tsujikawa
52f3572d5b
nghttpx: Enable TLS session tickets with session key rotation every 12hrs
2015-01-08 00:01:09 +09:00
Tatsuhiro Tsujikawa
ba795d86f0
nghttpx: Don't cache time for logging
...
Update is done by main event loop which is stopped after graceful
shutdown is commenced, which means time is no longer update. To avoid
this situation, we just avoid caching and get time for each logging.
2015-01-06 23:17:09 +09:00
Tatsuhiro Tsujikawa
94e69d5e30
nghttpx: Remove commented lines
2015-01-06 22:55:01 +09:00
Tatsuhiro Tsujikawa
7db1864766
nghttpx: Add --backend-http1-connections-per-frontend option
2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa
a55a07940c
nghttpx: Show not implemented warning for per wroker rate limit
2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa
bfac015d61
src: Use libev for rest of the applications
2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa
d695d2ccc0
nghttp, nghttpx, nghttpd, h2load: Support h2-16 in NPN/ALPN
...
The nghttp2 library itself is still h2-14. To experiment with the
implementations to require h2-16 to test new features (e.g.,
prioritization), nghttp, nghttpx, nghttpd and h2load now support h2-16
as well as h2-14. Cleartext HTTP Upgrade is still limited to h2-14
however.
2014-12-16 22:57:58 +09:00
Tatsuhiro Tsujikawa
b607a22076
nghttpx: Support multiple HTTP/1 backend address
...
For HTTP/1 backend, -b option can be used several times to specify
multiple backend address. HTTP/2 backend does not support multiple
addresses and only uses first address even if multiple addresses are
specified.
2014-12-06 19:30:27 +09:00
Tatsuhiro Tsujikawa
9614611969
nghttpx: Limit # of downstream connections per host when h2 proxy is used
...
This commit limits the number of concurrent HTTP/1 downstream
connections to same host. By defualt, it is limited to 8 connections.
--backend-connections-per-frontend option was replaced with
--backend-http1-connections-per-host, which changes the maximum number
of connections per host. This limitation only kicks in when h2 proxy
is used (-s option).
2014-12-05 01:47:03 +09:00
Tatsuhiro Tsujikawa
f178b78816
nghttpx: Longer read timeouts
2014-12-03 23:45:44 +09:00
Tatsuhiro Tsujikawa
e180d8e594
nghttpx: Longer downstream HTTP/1 idle connection timeout
2014-12-03 23:00:53 +09:00
Tatsuhiro Tsujikawa
b1f807abd1
Reformat lines with clang-format-3.5
2014-11-27 23:56:30 +09:00
Tatsuhiro Tsujikawa
c67ccad74d
nghttpx: Use cached get_config()->pid in save_pid()
2014-11-27 22:41:14 +09:00
Tatsuhiro Tsujikawa
04dae32509
nghttpx: Store PID to Config again after daemon()
2014-11-27 21:32:34 +09:00
Tatsuhiro Tsujikawa
9bba616426
nghttpx: Add $alpn variable to accesslog formatting
...
$alpn is a variable which represents ALPN identifier of the protocol
which generates the response.
2014-11-24 15:24:09 +09:00
Tatsuhiro Tsujikawa
1fe50f272b
nghttpx: Add $pid to --accesslog-format variable
...
$pid refers to the PID of the running process.
2014-11-24 14:34:43 +09:00
Tatsuhiro Tsujikawa
93023acc6c
nghttpx: Make --accesslog-format usage doc help2man friendly
...
This is unfortunate but help2man behaves badly when there is indented
lines in help messages in commnad-line args. We removed indentations
to make help2man happy.
2014-11-24 14:16:48 +09:00
Tatsuhiro Tsujikawa
daf659c64e
nghttpx: Note the conversion made in <VAR>
2014-11-24 14:04:37 +09:00
Lucas Pardue
9cf1a0c77c
Add features to logging, client and server port,
...
time_iso8601 and request_time.
2014-11-23 20:37:51 +00:00
Tatsuhiro Tsujikawa
958cd0de64
nghttpx: Add configurable access logging format
...
This commit adds functionality to customize access logging format in
nghttpx. The format variables are inspired by nginx. The default
format is combined format.
2014-11-19 01:29:55 +09:00
Tatsuhiro Tsujikawa
5ce8ae79f0
nghttpx: Disable spdy/3 and spdy/2 by default
2014-11-14 23:16:06 +09:00
Tatsuhiro Tsujikawa
ce71e65aee
nghttpx: Replace WARNING with WARN for consistency
2014-11-08 10:51:56 +09:00
Tatsuhiro Tsujikawa
1119701071
nghttpx: Fix -L option help message
...
WARNING should be WARN.
2014-11-08 10:45:58 +09:00
Lucas Pardue
a067eb02a5
Add LOG_NOTICE level logging for application lifecycle events
2014-11-06 14:32:56 +00:00
Tatsuhiro Tsujikawa
be1a513c59
nghttpx: Shut up scan-build
2014-10-30 22:36:22 +09:00
Lucas Pardue
9ea4905f68
Added X-Forwarded-For header stripping option to nghttpx
2014-10-27 10:23:20 +00:00
Tatsuhiro Tsujikawa
c6cfcc3c30
src: Disable insecure SSLv3
2014-10-22 23:14:07 +09:00
Tatsuhiro Tsujikawa
8fffa05513
src: Fix possible heap-use-after free for OpenSSL global locking
...
This is simply programming error, but it is interesting that using
libstdc++ does not reveal this error. With clang++-libc++, we got
std::system_error: mutex lock faild: Invalid argument. This is
because we did not give a name to lock object, so it is immediately
destructed. I think this will fix the reported crash on Mac OSX.
2014-10-14 21:47:07 +09:00
Svante Signell
df875db989
Avoid PATH_MAX by using getcwd(nullptr, 0) as supported by modern glibc-based OSes.
2014-10-03 21:58:15 +09:00
Tatsuhiro Tsujikawa
f8471a5f45
nghttpx: Move --backend-http-proxy-uri to Connections section
2014-08-27 23:37:54 +09:00
Tatsuhiro Tsujikawa
822ec75814
nghttpx: Add --listener-disable-timeout option
2014-08-27 22:34:00 +09:00
Tatsuhiro Tsujikawa
9ad2c0887e
nghttpx: Use _Exit() instead of exit() when execve is failed in child process
2014-08-23 18:15:47 +09:00
Tatsuhiro Tsujikawa
c7e9fe8154
nghttpx: Implement connection blocker for HTTP/1 backend
2014-08-19 23:36:04 +09:00
Tatsuhiro Tsujikawa
fb62a5ed4f
nghttpx: Use pointer for worker_config
2014-08-19 22:29:44 +09:00
Tatsuhiro Tsujikawa
2fb675f13c
nghttpx: Open default log files for errors occurred while parsing options
2014-08-17 22:37:30 +09:00
Tatsuhiro Tsujikawa
eebd1f5492
nghttpx: Add some more info about prohibition of --read-burst=0
2014-08-17 22:31:44 +09:00
Tatsuhiro Tsujikawa
86dd1519b4
nghttpx: Android specific hack for special files for logging
...
Android lacks /dev/stderr, so directly use /proc/self/fd/2 as default
errorlog-file. Android does not like O_APPEND for /proc/self/fd/1 and
/proc/self/fd/2, so omit the flag for these paths.
2014-08-17 19:01:51 +09:00
Tatsuhiro Tsujikawa
5d2390deba
nghttpx: Bring per-connection rate limit back
...
--read-burst=0 still does not work. But specifying n > 0 workarounds
this.
2014-08-17 16:17:10 +09:00
Tatsuhiro Tsujikawa
3c056973a1
nghttpx: Ignore SIGCHLD not to create zombie on SIGUSR2 if -D is used
2014-08-17 00:05:24 +09:00
Tatsuhiro Tsujikawa
0e8419ac37
nghttpx: Add backend-connections-per-frontend option
...
This option limits the number of backend connections per frontend.
This is meaningful for the combination of HTTP/2 and SPDY frontend and
HTTP/1 backend.
2014-08-16 22:24:17 +09:00