143d0b69b7
nghttpx: Implement client IP based session affinity
2016-06-09 22:35:59 +09:00
851cbd49f4
nghttpx: Only parse backend option for API request for now
2016-06-04 17:43:37 +09:00
8288f5713b
nghttpx: Add --api-max-request-body option to set maximum API request body size
2016-06-04 17:24:54 +09:00
43913838b4
nghttpx: Retain memory in Router
2016-06-03 23:52:44 +09:00
845aa7a710
nghttpx: Share downstream config object
...
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
fe58614b23
nghttpx: Use std::shared_ptr for downstream addresses so that we can swap them
2016-06-03 01:20:49 +09:00
2fd095d036
nghttpx: Share the code to configure backends
2016-06-03 00:22:55 +09:00
09150a7927
nghttpx: Pass pointer to Config object to store parsed configurations
2016-06-02 23:59:59 +09:00
667c8b0e27
nghttpx: Add APIDownstreamConnection to handle API request
...
For those connections via frontend with api parameter, they use solely
APIDownstreamConnection.
In this commit, APIDownstreamConnection just consumes all request
body, and do nothing. The next few commits implements our first API
endpoint: /v1/api/dynamicconfig.
2016-06-02 23:50:56 +09:00
2a0d0e798b
nghttpx: Add api parameter to --frontend option to mark API endpoint
2016-06-02 23:50:00 +09:00
2a4bf9f615
nghttpx: Allow mixed protocol and TLS settings among backends under same pattern
2016-05-24 23:36:43 +09:00
0fca352114
nghttpx: Make SETTINGS timeout value configurable
...
SETTINGS timeout can be configurable using
--frontend-http2-settings-timeout and
--backend-http2-settings-timeout.
2016-05-21 14:13:57 +09:00
6d22898936
src: Compile with OpenSSL 1.1.0-pre5
...
* don't use CRYPTO_LOCK stuff (they are sorted out by openssl, and no
application intervention is required, just like boringSSL)
* don't use OPENSSL_config
* use provided API to access BIO member
2016-05-07 16:18:58 +09:00
d39335829d
nghttpx: Enable kqueue by default
...
We enabled libev kqueue backend in nghttpx by default. Since it might
not work on some platforms, we also added --no-kqueue option to
disable it.
2016-05-06 23:10:09 +09:00
fd801864e3
nghttpx: Add sni keyword to --backend option
...
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option. But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
4aa4fe56e1
nghttpx: Destroy SSL object, and always lookup TLS session cache
2016-04-28 22:25:55 +09:00
9e64d10223
nghttpx: Move fall/rise configuration to --backend option
...
This commit removes --backend-fall and --backend-rise options. The
these configurations are now set as fall and rise parameters in
--backend option.
2016-04-09 21:58:08 +09:00
7bc35044c7
nghttpx: Add --backend-fall and --backend-rise options
...
These options are analogous to fall and rise parameter found in
haproxy.
2016-04-08 23:07:17 +09:00
757bcf1310
nghttpx: Fix bug that backend tls keyword did not work with -s option
2016-03-27 17:11:44 +09:00
848e45e333
nghttpx: Use StringRef for SHRPX_UNIX_PATH_PREFIX
2016-03-25 01:00:04 +09:00
13596bde90
nghttpx: Refactor option handling using StringRef
2016-03-24 22:15:58 +09:00
eec0b04a33
nghttpx: Enable/disable TLS per frontend address
...
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option. We removed --frontend-no-tls in
favor of this new feature.
2016-03-23 23:56:09 +09:00
58b06f32a2
nghttpx: Configure TLS per backend routing pattern
...
We added "tls" parameter to --backend option to enable TLS on that
backend connection. --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
d2b55ad1a2
nghttpx: Allow '*' in --error-page to be used as wildcard
2016-03-19 23:49:15 +09:00
d7051f5207
nghttpx: Add custom error pages
2016-03-19 23:41:21 +09:00
dd2bdf3e31
nghttpx: Update doc
2016-03-14 23:53:10 +09:00
a909bb3eca
nghttpx: Initialize proto field
2016-03-14 23:47:29 +09:00
3b2811bfc4
nghttpx: Remove AltSvc ctor
2016-03-13 14:01:59 +09:00
27275a02ac
nghttpx: Remove unused EMPTY_STRING
2016-03-13 13:59:06 +09:00
34d209b30b
nghttpx: Add wildcard host routing
...
This change allows host pattern in --backend to include '*' to
indicate wildcard match. The wildcard match is made in suffix match
only.
2016-03-13 01:01:34 +09:00
2326337d32
nghttpx: Deprecate backend-http1-connections-per-host in favor of backend-connections-per-host
2016-02-28 22:15:49 +09:00
06921f35f3
nghttpx: Restructure mode settings
...
It is very hard to support multiple protocols in backend while
retaining multiple mode settings. Therefore, we dropped modes except
for default and HTTP/2 proxy mode. The other removed modes can be
emulated using combinations of options. Now the backend connection is
not encrypted by default. To enable encryption on backend connection,
use --backend-tls option.
2016-02-28 21:35:26 +09:00
44d3801760
nghttpx: Deprecate backend-http1-connections-per-frontend in favor of backend-connections-per-frontend
2016-02-28 17:11:12 +09:00
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
aafcc55006
nghttpx: Deprecate --http2-max-concurrent-streams option
...
We added 2 new option instead: --frontend-http2-max-concurrent-streams
and --backend-http2-max-concurrent-streams.
2016-02-28 00:19:18 +09:00
c731d1fea5
nghttpx: Deprecate --backend-http2-connections-per-worker option
2016-02-28 00:19:18 +09:00
8ca3e5f6ba
nghttpx: Separate Downstream address group from config to runtime
2016-02-28 00:19:18 +09:00
21007da392
nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
...
Previously, we use one Http2Session object per DownstreamAddrGroup.
This is not flexible, and we have to provision how many HTTP/2
connection is required in advance. The new strategy is we add
Http2Session object on demand. We measure the number of attached
downstream connection object and server advertised concurrency limit.
As long as former is smaller than the latter, we attach new downstream
connection to it. Once the limit is reached, we create new
Http2Session object. If the number lowers the limit, we start to
share Http2Session object again.
2016-02-28 00:19:18 +09:00
c098b4ac70
nghttpx: Remove --backend-tls-session-cache-per-worker option
2016-02-25 22:46:25 +09:00
f2a7275700
nghttpx: Cache TLS session inside DownstreamAddr object
2016-02-21 16:35:43 +09:00
dfc02843b6
src: Rename and rewrite numeric_hostport as to_numeric_addr and support AF_UNIX path
2016-02-21 15:28:11 +09:00
c9a4f293a1
nghttpx: ConnectBlocker per backend address
2016-02-21 14:53:06 +09:00
aa3373a107
nghttpx: Use ImmutableString for mruby_file
2016-02-14 22:27:59 +09:00
7aabc6b125
nghttpx: Use ImmutableString for user
2016-02-14 22:21:55 +09:00
466e4b7a1e
nghttpx: Use ImmutableString for conf_path
2016-02-14 22:20:10 +09:00
76a425226f
nghttpx: Use ImmutableString for pid_file
2016-02-14 22:17:10 +09:00
2b707bff27
nghttpx: Use ImmutableString for log file
2016-02-14 22:17:10 +09:00
9055323b67
nghttpx: Use ImmutableString for request_header_file and response_header_file
2016-02-14 22:17:10 +09:00
67804cfc8c
nghttpx: Use ImmutableString for ciphers
2016-02-14 22:17:10 +09:00
2344932b45
nghttpx: Use ImmutableString for dh_param_file
2016-02-14 22:17:10 +09:00
35ebdd35bc
nghttpx: Use ImmutableString for private_key_file
2016-02-14 22:17:10 +09:00
ac81003669
nghttpx: Use ImmutableString for cert_file
2016-02-14 22:17:10 +09:00
c999987baf
nghttpx: Use ImmutableString for private_key_file
2016-02-14 22:17:10 +09:00
529a59d309
nghttpx: Use ImmutableString for tls.client_verify.cacert
2016-02-14 22:17:10 +09:00
52f6417813
nghttpx: Use ImmutableString for tls.cacert
2016-02-14 22:17:00 +09:00
660bc389e6
nghttpx: Use ImmutableString for fetch_ocsp_response_file
2016-02-14 21:01:54 +09:00
bfc26e8299
nghttpx: Use ImmutableString to store memcached server host
2016-02-14 20:59:10 +09:00
49fa914db5
nghttpx: Use StringRef for string parameters in match_downstream_addr_group
2016-02-14 20:48:06 +09:00
a53f0f0a17
nghttpx: Refactor DownstreamAddrGroup and router API
2016-02-14 18:47:24 +09:00
1bd98dcf4f
nghttpx: Remove user defined ctor/assignment op from DownstreamAddr
2016-02-14 18:31:08 +09:00
b440f585bc
nghttpx: Use Header to store custom request/response header fields
2016-02-13 22:19:05 +09:00
72877379ec
nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor of --backend-address-family
2016-02-13 19:09:39 +09:00
c0078ab45a
nghttpx: Add options to specify address family of memcached connections
2016-02-13 18:46:07 +09:00
3a41e4dd1a
nghttpx: Add encryption support for TLS ticket key retrieval
2016-02-13 18:46:07 +09:00
3297a303bf
nghttpx: Add client auth options for session cache memcached TLS connection
2016-02-13 18:46:07 +09:00
f1580f95d4
nghttpx: Add TLS support for session cache memcached connection
2016-02-13 18:46:07 +09:00
6d49110a33
Rename FrontendAddr as UpstreamAddr
2016-02-07 17:51:53 +09:00
15fa38c72f
nghttpx: Rename backend_session_cache_per_worker as downstream_session_cache_per_worker
2016-02-07 17:43:30 +09:00
e763770f3e
nghttpx: Add option to specify maximum number of session cache
2016-02-07 17:43:30 +09:00
bb4e2f6a24
nghttpx: Add TLS support for HTTP/1 backend
2016-02-07 17:43:30 +09:00
ee07694783
nghttpx: Add request-header-field-buffer and max-request-header-fields options
...
This commit adds request-header-field-buffer and
max-request-header-fields, and deprecates header-field-buffer and
max-header-fields options.
2016-02-06 17:22:23 +09:00
8741503db1
nghttpx: Add --no-http2-cipher-black-list to allow black listed cipher suite
2016-02-06 17:05:14 +09:00
eec409dba7
nghttpx: Limit header fields from backend
2016-02-06 12:27:01 +09:00
aa07fe7fa6
nghttpx: Support multiple frontend addresses
...
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
5a3ca7e700
nghttpx: Disallow user defined static obfuscated string for "for" parameter
2016-01-21 21:05:07 +09:00
9ac3e643d8
Revert "nghttpx: Add --curves option to specify supported elliptic curves"
...
This reverts commit e278893b64
2016-01-21 19:50:38 +09:00
e278893b64
nghttpx: Add --curves option to specify supported elliptic curves
2016-01-21 18:23:13 +09:00
db8de490a0
nghttpx: Omit Forwarded for and by parameter if UNIX domain socket is used
2016-01-19 23:26:04 +09:00
0402481be4
nghttpx: Organize connection related configuration into struct
2016-01-19 16:56:12 +09:00
35feae3b0c
nghttpx: Group up logging related options
2016-01-18 17:26:27 +09:00
16549bb276
nghttpx: Structured configurations for http and http2
2016-01-18 17:00:20 +09:00
f3e1dc7a4f
nghttpx: Structured TLS related configurations
2016-01-18 14:21:09 +09:00
b12af8c410
nghttpx: Refactor backend proxy configuration
2016-01-17 22:51:40 +09:00
ee43250015
nghttpx: Remove useless comment
2016-01-17 22:26:13 +09:00
4f07db8bcb
src: Rename our new string classes
2016-01-17 11:33:45 +09:00
d16ff1f519
nghttpx: Use StringAdaptor for Config::server_name
2016-01-17 01:15:11 +09:00
2c7ed01f0c
nghttpx: Use std::string for Downstream::backend_tls_sni_name
2016-01-17 01:00:15 +09:00
34d5382d66
nghttpx: Use VString for DownstreamAddr::host and hostport to remember size
2016-01-17 00:52:41 +09:00
d678c07ddf
nghttpx: Allow user to specify static obfuscated value via command-line
2016-01-16 11:32:26 +09:00
5c3f74b424
nghttpx: Add RFC 7239 Forwarded header field support
2016-01-16 11:32:14 +09:00
dcc9aaaa24
Add TLS dynamic record size behaviour command line options
2015-10-22 14:07:18 +00:00
f1eb7638d1
nghttpx: Change mruby script handling
...
This commit changes nghttpx's mruby script handling. Previously we
have 2 options to specify the mruby script file to be run on request
and on response. Now they are merged into 1 option, namely
--mruby-file. It now must return object. On request, the object's
on_req(env) method is invoked with env object. Similarly, on
response, the object's on_resp(env) method is invoked. The
specification of Env object has not changed.
2015-10-08 23:32:15 +09:00
349f3e2c7b
Added support for RFC 7413 (TCP Fast Open) on nghttpx proxy listening connections.
...
Fixed code as per PR comments
2015-10-05 13:40:45 -07:00
8acf9a2802
nghttpx: Trie based routing
2015-09-26 22:19:10 +09:00
ce1b11e3a0
nghttpx: Split monolithic one process into control and worker processes
...
The control process handles signals, reads configuration, reads
private keys, and bind port (which may be privileged one). It never
drop privileges, so that it can execute new binary with the same
privilege. It forks worker process. The worker process handles all
incoming connections. It drops privilege.
2015-09-18 23:28:26 +09:00
ec47dfb9b8
Initial HTTP/1.1 capability. Add npn-list option to h2load. Make NPN/ALPN more runtime dependent
2015-09-17 14:49:27 +00:00
ce53bd239e
nghttpx: Implement PROXY protocol version 1
...
Use --accept-proxy-protocol to enable PROXY protocol handling
2015-09-06 21:30:19 +09:00
d722a09581
nghttpx: Rename mruby script options
2015-09-04 01:19:57 +09:00
baadec5ef4
nghttpx: Add response mruby hook
2015-09-03 01:33:52 +09:00
1508c50a45
nghttpx: Add basic infrastructure for mruby support
2015-09-02 02:45:15 +09:00
a1288a5826
nghttpx: Rename --tls-ticket-cipher as --tls-ticket-key-cipher
2015-07-28 23:49:37 +09:00
a6fdca730d
nghttpx: Add options to set maximum retry and failure when getting ticket keys
2015-07-28 01:17:29 +09:00
4949dd4888
nghttpx: Add --tls-ticket-key-memcached-interval option
2015-07-28 01:02:33 +09:00
2f2a300e83
nghttpx: Add TLS ticket key sharing among nghttpx instances using memcached
2015-07-28 00:54:44 +09:00
e3cdfd12ea
nghttpx: Use std::array for TicketKey
2015-07-27 02:12:07 +09:00
cd25c6846e
nghttpx: Create struct Address which holds struct sockaddr_union and length
2015-07-27 01:41:10 +09:00
90b4b48c7e
nghttpx: Add shared session cache using memcached
2015-07-26 23:33:06 +09:00
adec2c06bf
nghttpx: Set SSL/TLS session timeout to 12 hours
2015-07-24 23:59:19 +09:00
cab6c7871c
nghttpx: Don't rewrite host header field by default
...
In reverse proxy usage, backend server most likely wants to see the
original header field. So this commit turns off host header rewrite
by default. --no-host-rewrite option is deprecated, and if it is
used, warning message is displayed. --host-rewrite option is added to
enable host rewrite.
2015-07-23 23:54:56 +09:00
0ec1b98f27
nghttpx: Reorder config fields
2015-07-20 23:15:01 +09:00
a8574fdef2
nghttpx: Use Use std::string instead of std::unique_ptr<char[]> for tls config
2015-07-20 23:15:01 +09:00
dd8ce1e9d2
nghttpx: Use std::unique_ptr<char[]> instead of raw char pointer
2015-07-20 21:37:23 +09:00
e8167ceea7
nghttpx: Add AES-256-CBC encryption for TLS session ticket
2015-07-18 02:02:33 +09:00
0a6877d091
nghttpx: Supply template version strcopy
2015-07-14 22:40:33 +09:00
fb7775e382
nghttpx: Detect loop in --include paths
2015-07-13 21:44:06 +09:00
3097547491
nghttpx: Add --include option to read additional configuration from given file
2015-07-12 23:18:36 +09:00
3119fc259c
Select backend based on request host and path by extending -b option
...
-b option syntax is now <HOST>,<PORT>[;<PATTERN>[:...]]. The optional
<PATTERN>s specify the request host and path it is used for. The
<PATTERN> can contain path, host + path or host. The matching rule is
closely designed to ServeMux in Go programming language.
2015-07-11 00:15:52 +09:00
00efa86fb6
nghttpx: Add --add-request-header option
2015-06-05 23:04:20 +09:00
3d59c6c0b7
nghttpx: Use defined string iteral when defining long_options
2015-05-29 22:48:46 +09:00
34efc6b7a4
More constexpr
2015-05-29 22:36:05 +09:00
53bfc70c9e
Include inttypes.h (or cintypes for C++) instead of stdint.h
...
From autoconf manual, section 5.6.1 Portability of Headers, says:
"""
The C99 standard says that inttypes.h includes stdint.h, so there's no
need to include stdint.h separately in a standard environment. Some
implementations have inttypes.h but not stdint.h (e.g., Solaris 7),
but we don't know of any implementation that has stdint.h but not
inttypes.h.
"""
2015-05-14 00:17:45 +09:00
38cfc5c47c
Check more headers and funcs
2015-05-13 23:29:20 +09:00
552f675466
nghttpx: Add --header-field-buffer and --max-header-fields options
2015-04-29 21:10:59 +09:00
1442b1bd0a
nghttpx: Remove --tls-ctx-per-worker option
...
--tls-ctx-per-worker option does not work well of OCSP stapling. Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
4bc9afe20a
nghttpx: Add OCSP stapling feature
2015-03-30 23:58:28 +09:00
93013f4205
nghttpx: Remove --backend-http2-connection-check option, enable it by default
2015-03-11 00:22:05 +09:00
0e3ae63965
nghttpx: Add --backend-http2-connections-per-worker
2015-03-10 23:43:25 +09:00
446de923f3
nghttpx: Support multiple HTTP/2 session per worker
...
Currently, we use same number of HTTP/2 sessions per worker with given
backend addresses. New option to specify the number of HTTP/2 session
per worker will follow.
2015-03-10 23:20:21 +09:00
41e266181e
nghttpx: Attempt to improve HTTP/2 backend connection check
...
It turns out that writing successfully to network is not enough.
After apparently successful network write, read fails and then we
first know network has been lost (at least my android mobile network).
In this change, we say connection check is successful only when
successful read. We already send PING in this case, so we just wait
PING ACK with short timeout. If timeout has expired, drop connection.
Since waiting for PING ACK could degrade performance for fast reliably
connected network, we decided to disable connection check by default.
Use --backend-http2-connection-check to enable it.
2015-03-09 23:37:54 +09:00
1a2bccd71c
nghttpx: Share nghttp2_session_callbacks between objects
2015-02-24 15:21:10 +09:00
da2376effd
nghttpx: Add host_unix field to DownstreamAddr to tell it is UNIX domain sock
2015-02-22 17:25:23 +09:00
0c4ae3dea5
nghttpx: Support UNIX domain socket on frontend
...
This commit also fixes environment variables used to tell inherited
file descriptors to new binary are stacked up each time new binary is
executed.
2015-02-22 17:25:23 +09:00
997f9233bc
nghttpx: Support UNIX domain socket in backend connections
2015-02-22 12:27:51 +09:00
ae0100a9ab
nghttpx: Refactor worker interface
2015-02-11 22:49:03 +09:00
502b552b68
nghttpx: Add --no-server-push option
2015-02-08 16:19:12 +09:00
b165775811
nghttpx: Refactor CertLookupTree
2015-02-06 21:25:43 +09:00
7c75d9db98
nghttpx: Set nghttp2_option_set_peer_max_concurrent_streams for HTTP/2 backend
2015-02-05 03:05:34 +09:00
a68c4c1e3c
nghttpx: Add --no-host-rewrite option
2015-02-04 01:42:26 +09:00
d1a4002b22
nghttpx: Remove --accept-delay and --num-accept options
2015-01-29 20:58:47 +09:00
3167aa4081
nghttpx: set the supplementary group access list
2015-01-28 20:56:05 +09:00
402ebb277f
nghttpx: Add --num-accept and --accept-delay options
2015-01-27 23:47:56 +09:00
13a14ecda8
nghttpx: Workaround IRIX's struct sockaddr which contains union
2015-01-17 14:59:24 +09:00
f004361ef2
nghttpx: Add --backend-request-buffer option
2015-01-13 23:30:28 +09:00
c88a5291b7
nghttpx: Add --backend-response-buffer option
2015-01-13 23:20:06 +09:00
1e4f8f27fd
nghttpx: Add --tls-ctx-per-worker option
...
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it. We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine. Good side of sharing SSL_CTX across threads is
we can share session ID pool.
If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks. The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread. But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
0ca979b453
nghttpx: Add --rlimit-nofile option
2015-01-10 23:17:48 +09:00
fcddb5c06c
nghttpx: Distribute session ticket keys to workers without mutex
2015-01-08 21:15:45 +09:00
5dce9501a6
Fix compile error with libstdc++ and/or --disable-threads
2015-01-08 01:57:59 +09:00
08e8cc1915
nghttpx: Add --tls-ticket-key-file option
...
This option specifies files contains 48 random bytes to construct
session ticket key data. This option can be used repeatedly to
specify multiple keys, but only the first one is used to encrypt
tickets.
2015-01-08 01:26:30 +09:00
52f3572d5b
nghttpx: Enable TLS session tickets with session key rotation every 12hrs
2015-01-08 00:01:09 +09:00
Tatsuhiro Tsujikawa
Lucas Pardue
Peeyush Aggarwal
Fabian Möller