Forward QUIC UDP datagram to lingering worker process which is in
graceful shutdown. Both SIGHUP and SIGUSR2 work. To make this work
correctly, eBPF is required.
Previously, mruby context is wrongly shared by multiple patterns if
the underlying SharedDownstreamAddr is shared by multiple
DownstreamAddrGroups. This commit fixes it.
Pool HTTP/1.1 backend connection per address and reuse it only when
the next round robin index refers to this address. Previously if
there is a pooled connection, there is no round robin selection.
If "upgrade-scheme" parameter is present in backend option along with
"tls" paramter, HTTP/2 :scheme pseudo header field is changed to
"https" from "http" when forwarding a request to this particular
backend. This is a workaround for a server which requests "https"
scheme on HTTP/2 connection encrypted by TLS.
This commit removes frontend-tls parameter, and adds
redirect-if-not-tls parameter parameter to --backend option. nghttpx
now responds to the request with 308 status code to redirect the
request to https URI if frontend connection is not TLS encrypted, and
redirect-if-no-tls parameter is used in --backend option. The port
number in Location header field is 443 by default (thus omitted), but
it can be configurable using --redirect-https-port option.
We have added "dns" parameter to backend option. If specified, name
lookup is done dynamically. If not, name lookup is done at start up,
or configuration reloading. nghttpx caches DNS result including error
case in 30 seconds in this commit. Later commit makes this
configurable.
DNS resolution is done asynchronously using c-ares library.
std::make_shared in Xcode 7, 7.1, and 7.2 does not perform
value-initialization, and causes undefined behaviour if struct does
not have user defined default constructor. This workaround explicitly
defines user defined default constructor, and initializes values.
Previously, we didn't retry request on connection failure. Sometimes
we hit the edge case where connection is about to lost just when we
write request. To avoid this situation, we now retry request to
failed attempt. We also add ConnectBlocker to MemcachedConnection not
to attempt to connect to memcached if connection could not be made
previously.
To reduce TTFB with large number of incoming connections, we now
intentionally accept one connection at a time, so that it does not
delay the TTFB of the existing connection. This is significant
especially for TLS connections.
Tatsuhiro Tsujikawa