Tatsuhiro Tsujikawa
be5066c450
Updated http-parser
2012-12-23 01:13:02 +09:00
Tatsuhiro Tsujikawa
92260ccc81
Add patch for http-parser to handle tunneling connection transparently
2012-12-20 01:05:51 +09:00
Tatsuhiro Tsujikawa
9425f8a45f
shrpx: Handle graceful shutdown in SPDY backend
2012-12-17 01:10:45 +09:00
Tatsuhiro Tsujikawa
3ba73db7d7
shrpx: Remove unused function modify_location_header_value
2012-12-14 01:14:42 +09:00
Tatsuhiro Tsujikawa
4d80a26188
spdycat: Log error when no supported SPDY version was negotiated
2012-12-12 23:28:32 +09:00
Tatsuhiro Tsujikawa
8c456674cf
shrpx: Remove upstream_spdy_stream and upstream_spdy_stream_close
...
upstream_response logs more detailed information.
2012-12-09 23:30:11 +09:00
Tatsuhiro Tsujikawa
90eebbc88c
shrpx: Log status code, method, path and HTTP version in accesslog
2012-12-09 23:29:43 +09:00
Tatsuhiro Tsujikawa
6ef9b7430d
shrpx: Color HTTP headers in console log
2012-12-09 21:36:02 +09:00
Tatsuhiro Tsujikawa
9b1f36d274
shrpx: Color severity level in terminal
...
Color severity level if stderr refers to a terminal.
2012-12-09 21:02:48 +09:00
Tatsuhiro Tsujikawa
bbf6c18575
shrpx: Log format change
...
Added macros which log messages from the following components are
prefixed with their component name + object pointer address:
ListenHandler: LISTEN
ThreadEventReceiver: THREAD_RECV
Upstream: UPSTREAM
Downstream: DOWNSTREAM
DownstreamConnection: DCONN
SpdySession: DSPDY
2012-12-09 19:15:14 +09:00
Tatsuhiro Tsujikawa
4d0db62f1d
examples: Remove unused htparse
2012-12-08 00:38:53 +09:00
Tatsuhiro Tsujikawa
65e965791f
shrpx: Replace strncpy + putting null with memcpy in ssl_pem_passwd_cb
2012-12-07 23:42:58 +09:00
Tatsuhiro Tsujikawa
06220f7fdf
shrpx: Make is_secure() static
2012-12-07 23:14:20 +09:00
Raul Gutierrez Segales
cbf8ccf7d1
[shrpx] read private key's passwd from a file
...
This avoids the need to provide the password for your
private key interactively.
It can be used via --private-key-passwd-file or private-key-passwd-file
in the given config file. The first line in the file
(without \n) will be treated as the passwd. There isn't
any validation and all lines after the first one (if any)
are ignored.
The security model behind this is a bit simplistic so I
am open to better ideas. Basically your password file
should be root:root (700) and you *should* drop root
and run as an unprivileged user.
If the file exists and a line can be read then a callback
will be set for the SSL ctxt and it'll feed the passwd
when the private key is read (if password is needed).
If the file exists with the wrong permisions it'll be
logged and ignored.
2012-12-03 21:55:32 -08:00
Tatsuhiro Tsujikawa
f97110f092
spdycat, spdyd: Support SPDY without SSL/TLS
...
Use --no-tls option to disable SSL/TLS and specify SPDY protocol
version using -2 or -3.
2012-11-25 21:58:44 +09:00
Tatsuhiro Tsujikawa
58b1da39e3
Update REAME.rst
2012-11-24 20:28:07 +09:00
Tatsuhiro Tsujikawa
50211bc1ad
shrpx: Replace "https" with "http" in log message in shrpx_https_upstream.cc
2012-11-23 21:30:57 +09:00
Tatsuhiro Tsujikawa
282b8b567a
shrpx: Log upstream https request headers
2012-11-23 21:30:17 +09:00
Tatsuhiro Tsujikawa
8f62441112
src: Rewrite util::stripIter
2012-11-23 21:14:39 +09:00
Tatsuhiro Tsujikawa
baf2dc3ddf
shrpx: Add --backend-ipv4 and --backend-ipv6 options.
2012-11-23 21:11:01 +09:00
Tatsuhiro Tsujikawa
df7023bd92
Update README.rst
2012-11-23 00:26:48 +09:00
Tatsuhiro Tsujikawa
7a21905312
shrpx: Remove Config ctor and fill all initial values in fill_default_config()
2012-11-22 23:35:10 +09:00
Tatsuhiro Tsujikawa
c1332a35a5
shrpx: Add -v, --version option
2012-11-22 23:08:36 +09:00
Tatsuhiro Tsujikawa
774e64d2b4
shrpx: Group up options in -h output
2012-11-22 23:04:27 +09:00
Tatsuhiro Tsujikawa
9c70c1b867
shrpx: Code cleanup
2012-11-22 22:05:52 +09:00
Tatsuhiro Tsujikawa
4349d42988
shrpx: Add usage for <PRIVATE_KEY> <CERT>
2012-11-22 22:00:38 +09:00
Tatsuhiro Tsujikawa
9aa7af2c7f
shrpx: Use SNI TLS extension in client mode
2012-11-22 21:51:11 +09:00
Tatsuhiro Tsujikawa
d589f4c74c
shrpx: Verify backend server's certificate in client mode
...
The -k, --insecure option is added to skip this verification. The
system wide trusted CA certificates will be loaded at startup. The
--cacert option is added to specify the trusted CA certificate file.
2012-11-22 21:46:15 +09:00
Tatsuhiro Tsujikawa
8a5db1751e
shrpx: Check the length of output buffer in write callback
...
Possibly because of deferred callback, we may get this callback when
the output buffer is not empty.
2012-11-22 03:13:30 +09:00
Tatsuhiro Tsujikawa
81adb6bc7f
shrpx: Implement downstream SPDY flow control
2012-11-21 23:47:48 +09:00
Tatsuhiro Tsujikawa
0bf15a7694
Rename --client-mode as --client and add --client-proxy
...
With --client-proxy option, shrpx makes sure that the request path is
an absolute URI, otherwise it will return 400 status code.
2012-11-21 22:10:35 +09:00
Tatsuhiro Tsujikawa
fa552c6788
shrpx: Share SPDY session among multiple frontend connections per thread
...
In client mode, now SPDY connection to the backend server is
established per thread. The frontend connections which belong to the
same thread share the SPDY connection.
2012-11-21 01:29:39 +09:00
Tatsuhiro Tsujikawa
ae30e7f71b
shrpx: Split request path into SPDY specific headers
2012-11-19 21:40:59 +09:00
Tatsuhiro Tsujikawa
bebea5e16a
Update http-parser
2012-11-19 02:16:42 +09:00
Tatsuhiro Tsujikawa
542fd6420b
Fix recursive HttpsUpstream::on_read() call
...
Don't call HttpsUpstream::resume_read() from the call tree of
on_read(). Avoid parsing next http data after parse error.
2012-11-19 02:11:46 +09:00
Tatsuhiro Tsujikawa
077275e783
Fix typo SPDY/3
2012-11-19 02:10:58 +09:00
Tatsuhiro Tsujikawa
aa07076f29
shrpx: Don't propagate expect: 100-continue to backend
2012-11-18 23:49:41 +09:00
Tatsuhiro Tsujikawa
52c4d26927
shrpx: Deadlock with upload data in clinet mode
2012-11-18 23:48:55 +09:00
Tatsuhiro Tsujikawa
19bf97b3e5
Support x-forwarded-proto and x-forwarded-for in SpdyDownstreamConnection
2012-11-18 23:04:14 +09:00
Tatsuhiro Tsujikawa
d29d033830
Update README.rst
2012-11-18 22:08:49 +09:00
Tatsuhiro Tsujikawa
b2d530783e
Update README.rst
2012-11-18 21:57:04 +09:00
Tatsuhiro Tsujikawa
026f4ca3a2
Add --client-mode option
...
With --client-mode option, shrpx now accepts unencrypted HTTP
connections and communicates with backend server in SPDY. In short,
this is the "reversed" operation mode against normal mode. This may
be useful for testing purpose because it can sit between HTTP client
and shrpx "normal" mode.
2012-11-18 21:46:07 +09:00
Tatsuhiro Tsujikawa
aa64a7f7f5
Don't send response-body for 304 response
2012-11-18 21:22:08 +09:00
Tatsuhiro Tsujikawa
d81827c073
Update GOAWAY INTERNAL_ERROR value according to SPDY/3 spec change
2012-11-14 21:17:04 +09:00
Tatsuhiro Tsujikawa
4748443899
shrpx: Log detailed error description in SSL code
2012-11-14 21:14:11 +09:00
Tatsuhiro Tsujikawa
8a2020362d
tests: Use traditional C-style comments
2012-11-14 21:00:36 +09:00
Raul Gutierrez Segales
6f6f6ffc41
[shrpx] fix password handling for certs keys
...
We should only call daemon() after ListenHandler is
instantiated, where SSL_CTX_use_PrivateKey_file is called,
otherwise we have no stdin/stdout to get the password for
keyfile.
2012-10-27 22:29:27 -07:00
Raul Gutierrez Segales
45f302f363
fedora: add spec file
...
We should probably make this spec file a template and integrate
it with our build process (make package?). Will follow-up with
that eventually.
2012-10-27 14:54:06 -07:00
Tatsuhiro Tsujikawa
fdc19550fc
spdyd: Open file with O_BINARY flag
2012-10-16 22:57:26 +09:00
Tatsuhiro Tsujikawa
22840dbfaf
spdycat: Handle timeout in connect and SSL/TLS handshake
2012-10-14 23:39:41 +09:00