Commit Graph

261 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 854e9fe395 nghttpx: Always call init_forwarded_for
Always call init_forwarded_for to get the default when source address
in PROXY protocol is ignored.  This ensures that forwarded header
field has the same value as x-forwarded-for.
2020-04-18 17:16:45 +09:00
Tatsuhiro Tsujikawa 49cd8e6e73 nghttpx: Add PROXY-protocol v2 support 2020-04-18 17:16:30 +09:00
Tatsuhiro Tsujikawa 95efb3e19d Don't read too greedily 2019-08-14 11:44:28 +09:00
Tatsuhiro Tsujikawa 7a5908933e Fix clang-8 warning 2019-06-22 17:44:16 +09:00
Tatsuhiro Tsujikawa a35059e3f1 nghttpx: Fix bug that altered authority and path affect backend selection
Fix bug that altered authority and path by per-pattern mruby script
affect backend selection on retry.
2019-04-16 22:18:30 +09:00
Tatsuhiro Tsujikawa 8dc2b263ba nghttpx: Use std::priority_queue 2019-01-22 00:01:17 +09:00
Tatsuhiro Tsujikawa 1ff9de4c87 nghttpx: Backend address selection with weight 2019-01-21 22:23:19 +09:00
Tatsuhiro Tsujikawa e9c9838cdc nghttpx: Pool h1 backend connection per address
Pool HTTP/1.1 backend connection per address and reuse it only when
the next round robin index refers to this address.  Previously if
there is a pooled connection, there is no round robin selection.
2019-01-14 22:20:58 +09:00
Tatsuhiro Tsujikawa f2159bc2c1 nghttpx: Convert UpstreamAltMode to enum class 2018-10-17 08:38:55 +09:00
Tatsuhiro Tsujikawa b0eb68ee9e nghttpx: Convert shrpx_forwarded_node_type to enum class 2018-10-16 23:10:17 +09:00
Tatsuhiro Tsujikawa 5e4f434fd8 nghttpx: Convert shrpx_session_affinity to enum class 2018-10-16 23:03:17 +09:00
Tatsuhiro Tsujikawa 20ea964f2f nghttpx: Convert shrpx_proto to enum class 2018-10-16 22:59:34 +09:00
Tatsuhiro Tsujikawa d105619bc3 src: Remove extra braces if possible 2018-10-15 23:46:33 +09:00
Tatsuhiro Tsujikawa ec5729b1fa Use std::make_unique 2018-10-15 23:02:44 +09:00
Tatsuhiro Tsujikawa d2a594a753 nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2 2018-09-29 11:35:41 +09:00
Tatsuhiro Tsujikawa 9b24e19763 nghttpx: Choose h1 protocol if headers have been sent to backend on retry 2018-08-22 23:20:13 +09:00
Tatsuhiro Tsujikawa 880f948684 Enable IndentPPDirectives 2018-06-09 16:21:30 +09:00
Tatsuhiro Tsujikawa e65e7711ca Add comment on #endif 2018-04-03 21:39:44 +09:00
Bernard Spil 400934e5a3 [PATCH] Allow building without NPN
NPN has been superseeded by ALPN. OpenSSL provides a configure
option to disable npn (no-npn) which results in an OpenSSL
installation that defines OPENSSL_NO_NEXTPROTONEG in opensslconf.h

The #ifdef's look safe here (as the next_proto is initialized as
nullptr). Alteratively, macros could be defined for the used npn
methods that return a 0 for next_proto.

Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2018-03-25 18:27:23 +02:00
Tatsuhiro Tsujikawa 74754982f1 nghttpx: Fix missing ALPN validation (--npn-list)
This commit fixes the bug that ALPN validation does not occur when
ALPN list is not sent from client.
2018-01-04 22:43:47 +09:00
Tatsuhiro Tsujikawa 4d1139f653 Remove SPDY 2017-12-17 13:28:44 +09:00
Tatsuhiro Tsujikawa 216f4dad83 nghttpx: Remove redundant check 2017-12-14 21:39:22 +09:00
Tatsuhiro Tsujikawa a4e27d766b Revert "nghttpx: Use an existing h2 backend connection as much as possible"
This reverts commit f507b5eee4.

Balancing load is more important at the moment.
2017-12-14 21:34:04 +09:00
Tatsuhiro Tsujikawa ff200bfcf3 clang-format-5.0 2017-11-23 14:19:12 +09:00
Tatsuhiro Tsujikawa f5ddd7f43b nghttpx: Make initial_addr_idx_ unsigned 2017-11-04 17:30:56 +09:00
Tatsuhiro Tsujikawa 88abbce7e7 nghttpx: Fix compile error with gcc 2017-11-04 17:30:27 +09:00
Tatsuhiro Tsujikawa 16e9036568 nghttpx: Fix affinity retry 2017-11-04 17:13:45 +09:00
Tatsuhiro Tsujikawa b8fda6808b nghttpx: Cookie based session affinity 2017-11-01 22:18:03 +09:00
Tatsuhiro Tsujikawa 60baca27e4 nghttpx: Add more TLS related attributes to mruby Env object
The added attributes are:

* tls_cipher
* tls_protocol
* tls_session_id
* tls_session_reused
* alpn
2017-10-29 22:42:30 +09:00
Tatsuhiro Tsujikawa c573c80bd3 nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec 2017-10-29 19:47:39 +09:00
Tatsuhiro Tsujikawa f507b5eee4 nghttpx: Use an existing h2 backend connection as much as possible
h2load measurement reveals that this strategy is 3 times faster than
the previous implementations.
2017-10-19 21:15:08 +09:00
Tatsuhiro Tsujikawa 4d76606fa2 Fix bug that forwarded for is not affected by proxy protocol 2017-08-09 22:44:14 +09:00
Tatsuhiro Tsujikawa 17614312e0 Merge pull request #892 from nghttp2/nghttpx-sni-fwd
nghttpx: SNI based backend server selection
2017-04-19 21:22:15 +09:00
Tatsuhiro Tsujikawa a2e35a0757 nghttpx: Add $tls_sni access log variable 2017-04-18 22:44:26 +09:00
Tatsuhiro Tsujikawa c8a5f1e335 nghttpx: SNI based backend server selection 2017-04-16 23:47:10 +09:00
Tatsuhiro Tsujikawa 058122b804 nghttpx: Rename shrpx_ssl.{h,cc} as shrpx_tls.{h,cc}
The namespace shrpx::ssl was also renamed as shrpx::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa 69f63c529d src: Rename ssl.{h,cc} as tls.{h,cc}
nghttp2::ssl namespace was also renamed as nghttp2::tls.
2017-04-01 15:12:28 +09:00
Tatsuhiro Tsujikawa b9b58c781e nghttpx: Avoid extra TLS handshake calls 2017-03-30 22:23:55 +09:00
Tatsuhiro Tsujikawa 9aee518352 nghttpx: Effectively revert ff64f64e1d 2017-03-15 00:07:57 +09:00
Tatsuhiro Tsujikawa fa074145a4 Merge pull request #788 from nghttp2/nghttpx-h2-proxy-pattern-match
nghttpx: Enable backend pattern matching with http2-proxy
2017-03-06 21:22:34 +09:00
Tatsuhiro Tsujikawa a7c780a732 nghttpx: Redirect to HTTPS URI with redirect-if-not-tls param
This commit removes frontend-tls parameter, and adds
redirect-if-not-tls parameter parameter to --backend option.  nghttpx
now responds to the request with 308 status code to redirect the
request to https URI if frontend connection is not TLS encrypted, and
redirect-if-no-tls parameter is used in --backend option.  The port
number in Location header field is 443 by default (thus omitted), but
it can be configurable using --redirect-https-port option.
2017-02-18 22:32:27 +09:00
Tatsuhiro Tsujikawa e5b84fad09 nghttpx: Fix bug that old config is used during reloading config 2017-02-16 22:46:22 +09:00
Tatsuhiro Tsujikawa 0b1ddad62b nghttpx: Add frontend-tls parameter to backend to require client TLS 2017-01-28 22:19:14 +09:00
Tatsuhiro Tsujikawa 3ddc446ba2 nghttpx: Enable backend pattern matching with http2-proxy 2017-01-26 01:04:27 +09:00
Tatsuhiro Tsujikawa a2afd393ed nghttpx: Remove field from LogSpec which can be got from Downstream 2017-01-11 22:30:12 +09:00
Tatsuhiro Tsujikawa 33aa327ef5 nghttpx: Fix access.log timestamp
access.log timestamp is now when request header fields are received,
rather than when access log is written.
2017-01-11 20:47:17 +09:00
Tatsuhiro Tsujikawa 4fa150c494 nghttpx: Use Memchunk based read buffer for frontend connection
Previously, we have dedicated read buffer for each frontend
connection.  With this commit, the buffer spaces are only used when
needed, and pooled if they are not used.  This reduces memory usage
for idle client connections.
2017-01-08 23:20:14 +09:00
Tatsuhiro Tsujikawa b313386988 nghttpx: Add proxyproto to frontend option to accept PROXY protocol
Previously, global accept-proxy-protocol option enables PROXY protocol
support for all frontend listeners, but this was inflexible.  To fix
this issue, accept-proxy-protocol option is now deprecated, and
instead proxyproto parameter in frontend option enables PROXY protocol
support per frontend.
2017-01-03 12:47:03 +09:00
Tatsuhiro Tsujikawa 359730af54 Fix regression in ff64f64e1d 2016-12-21 23:19:10 +09:00
Tatsuhiro Tsujikawa ff64f64e1d nghttpx: Faster HTTP/1 frontend 2016-11-29 20:42:27 +09:00