Commit Graph

281 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa c78528d54b nghttpx: Restrict HTTP major and minor in 0 or 1 2017-02-11 18:42:29 +09:00
Tatsuhiro Tsujikawa 685e926494 nghttpx: Add --accesslog-write-early option
--accesslog-write-early option is analogous to HAProxy's logasap.  If
used, nghttpx writes access log when response header fields are
received from backend rather than when request transaction finishes.
2017-01-13 22:12:21 +09:00
Tatsuhiro Tsujikawa 6595ae26ea src: Add constexpr to const objects 2017-01-09 17:11:37 +09:00
Tatsuhiro Tsujikawa e8b2508036 nghttpx: Rename confusing names in HttpDownstreamConnection 2017-01-08 23:09:00 +09:00
Tatsuhiro Tsujikawa 25df164219 nghttpx: Don't write again after failure
Plain write(2) is OK, but SSL_write requires same arguments on retry.
It would be better to avoid calling them again.
2016-12-26 00:35:38 +09:00
Tatsuhiro Tsujikawa bcfa333322 nghttpx: Refactor h1 backend retry code 2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa c4aeadd57d nghttpx: Retry h1 backend request if first write fails 2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa a0ce5ea9ab nghttpx: Keep reading after backend write failed
Because of bidirectional nature of TCP, we may fail write(2), but have
still pending read in TCP buffer, which may contain response body.  To
forward them, we should keep reading until get EOF from backend.

To avoid stalling HTTP/1 upload when request buffer is full, and we
have received complete response from backend, drop connection in that
case.
2016-12-24 22:50:02 +09:00
Tatsuhiro Tsujikawa 0463928a1e nghttpx: Fix uninitialized errors found by coverity scan 2016-12-18 22:16:52 +09:00
Tatsuhiro Tsujikawa 38b5cad4e3 nghttpx: Lookup backend host name dynamically
We have added "dns" parameter to backend option.  If specified, name
lookup is done dynamically.  If not, name lookup is done at start up,
or configuration reloading.  nghttpx caches DNS result including error
case in 30 seconds in this commit.  Later commit makes this
configurable.

DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
Tatsuhiro Tsujikawa b6a9cf9ffa nghttpx: Accept and ignore content-length: 0 in 204 response for now 2016-12-03 14:57:48 +09:00
Tatsuhiro Tsujikawa e9ab75a386 nghttpx: Robust backend read timeout 2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa 50f42a80c9 nghttpx: Fix bug that mishandles response header from h1 backend 2016-11-18 22:33:29 +09:00
Tatsuhiro Tsujikawa 2b75aff32e nghttpx: Fix bug that zero-length POST is not forwarded 2016-11-11 00:48:32 +09:00
Tatsuhiro Tsujikawa 38443d2195 nghttpx: Small optimization 2016-11-04 21:13:22 +09:00
Tatsuhiro Tsujikawa e082b7be72 nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1
We now treat Content-Length or Transfer-Encoding as error if they come
with 204 or 1xx status code, or 200 to a CONNECT request in HTTP/1
response.
2016-11-03 17:00:05 +09:00
Tatsuhiro Tsujikawa 0cf6848646 clang-format-3.9 2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa 00a8c378d4 nghttpx: Add --backend-connect-timeout option 2016-10-10 22:50:41 +09:00
Tatsuhiro Tsujikawa 1b4ccd0d51 nghttpx: Don't call get_config() repeatedly 2016-10-08 11:37:18 +09:00
Tatsuhiro Tsujikawa 231d739b10 nghttpx: Improve performance with h1 backend when request body is involved 2016-09-22 20:46:50 +09:00
Tatsuhiro Tsujikawa f267e400fa nghttpx: Migrate backend stream to another h2 session on graceful shutdown 2016-09-15 00:53:41 +09:00
Tatsuhiro Tsujikawa 99dc31ff1a nghttpx: Retry if backend h1 connection cannot be established due to timeout 2016-08-30 23:37:49 +09:00
Tatsuhiro Tsujikawa cf7f87c2ad nghttpx: Log error code from getsockopt(SO_ERROR) on first write event 2016-08-25 00:25:03 +09:00
Tatsuhiro Tsujikawa 8f47b68a95 nghttpx: Set do_signal_write_ when TLS handshake was completed 2016-08-23 21:36:43 +09:00
Tatsuhiro Tsujikawa 41b2745dad nghttpx: Log backend connection failure in WARN level 2016-08-19 16:25:05 +09:00
Tatsuhiro Tsujikawa ad3d43b8be nghttpx: Add access log variable for backend host and port
Use $backend_host and $backend_port.  $backend_host is backend host
name given in --backend option.  It could be a path to UNIX domain
socket.
2016-08-05 00:04:47 +09:00
Tatsuhiro Tsujikawa cbced219ec nghttpx: Rewrite read timer handling
For HTTP/2, read timer starts when there is no downstream, and timer
stops when there is at least one downstream.  For HTTP/1, read timer
starts when request handling finished, and timer stops when request
handling starts.
2016-06-24 00:04:39 +09:00
Tatsuhiro Tsujikawa ec5e438a7c nghttpx: Make backend fail with TLS handshake failure, including ALPN mismatch 2016-06-17 00:53:38 +09:00
Tatsuhiro Tsujikawa f9897f8ccd nghttpx: Fix bugs and crash when affinity is enabled 2016-06-09 23:17:41 +09:00
Tatsuhiro Tsujikawa 143d0b69b7 nghttpx: Implement client IP based session affinity 2016-06-09 22:35:59 +09:00
Tatsuhiro Tsujikawa cb7269f334 nghttpx: Close and disallow h1 backend connection on backend replacement 2016-06-04 12:16:31 +09:00
Tatsuhiro Tsujikawa 845aa7a710 nghttpx: Share downstream config object
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
Tatsuhiro Tsujikawa fe58614b23 nghttpx: Use std::shared_ptr for downstream addresses so that we can swap them 2016-06-03 01:20:49 +09:00
Tatsuhiro Tsujikawa 2ca3bf7a7e nghttpx: Fix bug that timeout on h1 backend makes that backend unavailable 2016-05-28 22:41:24 +09:00
Tatsuhiro Tsujikawa 852a320586 nghttpx: Cleanup code where request content-length is involved 2016-05-28 16:44:04 +09:00
Tatsuhiro Tsujikawa e0491c2ee8 nghttpx: Refactor protocol selection in backend 2016-05-25 23:07:04 +09:00
Tatsuhiro Tsujikawa 2a4bf9f615 nghttpx: Allow mixed protocol and TLS settings among backends under same pattern 2016-05-24 23:36:43 +09:00
Tatsuhiro Tsujikawa f2a1fadda9 nghttpx: Make backend fail if connect operation was timed out 2016-05-24 21:24:30 +09:00
Tatsuhiro Tsujikawa e6dfd4ff27 nghttpx: Call downstream_failure rather than on_failure in HTTP/1 backend 2016-05-21 10:34:47 +09:00
Tatsuhiro Tsujikawa 7a3c656adf nghttpx: Refactor 2016-05-15 21:05:20 +09:00
Tatsuhiro Tsujikawa 796160cb77 nghttpx: Don't add chunked encoded response body for HEAD request 2016-05-14 17:47:58 +09:00
Tatsuhiro Tsujikawa fd801864e3 nghttpx: Add sni keyword to --backend option
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option.  But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
Tatsuhiro Tsujikawa 4aa4fe56e1 nghttpx: Destroy SSL object, and always lookup TLS session cache 2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa d2f4e4e325 nghttpx: Always expect response trailer fields 2016-04-27 23:00:36 +09:00
Brian Suh 5487b64fa6 nghttpx: Fix downstream connect callback called early 2016-04-24 20:49:38 -07:00
Tatsuhiro Tsujikawa a16daf109b nghttpx: Try next HTTP/1 backend address when connection cannot be made 2016-04-13 00:38:21 +09:00
Tatsuhiro Tsujikawa f9b872ab78 nghttpx: Detect online/offline state of backend servers 2016-04-08 23:07:17 +09:00
Tatsuhiro Tsujikawa 58b06f32a2 nghttpx: Configure TLS per backend routing pattern
We added "tls" parameter to --backend option to enable TLS on that
backend connection.  --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
Tatsuhiro Tsujikawa 0f9ed40bd9 nghttpx: Share connection among different patterns if address set are same 2016-03-23 00:01:27 +09:00
Tatsuhiro Tsujikawa 3455cb35e4 nghttpx: Rewrite create_forwarded to use BlockAllocator 2016-03-12 21:13:09 +09:00
Tatsuhiro Tsujikawa 67569486d1 src: Rewrite http:create_via_header_value 2016-03-12 21:13:09 +09:00
Tatsuhiro Tsujikawa eb393985b7 nghttpx: Make a copy before adding header to Downstream 2016-03-12 21:12:26 +09:00
Tatsuhiro Tsujikawa b1b57cc740 nghttpx: Use StringRef for authority, scheme and path 2016-03-12 21:12:26 +09:00
Tatsuhiro Tsujikawa 284691253f nghttpx: Use StringRef for http::create_forwarded parameter 2016-02-29 00:05:32 +09:00
Tatsuhiro Tsujikawa 06921f35f3 nghttpx: Restructure mode settings
It is very hard to support multiple protocols in backend while
retaining multiple mode settings.  Therefore, we dropped modes except
for default and HTTP/2 proxy mode.  The other removed modes can be
emulated using combinations of options.  Now the backend connection is
not encrypted by default.  To enable encryption on backend connection,
use --backend-tls option.
2016-02-28 21:35:26 +09:00
Tatsuhiro Tsujikawa 1832f78684 nghttpx: Move downstream proto to DownstreamAddrGroup 2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa 8ca3e5f6ba nghttpx: Separate Downstream address group from config to runtime 2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa 21007da392 nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
Previously, we use one Http2Session object per DownstreamAddrGroup.
This is not flexible, and we have to provision how many HTTP/2
connection is required in advance.  The new strategy is we add
Http2Session object on demand.  We measure the number of attached
downstream connection object and server advertised concurrency limit.
As long as former is smaller than the latter, we attach new downstream
connection to it.  Once the limit is reached, we create new
Http2Session object.  If the number lowers the limit, we start to
share Http2Session object again.
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa f2a7275700 nghttpx: Cache TLS session inside DownstreamAddr object 2016-02-21 16:35:43 +09:00
Tatsuhiro Tsujikawa 177d0a513f nghttpx: More logging for backend connection initiation 2016-02-21 16:11:50 +09:00
Tatsuhiro Tsujikawa 11c8803b92 nghttpx: Worker wide blocker which is used when socket(2) is failed 2016-02-21 15:27:19 +09:00
Tatsuhiro Tsujikawa c9a4f293a1 nghttpx: ConnectBlocker per backend address 2016-02-21 14:53:06 +09:00
Tatsuhiro Tsujikawa 9678daa46a nghttpx: Rename index_headers() as parse_content_length() 2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa 23ecfd412d nghttpx: Fix mruby compile error, clean up add_header interface 2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa 6f1347fc8b nghttpx: Tokenize trailer field as well so that we can ditch prohibited headers in HTTP/2 2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa 1703201084 nghttpx: Get rid of hdidx 2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa b440f585bc nghttpx: Use Header to store custom request/response header fields 2016-02-13 22:19:05 +09:00
Tatsuhiro Tsujikawa e4a727f86c nghttpx: Cache TLS client session after initial handshake was done 2016-02-11 17:56:20 +09:00
Tatsuhiro Tsujikawa b624ca6dcd nghttpx: Rename client TLS session cache field 2016-02-11 17:12:57 +09:00
Tatsuhiro Tsujikawa ba4c268172 nghttpx: Single SSL_SESSION cache entry for each address 2016-02-11 17:07:48 +09:00
Tatsuhiro Tsujikawa 00175eac33 nghttpx: Use Address* as a key for client side session cache 2016-02-11 12:40:15 +09:00
Tatsuhiro Tsujikawa 0d806978e6 nghttpx: Set HTTP/1 backend read buffer to 16k 2016-02-07 21:07:27 +09:00
Tatsuhiro Tsujikawa 2a9b23bfab nghttpx: Store pointer to DownstreamAddr 2016-02-07 18:38:06 +09:00
Tatsuhiro Tsujikawa 4e7271a88f nghttpx: Fix regression which breaks WebSocket upgrade 2016-02-07 17:59:38 +09:00
Tatsuhiro Tsujikawa e7de5e9f6c nghttpx: Rename cl_tls_session as downstream_tls_session 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa 2e38208d74 nghttpx: Fixups for HTTP/1 backend TLS support 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa cde79052dd nghttpx: Slightly faster version of HTTP/1 backend 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa 26d49c1dc3 nghttpx: Cache client session 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa bb4e2f6a24 nghttpx: Add TLS support for HTTP/1 backend 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa eec409dba7 nghttpx: Limit header fields from backend 2016-02-06 12:27:01 +09:00
Tatsuhiro Tsujikawa 85bb37ab7c Enable ConstructorInitializerAllOnOneLineOrOnePerLine for better diff 2016-01-27 21:14:07 +09:00
Tatsuhiro Tsujikawa ad93cea544 nghttpx: Fix possible data loss on backend connection upgrade 2016-01-27 15:26:46 +09:00
Tatsuhiro Tsujikawa 0402481be4 nghttpx: Organize connection related configuration into struct 2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa 16549bb276 nghttpx: Structured configurations for http and http2 2016-01-18 17:00:20 +09:00
Tatsuhiro Tsujikawa f3e1dc7a4f nghttpx: Structured TLS related configurations 2016-01-18 14:21:09 +09:00
Tatsuhiro Tsujikawa ef5d981ab1 nghttpx: Simplify 2016-01-17 17:04:16 +09:00
Tatsuhiro Tsujikawa 4f07db8bcb src: Rename our new string classes 2016-01-17 11:33:45 +09:00
Tatsuhiro Tsujikawa 34d5382d66 nghttpx: Use VString for DownstreamAddr::host and hostport to remember size 2016-01-17 00:52:41 +09:00
Tatsuhiro Tsujikawa 7be0217bc0 nghttpx: Simplify xff handling 2016-01-16 16:48:41 +09:00
Tatsuhiro Tsujikawa 5c3f74b424 nghttpx: Add RFC 7239 Forwarded header field support 2016-01-16 11:32:14 +09:00
Tatsuhiro Tsujikawa fa31d0940c nghttpx: Refactor Downstream::request_datalen_ 2016-01-14 23:36:47 +09:00
Tatsuhiro Tsujikawa e7e52b11ce nghttpx: Refactor Downstream::response_bodylen_ 2016-01-14 23:20:44 +09:00
Tatsuhiro Tsujikawa 6d6a00f1f5 nghttpx: Return assemble cookie on the fly 2016-01-14 01:05:10 +09:00
Tatsuhiro Tsujikawa 3b8889a2a1 nghttpx: Extract response related fields to Response struct 2016-01-14 01:05:10 +09:00
Tatsuhiro Tsujikawa 919f08eb38 nghttpx: Extract request related fields to Request struct
Header field related functions are now gathered into FieldStore class.
This commit only handles request.  Subsequent commit will do the same
thing for response.
2016-01-14 01:04:32 +09:00
Tatsuhiro Tsujikawa 848f8fbe54 nghttpx: Don't apply max_header_fields and header_field_buffer limit to response
We modeled max_header_fields and header_field_buffer limit from Apache
configuration directives.  In Apache, they are only applied to request
header fields, while we applied both request and response.  Since
nghttpx is used as reverse proxy and backend server is relatively
"trusted", this commit removes the application to response header
fields.
2016-01-05 16:44:44 +09:00
Tatsuhiro Tsujikawa ecb4a208fb nghttpx: Use ev_feed_event to signal write for HTTP backend
It seems that using ev_feed_event to signal write operation is much
faster than starting watcher.  This is probably due to the fact that
we don't need to wait in event loop.  The same thing cannot be done in
HTTP/2 frontend, since this will raise write operation for each stream
HEADER/DATA write, which leads to very small packets, hurting
performance.  Interestingly, HTTP/1 frontend also suffers the same
performance hit.
2015-10-28 23:26:41 +09:00
Tatsuhiro Tsujikawa 0b2c139eaa clang-format-3.5 2015-10-25 17:04:54 +09:00
Lucas Pardue dcc9aaaa24 Add TLS dynamic record size behaviour command line options 2015-10-22 14:07:18 +00:00
Tatsuhiro Tsujikawa 0155c9115a nghttpx: Fix so that --padding option works again 2015-10-04 10:36:20 +09:00