Tatsuhiro Tsujikawa
c78528d54b
nghttpx: Restrict HTTP major and minor in 0 or 1
2017-02-11 18:42:29 +09:00
Tatsuhiro Tsujikawa
685e926494
nghttpx: Add --accesslog-write-early option
...
--accesslog-write-early option is analogous to HAProxy's logasap. If
used, nghttpx writes access log when response header fields are
received from backend rather than when request transaction finishes.
2017-01-13 22:12:21 +09:00
Tatsuhiro Tsujikawa
6595ae26ea
src: Add constexpr to const objects
2017-01-09 17:11:37 +09:00
Tatsuhiro Tsujikawa
e8b2508036
nghttpx: Rename confusing names in HttpDownstreamConnection
2017-01-08 23:09:00 +09:00
Tatsuhiro Tsujikawa
25df164219
nghttpx: Don't write again after failure
...
Plain write(2) is OK, but SSL_write requires same arguments on retry.
It would be better to avoid calling them again.
2016-12-26 00:35:38 +09:00
Tatsuhiro Tsujikawa
bcfa333322
nghttpx: Refactor h1 backend retry code
2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa
c4aeadd57d
nghttpx: Retry h1 backend request if first write fails
2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa
a0ce5ea9ab
nghttpx: Keep reading after backend write failed
...
Because of bidirectional nature of TCP, we may fail write(2), but have
still pending read in TCP buffer, which may contain response body. To
forward them, we should keep reading until get EOF from backend.
To avoid stalling HTTP/1 upload when request buffer is full, and we
have received complete response from backend, drop connection in that
case.
2016-12-24 22:50:02 +09:00
Tatsuhiro Tsujikawa
0463928a1e
nghttpx: Fix uninitialized errors found by coverity scan
2016-12-18 22:16:52 +09:00
Tatsuhiro Tsujikawa
38b5cad4e3
nghttpx: Lookup backend host name dynamically
...
We have added "dns" parameter to backend option. If specified, name
lookup is done dynamically. If not, name lookup is done at start up,
or configuration reloading. nghttpx caches DNS result including error
case in 30 seconds in this commit. Later commit makes this
configurable.
DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
Tatsuhiro Tsujikawa
b6a9cf9ffa
nghttpx: Accept and ignore content-length: 0 in 204 response for now
2016-12-03 14:57:48 +09:00
Tatsuhiro Tsujikawa
e9ab75a386
nghttpx: Robust backend read timeout
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
50f42a80c9
nghttpx: Fix bug that mishandles response header from h1 backend
2016-11-18 22:33:29 +09:00
Tatsuhiro Tsujikawa
2b75aff32e
nghttpx: Fix bug that zero-length POST is not forwarded
2016-11-11 00:48:32 +09:00
Tatsuhiro Tsujikawa
38443d2195
nghttpx: Small optimization
2016-11-04 21:13:22 +09:00
Tatsuhiro Tsujikawa
e082b7be72
nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1
...
We now treat Content-Length or Transfer-Encoding as error if they come
with 204 or 1xx status code, or 200 to a CONNECT request in HTTP/1
response.
2016-11-03 17:00:05 +09:00
Tatsuhiro Tsujikawa
0cf6848646
clang-format-3.9
2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa
00a8c378d4
nghttpx: Add --backend-connect-timeout option
2016-10-10 22:50:41 +09:00
Tatsuhiro Tsujikawa
1b4ccd0d51
nghttpx: Don't call get_config() repeatedly
2016-10-08 11:37:18 +09:00
Tatsuhiro Tsujikawa
231d739b10
nghttpx: Improve performance with h1 backend when request body is involved
2016-09-22 20:46:50 +09:00
Tatsuhiro Tsujikawa
f267e400fa
nghttpx: Migrate backend stream to another h2 session on graceful shutdown
2016-09-15 00:53:41 +09:00
Tatsuhiro Tsujikawa
99dc31ff1a
nghttpx: Retry if backend h1 connection cannot be established due to timeout
2016-08-30 23:37:49 +09:00
Tatsuhiro Tsujikawa
cf7f87c2ad
nghttpx: Log error code from getsockopt(SO_ERROR) on first write event
2016-08-25 00:25:03 +09:00
Tatsuhiro Tsujikawa
8f47b68a95
nghttpx: Set do_signal_write_ when TLS handshake was completed
2016-08-23 21:36:43 +09:00
Tatsuhiro Tsujikawa
41b2745dad
nghttpx: Log backend connection failure in WARN level
2016-08-19 16:25:05 +09:00
Tatsuhiro Tsujikawa
ad3d43b8be
nghttpx: Add access log variable for backend host and port
...
Use $backend_host and $backend_port. $backend_host is backend host
name given in --backend option. It could be a path to UNIX domain
socket.
2016-08-05 00:04:47 +09:00
Tatsuhiro Tsujikawa
cbced219ec
nghttpx: Rewrite read timer handling
...
For HTTP/2, read timer starts when there is no downstream, and timer
stops when there is at least one downstream. For HTTP/1, read timer
starts when request handling finished, and timer stops when request
handling starts.
2016-06-24 00:04:39 +09:00
Tatsuhiro Tsujikawa
ec5e438a7c
nghttpx: Make backend fail with TLS handshake failure, including ALPN mismatch
2016-06-17 00:53:38 +09:00
Tatsuhiro Tsujikawa
f9897f8ccd
nghttpx: Fix bugs and crash when affinity is enabled
2016-06-09 23:17:41 +09:00
Tatsuhiro Tsujikawa
143d0b69b7
nghttpx: Implement client IP based session affinity
2016-06-09 22:35:59 +09:00
Tatsuhiro Tsujikawa
cb7269f334
nghttpx: Close and disallow h1 backend connection on backend replacement
2016-06-04 12:16:31 +09:00
Tatsuhiro Tsujikawa
845aa7a710
nghttpx: Share downstream config object
...
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
Tatsuhiro Tsujikawa
fe58614b23
nghttpx: Use std::shared_ptr for downstream addresses so that we can swap them
2016-06-03 01:20:49 +09:00
Tatsuhiro Tsujikawa
2ca3bf7a7e
nghttpx: Fix bug that timeout on h1 backend makes that backend unavailable
2016-05-28 22:41:24 +09:00
Tatsuhiro Tsujikawa
852a320586
nghttpx: Cleanup code where request content-length is involved
2016-05-28 16:44:04 +09:00
Tatsuhiro Tsujikawa
e0491c2ee8
nghttpx: Refactor protocol selection in backend
2016-05-25 23:07:04 +09:00
Tatsuhiro Tsujikawa
2a4bf9f615
nghttpx: Allow mixed protocol and TLS settings among backends under same pattern
2016-05-24 23:36:43 +09:00
Tatsuhiro Tsujikawa
f2a1fadda9
nghttpx: Make backend fail if connect operation was timed out
2016-05-24 21:24:30 +09:00
Tatsuhiro Tsujikawa
e6dfd4ff27
nghttpx: Call downstream_failure rather than on_failure in HTTP/1 backend
2016-05-21 10:34:47 +09:00
Tatsuhiro Tsujikawa
7a3c656adf
nghttpx: Refactor
2016-05-15 21:05:20 +09:00
Tatsuhiro Tsujikawa
796160cb77
nghttpx: Don't add chunked encoded response body for HEAD request
2016-05-14 17:47:58 +09:00
Tatsuhiro Tsujikawa
fd801864e3
nghttpx: Add sni keyword to --backend option
...
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option. But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
Tatsuhiro Tsujikawa
4aa4fe56e1
nghttpx: Destroy SSL object, and always lookup TLS session cache
2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa
d2f4e4e325
nghttpx: Always expect response trailer fields
2016-04-27 23:00:36 +09:00
Brian Suh
5487b64fa6
nghttpx: Fix downstream connect callback called early
2016-04-24 20:49:38 -07:00
Tatsuhiro Tsujikawa
a16daf109b
nghttpx: Try next HTTP/1 backend address when connection cannot be made
2016-04-13 00:38:21 +09:00
Tatsuhiro Tsujikawa
f9b872ab78
nghttpx: Detect online/offline state of backend servers
2016-04-08 23:07:17 +09:00
Tatsuhiro Tsujikawa
58b06f32a2
nghttpx: Configure TLS per backend routing pattern
...
We added "tls" parameter to --backend option to enable TLS on that
backend connection. --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
Tatsuhiro Tsujikawa
0f9ed40bd9
nghttpx: Share connection among different patterns if address set are same
2016-03-23 00:01:27 +09:00
Tatsuhiro Tsujikawa
3455cb35e4
nghttpx: Rewrite create_forwarded to use BlockAllocator
2016-03-12 21:13:09 +09:00
Tatsuhiro Tsujikawa
67569486d1
src: Rewrite http:create_via_header_value
2016-03-12 21:13:09 +09:00
Tatsuhiro Tsujikawa
eb393985b7
nghttpx: Make a copy before adding header to Downstream
2016-03-12 21:12:26 +09:00
Tatsuhiro Tsujikawa
b1b57cc740
nghttpx: Use StringRef for authority, scheme and path
2016-03-12 21:12:26 +09:00
Tatsuhiro Tsujikawa
284691253f
nghttpx: Use StringRef for http::create_forwarded parameter
2016-02-29 00:05:32 +09:00
Tatsuhiro Tsujikawa
06921f35f3
nghttpx: Restructure mode settings
...
It is very hard to support multiple protocols in backend while
retaining multiple mode settings. Therefore, we dropped modes except
for default and HTTP/2 proxy mode. The other removed modes can be
emulated using combinations of options. Now the backend connection is
not encrypted by default. To enable encryption on backend connection,
use --backend-tls option.
2016-02-28 21:35:26 +09:00
Tatsuhiro Tsujikawa
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa
8ca3e5f6ba
nghttpx: Separate Downstream address group from config to runtime
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa
21007da392
nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
...
Previously, we use one Http2Session object per DownstreamAddrGroup.
This is not flexible, and we have to provision how many HTTP/2
connection is required in advance. The new strategy is we add
Http2Session object on demand. We measure the number of attached
downstream connection object and server advertised concurrency limit.
As long as former is smaller than the latter, we attach new downstream
connection to it. Once the limit is reached, we create new
Http2Session object. If the number lowers the limit, we start to
share Http2Session object again.
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa
f2a7275700
nghttpx: Cache TLS session inside DownstreamAddr object
2016-02-21 16:35:43 +09:00
Tatsuhiro Tsujikawa
177d0a513f
nghttpx: More logging for backend connection initiation
2016-02-21 16:11:50 +09:00
Tatsuhiro Tsujikawa
11c8803b92
nghttpx: Worker wide blocker which is used when socket(2) is failed
2016-02-21 15:27:19 +09:00
Tatsuhiro Tsujikawa
c9a4f293a1
nghttpx: ConnectBlocker per backend address
2016-02-21 14:53:06 +09:00
Tatsuhiro Tsujikawa
9678daa46a
nghttpx: Rename index_headers() as parse_content_length()
2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa
23ecfd412d
nghttpx: Fix mruby compile error, clean up add_header interface
2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa
6f1347fc8b
nghttpx: Tokenize trailer field as well so that we can ditch prohibited headers in HTTP/2
2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa
1703201084
nghttpx: Get rid of hdidx
2016-02-20 23:30:02 +09:00
Tatsuhiro Tsujikawa
b440f585bc
nghttpx: Use Header to store custom request/response header fields
2016-02-13 22:19:05 +09:00
Tatsuhiro Tsujikawa
e4a727f86c
nghttpx: Cache TLS client session after initial handshake was done
2016-02-11 17:56:20 +09:00
Tatsuhiro Tsujikawa
b624ca6dcd
nghttpx: Rename client TLS session cache field
2016-02-11 17:12:57 +09:00
Tatsuhiro Tsujikawa
ba4c268172
nghttpx: Single SSL_SESSION cache entry for each address
2016-02-11 17:07:48 +09:00
Tatsuhiro Tsujikawa
00175eac33
nghttpx: Use Address* as a key for client side session cache
2016-02-11 12:40:15 +09:00
Tatsuhiro Tsujikawa
0d806978e6
nghttpx: Set HTTP/1 backend read buffer to 16k
2016-02-07 21:07:27 +09:00
Tatsuhiro Tsujikawa
2a9b23bfab
nghttpx: Store pointer to DownstreamAddr
2016-02-07 18:38:06 +09:00
Tatsuhiro Tsujikawa
4e7271a88f
nghttpx: Fix regression which breaks WebSocket upgrade
2016-02-07 17:59:38 +09:00
Tatsuhiro Tsujikawa
e7de5e9f6c
nghttpx: Rename cl_tls_session as downstream_tls_session
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
2e38208d74
nghttpx: Fixups for HTTP/1 backend TLS support
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
cde79052dd
nghttpx: Slightly faster version of HTTP/1 backend
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
26d49c1dc3
nghttpx: Cache client session
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
bb4e2f6a24
nghttpx: Add TLS support for HTTP/1 backend
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
eec409dba7
nghttpx: Limit header fields from backend
2016-02-06 12:27:01 +09:00
Tatsuhiro Tsujikawa
85bb37ab7c
Enable ConstructorInitializerAllOnOneLineOrOnePerLine for better diff
2016-01-27 21:14:07 +09:00
Tatsuhiro Tsujikawa
ad93cea544
nghttpx: Fix possible data loss on backend connection upgrade
2016-01-27 15:26:46 +09:00
Tatsuhiro Tsujikawa
0402481be4
nghttpx: Organize connection related configuration into struct
2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa
16549bb276
nghttpx: Structured configurations for http and http2
2016-01-18 17:00:20 +09:00
Tatsuhiro Tsujikawa
f3e1dc7a4f
nghttpx: Structured TLS related configurations
2016-01-18 14:21:09 +09:00
Tatsuhiro Tsujikawa
ef5d981ab1
nghttpx: Simplify
2016-01-17 17:04:16 +09:00
Tatsuhiro Tsujikawa
4f07db8bcb
src: Rename our new string classes
2016-01-17 11:33:45 +09:00
Tatsuhiro Tsujikawa
34d5382d66
nghttpx: Use VString for DownstreamAddr::host and hostport to remember size
2016-01-17 00:52:41 +09:00
Tatsuhiro Tsujikawa
7be0217bc0
nghttpx: Simplify xff handling
2016-01-16 16:48:41 +09:00
Tatsuhiro Tsujikawa
5c3f74b424
nghttpx: Add RFC 7239 Forwarded header field support
2016-01-16 11:32:14 +09:00
Tatsuhiro Tsujikawa
fa31d0940c
nghttpx: Refactor Downstream::request_datalen_
2016-01-14 23:36:47 +09:00
Tatsuhiro Tsujikawa
e7e52b11ce
nghttpx: Refactor Downstream::response_bodylen_
2016-01-14 23:20:44 +09:00
Tatsuhiro Tsujikawa
6d6a00f1f5
nghttpx: Return assemble cookie on the fly
2016-01-14 01:05:10 +09:00
Tatsuhiro Tsujikawa
3b8889a2a1
nghttpx: Extract response related fields to Response struct
2016-01-14 01:05:10 +09:00
Tatsuhiro Tsujikawa
919f08eb38
nghttpx: Extract request related fields to Request struct
...
Header field related functions are now gathered into FieldStore class.
This commit only handles request. Subsequent commit will do the same
thing for response.
2016-01-14 01:04:32 +09:00
Tatsuhiro Tsujikawa
848f8fbe54
nghttpx: Don't apply max_header_fields and header_field_buffer limit to response
...
We modeled max_header_fields and header_field_buffer limit from Apache
configuration directives. In Apache, they are only applied to request
header fields, while we applied both request and response. Since
nghttpx is used as reverse proxy and backend server is relatively
"trusted", this commit removes the application to response header
fields.
2016-01-05 16:44:44 +09:00
Tatsuhiro Tsujikawa
ecb4a208fb
nghttpx: Use ev_feed_event to signal write for HTTP backend
...
It seems that using ev_feed_event to signal write operation is much
faster than starting watcher. This is probably due to the fact that
we don't need to wait in event loop. The same thing cannot be done in
HTTP/2 frontend, since this will raise write operation for each stream
HEADER/DATA write, which leads to very small packets, hurting
performance. Interestingly, HTTP/1 frontend also suffers the same
performance hit.
2015-10-28 23:26:41 +09:00
Tatsuhiro Tsujikawa
0b2c139eaa
clang-format-3.5
2015-10-25 17:04:54 +09:00
Lucas Pardue
dcc9aaaa24
Add TLS dynamic record size behaviour command line options
2015-10-22 14:07:18 +00:00
Tatsuhiro Tsujikawa
0155c9115a
nghttpx: Fix so that --padding option works again
2015-10-04 10:36:20 +09:00