Commit Graph

405 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa f0d2c9f94b Compile with BoringSSL
Compile with BoringSSL except for neverbleed and libnghttp2_asio.  The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL.  The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa a28aee058f nghttpx: Don't need to trap SIGTERM and SIGINT signals 2015-09-29 00:07:29 +09:00
Tatsuhiro Tsujikawa 8acf9a2802 nghttpx: Trie based routing 2015-09-26 22:19:10 +09:00
Tatsuhiro Tsujikawa 044385ab6e Add neverbleed support
neverbleed is disabled by default.  To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa 6680d8b792 nghttpx: Call setsid after executing new binary 2015-09-25 00:55:08 +09:00
Tatsuhiro Tsujikawa 0b32df94a5 nghttpx: Log when worker process exits 2015-09-25 00:11:35 +09:00
Tatsuhiro Tsujikawa c44587a70c nghttpx: Use _Exit when exiting from child process 2015-09-24 23:57:24 +09:00
Tatsuhiro Tsujikawa 389a96483a nghttpx: Fix improper signal handling 2015-09-24 23:43:24 +09:00
Tatsuhiro Tsujikawa a54062bd5e nghttpx: Fix output glitch 2015-09-24 00:11:02 +09:00
Tatsuhiro Tsujikawa 2be6a94d70 nghttpx: Show textual signal description when worker process exited 2015-09-22 21:21:40 +09:00
Tatsuhiro Tsujikawa e77f9d95d3 nghttpx: Set CLOEXEC for ipc fds 2015-09-22 19:52:35 +09:00
Tatsuhiro Tsujikawa 87a38bdf8d nghttpx: Chown UNIX domain socket to user specified as --user 2015-09-22 18:34:03 +09:00
Tatsuhiro Tsujikawa 03bb58006b nghttpx: Extract several chown() usages into 1 function 2015-09-22 18:32:40 +09:00
Tatsuhiro Tsujikawa ab824d1230 nghttpx: Add missing sys/wait.h 2015-09-19 19:50:29 +09:00
Tatsuhiro Tsujikawa dbbc7296f5 strdup is not required here 2015-09-18 23:28:27 +09:00
Tatsuhiro Tsujikawa ce1b11e3a0 nghttpx: Split monolithic one process into control and worker processes
The control process handles signals, reads configuration, reads
private keys, and bind port (which may be privileged one).  It never
drop privileges, so that it can execute new binary with the same
privilege.  It forks worker process.  The worker process handles all
incoming connections.  It drops privilege.
2015-09-18 23:28:26 +09:00
Lucas Pardue ec47dfb9b8 Initial HTTP/1.1 capability. Add npn-list option to h2load. Make NPN/ALPN more runtime dependent 2015-09-17 14:49:27 +00:00
Tatsuhiro Tsujikawa 33601f1a51 nghttpx: Fix compile error with --disable-threads 2015-09-13 00:42:59 +09:00
Tatsuhiro Tsujikawa f8c1da7f3c nghttpx: Add --accept-proxy-protocol usage to help message 2015-09-06 23:27:07 +09:00
Tatsuhiro Tsujikawa ce53bd239e nghttpx: Implement PROXY protocol version 1
Use --accept-proxy-protocol to enable PROXY protocol handling
2015-09-06 21:30:19 +09:00
Tatsuhiro Tsujikawa 39287314d3 nghttpx: Fix missing `break` 2015-09-06 18:34:10 +09:00
Tatsuhiro Tsujikawa c30d252f94 nghttpx: Show warning if certain feature is not compiled in 2015-09-06 16:59:57 +09:00
Tatsuhiro Tsujikawa d722a09581 nghttpx: Rename mruby script options 2015-09-04 01:19:57 +09:00
Tatsuhiro Tsujikawa 14f5240d8f nghttpx: Update doc 2015-09-03 01:37:47 +09:00
Tatsuhiro Tsujikawa baadec5ef4 nghttpx: Add response mruby hook 2015-09-03 01:33:52 +09:00
Tatsuhiro Tsujikawa 1508c50a45 nghttpx: Add basic infrastructure for mruby support 2015-09-02 02:45:15 +09:00
Tatsuhiro Tsujikawa e1f7643c92 nghttpx: Fix memory leak 2015-09-02 02:07:29 +09:00
Tomasz Buchert 97566ce4e3 nghttpx: make early copy of stderr 2015-08-13 11:01:37 +02:00
Tomasz Buchert 900dcf4ced nghttpx: remove Android-specific code 2015-08-12 20:17:03 +02:00
Tatsuhiro Tsujikawa b384b76f66 nghttpx: Fix hmac_keylen should be 16 for aes-128-cbc 2015-08-12 00:38:07 +09:00
Tatsuhiro Tsujikawa a73cfd5f7b nghttpx: Add reference to manual section for session resumption 2015-07-29 00:00:43 +09:00
Tatsuhiro Tsujikawa a1288a5826 nghttpx: Rename --tls-ticket-cipher as --tls-ticket-key-cipher 2015-07-28 23:49:37 +09:00
Tatsuhiro Tsujikawa 80d96590c5 nghttpx: Update doc 2015-07-28 23:43:32 +09:00
Tatsuhiro Tsujikawa a6fdca730d nghttpx: Add options to set maximum retry and failure when getting ticket keys 2015-07-28 01:17:29 +09:00
Tatsuhiro Tsujikawa 4949dd4888 nghttpx: Add --tls-ticket-key-memcached-interval option 2015-07-28 01:02:33 +09:00
Tatsuhiro Tsujikawa 2f2a300e83 nghttpx: Add TLS ticket key sharing among nghttpx instances using memcached 2015-07-28 00:54:44 +09:00
Tatsuhiro Tsujikawa e3cdfd12ea nghttpx: Use std::array for TicketKey 2015-07-27 02:12:07 +09:00
Tatsuhiro Tsujikawa cd25c6846e nghttpx: Create struct Address which holds struct sockaddr_union and length 2015-07-27 01:41:10 +09:00
Tatsuhiro Tsujikawa 90b4b48c7e nghttpx: Add shared session cache using memcached 2015-07-26 23:33:06 +09:00
Tatsuhiro Tsujikawa adec2c06bf nghttpx: Set SSL/TLS session timeout to 12 hours 2015-07-24 23:59:19 +09:00
Tatsuhiro Tsujikawa 9b63fc011e nghttpx: Open log files by default configuration 2015-07-24 00:32:19 +09:00
Tatsuhiro Tsujikawa cab6c7871c nghttpx: Don't rewrite host header field by default
In reverse proxy usage, backend server most likely wants to see the
original header field.  So this commit turns off host header rewrite
by default.  --no-host-rewrite option is deprecated, and if it is
used, warning message is displayed.  --host-rewrite option is added to
enable host rewrite.
2015-07-23 23:54:56 +09:00
Tatsuhiro Tsujikawa 04bd25d468 nghttpx: Simplify ticket handling between workers just using mutex 2015-07-23 23:13:29 +09:00
Tatsuhiro Tsujikawa cd2c751f82 nghttpx: Generate new ticket key every 1hr and its life time is now 12hrs 2015-07-23 21:14:38 +09:00
Tatsuhiro Tsujikawa ca3444c34c Fix compile error/warnings with gcc-4.7 2015-07-19 20:50:14 +09:00
Tatsuhiro Tsujikawa 5dc060c1a2 src: Use C++11 value-initialization, instead of memset-ing 0 2015-07-19 17:55:37 +09:00
Tatsuhiro Tsujikawa e8167ceea7 nghttpx: Add AES-256-CBC encryption for TLS session ticket 2015-07-18 02:02:33 +09:00
Tatsuhiro Tsujikawa a2c78cfc69 nghttpx: Update doc 2015-07-14 23:44:58 +09:00
Tatsuhiro Tsujikawa 7f7b6d641d nghttpx: Allow log variable to be enclosed by curly braces 2015-07-14 22:25:52 +09:00
Tatsuhiro Tsujikawa fb7775e382 nghttpx: Detect loop in --include paths 2015-07-13 21:44:06 +09:00
Tatsuhiro Tsujikawa 3097547491 nghttpx: Add --include option to read additional configuration from given file 2015-07-12 23:18:36 +09:00
Tatsuhiro Tsujikawa 6307f96fb3 nghttpx: Enable host-path backend routing in HTTP/2 backend
To achieve host-path backend routing, we changed behaviour of
--backend-http2-connections-per-worker.  It now sets the number of
HTTP/2 physical connections per pattern group if pattern is used in -b
option.

Fixes GH-292
2015-07-12 23:02:30 +09:00
Tatsuhiro Tsujikawa 7c216c6df8 nghttpx: Document that patterns with host take precedence 2015-07-11 16:46:13 +09:00
Tatsuhiro Tsujikawa c2e4ed9624 nghttpx: Deal with the path without trailing slash on pattern match
If pattern ends with '/', and pattern and path matches without that
slash, we consider they match to deal with request to the directory
without trailing slash.  That is if pattern is "/foo/" and path is
"/foo", we consider they match.
2015-07-11 12:43:48 +09:00
Tatsuhiro Tsujikawa 3119fc259c Select backend based on request host and path by extending -b option
-b option syntax is now <HOST>,<PORT>[;<PATTERN>[:...]].  The optional
<PATTERN>s specify the request host and path it is used for.  The
<PATTERN> can contain path, host + path or host.  The matching rule is
closely designed to ServeMux in Go programming language.
2015-07-11 00:15:52 +09:00
Tatsuhiro Tsujikawa 515c313073 nghttpx: Add $ssl_session_reused log variable
The syntax for this variable is the same as nginx: if SSL/TLS session
was reused, "r" is produced.  Otherwise ".".
2015-06-28 22:15:04 +09:00
Tatsuhiro Tsujikawa 197493afd4 nghttpx: Add log variables related to SSL/TLS connection
This commit add following 3 log variables to SSL/TLS connection:
$ssl_cipher, $ssl_protocol, $ssl_session_id.  If no information is
available for them, '-' is produced for each.
2015-06-28 16:44:34 +09:00
Tatsuhiro Tsujikawa b06e339dbb Prepare for IRIX support, port relevant change from spdylay 2015-06-27 17:51:07 +09:00
Tatsuhiro Tsujikawa f3b7f4140b nghttpx: Clarify origin host for --backend-http1-connection-per-host 2015-06-22 21:09:39 +09:00
Tatsuhiro Tsujikawa cebfdacc5a src: Use user-defined literals for time (hours and minutes) 2015-06-21 14:51:32 +09:00
Tatsuhiro Tsujikawa 39f89f4a60 src: Use user-defined literals for k, m, and g. 2015-06-21 14:32:47 +09:00
Tatsuhiro Tsujikawa 6d537c419e nghttpx: Document failure case on bind() 2015-06-07 00:05:33 +09:00
Tatsuhiro Tsujikawa 4894e24dc8 nghttpx: Add error logging for listener socket creation failure 2015-06-07 00:02:30 +09:00
Tatsuhiro Tsujikawa 00efa86fb6 nghttpx: Add --add-request-header option 2015-06-05 23:04:20 +09:00
Tatsuhiro Tsujikawa ee4d53a9e4 More constexpr 2015-05-31 18:44:37 +09:00
Tatsuhiro Tsujikawa 3d59c6c0b7 nghttpx: Use defined string iteral when defining long_options 2015-05-29 22:48:46 +09:00
Tatsuhiro Tsujikawa 791660ef8d Fix up OpenSSL initialization
Use the example presented at
http://en.wikibooks.org/wiki/OpenSSL/Initialization
2015-05-23 00:23:38 +09:00
Tatsuhiro Tsujikawa 0b27f005e0 Merge branch 'master' into v1.0.0
Conflicts:
	src/HttpServer.cc
2015-05-15 23:24:19 +09:00
Tatsuhiro Tsujikawa 53bfc70c9e Include inttypes.h (or cintypes for C++) instead of stdint.h
From autoconf manual, section 5.6.1 Portability of Headers, says:

"""
The C99 standard says that inttypes.h includes stdint.h, so there's no
need to include stdint.h separately in a standard environment. Some
implementations have inttypes.h but not stdint.h (e.g., Solaris 7),
but we don't know of any implementation that has stdint.h but not
inttypes.h.
"""
2015-05-14 00:17:45 +09:00
Tatsuhiro Tsujikawa 38cfc5c47c Check more headers and funcs 2015-05-13 23:29:20 +09:00
Tatsuhiro Tsujikawa e63d6e490a Merge branch 'master' into v1.0.0
Conflicts:
	lib/nghttp2_option.h
	lib/nghttp2_session.h
	src/HttpServer.cc
2015-05-08 19:21:51 +09:00
Tatsuhiro Tsujikawa 552f675466 nghttpx: Add --header-field-buffer and --max-header-fields options 2015-04-29 21:10:59 +09:00
Tatsuhiro Tsujikawa 5937b4b6f7 Merge branch 'master' into v1.0.0 2015-04-19 23:13:38 +09:00
Tatsuhiro Tsujikawa 889e705f35 nghttpx: Add logging for somewhat important events (logs, tickets, and ocsp) 2015-04-11 00:08:28 +09:00
Tatsuhiro Tsujikawa b873930802 nghttpx: Now ocsp works without threads 2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa 09c485e712 nghttpx: Eliminate 1 second refresh timer 2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa d247470da2 nghttpx: Rewrite ocsp without thread
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa cf0576253f Merge branch 'master' into v1.0.0 2015-04-08 18:10:04 +09:00
Tatsuhiro Tsujikawa 1fcd881395 nghttpx: Document that stderr is redirected to error log file 2015-04-08 17:33:18 +09:00
Tatsuhiro Tsujikawa dd435b51ab nghttpx: Redirect stderr to errorlog file 2015-04-08 16:59:58 +09:00
Tatsuhiro Tsujikawa 3e50ef439d Announce h2, final HTTP/2 ALPN identifier 2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa d0c27d5229 Send 24 bytes client magic byte string by library
Previously nghttp2_session_send() and nghttp2_session_mem_send() did
not send 24 bytes client magic byte string (MAGIC).  We made
nghttp2_session_recv() and nghttp2_session_mem_recv() process MAGIC by
default, so it is natural to make library send MAGIC as well.  This
commit makes nghttp2_session_send() and nghttp2_session_mem_send()
send MAGIC.  This commit also replace "connection preface" with
"client magic", since we call MAGIC as "connection preface" but it is
just a part of connection preface.  NGHTTP2_CLIENT_CONNECTION_PREFACE
macro was replaced with NGHTTP2_CLIENT_MAGIC.  The already deprecated
NGHTTP2_CLIENT_CONNECTION_HEADER macro was removed permanently.
nghttp2_option_set_no_recv_client_preface() was renamed as
nghttp2_option_set_no_recv_client_magic().  NGHTTP2_ERR_BAD_PREFACE
was renamed as NGHTTP2_ERR_BAD_CLIENT_MAGIC.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 250ea53e4b Deal with 24 bytes client connection preface by default
Since HTTP/2 spec requires for client to send connection preface, it
is reasonable to make this option enabled by default.  It is still a
use case to disable this, so replace this option with
nghttp2_option_set_no_recv_client_preface().
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 01af6ea70c Remove ALTSVC related code
HTTP/2 and HPACK are going to be published as RFC, but ALTSVC is still
in draft state.  To make our API stable, it would be better to remove
ALTSVC API for 1.0.0 release.
2015-04-05 23:15:20 +09:00
Tatsuhiro Tsujikawa 1442b1bd0a nghttpx: Remove --tls-ctx-per-worker option
--tls-ctx-per-worker option does not work well of OCSP stapling.  Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
Tatsuhiro Tsujikawa cc94632b29 src: Use separator "--" to mark start of the footer without ambiguity 2015-03-31 00:21:52 +09:00
Tatsuhiro Tsujikawa 4bc9afe20a nghttpx: Add OCSP stapling feature 2015-03-30 23:58:28 +09:00
Tatsuhiro Tsujikawa 93013f4205 nghttpx: Remove --backend-http2-connection-check option, enable it by default 2015-03-11 00:22:05 +09:00
Tatsuhiro Tsujikawa 0e3ae63965 nghttpx: Add --backend-http2-connections-per-worker 2015-03-10 23:43:25 +09:00
Tatsuhiro Tsujikawa 446de923f3 nghttpx: Support multiple HTTP/2 session per worker
Currently, we use same number of HTTP/2 sessions per worker with given
backend addresses.  New option to specify the number of HTTP/2 session
per worker will follow.
2015-03-10 23:20:21 +09:00
Tatsuhiro Tsujikawa c5860fc6f4 nghttpx: Support multiple -b option for HTTP/2 backend 2015-03-10 21:54:29 +09:00
Tatsuhiro Tsujikawa 41e266181e nghttpx: Attempt to improve HTTP/2 backend connection check
It turns out that writing successfully to network is not enough.
After apparently successful network write, read fails and then we
first know network has been lost (at least my android mobile network).
In this change, we say connection check is successful only when
successful read.  We already send PING in this case, so we just wait
PING ACK with short timeout.  If timeout has expired, drop connection.
Since waiting for PING ACK could degrade performance for fast reliably
connected network, we decided to disable connection check by default.
Use --backend-http2-connection-check to enable it.
2015-03-09 23:37:54 +09:00
Tatsuhiro Tsujikawa c2426bc732 Merge branch 'pthread-getspecific' of https://github.com/icing/nghttp2 into icing-pthread-getspecific 2015-03-05 02:04:56 +09:00
Stefan Eissing 1fd44b1567 replacing thread_local, which does not exist on OS X, with pthread_getspecific call 2015-03-03 17:09:15 +01:00
Tatsuhiro Tsujikawa 1c0d617742 nghttpx: Rename WorkerConfig as LogConfig
This is a sign that we only use thread-local storage for logging only.
2015-02-26 00:02:29 +09:00
Tatsuhiro Tsujikawa b161dfe573 nghttpx: Move graceful_shutdown flag from WorkerConfig to Worker
A part of an effort to eliminate thread_local WorkerConfig
2015-02-25 22:53:53 +09:00
Tatsuhiro Tsujikawa 1a2bccd71c nghttpx: Share nghttp2_session_callbacks between objects 2015-02-24 15:21:10 +09:00
Tatsuhiro Tsujikawa 8b533e19bb nghttpx: Remove option name from unix path sample since it is a bit strange 2015-02-22 18:09:37 +09:00
Tatsuhiro Tsujikawa df32a534fc nghttpx: Rename ConnectionHandler::acceptor4_ as acceptor_
This change is motivated by that fact that we use it for UNIX domain
socket as well as IPv4.
2015-02-22 17:59:50 +09:00
Tatsuhiro Tsujikawa e583a25a8b nghttpx: Fix error found by coverity scan 2015-02-22 17:53:12 +09:00
Tatsuhiro Tsujikawa da2376effd nghttpx: Add host_unix field to DownstreamAddr to tell it is UNIX domain sock 2015-02-22 17:25:23 +09:00
Tatsuhiro Tsujikawa 0c4ae3dea5 nghttpx: Support UNIX domain socket on frontend
This commit also fixes environment variables used to tell inherited
file descriptors to new binary are stacked up each time new binary is
executed.
2015-02-22 17:25:23 +09:00
Tatsuhiro Tsujikawa 997f9233bc nghttpx: Support UNIX domain socket in backend connections 2015-02-22 12:27:51 +09:00
Tatsuhiro Tsujikawa a26a597453 nghttpx: Cast configuration value to rlim_t to avoid compile error on 32bit 2015-02-21 16:57:02 +09:00
Tatsuhiro Tsujikawa ab93a700ce src: Announce h2 ALPN 2015-02-20 23:50:17 +09:00
Tatsuhiro Tsujikawa ae0100a9ab nghttpx: Refactor worker interface 2015-02-11 22:49:03 +09:00
Tatsuhiro Tsujikawa 502b552b68 nghttpx: Add --no-server-push option 2015-02-08 16:19:12 +09:00
Tatsuhiro Tsujikawa 4dea318b5b nghttpx: Fix compile error if SOCK_NONBLOCK is undefined 2015-02-08 00:49:56 +09:00
Tatsuhiro Tsujikawa 54851ef7a6 src: Move make_unique to nghttp2 namespace 2015-02-06 00:15:43 +09:00
Tatsuhiro Tsujikawa 7c75d9db98 nghttpx: Set nghttp2_option_set_peer_max_concurrent_streams for HTTP/2 backend 2015-02-05 03:05:34 +09:00
Tatsuhiro Tsujikawa a68c4c1e3c nghttpx: Add --no-host-rewrite option 2015-02-04 01:42:26 +09:00
Tatsuhiro Tsujikawa e03f36eeeb nghttpx: Use <DURATION> instead of <T> 2015-01-29 23:23:30 +09:00
Tatsuhiro Tsujikawa 00555dc7bb nghttpx: Use TCP_DEFER_ACCEPT if available 2015-01-29 21:14:44 +09:00
Tatsuhiro Tsujikawa d1a4002b22 nghttpx: Remove --accept-delay and --num-accept options 2015-01-29 20:58:47 +09:00
Tatsuhiro Tsujikawa 96e66b1a81 nghttpx: Make num_accept 0 on graceful shutdown
Make num_accept unlimited so that we can accept all pending
connections waiting in listen queue.
2015-01-28 21:02:31 +09:00
Tatsuhiro Tsujikawa 19429abd07 nghttpx: Make --accept-delay default to 10ms 2015-01-28 21:00:47 +09:00
Fabian Möller 3167aa4081 nghttpx: set the supplementary group access list 2015-01-28 20:56:05 +09:00
Tatsuhiro Tsujikawa f8765be817 nghttpx: Make --backend-keep-alive-timeout default to 2s 2015-01-28 00:47:09 +09:00
Tatsuhiro Tsujikawa f0c7839f25 nghttpx: Clarify --num-accept=0 case 2015-01-28 00:39:56 +09:00
Tatsuhiro Tsujikawa 6a39de0ae5 nghttpx: Accept s or ms as unit for <T> argument 2015-01-28 00:36:44 +09:00
Tatsuhiro Tsujikawa 402ebb277f nghttpx: Add --num-accept and --accept-delay options 2015-01-27 23:47:56 +09:00
Tatsuhiro Tsujikawa f604cbae70 nghttpx: Fix shutdown too early with QUIT signal if num_worker == 1 2015-01-22 01:46:25 +09:00
Tatsuhiro Tsujikawa 8997e4369d nghttpx: Adjust backend buffers 2015-01-21 01:47:43 +09:00
Tatsuhiro Tsujikawa 5d204fc3aa nghttpx: Add more option categories 2015-01-15 23:19:35 +09:00
Tatsuhiro Tsujikawa 8fe093de1d nghttpx: Set initial backlog to 512 2015-01-14 21:24:12 +09:00
Tatsuhiro Tsujikawa f004361ef2 nghttpx: Add --backend-request-buffer option 2015-01-13 23:30:28 +09:00
Tatsuhiro Tsujikawa c88a5291b7 nghttpx: Add --backend-response-buffer option 2015-01-13 23:20:06 +09:00
Tatsuhiro Tsujikawa 0d614cf103 nghttpx: Longer help message 2015-01-13 23:02:18 +09:00
Tatsuhiro Tsujikawa 29d6cfae80 nghttpx: Add explanation about units in <SIZE> 2015-01-13 22:42:52 +09:00
Tatsuhiro Tsujikawa c48a6e73e8 nghttpx: Clean up metavar 2015-01-13 22:39:35 +09:00
Tatsuhiro Tsujikawa 956c11388c nghttpx: Allow units (k, m, and g) in --{read,write}-{rate,burst}
So that you can specify --read-rate=1M --read-burst=4M
2015-01-13 21:54:53 +09:00
Tatsuhiro Tsujikawa 5e8eb926f2 nghttpx: Fix server error with -n1 and --tls-ctx-per-worker 2015-01-13 21:53:53 +09:00
Tatsuhiro Tsujikawa 1e4f8f27fd nghttpx: Add --tls-ctx-per-worker option
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it.  We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine.  Good side of sharing SSL_CTX across threads is
we can share session ID pool.

If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks.  The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread.  But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
Tatsuhiro Tsujikawa e048deb64c nghttpx: Fix error message 2015-01-12 22:35:45 +09:00
Tatsuhiro Tsujikawa f7455d48cc Compile with android NDK
This also fixes the bug that nghttpx's acceptor fd is blocking if
SOCK_NONBLOCK is undefined.
2015-01-11 00:28:00 +09:00
Tatsuhiro Tsujikawa 0ca979b453 nghttpx: Add --rlimit-nofile option 2015-01-10 23:17:48 +09:00
Tatsuhiro Tsujikawa bc17f95c80 src: Move ipv6_numeric_addr to util and add test 2015-01-10 21:33:53 +09:00
Tatsuhiro Tsujikawa a3dcf1e004 Produce man pages using sphinx
Previously to create manual page for bundled programs, we use help2man
to create man page from program's help output.  Then our man2rst.py
script converts man page to rst document.  Sphinx generates html from
rst documents.

Now help2rst.py produces rst document from programs output.  We use
Sphinx solely to produce both man pages and html files.
2015-01-10 00:37:42 +09:00
Tatsuhiro Tsujikawa 019f1e9fc7 nghttpx: Remove useless comments 2015-01-08 22:28:30 +09:00
Tatsuhiro Tsujikawa 0173929538 nghttpx: Rename ListenHandler as ConnectionHandler 2015-01-08 21:48:39 +09:00
Tatsuhiro Tsujikawa fcddb5c06c nghttpx: Distribute session ticket keys to workers without mutex 2015-01-08 21:15:45 +09:00
Tatsuhiro Tsujikawa 5d3544185c nghttpx: Fix crash in SSL_CTX_set_tlsext_ticket_key_cb
It seems that returning 0 when enc == 0 crashes OpenSSL.
2015-01-08 20:46:35 +09:00
Tatsuhiro Tsujikawa 5dce9501a6 Fix compile error with libstdc++ and/or --disable-threads 2015-01-08 01:57:59 +09:00
Tatsuhiro Tsujikawa 08e8cc1915 nghttpx: Add --tls-ticket-key-file option
This option specifies files contains 48 random bytes to construct
session ticket key data.  This option can be used repeatedly to
specify multiple keys, but only the first one is used to encrypt
tickets.
2015-01-08 01:26:30 +09:00
Tatsuhiro Tsujikawa 52f3572d5b nghttpx: Enable TLS session tickets with session key rotation every 12hrs 2015-01-08 00:01:09 +09:00
Tatsuhiro Tsujikawa ba795d86f0 nghttpx: Don't cache time for logging
Update is done by main event loop which is stopped after graceful
shutdown is commenced, which means time is no longer update.  To avoid
this situation, we just avoid caching and get time for each logging.
2015-01-06 23:17:09 +09:00
Tatsuhiro Tsujikawa 94e69d5e30 nghttpx: Remove commented lines 2015-01-06 22:55:01 +09:00
Tatsuhiro Tsujikawa 7db1864766 nghttpx: Add --backend-http1-connections-per-frontend option 2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa a55a07940c nghttpx: Show not implemented warning for per wroker rate limit 2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa bfac015d61 src: Use libev for rest of the applications 2015-01-03 00:19:41 +09:00