Tatsuhiro Tsujikawa
144ae3af9d
nghttpx: Memcached connection encryption with tls keyword
...
Like frontend and backend options, encryption for memcached
connections is configured using tls keyword in
tls-session-cache-memcached and tls-ticket-key-memcached options.
tls-session-cache-memcached-tls and tls-ticket-key-memcached-tls
options are deprecated.
2016-03-24 00:22:13 +09:00
Tatsuhiro Tsujikawa
eec0b04a33
nghttpx: Enable/disable TLS per frontend address
...
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option. We removed --frontend-no-tls in
favor of this new feature.
2016-03-23 23:56:09 +09:00
Tatsuhiro Tsujikawa
58b06f32a2
nghttpx: Configure TLS per backend routing pattern
...
We added "tls" parameter to --backend option to enable TLS on that
backend connection. --backend-tls options was deprecated, now is
noop.
2016-03-23 22:56:18 +09:00
Tatsuhiro Tsujikawa
4bb88b35ec
nghttpx: "*" must match at least one character
2016-03-22 22:40:23 +09:00
Tatsuhiro Tsujikawa
04145e22a2
Revert "nghttpx: Call setsid after executing new binary"
...
This reverts commit 6680d8b792
.
2016-03-22 00:21:32 +09:00
Tatsuhiro Tsujikawa
d2b55ad1a2
nghttpx: Allow '*' in --error-page to be used as wildcard
2016-03-19 23:49:15 +09:00
Tatsuhiro Tsujikawa
d7051f5207
nghttpx: Add custom error pages
2016-03-19 23:41:21 +09:00
Tatsuhiro Tsujikawa
34d209b30b
nghttpx: Add wildcard host routing
...
This change allows host pattern in --backend to include '*' to
indicate wildcard match. The wildcard match is made in suffix match
only.
2016-03-13 01:01:34 +09:00
Tatsuhiro Tsujikawa
df6466cfbd
nghttpx: Update doc
2016-02-28 23:15:57 +09:00
Tatsuhiro Tsujikawa
2326337d32
nghttpx: Deprecate backend-http1-connections-per-host in favor of backend-connections-per-host
2016-02-28 22:15:49 +09:00
Tatsuhiro Tsujikawa
06921f35f3
nghttpx: Restructure mode settings
...
It is very hard to support multiple protocols in backend while
retaining multiple mode settings. Therefore, we dropped modes except
for default and HTTP/2 proxy mode. The other removed modes can be
emulated using combinations of options. Now the backend connection is
not encrypted by default. To enable encryption on backend connection,
use --backend-tls option.
2016-02-28 21:35:26 +09:00
Tatsuhiro Tsujikawa
44d3801760
nghttpx: Deprecate backend-http1-connections-per-frontend in favor of backend-connections-per-frontend
2016-02-28 17:11:12 +09:00
Tatsuhiro Tsujikawa
1832f78684
nghttpx: Move downstream proto to DownstreamAddrGroup
2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa
36f6a009b8
nghttpx: Effectively disable backend HTTP/2 connection flow control
...
This is required to avoid session stall because of too slow frontend
connection.
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa
aafcc55006
nghttpx: Deprecate --http2-max-concurrent-streams option
...
We added 2 new option instead: --frontend-http2-max-concurrent-streams
and --backend-http2-max-concurrent-streams.
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa
c731d1fea5
nghttpx: Deprecate --backend-http2-connections-per-worker option
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa
8ca3e5f6ba
nghttpx: Separate Downstream address group from config to runtime
2016-02-28 00:19:18 +09:00
Tatsuhiro Tsujikawa
c098b4ac70
nghttpx: Remove --backend-tls-session-cache-per-worker option
2016-02-25 22:46:25 +09:00
Tatsuhiro Tsujikawa
dfc02843b6
src: Rename and rewrite numeric_hostport as to_numeric_addr and support AF_UNIX path
2016-02-21 15:28:11 +09:00
Tatsuhiro Tsujikawa
466e4b7a1e
nghttpx: Use ImmutableString for conf_path
2016-02-14 22:20:10 +09:00
Tatsuhiro Tsujikawa
76a425226f
nghttpx: Use ImmutableString for pid_file
2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa
2b707bff27
nghttpx: Use ImmutableString for log file
2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa
9055323b67
nghttpx: Use ImmutableString for request_header_file and response_header_file
2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa
ac81003669
nghttpx: Use ImmutableString for cert_file
2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa
c999987baf
nghttpx: Use ImmutableString for private_key_file
2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa
660bc389e6
nghttpx: Use ImmutableString for fetch_ocsp_response_file
2016-02-14 21:01:54 +09:00
Tatsuhiro Tsujikawa
bfc26e8299
nghttpx: Use ImmutableString to store memcached server host
2016-02-14 20:59:10 +09:00
Tatsuhiro Tsujikawa
2d273f8237
nghttpx: Use StringRef for pattern paramter in Router::add_route
2016-02-14 18:55:53 +09:00
Tatsuhiro Tsujikawa
a53f0f0a17
nghttpx: Refactor DownstreamAddrGroup and router API
2016-02-14 18:47:24 +09:00
Tatsuhiro Tsujikawa
1bd98dcf4f
nghttpx: Remove user defined ctor/assignment op from DownstreamAddr
2016-02-14 18:31:08 +09:00
Tatsuhiro Tsujikawa
eb0c82d91f
nghttpx: More log output when resolving addresses for better debugging
2016-02-13 23:21:32 +09:00
Tatsuhiro Tsujikawa
72877379ec
nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor of --backend-address-family
2016-02-13 19:09:39 +09:00
Tatsuhiro Tsujikawa
c0078ab45a
nghttpx: Add options to specify address family of memcached connections
2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa
3a41e4dd1a
nghttpx: Add encryption support for TLS ticket key retrieval
2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa
3297a303bf
nghttpx: Add client auth options for session cache memcached TLS connection
2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa
f1580f95d4
nghttpx: Add TLS support for session cache memcached connection
2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa
60c0c2dd56
src: Code cleanup
2016-02-07 18:41:38 +09:00
Tatsuhiro Tsujikawa
6d49110a33
Rename FrontendAddr as UpstreamAddr
2016-02-07 17:51:53 +09:00
Tatsuhiro Tsujikawa
15fa38c72f
nghttpx: Rename backend_session_cache_per_worker as downstream_session_cache_per_worker
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
6806196404
nghttpx: Update doc for HTTP/1 TLS backend connections
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
e763770f3e
nghttpx: Add option to specify maximum number of session cache
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
bb4e2f6a24
nghttpx: Add TLS support for HTTP/1 backend
2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa
024d0d09ee
nghttpx: Fix unexpected failure due to missing address family
2016-02-06 23:28:04 +09:00
Tatsuhiro Tsujikawa
ee07694783
nghttpx: Add request-header-field-buffer and max-request-header-fields options
...
This commit adds request-header-field-buffer and
max-request-header-fields, and deprecates header-field-buffer and
max-header-fields options.
2016-02-06 17:22:23 +09:00
Tatsuhiro Tsujikawa
8741503db1
nghttpx: Add --no-http2-cipher-black-list to allow black listed cipher suite
2016-02-06 17:05:14 +09:00
Tatsuhiro Tsujikawa
eec409dba7
nghttpx: Limit header fields from backend
2016-02-06 12:27:01 +09:00
Tatsuhiro Tsujikawa
35c3b36549
nghttpx: Document special value localhost in Forwarded "by" and "for" params
2016-02-01 23:34:07 +09:00
Tatsuhiro Tsujikawa
aa07fe7fa6
nghttpx: Support multiple frontend addresses
...
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
Tatsuhiro Tsujikawa
85bb37ab7c
Enable ConstructorInitializerAllOnOneLineOrOnePerLine for better diff
2016-01-27 21:14:07 +09:00
Tatsuhiro Tsujikawa
efc3206ae0
nghttpx: Revert accidental change
2016-01-21 22:14:10 +09:00
Tatsuhiro Tsujikawa
497ffc6387
nghttpx: Change pushed stream's priority
...
By default, as RFC 7540 calls for, pushed stream depends on its
associated (parent) stream. There are some situations that this is
sub-optimal. For example, if associated stream is HTML, and server is
configured to push css and javascript files which are in critical
rendering path. Then the default priority scheme is sub-optimal,
since browser typically blocks rendering while waiting for critical
resources. In this case, it is better to at least give pushed stream
the same priority of associated stream, and interleave these streams.
This change gives pushed stream the same priority of associated stream
if pushed stream has content-type "application/javascript" or
"text/css". The pushed stream now depends on the stream which
associated stream depends on. We use the same weight of associated
stream.
2016-01-21 21:11:57 +09:00
Tatsuhiro Tsujikawa
5a3ca7e700
nghttpx: Disallow user defined static obfuscated string for "for" parameter
2016-01-21 21:05:07 +09:00
Tatsuhiro Tsujikawa
9ac3e643d8
Revert "nghttpx: Add --curves option to specify supported elliptic curves"
...
This reverts commit e278893b64
.
SSL_CONF_CTX functions are not working correctly with OpenSSL 1.0.2.
It requires 1.1.0 to make it work.
2016-01-21 19:50:38 +09:00
Tatsuhiro Tsujikawa
e278893b64
nghttpx: Add --curves option to specify supported elliptic curves
2016-01-21 18:23:13 +09:00
Tatsuhiro Tsujikawa
03f7f8cb9c
nghttpx: About implicit conversion from ImmutableString and std::string to StringRef
...
This is required to avoid creation of temporary ImmutableString
like so:
std::string x;
ImmutableString y = ...;
StringRef ref = !x.empty() ? x : y;
First, temporary ImmutableString is created with x since
ImmutableString has constructor to accept std::string. After
StringRef gets this, the temporary ImmutableString is destroyed, and
ref has dangling pointer.
2016-01-21 17:12:40 +09:00
Tatsuhiro Tsujikawa
f44128774c
nghttpx: Update doc
2016-01-19 21:01:34 +09:00
Tatsuhiro Tsujikawa
f3946ae314
nghttpx: Remove assignment of zero values
...
Because of zero initialization, these assignments are unnecessary.
2016-01-19 17:27:56 +09:00
Tatsuhiro Tsujikawa
2f9946327a
nghttpx: Fix bug that --listener-disable-timeout option is not used
2016-01-19 17:03:01 +09:00
Tatsuhiro Tsujikawa
0402481be4
nghttpx: Organize connection related configuration into struct
2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa
35feae3b0c
nghttpx: Group up logging related options
2016-01-18 17:26:27 +09:00
Tatsuhiro Tsujikawa
a053d10839
nghttpx: Move option handling code to separate function
2016-01-18 17:08:28 +09:00
Tatsuhiro Tsujikawa
16549bb276
nghttpx: Structured configurations for http and http2
2016-01-18 17:00:20 +09:00
Tatsuhiro Tsujikawa
f3e1dc7a4f
nghttpx: Structured TLS related configurations
2016-01-18 14:21:09 +09:00
Tatsuhiro Tsujikawa
b12af8c410
nghttpx: Refactor backend proxy configuration
2016-01-17 22:51:40 +09:00
Tatsuhiro Tsujikawa
4f07db8bcb
src: Rename our new string classes
2016-01-17 11:33:45 +09:00
Tatsuhiro Tsujikawa
d16ff1f519
nghttpx: Use StringAdaptor for Config::server_name
2016-01-17 01:15:11 +09:00
Tatsuhiro Tsujikawa
34d5382d66
nghttpx: Use VString for DownstreamAddr::host and hostport to remember size
2016-01-17 00:52:41 +09:00
Tatsuhiro Tsujikawa
25570367b3
nghttpx: Document Forwarded related options
2016-01-16 11:58:02 +09:00
Tatsuhiro Tsujikawa
d678c07ddf
nghttpx: Allow user to specify static obfuscated value via command-line
2016-01-16 11:32:26 +09:00
Tatsuhiro Tsujikawa
5c3f74b424
nghttpx: Add RFC 7239 Forwarded header field support
2016-01-16 11:32:14 +09:00
Tatsuhiro Tsujikawa
fe8005327a
src: Make util::utos_with_unit and utos_with_funit names shorter
2016-01-11 18:12:31 +09:00
Tatsuhiro Tsujikawa
848f8fbe54
nghttpx: Don't apply max_header_fields and header_field_buffer limit to response
...
We modeled max_header_fields and header_field_buffer limit from Apache
configuration directives. In Apache, they are only applied to request
header fields, while we applied both request and response. Since
nghttpx is used as reverse proxy and backend server is relatively
"trusted", this commit removes the application to response header
fields.
2016-01-05 16:44:44 +09:00
Tatsuhiro Tsujikawa
de247f7d33
src: Rename startsWith as starts_with
2015-11-28 00:42:51 +09:00
Tatsuhiro Tsujikawa
1753bea692
nghttpx: Support server push from HTTP/2 backend
...
This commits enables HTTP/2 server push from HTTP/2 backend to be
relayed to HTTP/2 frontend. To use this feature, --http2-bridge or
--client is required. Server push via Link header field contiues to
work.
2015-11-16 23:12:25 +09:00
Tatsuhiro Tsujikawa
c711a80411
src: Fix typo
...
Apply typo fixes to the original source files in the previous commit
which were done in generated text.
2015-11-09 21:43:25 +09:00
Tatsuhiro Tsujikawa
6b0bde6c31
Update doc so that we can use hyperlink to referred options
2015-10-25 17:10:41 +09:00
Tatsuhiro Tsujikawa
9231a4ba57
nghttpx: Replace old script file options with --mruby-file
2015-10-25 17:05:15 +09:00
Tatsuhiro Tsujikawa
0b2c139eaa
clang-format-3.5
2015-10-25 17:04:54 +09:00
Lucas Pardue
dcc9aaaa24
Add TLS dynamic record size behaviour command line options
2015-10-22 14:07:18 +00:00
Tatsuhiro Tsujikawa
48edbc8687
nghttpx: Reduce default timeouts for read sockets to 1m
2015-10-18 00:15:58 +09:00
Tatsuhiro Tsujikawa
eff3dfd50b
src: Move exception handling code to one function
2015-10-17 23:34:05 +09:00
Tatsuhiro Tsujikawa
5594e3df25
src: Handle exception in main
2015-10-17 11:52:33 +09:00
Tatsuhiro Tsujikawa
85bc696c38
nghttpx: Add error handling for strdup and sigaction
2015-10-16 22:33:48 +09:00
Tatsuhiro Tsujikawa
338b4ba739
nghttpx: Don't use units to display fastopen default
2015-10-14 23:45:56 +09:00
Tatsuhiro Tsujikawa
41710bfc7e
nghttpx: Add description about error message when TLS protocols do not overlap
2015-10-14 23:23:43 +09:00
Tatsuhiro Tsujikawa
0e87d464a2
clang-format
2015-10-14 23:23:34 +09:00
Tatsuhiro Tsujikawa
f1eb7638d1
nghttpx: Change mruby script handling
...
This commit changes nghttpx's mruby script handling. Previously we
have 2 options to specify the mruby script file to be run on request
and on response. Now they are merged into 1 option, namely
--mruby-file. It now must return object. On request, the object's
on_req(env) method is invoked with env object. Similarly, on
response, the object's on_resp(env) method is invoked. The
specification of Env object has not changed.
2015-10-08 23:32:15 +09:00
Peeyush Aggarwal
349f3e2c7b
Added support for RFC 7413 (TCP Fast Open) on nghttpx proxy listening connections.
...
Fixed code as per PR comments
2015-10-05 13:40:45 -07:00
Tatsuhiro Tsujikawa
0155c9115a
nghttpx: Fix so that --padding option works again
2015-10-04 10:36:20 +09:00
Tatsuhiro Tsujikawa
2aa8d9642c
nghttpx: Fix crash on http2/client proxy mode
2015-09-30 23:45:43 +09:00
Tatsuhiro Tsujikawa
f150f9aec4
Fix compile error without BoringSSL
2015-09-29 23:45:13 +09:00
Tatsuhiro Tsujikawa
f0d2c9f94b
Compile with BoringSSL
...
Compile with BoringSSL except for neverbleed and libnghttp2_asio. The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL. The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa
a28aee058f
nghttpx: Don't need to trap SIGTERM and SIGINT signals
2015-09-29 00:07:29 +09:00
Tatsuhiro Tsujikawa
8acf9a2802
nghttpx: Trie based routing
2015-09-26 22:19:10 +09:00
Tatsuhiro Tsujikawa
044385ab6e
Add neverbleed support
...
neverbleed is disabled by default. To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa
6680d8b792
nghttpx: Call setsid after executing new binary
2015-09-25 00:55:08 +09:00
Tatsuhiro Tsujikawa
0b32df94a5
nghttpx: Log when worker process exits
2015-09-25 00:11:35 +09:00
Tatsuhiro Tsujikawa
c44587a70c
nghttpx: Use _Exit when exiting from child process
2015-09-24 23:57:24 +09:00
Tatsuhiro Tsujikawa
389a96483a
nghttpx: Fix improper signal handling
2015-09-24 23:43:24 +09:00
Tatsuhiro Tsujikawa
a54062bd5e
nghttpx: Fix output glitch
2015-09-24 00:11:02 +09:00