walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
5,244 Commits 28 Branches 113 Tags 39 MiB
Commit Graph

57 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa e2906025c8 nghttpx: Don't exit from save_pid and set_alpn_prefs 2016-07-31 20:35:10 +09:00
Tatsuhiro Tsujikawa aced5b3b6c nghttpx: Fix memory leak from CertLookupTree 2016-06-25 23:47:22 +09:00
Tatsuhiro Tsujikawa 3e14f0d8a5 nghttpx: Fix compile error with openssl 1.0.1 
openssl lacks SSL_CTX_get0_certificates().
 2016-06-25 23:35:37 +09:00
Tatsuhiro Tsujikawa f7c0d48152 nghttpx: Rewrite CertLookupTree using Router 2016-06-25 22:52:01 +09:00
Tatsuhiro Tsujikawa 845aa7a710 nghttpx: Share downstream config object 
This is the unit of sharing configurations to change
 2016-06-03 19:57:43 +09:00
Tatsuhiro Tsujikawa 4aa4fe56e1 nghttpx: Destroy SSL object, and always lookup TLS session cache 2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa 0875e66aab src: Remove streq(const char *) overload 2016-03-25 00:02:07 +09:00
Tatsuhiro Tsujikawa 4dfae3484f nghttpx: Refactor CertLookupTree interface 2016-03-24 23:35:15 +09:00
Tatsuhiro Tsujikawa 372123c178 nghttpx: Remove strieq(const char*, cosnt char*) overload, and fix unittests 2016-03-24 23:34:56 +09:00
Tatsuhiro Tsujikawa eec0b04a33 nghttpx: Enable/disable TLS per frontend address 
This change allows user to disable TLS per frontend address using
no-tls keyword in --frontend option.  We removed --frontend-no-tls in
favor of this new feature.
 2016-03-23 23:56:09 +09:00
Tatsuhiro Tsujikawa 58b06f32a2 nghttpx: Configure TLS per backend routing pattern 
We added "tls" parameter to --backend option to enable TLS on that
backend connection.  --backend-tls options was deprecated, now is
noop.
 2016-03-23 22:56:18 +09:00
Tatsuhiro Tsujikawa 1832f78684 nghttpx: Move downstream proto to DownstreamAddrGroup 2016-02-28 16:56:14 +09:00
Tatsuhiro Tsujikawa f2a7275700 nghttpx: Cache TLS session inside DownstreamAddr object 2016-02-21 16:35:43 +09:00
Tatsuhiro Tsujikawa dfc02843b6 src: Rename and rewrite numeric_hostport as to_numeric_addr and support AF_UNIX path 2016-02-21 15:28:11 +09:00
Tatsuhiro Tsujikawa 3297a303bf nghttpx: Add client auth options for session cache memcached TLS connection 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa f1580f95d4 nghttpx: Add TLS support for session cache memcached connection 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa 82f942c3a3 nghttpx: Parameterize configuration values for client side TLS context 2016-02-11 18:34:31 +09:00
Tatsuhiro Tsujikawa 6d49110a33 Rename FrontendAddr as UpstreamAddr 2016-02-07 17:51:53 +09:00
Tatsuhiro Tsujikawa aa07fe7fa6 nghttpx: Support multiple frontend addresses 
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
 2016-02-01 23:10:29 +09:00
Tatsuhiro Tsujikawa dbbf3a4a10 nghttpx: Refactor TLS hostname match 2016-01-16 23:54:21 +09:00
Tatsuhiro Tsujikawa 566b0476d7 nghttpx: Enable neverbleed for client private key; don't run nb without TLS 2015-09-26 21:28:46 +09:00
Tatsuhiro Tsujikawa 044385ab6e Add neverbleed support 
neverbleed is disabled by default.  To enable it, use
--with-neverbleed configure option.
 2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa ff44e211ed nghttpx: Fix tls handshake bug 
This fixes 2 things:
1. potential busy loop
2. disabling ticket is not working after resumption
 2015-08-09 18:33:49 +09:00
Tatsuhiro Tsujikawa d0a37d59a5 nghttpx: Disable TLS session ticket if ticket key is not available 2015-07-29 20:38:49 +09:00
Tatsuhiro Tsujikawa 90b4b48c7e nghttpx: Add shared session cache using memcached 2015-07-26 23:33:06 +09:00
Tatsuhiro Tsujikawa a8574fdef2 nghttpx: Use Use std::string instead of std::unique_ptr<char[]> for tls config 2015-07-20 23:15:01 +09:00
Tatsuhiro Tsujikawa dd8ce1e9d2 nghttpx: Use std::unique_ptr<char[]> instead of raw char pointer 2015-07-20 21:37:23 +09:00
Tatsuhiro Tsujikawa 3119fc259c Select backend based on request host and path by extending -b option 
-b option syntax is now <HOST>,<PORT>[;<PATTERN>[:...]].  The optional
<PATTERN>s specify the request host and path it is used for.  The
<PATTERN> can contain path, host + path or host.  The matching rule is
closely designed to ServeMux in Go programming language.
 2015-07-11 00:15:52 +09:00
Tatsuhiro Tsujikawa 532bffdb01 nghttpx: Minimize critical section for shared ocsp response 2015-06-12 21:27:12 +09:00
Tatsuhiro Tsujikawa 590a5c3ff3 Fix typo 2015-06-05 00:18:29 +09:00
Tatsuhiro Tsujikawa d247470da2 nghttpx: Rewrite ocsp without thread 
Since libev handles SIGCHLD, using waitpid in separate thread to wait
for the completion of fetch-ocsp-response script process is undefined.
This commit rewrite ocsp handling code so that it utilizes libev
ev_child watcher and perform ocsp update without thread.
 2015-04-09 01:03:28 +09:00
Tatsuhiro Tsujikawa 4bc9afe20a nghttpx: Add OCSP stapling feature 2015-03-30 23:58:28 +09:00
Tatsuhiro Tsujikawa ae0100a9ab nghttpx: Refactor worker interface 2015-02-11 22:49:03 +09:00
Tatsuhiro Tsujikawa b165775811 nghttpx: Refactor CertLookupTree 2015-02-06 21:25:43 +09:00
Tatsuhiro Tsujikawa 1e4f8f27fd nghttpx: Add --tls-ctx-per-worker option 
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it.  We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine.  Good side of sharing SSL_CTX across threads is
we can share session ID pool.

If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks.  The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread.  But we have now session
ticket enabled and its keys are shared by all threads.
 2015-01-13 00:25:02 +09:00
Tatsuhiro Tsujikawa 0ea041e8cb nghttpx: Add doc and clean up 2015-01-12 22:47:30 +09:00
Tatsuhiro Tsujikawa bfac015d61 src: Use libev for rest of the applications 2015-01-03 00:19:41 +09:00
Tatsuhiro Tsujikawa b607a22076 nghttpx: Support multiple HTTP/1 backend address 
For HTTP/1 backend, -b option can be used several times to specify
multiple backend address.  HTTP/2 backend does not support multiple
addresses and only uses first address even if multiple addresses are
specified.
 2014-12-06 19:30:27 +09:00
Tatsuhiro Tsujikawa b1f807abd1 Reformat lines with clang-format-3.5 2014-11-27 23:56:30 +09:00
Tatsuhiro Tsujikawa 20de432725 nghttpx: Pool http downstream connection per thread 2014-10-13 21:09:00 +09:00
Tatsuhiro Tsujikawa 479e15469c nghttpx: Add worker-frontend-connections option 2014-06-26 22:55:22 +09:00
Tatsuhiro Tsujikawa c204861dec nghttpx: Create NPN prefs only once 2014-06-10 23:22:23 +09:00
Tatsuhiro Tsujikawa 0fd5b2aa32 nghttpx: Use std::vector for tls_proto_list and npn_list 
Now SSL/TLS option mask to disable particular SSL/TLS protocol
versions are pre-calculated and stored in Config.
 2014-06-08 23:09:44 +09:00
Tatsuhiro Tsujikawa 6c66bd5c7c ALPN: Do not negotiate HTTP/2 unless TLSv1.2 or TLSv1.1 was used 2014-04-26 22:37:48 +09:00
Tatsuhiro Tsujikawa ab2dc5967d Replace HTTP/2.0 with HTTP/2 2014-03-30 19:26:37 +09:00
Tatsuhiro Tsujikawa a457d2a138 h2load, nghttp: Use SNI field for non-numeric host 2014-03-15 15:32:38 +09:00
Tatsuhiro Tsujikawa d074cb611f nghttpx: Add rate limit per worker thread 
The existing options --{read,write}-{rate,burst} are per connection.
The new options --worker-{read,write}-{rate,burst} are per worker
thread, which is overall rate limit of all connections worker handles.
 2014-03-09 14:53:28 +09:00
Tatsuhiro Tsujikawa d4ea2418d8 nghttpx: Use LibsslGlobalLock 2014-03-04 21:33:43 +09:00
Tatsuhiro Tsujikawa 20877b1107 nghttpx: Don't allow application protocol not listed in --npn-list option 2014-01-02 00:53:07 +09:00
Tatsuhiro Tsujikawa 0edce70343 Rebranding nghttp2 2013-07-13 00:43:06 +09:00