d678c07ddf
nghttpx: Allow user to specify static obfuscated value via command-line
2016-01-16 11:32:26 +09:00
5c3f74b424
nghttpx: Add RFC 7239 Forwarded header field support
2016-01-16 11:32:14 +09:00
486dba8d8a
nghttpx: Strict validation for header fields given in configuration
2015-12-25 20:57:24 +09:00
5ec6066fdd
header value should not be inp_strlower
...
http header keys are case-insensitive, but header values are case-sensitive, so it should not be changed.
2015-12-25 11:03:55 +08:00
ba9e912cf6
src: Rename isAlpha, isDigit, and isHexDigit as is_...
2015-11-28 00:42:51 +09:00
de247f7d33
src: Rename startsWith as starts_with
2015-11-28 00:42:51 +09:00
1ba28bef1f
util: Remove unused functions; rename regacy camel-case function names
2015-11-28 00:42:51 +09:00
c0858d8c1a
src: Minor optimization for appending single character
2015-11-28 00:03:16 +09:00
ac41946533
nghttpx: Use NGHTTP2_NV_FLAG_NO_COPY_NAME and NGHTTP2_NV_FLAG_NO_COPY_VALUE
...
For both HTTP/2 frontend and backend.
Also adds http2::stringify_status to optimize status code
serialization.
2015-11-05 23:47:11 +09:00
d9f73c36c3
nghttpx: Log :authority as $http_host if available
2015-10-28 23:12:16 +09:00
dcc9aaaa24
Add TLS dynamic record size behaviour command line options
2015-10-22 14:07:18 +00:00
54bf225692
clang-format-3.5
2015-10-15 21:42:11 +09:00
f1eb7638d1
nghttpx: Change mruby script handling
...
This commit changes nghttpx's mruby script handling. Previously we
have 2 options to specify the mruby script file to be run on request
and on response. Now they are merged into 1 option, namely
--mruby-file. It now must return object. On request, the object's
on_req(env) method is invoked with env object. Similarly, on
response, the object's on_resp(env) method is invoked. The
specification of Env object has not changed.
2015-10-08 23:32:15 +09:00
349f3e2c7b
Added support for RFC 7413 (TCP Fast Open) on nghttpx proxy listening connections.
...
Fixed code as per PR comments
2015-10-05 13:40:45 -07:00
8acf9a2802
nghttpx: Trie based routing
2015-09-26 22:19:10 +09:00
ec47dfb9b8
Initial HTTP/1.1 capability. Add npn-list option to h2load. Make NPN/ALPN more runtime dependent
2015-09-17 14:49:27 +00:00
ce53bd239e
nghttpx: Implement PROXY protocol version 1
...
Use --accept-proxy-protocol to enable PROXY protocol handling
2015-09-06 21:30:19 +09:00
c30d252f94
nghttpx: Show warning if certain feature is not compiled in
2015-09-06 16:59:57 +09:00
d722a09581
nghttpx: Rename mruby script options
2015-09-04 01:19:57 +09:00
baadec5ef4
nghttpx: Add response mruby hook
2015-09-03 01:33:52 +09:00
1508c50a45
nghttpx: Add basic infrastructure for mruby support
2015-09-02 02:45:15 +09:00
a1288a5826
nghttpx: Rename --tls-ticket-cipher as --tls-ticket-key-cipher
2015-07-28 23:49:37 +09:00
a6fdca730d
nghttpx: Add options to set maximum retry and failure when getting ticket keys
2015-07-28 01:17:29 +09:00
4949dd4888
nghttpx: Add --tls-ticket-key-memcached-interval option
2015-07-28 01:02:33 +09:00
2f2a300e83
nghttpx: Add TLS ticket key sharing among nghttpx instances using memcached
2015-07-28 00:54:44 +09:00
e3cdfd12ea
nghttpx: Use std::array for TicketKey
2015-07-27 02:12:07 +09:00
cd25c6846e
nghttpx: Create struct Address which holds struct sockaddr_union and length
2015-07-27 01:41:10 +09:00
90b4b48c7e
nghttpx: Add shared session cache using memcached
2015-07-26 23:33:06 +09:00
cab6c7871c
nghttpx: Don't rewrite host header field by default
...
In reverse proxy usage, backend server most likely wants to see the
original header field. So this commit turns off host header rewrite
by default. --no-host-rewrite option is deprecated, and if it is
used, warning message is displayed. --host-rewrite option is added to
enable host rewrite.
2015-07-23 23:54:56 +09:00
a8574fdef2
nghttpx: Use Use std::string instead of std::unique_ptr<char[]> for tls config
2015-07-20 23:15:01 +09:00
dd8ce1e9d2
nghttpx: Use std::unique_ptr<char[]> instead of raw char pointer
2015-07-20 21:37:23 +09:00
ca3444c34c
Fix compile error/warnings with gcc-4.7
2015-07-19 20:50:14 +09:00
5dc060c1a2
src: Use C++11 value-initialization, instead of memset-ing 0
2015-07-19 17:55:37 +09:00
e8167ceea7
nghttpx: Add AES-256-CBC encryption for TLS session ticket
2015-07-18 02:02:33 +09:00
326ac31a23
nghttpx: Update doc
2015-07-14 23:45:50 +09:00
4fed7a1476
nghttpx: Refactor log format parsing
2015-07-14 23:36:44 +09:00
8c1e863523
nghttpx: Refactor option name lookup
2015-07-14 23:21:38 +09:00
27da08ee68
nghttpx: Add inline LogFragment ctor
2015-07-14 22:43:02 +09:00
0a6877d091
nghttpx: Supply template version strcopy
2015-07-14 22:40:33 +09:00
7f7b6d641d
nghttpx: Allow log variable to be enclosed by curly braces
2015-07-14 22:25:52 +09:00
fb7775e382
nghttpx: Detect loop in --include paths
2015-07-13 21:44:06 +09:00
3097547491
nghttpx: Add --include option to read additional configuration from given file
2015-07-12 23:18:36 +09:00
1a63cd94aa
nghttpx: Pass by reference, since it just get copied there
2015-07-11 17:30:38 +09:00
e7724914a9
nghttpx: Less copy when matching path
2015-07-11 16:46:13 +09:00
19e47a1922
nghttpx: Normalize path when setting it to Downstream
2015-07-11 16:12:35 +09:00
c2e4ed9624
nghttpx: Deal with the path without trailing slash on pattern match
...
If pattern ends with '/', and pattern and path matches without that
slash, we consider they match to deal with request to the directory
without trailing slash. That is if pattern is "/foo/" and path is
"/foo", we consider they match.
2015-07-11 12:43:48 +09:00
d457f39b1e
nghttpx: Fix unix domain backend
2015-07-11 02:41:33 +09:00
6d556755ee
Attemp to fix travis build error
2015-07-11 02:08:16 +09:00
3119fc259c
Select backend based on request host and path by extending -b option
...
-b option syntax is now <HOST>,<PORT>[;<PATTERN>[:...]]. The optional
<PATTERN>s specify the request host and path it is used for. The
<PATTERN> can contain path, host + path or host. The matching rule is
closely designed to ServeMux in Go programming language.
2015-07-11 00:15:52 +09:00
515c313073
nghttpx: Add $ssl_session_reused log variable
...
The syntax for this variable is the same as nginx: if SSL/TLS session
was reused, "r" is produced. Otherwise ".".
2015-06-28 22:15:04 +09:00
197493afd4
nghttpx: Add log variables related to SSL/TLS connection
...
This commit add following 3 log variables to SSL/TLS connection:
$ssl_cipher, $ssl_protocol, $ssl_session_id. If no information is
available for them, '-' is produced for each.
2015-06-28 16:44:34 +09:00
b06e339dbb
Prepare for IRIX support, port relevant change from spdylay
2015-06-27 17:51:07 +09:00
00efa86fb6
nghttpx: Add --add-request-header option
2015-06-05 23:04:20 +09:00
3d59c6c0b7
nghttpx: Use defined string iteral when defining long_options
2015-05-29 22:48:46 +09:00
38cfc5c47c
Check more headers and funcs
2015-05-13 23:29:20 +09:00
552f675466
nghttpx: Add --header-field-buffer and --max-header-fields options
2015-04-29 21:10:59 +09:00
1442b1bd0a
nghttpx: Remove --tls-ctx-per-worker option
...
--tls-ctx-per-worker option does not work well of OCSP stapling. Also
it makes session ID useless.
2015-03-31 00:42:21 +09:00
4bc9afe20a
nghttpx: Add OCSP stapling feature
2015-03-30 23:58:28 +09:00
93013f4205
nghttpx: Remove --backend-http2-connection-check option, enable it by default
2015-03-11 00:22:05 +09:00
0e3ae63965
nghttpx: Add --backend-http2-connections-per-worker
2015-03-10 23:43:25 +09:00
41e266181e
nghttpx: Attempt to improve HTTP/2 backend connection check
...
It turns out that writing successfully to network is not enough.
After apparently successful network write, read fails and then we
first know network has been lost (at least my android mobile network).
In this change, we say connection check is successful only when
successful read. We already send PING in this case, so we just wait
PING ACK with short timeout. If timeout has expired, drop connection.
Since waiting for PING ACK could degrade performance for fast reliably
connected network, we decided to disable connection check by default.
Use --backend-http2-connection-check to enable it.
2015-03-09 23:37:54 +09:00
6a2e6b744f
Update shrpx_config.cc
...
declaration of make_socket_closeonexec need the proper scope here, it was there per request at https://github.com/tatsuhiro-t/nghttp2/pull/142 , not sure why is was removed.
2015-03-02 17:14:09 -03:00
da2376effd
nghttpx: Add host_unix field to DownstreamAddr to tell it is UNIX domain sock
2015-02-22 17:25:23 +09:00
0c4ae3dea5
nghttpx: Support UNIX domain socket on frontend
...
This commit also fixes environment variables used to tell inherited
file descriptors to new binary are stacked up each time new binary is
executed.
2015-02-22 17:25:23 +09:00
e457c9a414
src: Add util::strieq_l
2015-02-22 15:32:48 +09:00
997f9233bc
nghttpx: Support UNIX domain socket in backend connections
2015-02-22 12:27:51 +09:00
502b552b68
nghttpx: Add --no-server-push option
2015-02-08 16:19:12 +09:00
54851ef7a6
src: Move make_unique to nghttp2 namespace
2015-02-06 00:15:43 +09:00
a68c4c1e3c
nghttpx: Add --no-host-rewrite option
2015-02-04 01:42:26 +09:00
0a0618baac
nghttpx: Add test for util::duration_str, rename util::parse_duration_with_unit
2015-01-29 23:28:47 +09:00
d1a4002b22
nghttpx: Remove --accept-delay and --num-accept options
2015-01-29 20:58:47 +09:00
3167aa4081
nghttpx: set the supplementary group access list
2015-01-28 20:56:05 +09:00
6a39de0ae5
nghttpx: Accept s or ms as unit for <T> argument
2015-01-28 00:36:44 +09:00
402ebb277f
nghttpx: Add --num-accept and --accept-delay options
2015-01-27 23:47:56 +09:00
7ea8037ee1
Use fcntl and FD_CLOEXEC if O_CLOEXEC is undefined
...
Same reported at #87 but at src/shrpx_config.cc src/instead of util.cc
2015-01-23 21:17:06 +09:00
f004361ef2
nghttpx: Add --backend-request-buffer option
2015-01-13 23:30:28 +09:00
d6db38a318
nghttpx: Clean up integer configuration range checking
2015-01-13 23:23:35 +09:00
c88a5291b7
nghttpx: Add --backend-response-buffer option
2015-01-13 23:20:06 +09:00
956c11388c
nghttpx: Allow units (k, m, and g) in --{read,write}-{rate,burst}
...
So that you can specify --read-rate=1M --read-burst=4M
2015-01-13 21:54:53 +09:00
1e4f8f27fd
nghttpx: Add --tls-ctx-per-worker option
...
When same SSL_CTX is used by multiple thread simultaneously we have to
setup some number of mutex locks for it. We could not check how this
locking affects scalability since we have 4 cores at best in our
development machine. Good side of sharing SSL_CTX across threads is
we can share session ID pool.
If --tls-ctx-per-worker is enabled, SSL_CTX is created per thread
basis and we can eliminate mutex locks. The downside is session ID is
no longer shared, which means if session ID generated by one thread
cannot be acceptable by another thread. But we have now session
ticket enabled and its keys are shared by all threads.
2015-01-13 00:25:02 +09:00
0ca979b453
nghttpx: Add --rlimit-nofile option
2015-01-10 23:17:48 +09:00
08e8cc1915
nghttpx: Add --tls-ticket-key-file option
...
This option specifies files contains 48 random bytes to construct
session ticket key data. This option can be used repeatedly to
specify multiple keys, but only the first one is used to encrypt
tickets.
2015-01-08 01:26:30 +09:00
52f3572d5b
nghttpx: Enable TLS session tickets with session key rotation every 12hrs
2015-01-08 00:01:09 +09:00
d3a606e9d9
nghttpx: open_file_for_write: Use O_CLOEXEC flag
2015-01-07 00:25:10 +09:00
7db1864766
nghttpx: Add --backend-http1-connections-per-frontend option
2015-01-03 00:19:41 +09:00
a55a07940c
nghttpx: Show not implemented warning for per wroker rate limit
2015-01-03 00:19:41 +09:00
bfac015d61
src: Use libev for rest of the applications
2015-01-03 00:19:41 +09:00
b607a22076
nghttpx: Support multiple HTTP/1 backend address
...
For HTTP/1 backend, -b option can be used several times to specify
multiple backend address. HTTP/2 backend does not support multiple
addresses and only uses first address even if multiple addresses are
specified.
2014-12-06 19:30:27 +09:00
9614611969
nghttpx: Limit # of downstream connections per host when h2 proxy is used
...
This commit limits the number of concurrent HTTP/1 downstream
connections to same host. By defualt, it is limited to 8 connections.
--backend-connections-per-frontend option was replaced with
--backend-http1-connections-per-host, which changes the maximum number
of connections per host. This limitation only kicks in when h2 proxy
is used (-s option).
2014-12-05 01:47:03 +09:00
b1f807abd1
Reformat lines with clang-format-3.5
2014-11-27 23:56:30 +09:00
9bba616426
nghttpx: Add $alpn variable to accesslog formatting
...
$alpn is a variable which represents ALPN identifier of the protocol
which generates the response.
2014-11-24 15:24:09 +09:00
1fe50f272b
nghttpx: Add $pid to --accesslog-format variable
...
$pid refers to the PID of the running process.
2014-11-24 14:34:43 +09:00
9cf1a0c77c
Add features to logging, client and server port,
...
time_iso8601 and request_time.
2014-11-23 20:37:51 +00:00
958cd0de64
nghttpx: Add configurable access logging format
...
This commit adds functionality to customize access logging format in
nghttpx. The format variables are inspired by nginx. The default
format is combined format.
2014-11-19 01:29:55 +09:00
ce71e65aee
nghttpx: Replace WARNING with WARN for consistency
2014-11-08 10:51:56 +09:00
9ea4905f68
Added X-Forwarded-For header stripping option to nghttpx
2014-10-27 10:23:20 +00:00
a23a705121
nghttpx: Strict integer config validation
2014-08-27 23:36:36 +09:00
822ec75814
nghttpx: Add --listener-disable-timeout option
2014-08-27 22:34:00 +09:00
c81e87bf37
nghttpx: Fix dereference after null check
2014-08-20 00:17:50 +09:00
5d2390deba
nghttpx: Bring per-connection rate limit back
...
--read-burst=0 still does not work. But specifying n > 0 workarounds
this.
2014-08-17 16:17:10 +09:00
Tatsuhiro Tsujikawa
ayanamist
Lucas Pardue
Peeyush Aggarwal
acesso
Fabian Möller