Commit Graph

426 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 76a425226f nghttpx: Use ImmutableString for pid_file 2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa 2b707bff27 nghttpx: Use ImmutableString for log file 2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa 9055323b67 nghttpx: Use ImmutableString for request_header_file and response_header_file 2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa ac81003669 nghttpx: Use ImmutableString for cert_file 2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa c999987baf nghttpx: Use ImmutableString for private_key_file 2016-02-14 22:17:10 +09:00
Tatsuhiro Tsujikawa 660bc389e6 nghttpx: Use ImmutableString for fetch_ocsp_response_file 2016-02-14 21:01:54 +09:00
Tatsuhiro Tsujikawa bfc26e8299 nghttpx: Use ImmutableString to store memcached server host 2016-02-14 20:59:10 +09:00
Tatsuhiro Tsujikawa 2d273f8237 nghttpx: Use StringRef for pattern paramter in Router::add_route 2016-02-14 18:55:53 +09:00
Tatsuhiro Tsujikawa a53f0f0a17 nghttpx: Refactor DownstreamAddrGroup and router API 2016-02-14 18:47:24 +09:00
Tatsuhiro Tsujikawa 1bd98dcf4f nghttpx: Remove user defined ctor/assignment op from DownstreamAddr 2016-02-14 18:31:08 +09:00
Tatsuhiro Tsujikawa eb0c82d91f nghttpx: More log output when resolving addresses for better debugging 2016-02-13 23:21:32 +09:00
Tatsuhiro Tsujikawa 72877379ec nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor of --backend-address-family 2016-02-13 19:09:39 +09:00
Tatsuhiro Tsujikawa c0078ab45a nghttpx: Add options to specify address family of memcached connections 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa 3a41e4dd1a nghttpx: Add encryption support for TLS ticket key retrieval 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa 3297a303bf nghttpx: Add client auth options for session cache memcached TLS connection 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa f1580f95d4 nghttpx: Add TLS support for session cache memcached connection 2016-02-13 18:46:07 +09:00
Tatsuhiro Tsujikawa 60c0c2dd56 src: Code cleanup 2016-02-07 18:41:38 +09:00
Tatsuhiro Tsujikawa 6d49110a33 Rename FrontendAddr as UpstreamAddr 2016-02-07 17:51:53 +09:00
Tatsuhiro Tsujikawa 15fa38c72f nghttpx: Rename backend_session_cache_per_worker as downstream_session_cache_per_worker 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa 6806196404 nghttpx: Update doc for HTTP/1 TLS backend connections 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa e763770f3e nghttpx: Add option to specify maximum number of session cache 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa bb4e2f6a24 nghttpx: Add TLS support for HTTP/1 backend 2016-02-07 17:43:30 +09:00
Tatsuhiro Tsujikawa 024d0d09ee nghttpx: Fix unexpected failure due to missing address family 2016-02-06 23:28:04 +09:00
Tatsuhiro Tsujikawa ee07694783 nghttpx: Add request-header-field-buffer and max-request-header-fields options
This commit adds request-header-field-buffer and
max-request-header-fields, and deprecates header-field-buffer and
max-header-fields options.
2016-02-06 17:22:23 +09:00
Tatsuhiro Tsujikawa 8741503db1 nghttpx: Add --no-http2-cipher-black-list to allow black listed cipher suite 2016-02-06 17:05:14 +09:00
Tatsuhiro Tsujikawa eec409dba7 nghttpx: Limit header fields from backend 2016-02-06 12:27:01 +09:00
Tatsuhiro Tsujikawa 35c3b36549 nghttpx: Document special value localhost in Forwarded "by" and "for" params 2016-02-01 23:34:07 +09:00
Tatsuhiro Tsujikawa aa07fe7fa6 nghttpx: Support multiple frontend addresses
This commit allows nghttpx to listen to multiple address and port pair
by specifying -f option multiple times.
2016-02-01 23:10:29 +09:00
Tatsuhiro Tsujikawa 85bb37ab7c Enable ConstructorInitializerAllOnOneLineOrOnePerLine for better diff 2016-01-27 21:14:07 +09:00
Tatsuhiro Tsujikawa efc3206ae0 nghttpx: Revert accidental change 2016-01-21 22:14:10 +09:00
Tatsuhiro Tsujikawa 497ffc6387 nghttpx: Change pushed stream's priority
By default, as RFC 7540 calls for, pushed stream depends on its
associated (parent) stream.  There are some situations that this is
sub-optimal.  For example, if associated stream is HTML, and server is
configured to push css and javascript files which are in critical
rendering path.  Then the default priority scheme is sub-optimal,
since browser typically blocks rendering while waiting for critical
resources.  In this case, it is better to at least give pushed stream
the same priority of associated stream, and interleave these streams.

This change gives pushed stream the same priority of associated stream
if pushed stream has content-type "application/javascript" or
"text/css".  The pushed stream now depends on the stream which
associated stream depends on.  We use the same weight of associated
stream.
2016-01-21 21:11:57 +09:00
Tatsuhiro Tsujikawa 5a3ca7e700 nghttpx: Disallow user defined static obfuscated string for "for" parameter 2016-01-21 21:05:07 +09:00
Tatsuhiro Tsujikawa 9ac3e643d8 Revert "nghttpx: Add --curves option to specify supported elliptic curves"
This reverts commit e278893b64.

SSL_CONF_CTX functions are not working correctly with OpenSSL 1.0.2.
It requires 1.1.0 to make it work.
2016-01-21 19:50:38 +09:00
Tatsuhiro Tsujikawa e278893b64 nghttpx: Add --curves option to specify supported elliptic curves 2016-01-21 18:23:13 +09:00
Tatsuhiro Tsujikawa 03f7f8cb9c nghttpx: About implicit conversion from ImmutableString and std::string to StringRef
This is required to avoid creation of temporary ImmutableString
like so:

std::string x;
ImmutableString y = ...;
StringRef ref = !x.empty() ? x : y;

First, temporary ImmutableString is created with x since
ImmutableString has constructor to accept std::string.  After
StringRef gets this, the temporary ImmutableString is destroyed, and
ref has dangling pointer.
2016-01-21 17:12:40 +09:00
Tatsuhiro Tsujikawa f44128774c nghttpx: Update doc 2016-01-19 21:01:34 +09:00
Tatsuhiro Tsujikawa f3946ae314 nghttpx: Remove assignment of zero values
Because of zero initialization, these assignments are unnecessary.
2016-01-19 17:27:56 +09:00
Tatsuhiro Tsujikawa 2f9946327a nghttpx: Fix bug that --listener-disable-timeout option is not used 2016-01-19 17:03:01 +09:00
Tatsuhiro Tsujikawa 0402481be4 nghttpx: Organize connection related configuration into struct 2016-01-19 16:56:12 +09:00
Tatsuhiro Tsujikawa 35feae3b0c nghttpx: Group up logging related options 2016-01-18 17:26:27 +09:00
Tatsuhiro Tsujikawa a053d10839 nghttpx: Move option handling code to separate function 2016-01-18 17:08:28 +09:00
Tatsuhiro Tsujikawa 16549bb276 nghttpx: Structured configurations for http and http2 2016-01-18 17:00:20 +09:00
Tatsuhiro Tsujikawa f3e1dc7a4f nghttpx: Structured TLS related configurations 2016-01-18 14:21:09 +09:00
Tatsuhiro Tsujikawa b12af8c410 nghttpx: Refactor backend proxy configuration 2016-01-17 22:51:40 +09:00
Tatsuhiro Tsujikawa 4f07db8bcb src: Rename our new string classes 2016-01-17 11:33:45 +09:00
Tatsuhiro Tsujikawa d16ff1f519 nghttpx: Use StringAdaptor for Config::server_name 2016-01-17 01:15:11 +09:00
Tatsuhiro Tsujikawa 34d5382d66 nghttpx: Use VString for DownstreamAddr::host and hostport to remember size 2016-01-17 00:52:41 +09:00
Tatsuhiro Tsujikawa 25570367b3 nghttpx: Document Forwarded related options 2016-01-16 11:58:02 +09:00
Tatsuhiro Tsujikawa d678c07ddf nghttpx: Allow user to specify static obfuscated value via command-line 2016-01-16 11:32:26 +09:00
Tatsuhiro Tsujikawa 5c3f74b424 nghttpx: Add RFC 7239 Forwarded header field support 2016-01-16 11:32:14 +09:00
Tatsuhiro Tsujikawa fe8005327a src: Make util::utos_with_unit and utos_with_funit names shorter 2016-01-11 18:12:31 +09:00
Tatsuhiro Tsujikawa 848f8fbe54 nghttpx: Don't apply max_header_fields and header_field_buffer limit to response
We modeled max_header_fields and header_field_buffer limit from Apache
configuration directives.  In Apache, they are only applied to request
header fields, while we applied both request and response.  Since
nghttpx is used as reverse proxy and backend server is relatively
"trusted", this commit removes the application to response header
fields.
2016-01-05 16:44:44 +09:00
Tatsuhiro Tsujikawa de247f7d33 src: Rename startsWith as starts_with 2015-11-28 00:42:51 +09:00
Tatsuhiro Tsujikawa 1753bea692 nghttpx: Support server push from HTTP/2 backend
This commits enables HTTP/2 server push from HTTP/2 backend to be
relayed to HTTP/2 frontend.  To use this feature, --http2-bridge or
--client is required.  Server push via Link header field contiues to
work.
2015-11-16 23:12:25 +09:00
Tatsuhiro Tsujikawa c711a80411 src: Fix typo
Apply typo fixes to the original source files in the previous commit
which were done in generated text.
2015-11-09 21:43:25 +09:00
Tatsuhiro Tsujikawa 6b0bde6c31 Update doc so that we can use hyperlink to referred options 2015-10-25 17:10:41 +09:00
Tatsuhiro Tsujikawa 9231a4ba57 nghttpx: Replace old script file options with --mruby-file 2015-10-25 17:05:15 +09:00
Tatsuhiro Tsujikawa 0b2c139eaa clang-format-3.5 2015-10-25 17:04:54 +09:00
Lucas Pardue dcc9aaaa24 Add TLS dynamic record size behaviour command line options 2015-10-22 14:07:18 +00:00
Tatsuhiro Tsujikawa 48edbc8687 nghttpx: Reduce default timeouts for read sockets to 1m 2015-10-18 00:15:58 +09:00
Tatsuhiro Tsujikawa eff3dfd50b src: Move exception handling code to one function 2015-10-17 23:34:05 +09:00
Tatsuhiro Tsujikawa 5594e3df25 src: Handle exception in main 2015-10-17 11:52:33 +09:00
Tatsuhiro Tsujikawa 85bc696c38 nghttpx: Add error handling for strdup and sigaction 2015-10-16 22:33:48 +09:00
Tatsuhiro Tsujikawa 338b4ba739 nghttpx: Don't use units to display fastopen default 2015-10-14 23:45:56 +09:00
Tatsuhiro Tsujikawa 41710bfc7e nghttpx: Add description about error message when TLS protocols do not overlap 2015-10-14 23:23:43 +09:00
Tatsuhiro Tsujikawa 0e87d464a2 clang-format 2015-10-14 23:23:34 +09:00
Tatsuhiro Tsujikawa f1eb7638d1 nghttpx: Change mruby script handling
This commit changes nghttpx's mruby script handling.  Previously we
have 2 options to specify the mruby script file to be run on request
and on response.  Now they are merged into 1 option, namely
--mruby-file.  It now must return object.  On request, the object's
on_req(env) method is invoked with env object.  Similarly, on
response, the object's on_resp(env) method is invoked.  The
specification of Env object has not changed.
2015-10-08 23:32:15 +09:00
Peeyush Aggarwal 349f3e2c7b Added support for RFC 7413 (TCP Fast Open) on nghttpx proxy listening connections.
Fixed code as per PR comments
2015-10-05 13:40:45 -07:00
Tatsuhiro Tsujikawa 0155c9115a nghttpx: Fix so that --padding option works again 2015-10-04 10:36:20 +09:00
Tatsuhiro Tsujikawa 2aa8d9642c nghttpx: Fix crash on http2/client proxy mode 2015-09-30 23:45:43 +09:00
Tatsuhiro Tsujikawa f150f9aec4 Fix compile error without BoringSSL 2015-09-29 23:45:13 +09:00
Tatsuhiro Tsujikawa f0d2c9f94b Compile with BoringSSL
Compile with BoringSSL except for neverbleed and libnghttp2_asio.  The
former uses ENGINE and RSA_METHOD, and they are quite different
between OpenSSL and BoringSSL.  The latter uses boost::asio, which
calls OpenSSL functions deleted in BoringSSL.
2015-09-29 23:38:17 +09:00
Tatsuhiro Tsujikawa a28aee058f nghttpx: Don't need to trap SIGTERM and SIGINT signals 2015-09-29 00:07:29 +09:00
Tatsuhiro Tsujikawa 8acf9a2802 nghttpx: Trie based routing 2015-09-26 22:19:10 +09:00
Tatsuhiro Tsujikawa 044385ab6e Add neverbleed support
neverbleed is disabled by default.  To enable it, use
--with-neverbleed configure option.
2015-09-26 19:01:31 +09:00
Tatsuhiro Tsujikawa 6680d8b792 nghttpx: Call setsid after executing new binary 2015-09-25 00:55:08 +09:00
Tatsuhiro Tsujikawa 0b32df94a5 nghttpx: Log when worker process exits 2015-09-25 00:11:35 +09:00
Tatsuhiro Tsujikawa c44587a70c nghttpx: Use _Exit when exiting from child process 2015-09-24 23:57:24 +09:00
Tatsuhiro Tsujikawa 389a96483a nghttpx: Fix improper signal handling 2015-09-24 23:43:24 +09:00
Tatsuhiro Tsujikawa a54062bd5e nghttpx: Fix output glitch 2015-09-24 00:11:02 +09:00
Tatsuhiro Tsujikawa 2be6a94d70 nghttpx: Show textual signal description when worker process exited 2015-09-22 21:21:40 +09:00
Tatsuhiro Tsujikawa e77f9d95d3 nghttpx: Set CLOEXEC for ipc fds 2015-09-22 19:52:35 +09:00
Tatsuhiro Tsujikawa 87a38bdf8d nghttpx: Chown UNIX domain socket to user specified as --user 2015-09-22 18:34:03 +09:00
Tatsuhiro Tsujikawa 03bb58006b nghttpx: Extract several chown() usages into 1 function 2015-09-22 18:32:40 +09:00
Tatsuhiro Tsujikawa ab824d1230 nghttpx: Add missing sys/wait.h 2015-09-19 19:50:29 +09:00
Tatsuhiro Tsujikawa dbbc7296f5 strdup is not required here 2015-09-18 23:28:27 +09:00
Tatsuhiro Tsujikawa ce1b11e3a0 nghttpx: Split monolithic one process into control and worker processes
The control process handles signals, reads configuration, reads
private keys, and bind port (which may be privileged one).  It never
drop privileges, so that it can execute new binary with the same
privilege.  It forks worker process.  The worker process handles all
incoming connections.  It drops privilege.
2015-09-18 23:28:26 +09:00
Lucas Pardue ec47dfb9b8 Initial HTTP/1.1 capability. Add npn-list option to h2load. Make NPN/ALPN more runtime dependent 2015-09-17 14:49:27 +00:00
Tatsuhiro Tsujikawa 33601f1a51 nghttpx: Fix compile error with --disable-threads 2015-09-13 00:42:59 +09:00
Tatsuhiro Tsujikawa f8c1da7f3c nghttpx: Add --accept-proxy-protocol usage to help message 2015-09-06 23:27:07 +09:00
Tatsuhiro Tsujikawa ce53bd239e nghttpx: Implement PROXY protocol version 1
Use --accept-proxy-protocol to enable PROXY protocol handling
2015-09-06 21:30:19 +09:00
Tatsuhiro Tsujikawa 39287314d3 nghttpx: Fix missing `break` 2015-09-06 18:34:10 +09:00
Tatsuhiro Tsujikawa c30d252f94 nghttpx: Show warning if certain feature is not compiled in 2015-09-06 16:59:57 +09:00
Tatsuhiro Tsujikawa d722a09581 nghttpx: Rename mruby script options 2015-09-04 01:19:57 +09:00
Tatsuhiro Tsujikawa 14f5240d8f nghttpx: Update doc 2015-09-03 01:37:47 +09:00
Tatsuhiro Tsujikawa baadec5ef4 nghttpx: Add response mruby hook 2015-09-03 01:33:52 +09:00
Tatsuhiro Tsujikawa 1508c50a45 nghttpx: Add basic infrastructure for mruby support 2015-09-02 02:45:15 +09:00
Tatsuhiro Tsujikawa e1f7643c92 nghttpx: Fix memory leak 2015-09-02 02:07:29 +09:00
Tomasz Buchert 97566ce4e3 nghttpx: make early copy of stderr 2015-08-13 11:01:37 +02:00
Tomasz Buchert 900dcf4ced nghttpx: remove Android-specific code 2015-08-12 20:17:03 +02:00