Commit Graph

142 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa 958cd0de64 nghttpx: Add configurable access logging format
This commit adds functionality to customize access logging format in
nghttpx.  The format variables are inspired by nginx.  The default
format is combined format.
2014-11-19 01:29:55 +09:00
Tatsuhiro Tsujikawa 5ce8ae79f0 nghttpx: Disable spdy/3 and spdy/2 by default 2014-11-14 23:16:06 +09:00
Tatsuhiro Tsujikawa ce71e65aee nghttpx: Replace WARNING with WARN for consistency 2014-11-08 10:51:56 +09:00
Tatsuhiro Tsujikawa 1119701071 nghttpx: Fix -L option help message
WARNING should be WARN.
2014-11-08 10:45:58 +09:00
Lucas Pardue a067eb02a5 Add LOG_NOTICE level logging for application lifecycle events 2014-11-06 14:32:56 +00:00
Tatsuhiro Tsujikawa be1a513c59 nghttpx: Shut up scan-build 2014-10-30 22:36:22 +09:00
Lucas Pardue 9ea4905f68 Added X-Forwarded-For header stripping option to nghttpx 2014-10-27 10:23:20 +00:00
Tatsuhiro Tsujikawa c6cfcc3c30 src: Disable insecure SSLv3 2014-10-22 23:14:07 +09:00
Tatsuhiro Tsujikawa 8fffa05513 src: Fix possible heap-use-after free for OpenSSL global locking
This is simply programming error, but it is interesting that using
libstdc++ does not reveal this error.  With clang++-libc++, we got
std::system_error: mutex lock faild: Invalid argument.  This is
because we did not give a name to lock object, so it is immediately
destructed.  I think this will fix the reported crash on Mac OSX.
2014-10-14 21:47:07 +09:00
Svante Signell df875db989 Avoid PATH_MAX by using getcwd(nullptr, 0) as supported by modern glibc-based OSes. 2014-10-03 21:58:15 +09:00
Tatsuhiro Tsujikawa f8471a5f45 nghttpx: Move --backend-http-proxy-uri to Connections section 2014-08-27 23:37:54 +09:00
Tatsuhiro Tsujikawa 822ec75814 nghttpx: Add --listener-disable-timeout option 2014-08-27 22:34:00 +09:00
Tatsuhiro Tsujikawa 9ad2c0887e nghttpx: Use _Exit() instead of exit() when execve is failed in child process 2014-08-23 18:15:47 +09:00
Tatsuhiro Tsujikawa c7e9fe8154 nghttpx: Implement connection blocker for HTTP/1 backend 2014-08-19 23:36:04 +09:00
Tatsuhiro Tsujikawa fb62a5ed4f nghttpx: Use pointer for worker_config 2014-08-19 22:29:44 +09:00
Tatsuhiro Tsujikawa 2fb675f13c nghttpx: Open default log files for errors occurred while parsing options 2014-08-17 22:37:30 +09:00
Tatsuhiro Tsujikawa eebd1f5492 nghttpx: Add some more info about prohibition of --read-burst=0 2014-08-17 22:31:44 +09:00
Tatsuhiro Tsujikawa 86dd1519b4 nghttpx: Android specific hack for special files for logging
Android lacks /dev/stderr, so directly use /proc/self/fd/2 as default
errorlog-file.  Android does not like O_APPEND for /proc/self/fd/1 and
/proc/self/fd/2, so omit the flag for these paths.
2014-08-17 19:01:51 +09:00
Tatsuhiro Tsujikawa 5d2390deba nghttpx: Bring per-connection rate limit back
--read-burst=0 still does not work.  But specifying n > 0 workarounds
this.
2014-08-17 16:17:10 +09:00
Tatsuhiro Tsujikawa 3c056973a1 nghttpx: Ignore SIGCHLD not to create zombie on SIGUSR2 if -D is used 2014-08-17 00:05:24 +09:00
Tatsuhiro Tsujikawa 0e8419ac37 nghttpx: Add backend-connections-per-frontend option
This option limits the number of backend connections per frontend.
This is meaningful for the combination of HTTP/2 and SPDY frontend and
HTTP/1 backend.
2014-08-16 22:24:17 +09:00
Tatsuhiro Tsujikawa 7b85f6c50d nghttpx: Store errno to a variable temporarly 2014-08-13 22:13:08 +09:00
Tatsuhiro Tsujikawa ca680c16e3 nghttpx: Chown file to effective user 2014-08-13 01:53:44 +09:00
Tatsuhiro Tsujikawa bf13d91264 nghttpx: Add hot deploy feature
nghttpx supports hot deploy feature using signals.  The host deploy in
nghttpx is multi step process.  First send USR2 signal to nghttpx
process.  It will do fork and execute new executable, using same
command-line arguments and environment variables.  At this point, both
current and new processes can accept requests.  To gracefully shutdown
current process, send QUIT signal to current nghttpx process.  When
all existing frontend connections are done, the current process will
exit.  At this point, only new nghttpx process exists and serves
incoming requests.
2014-08-13 00:43:54 +09:00
Tatsuhiro Tsujikawa 8aa6580d89 nghttpx: Chown log files with --user 2014-08-10 20:58:02 +09:00
Tatsuhiro Tsujikawa 24cfb52b5a nghttpx: Add --no-location-rewrite option
--no-location-rewrite option disallows location header rewrite on
--http2-bridge, --client and default mode.  This option is useful when
connecting nghttpx proxy with --http2-bridge to backend nghttpx with
http2-proxy mode.
2014-08-10 12:39:27 +09:00
Tatsuhiro Tsujikawa 93ed89df5f nghttpx: Make stream timeout disable by default
It might be useful to clean the unused stream out to make up the room
for new streams.  On the other hand, proxy should maintain the
connection between upstream client and downstream server and they have
the timeout for their own.  Proxy just reacts to their decision.
2014-08-10 00:08:44 +09:00
Tatsuhiro Tsujikawa 1a2e50ca08 nghttpx: Lower timeouts 2014-08-09 22:59:31 +09:00
Tatsuhiro Tsujikawa 76703f79fa nghttpx: Add stream level timeout for HTTP/2 and SPDY upstream/downstream 2014-08-09 22:56:27 +09:00
Tatsuhiro Tsujikawa 455d911f61 src, examples: Call OPENSSL_config() 2014-08-02 10:11:45 +09:00
Tatsuhiro Tsujikawa 079db14d45 Add nghttp2_session_consume() API
Reworked no automatic WINDOW_UPDATE feature.  We added new API
nghttp2_session_consume() which tells the library how many bytes are
consumed by the application.  Instead of submitting WINDOW_UPDATE by
the application, the library is now responsible to submit
WINDOW_UPDATE based on consumed bytes.  This is more reliable method,
since it enables us to properly send WINDOW_UPDATE for stream and
connection individually.  The previous implementation of nghttpx had
broken connection window management.
2014-07-31 23:05:53 +09:00
Tatsuhiro Tsujikawa 8dc47c6750 Fix resource leaks 2014-07-18 00:31:32 +09:00
Tatsuhiro Tsujikawa 9f1c819242 nghttpx: Cleanup create_evlistener 2014-07-06 19:21:18 +09:00
Tatsuhiro Tsujikawa a02624c9ed nghttpx: Use std::shared_ptr to share cached time
To ensure that cached time buffer is not altered while referencing it,
we rely on inerlocking in std::shared_ptr to acheive this.
2014-07-06 13:27:51 +09:00
Tatsuhiro Tsujikawa 933e24d412 nghttpx: Use std::atomic for Config::cached_time 2014-07-05 23:50:32 +09:00
Tatsuhiro Tsujikawa 9841f778a9 nghttpx: Do not compile pthread_sigmask if NOTHREADS is defined 2014-07-05 19:43:39 +09:00
Tatsuhiro Tsujikawa bf4042ce98 nghttpx: Cache time for logging 2014-07-05 19:40:30 +09:00
Tatsuhiro Tsujikawa 0ce848a611 nghttpx: Rewrite logging system
This change rewrites logging system of nghttpx.  Previously access log
and error log are written to stderr or syslog and there was no option
to change stderr to something else.  With this change, file path of
access log and error log can be configured separately and logging to
regular file is now added.  To support rotating log, if SIGUSR1 signal
is received by nghttpx, it closes the current log files and reopen it
with the same name.  The format of access log is changed and has same
look of apache's.  But not all columns are not supported yet.
2014-07-05 18:43:24 +09:00
Tatsuhiro Tsujikawa 479e15469c nghttpx: Add worker-frontend-connections option 2014-06-26 22:55:22 +09:00
Tatsuhiro Tsujikawa 133c3d66be nghttpx: Remove TLSv1.0 from default TLS proto list 2014-06-19 23:21:53 +09:00
Tatsuhiro Tsujikawa 266a15ccd3 nghttpx: Remove per-connection rate limit
It looks like setting read-rate and read-burst to 0 makes busy loop.
It seems a bug.  On the other hand, we most likely want per-thread
rate limit rather than per-connection.  So we decided to drop them.
2014-06-19 23:19:14 +09:00
Tatsuhiro Tsujikawa 1af9a9cee0 nghttpx: Don't stderr log if syslog is used
This change also reverts previous commits and tty is set to false if
syslog is used.
2014-06-12 21:47:00 +09:00
Tatsuhiro Tsujikawa 6a2950aef0 nghttpx: Make tty to false when daemonized 2014-06-12 00:19:46 +09:00
Tatsuhiro Tsujikawa c204861dec nghttpx: Create NPN prefs only once 2014-06-10 23:22:23 +09:00
Tatsuhiro Tsujikawa 7b0ed5d9bd nghttpx: Only allow DHE, ECDHE + AEAD ciphers for HTTP/2
Cipher suites are chosen by DHE and ECDHE ciphers + GCM (AEAD).  Now
default cipher list is the one recommended by Mozilla web site.  The
--honor-cipher-order option is removed and now it is always assumed.
2014-06-10 22:47:22 +09:00
Tatsuhiro Tsujikawa 0fd5b2aa32 nghttpx: Use std::vector for tls_proto_list and npn_list
Now SSL/TLS option mask to disable particular SSL/TLS protocol
versions are pre-calculated and stored in Config.
2014-06-08 23:09:44 +09:00
Tatsuhiro Tsujikawa 1f58be423d nghttpx: Use nullptr instead of 0 2014-06-08 21:05:36 +09:00
Tatsuhiro Tsujikawa 14b818efc8 nghttpx: Use std::unique_ptr<char[]> instead of char* 2014-06-08 21:02:40 +09:00
Tatsuhiro Tsujikawa 1fa5852f8f nghttpx: Treat '*' in <HOST> parameter of --frontend as wildcard explicitly
It seems that specifyig '*' to node parameter in getaddrinfo() is
treated as specifying NULL, but it is not documented.  So rather than
relying on this feature, we explicitly treat '*' as "wildcard" address
and specify NULL to node parameter in getaddrinfo().

Now '*,3000' is a default value of --frontend option.  Specyfing '*'
binds all addresses including both IPv4 and IPv6.
2014-05-25 16:15:48 +09:00
Tatsuhiro Tsujikawa 672ad82849 nghttpx: Clarify that --npn-list is used in both ALPN and NPN 2014-05-21 21:28:58 +09:00