mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-20 11:16:38 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge 50525837be into c52c5698cd

Browse Source
This commit is contained in:
hongzhidao 2025-07-16 16:07:04 +08:00 committed by GitHub
commit 00df3688dc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 4108 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
auto/modules
View File

@ -726,10 +726,11 @@ if [ $HTTP = YES ]; then
if [ $HTTP_PROXY = YES ]; then
have=NGX_HTTP_X_FORWARDED_FOR . auto/have
have=NGX_HTTP_PROXY . auto/have
ngx_module_name=ngx_http_proxy_module
ngx_module_incs=
ngx_module_deps=
ngx_module_deps=src/http/modules/ngx_http_proxy_module.h
ngx_module_srcs=src/http/modules/ngx_http_proxy_module.c
ngx_module_libs=
ngx_module_link=$HTTP_PROXY
@ -781,6 +782,17 @@ if [ $HTTP = YES ]; then
. auto/module
fi
if [ $HTTP_V2 = YES ]; then
ngx_module_name=ngx_http_v2_proxy_module
ngx_module_incs=
ngx_module_deps=
ngx_module_srcs=src/http/v2/ngx_http_v2_proxy_module.c
ngx_module_libs=
ngx_module_link=$HTTP_V2
. auto/module
fi
if [ $HTTP_PERL != NO ]; then
ngx_module_name=ngx_http_perl_module
ngx_module_incs=src/http/modules/perl

185
src/http/modules/ngx_http_proxy_module.c
View File

@ -8,6 +8,7 @@
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
#include <ngx_http_proxy_module.h>
#define NGX_HTTP_PROXY_COOKIE_SECURE 0x0001
@ -23,112 +24,6 @@
#define NGX_HTTP_PROXY_COOKIE_SAMESITE_OFF 0x0400
typedef struct {
ngx_array_t caches; /* ngx_http_file_cache_t * */
} ngx_http_proxy_main_conf_t;
typedef struct ngx_http_proxy_rewrite_s ngx_http_proxy_rewrite_t;
typedef ngx_int_t (*ngx_http_proxy_rewrite_pt)(ngx_http_request_t *r,
ngx_str_t *value, size_t prefix, size_t len,
ngx_http_proxy_rewrite_t *pr);
struct ngx_http_proxy_rewrite_s {
ngx_http_proxy_rewrite_pt handler;
union {
ngx_http_complex_value_t complex;
#if (NGX_PCRE)
ngx_http_regex_t *regex;
#endif
} pattern;
ngx_http_complex_value_t replacement;
};
typedef struct {
union {
ngx_http_complex_value_t complex;
#if (NGX_PCRE)
ngx_http_regex_t *regex;
#endif
} cookie;
ngx_array_t flags_values;
ngx_uint_t regex;
} ngx_http_proxy_cookie_flags_t;
typedef struct {
ngx_str_t key_start;
ngx_str_t schema;
ngx_str_t host_header;
ngx_str_t port;
ngx_str_t uri;
} ngx_http_proxy_vars_t;
typedef struct {
ngx_array_t *flushes;
ngx_array_t *lengths;
ngx_array_t *values;
ngx_hash_t hash;
} ngx_http_proxy_headers_t;
typedef struct {
ngx_http_upstream_conf_t upstream;
ngx_array_t *body_flushes;
ngx_array_t *body_lengths;
ngx_array_t *body_values;
ngx_str_t body_source;
ngx_http_proxy_headers_t headers;
#if (NGX_HTTP_CACHE)
ngx_http_proxy_headers_t headers_cache;
#endif
ngx_array_t *headers_source;
ngx_array_t *proxy_lengths;
ngx_array_t *proxy_values;
ngx_array_t *redirects;
ngx_array_t *cookie_domains;
ngx_array_t *cookie_paths;
ngx_array_t *cookie_flags;
ngx_http_complex_value_t *method;
ngx_str_t location;
ngx_str_t url;
#if (NGX_HTTP_CACHE)
ngx_http_complex_value_t cache_key;
#endif
ngx_http_proxy_vars_t vars;
ngx_flag_t redirect;
ngx_uint_t http_version;
ngx_uint_t headers_hash_max_size;
ngx_uint_t headers_hash_bucket_size;
#if (NGX_HTTP_SSL)
ngx_uint_t ssl;
ngx_uint_t ssl_protocols;
ngx_str_t ssl_ciphers;
ngx_uint_t ssl_verify_depth;
ngx_str_t ssl_trusted_certificate;
ngx_str_t ssl_crl;
ngx_array_t *ssl_conf_commands;
#endif
} ngx_http_proxy_loc_conf_t;
typedef struct {
ngx_http_status_t status;
ngx_http_chunked_t chunked;
@ -143,14 +38,10 @@ typedef struct {
unsigned head:1;
unsigned internal_chunked:1;
unsigned header_sent:1;
unsigned connection_type:2;
} ngx_http_proxy_ctx_t;
static ngx_int_t ngx_http_proxy_eval(ngx_http_request_t *r,
ngx_http_proxy_ctx_t *ctx, ngx_http_proxy_loc_conf_t *plcf);
#if (NGX_HTTP_CACHE)
static ngx_int_t ngx_http_proxy_create_key(ngx_http_request_t *r);
#endif
static ngx_int_t ngx_http_proxy_create_request(ngx_http_request_t *r);
static ngx_int_t ngx_http_proxy_reinit_request(ngx_http_request_t *r);
static ngx_int_t ngx_http_proxy_body_output_filter(void *data, ngx_chain_t *in);
@ -178,15 +69,14 @@ static ngx_int_t ngx_http_proxy_port_variable(ngx_http_request_t *r,
static ngx_int_t
ngx_http_proxy_add_x_forwarded_for_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t
ngx_http_proxy_internal_connection_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t
ngx_http_proxy_internal_body_length_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_proxy_internal_chunked_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r,
ngx_table_elt_t *h, size_t prefix);
static ngx_int_t ngx_http_proxy_rewrite_cookie(ngx_http_request_t *r,
ngx_table_elt_t *h);
static ngx_int_t ngx_http_proxy_parse_cookie(ngx_str_t *value,
ngx_array_t *attrs);
static ngx_int_t ngx_http_proxy_rewrite_cookie_value(ngx_http_request_t *r,
@ -293,6 +183,9 @@ static ngx_conf_post_t ngx_http_proxy_ssl_conf_command_post =
static ngx_conf_enum_t ngx_http_proxy_http_version[] = {
{ ngx_string("1.0"), NGX_HTTP_VERSION_10 },
{ ngx_string("1.1"), NGX_HTTP_VERSION_11 },
#if (NGX_HTTP_V2)
{ ngx_string("2.0"), NGX_HTTP_VERSION_20 },
#endif
{ ngx_null_string, 0 }
};
@ -841,7 +734,7 @@ static char ngx_http_proxy_version_11[] = " HTTP/1.1" CRLF;
static ngx_keyval_t ngx_http_proxy_headers[] = {
{ ngx_string("Host"), ngx_string("$proxy_host") },
{ ngx_string("Connection"), ngx_string("close") },
{ ngx_string("Connection"), ngx_string("$proxy_internal_connection") },
{ ngx_string("Content-Length"), ngx_string("$proxy_internal_body_length") },
{ ngx_string("Transfer-Encoding"), ngx_string("$proxy_internal_chunked") },
{ ngx_string("TE"), ngx_string("") },
@ -904,6 +797,10 @@ static ngx_http_variable_t ngx_http_proxy_vars[] = {
{ ngx_string("proxy_add_via"), NULL, NULL, 0, NGX_HTTP_VAR_NOHASH, 0 },
#endif
{ ngx_string("proxy_internal_connection"), NULL,
ngx_http_proxy_internal_connection_variable, 0,
NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
{ ngx_string("proxy_internal_body_length"), NULL,
ngx_http_proxy_internal_body_length_variable, 0,
NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
@ -962,6 +859,14 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
ngx_http_proxy_main_conf_t *pmcf;
#endif
plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module);
#if (NGX_HTTP_V2)
if (plcf->http_version == NGX_HTTP_VERSION_20) {
return ngx_http_v2_proxy_handler(r);
}
#endif
if (ngx_http_upstream_create(r) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
@ -971,9 +876,9 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
ngx_http_set_ctx(r, ctx, ngx_http_proxy_module);
ctx->connection_type = NGX_HTTP_CONNECTION_CLOSE;
plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module);
ngx_http_set_ctx(r, ctx, ngx_http_proxy_module);
u = r->upstream;
@ -985,7 +890,7 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
#endif
} else {
if (ngx_http_proxy_eval(r, ctx, plcf) != NGX_OK) {
if (ngx_http_proxy_eval(r, &ctx->vars, plcf) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
}
@ -1050,8 +955,8 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
}
static ngx_int_t
ngx_http_proxy_eval(ngx_http_request_t *r, ngx_http_proxy_ctx_t *ctx,
ngx_int_t
ngx_http_proxy_eval(ngx_http_request_t *r, ngx_http_proxy_vars_t *vars,
ngx_http_proxy_loc_conf_t *plcf)
{
u_char *p;
@ -1128,9 +1033,9 @@ ngx_http_proxy_eval(ngx_http_request_t *r, ngx_http_proxy_ctx_t *ctx,
}
}
ctx->vars.key_start = u->schema;
vars->key_start = u->schema;
ngx_http_proxy_set_vars(&url, &ctx->vars);
ngx_http_proxy_set_vars(&url, vars);
u->resolved = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_resolved_t));
if (u->resolved == NULL) {
@ -1154,7 +1059,7 @@ ngx_http_proxy_eval(ngx_http_request_t *r, ngx_http_proxy_ctx_t *ctx,
#if (NGX_HTTP_CACHE)
static ngx_int_t
ngx_int_t
ngx_http_proxy_create_key(ngx_http_request_t *r)
{
size_t len, loc_len;
@ -2847,6 +2752,34 @@ ngx_http_proxy_add_x_forwarded_for_variable(ngx_http_request_t *r,
}
static ngx_int_t
ngx_http_proxy_internal_connection_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
ngx_http_proxy_ctx_t *ctx;
ctx = ngx_http_get_module_ctx(r, ngx_http_proxy_module);
if (ctx == NULL || ctx->connection_type == 0) {
v->not_found = 1;
return NGX_OK;
}
v->valid = 1;
v->no_cacheable = 0;
v->not_found = 0;
if (ctx->connection_type == NGX_HTTP_CONNECTION_CLOSE) {
ngx_str_set(v, "close");
} else if (ctx->connection_type == NGX_HTTP_CONNECTION_KEEP_ALIVE) {
ngx_str_set(v, "keep-alive");
}
return NGX_OK;
}
static ngx_int_t
ngx_http_proxy_internal_body_length_variable(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
@ -2900,7 +2833,7 @@ ngx_http_proxy_internal_chunked_variable(ngx_http_request_t *r,
}
static ngx_int_t
ngx_int_t
ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r, ngx_table_elt_t *h,
size_t prefix)
{
@ -2932,7 +2865,7 @@ ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r, ngx_table_elt_t *h,
}
static ngx_int_t
ngx_int_t
ngx_http_proxy_rewrite_cookie(ngx_http_request_t *r, ngx_table_elt_t *h)
{
u_char *p;

137
src/http/modules/ngx_http_proxy_module.h Normal file
View File

@ -0,0 +1,137 @@
/*
* Copyright (C) Igor Sysoev
* Copyright (C) Nginx, Inc.
*/
#ifndef _NGX_HTTP_PROXY_H_INCLUDED_
#define _NGX_HTTP_PROXY_H_INCLUDED_
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
typedef struct {
ngx_array_t caches; /* ngx_http_file_cache_t * */
} ngx_http_proxy_main_conf_t;
typedef struct ngx_http_proxy_rewrite_s ngx_http_proxy_rewrite_t;
typedef ngx_int_t (*ngx_http_proxy_rewrite_pt)(ngx_http_request_t *r,
ngx_str_t *value, size_t prefix, size_t len,
ngx_http_proxy_rewrite_t *pr);
struct ngx_http_proxy_rewrite_s {
ngx_http_proxy_rewrite_pt handler;
union {
ngx_http_complex_value_t complex;
#if (NGX_PCRE)
ngx_http_regex_t *regex;
#endif
} pattern;
ngx_http_complex_value_t replacement;
};
typedef struct {
union {
ngx_http_complex_value_t complex;
#if (NGX_PCRE)
ngx_http_regex_t *regex;
#endif
} cookie;
ngx_array_t flags_values;
ngx_uint_t regex;
} ngx_http_proxy_cookie_flags_t;
typedef struct {
ngx_str_t key_start;
ngx_str_t schema;
ngx_str_t host_header;
ngx_str_t port;
ngx_str_t uri;
} ngx_http_proxy_vars_t;
typedef struct {
ngx_array_t *flushes;
ngx_array_t *lengths;
ngx_array_t *values;
ngx_hash_t hash;
} ngx_http_proxy_headers_t;
typedef struct {
ngx_http_upstream_conf_t upstream;
ngx_array_t *body_flushes;
ngx_array_t *body_lengths;
ngx_array_t *body_values;
ngx_str_t body_source;
ngx_http_proxy_headers_t headers;
#if (NGX_HTTP_CACHE)
ngx_http_proxy_headers_t headers_cache;
#endif
ngx_array_t *headers_source;
ngx_array_t *proxy_lengths;
ngx_array_t *proxy_values;
ngx_array_t *redirects;
ngx_array_t *cookie_domains;
ngx_array_t *cookie_paths;
ngx_array_t *cookie_flags;
ngx_http_complex_value_t *method;
ngx_str_t location;
ngx_str_t url;
#if (NGX_HTTP_CACHE)
ngx_http_complex_value_t cache_key;
#endif
ngx_http_proxy_vars_t vars;
ngx_flag_t redirect;
ngx_uint_t http_version;
ngx_uint_t headers_hash_max_size;
ngx_uint_t headers_hash_bucket_size;
#if (NGX_HTTP_SSL || NGX_COMPAT)
ngx_uint_t ssl;
ngx_uint_t ssl_protocols;
ngx_str_t ssl_ciphers;
ngx_uint_t ssl_verify_depth;
ngx_str_t ssl_trusted_certificate;
ngx_str_t ssl_crl;
ngx_array_t *ssl_conf_commands;
#endif
} ngx_http_proxy_loc_conf_t;
ngx_int_t ngx_http_proxy_eval(ngx_http_request_t *r,
ngx_http_proxy_vars_t *vars, ngx_http_proxy_loc_conf_t *plcf);
#if (NGX_HTTP_CACHE)
ngx_int_t ngx_http_proxy_create_key(ngx_http_request_t *r);
#endif
ngx_int_t ngx_http_proxy_rewrite_redirect(ngx_http_request_t *r,
ngx_table_elt_t *h, size_t prefix);
ngx_int_t ngx_http_proxy_rewrite_cookie(ngx_http_request_t *r,
ngx_table_elt_t *h);
extern ngx_module_t ngx_http_proxy_module;
#endif /* _NGX_HTTP_PROXY_H_INCLUDED_ */

17
src/http/ngx_http_upstream.c
View File

@ -1767,6 +1767,23 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
}
}
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
if (u->ssl_alpn_protocol.len) {
if (SSL_set_alpn_protos(c->ssl->connection, u->ssl_alpn_protocol.data,
u->ssl_alpn_protocol.len)
!= 0)
{
ngx_ssl_error(NGX_LOG_ERR, c->log, 0,
"SSL_set_alpn_protos() failed");
ngx_http_upstream_finalize_request(r, u,
NGX_HTTP_INTERNAL_SERVER_ERROR);
return;
}
}
#endif
if (u->conf->ssl_session_reuse) {
c->ssl->save_session = ngx_http_upstream_ssl_save_session;

1
src/http/ngx_http_upstream.h
View File

@ -390,6 +390,7 @@ struct ngx_http_upstream_s {
#if (NGX_HTTP_SSL || NGX_COMPAT)
ngx_str_t ssl_name;
ngx_str_t ssl_alpn_protocol;
#endif
ngx_http_cleanup_pt *cleanup;

2
src/http/v2/ngx_http_v2.h
View File

@ -416,6 +416,8 @@ ngx_int_t ngx_http_v2_table_size(ngx_http_v2_connection_t *h2c, size_t size);
u_char *ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len,
u_char *tmp, ngx_uint_t lower);
ngx_int_t ngx_http_v2_proxy_handler(ngx_http_request_t *r);
extern ngx_module_t ngx_http_v2_module;

3879
src/http/v2/ngx_http_v2_proxy_module.c Normal file
View File

File diff suppressed because it is too large Load Diff