Commit Graph

662 Commits

Author SHA1 Message Date
Maxim Dounin
529ce10058 Configure: sched_setaffinity() test moved to auto/unix.
The sched_setaffinity() function was introduced in DragonFly BSD 4.7,
so it is no longer Linux-specific.

Prodded by Sepherosa Ziehau.
2017-05-29 16:48:30 +03:00
Maxim Dounin
84fdff7930 Configure: recent Sun C versions. 2017-05-15 20:09:44 +03:00
Maxim Dounin
38e87ea041 Configure: disabled gcc atomics with Sun C (ticket #1261).
Oracle Developer Studio 12.5 introduced GCC-compatible __sync builtins.
Unfortunately, these builtins are neither GCC-compatible (they generate
warnings when used with volatile), nor working (unexpectedly fail on
unpredictable combinations of code layout and compiler flags).  As such,
the gcc builtin atomic operations configure test explicitly disabled when
compiling with Sun C.
2017-05-15 20:09:43 +03:00
Maxim Dounin
e1725761cb Configure: style. 2017-05-15 20:09:40 +03:00
Roman Arutyunyan
05841adfb2 Set UDP datagram source address (ticket #1239).
Previously, the source IP address of a response UDP datagram could differ from
the original datagram destination address.  This could happen if the server UDP
socket is bound to a wildcard address and the network interface chosen to output
the response packet has a different default address than the destination address
of the original packet.  For example, if two addresses from the same network are
configured on an interface.

Now source address is set explicitly if a response is sent for a server UDP
socket bound to a wildcard address.
2017-04-11 16:41:53 +03:00
Sergey Kandaurov
97210c717d Enabled IPV6_RECVPKTINFO / IPV6_PKTINFO on macOS.
This change allows setting the destination IPv6 address of a UDP datagram
received on a wildcard socket.
2017-04-17 14:42:12 +03:00
Ruslan Ermilov
435670165a Configure: fixed --without_http.
Instead of turning off some randomly selected http modules
when --without-http is specified, just don't process the
whole http modules section.
2017-03-16 20:38:31 +03:00
Ruslan Ermilov
99e20ba5f9 Configure: fixed build with --with-stream.
Some combinations of options might cause the builds with the
--with-stream option to break due to invalid value of the
STREAM_INCS make variable, e.g.

auto/configure \
    --with-stream \
    --with-http_perl_module=dynamic \
    --without-http_memcached_module \
    --without-http_empty_gif_module \
    --without-http_browser_module \
    --without-http_upstream_hash_module \
    --without-http_upstream_ip_hash_module \
    --without-http_upstream_least_conn_module \
    --without-http_upstream_keepalive_module \
    --without-http_upstream_zone_module \

Explicit initialization of ngx_module_libs and ngx_module_link
matches what we already do when processing mail modules, and
is also required after the next change.
2017-03-16 20:38:26 +03:00
Sergey Kandaurov
c76ccae991 Configure: removed execute bit from auto/unix. 2017-02-01 20:04:06 +03:00
Maxim Dounin
77471dbdbb Win32: compatiblity with OpenSSL 1.1.0.
OpenSSL 1.1.0 now uses normal "nmake; nmake install" instead of using
custom "ms\do_ms.bat" script and "ms\nt.mak" makefile.  And Configure
now requires --prefix to be absolute, and no longer derives --openssldir
from prefix (so it's specified explicitly).  Generated libraries are now
called "libcrypto.lib" and "libssl.lib" instead of "libeay32.lib"
and "ssleay32.lib".  Appropriate tests added to support both old and new
variants.

Additionally, openssl/lhash.h now triggers warning C4090 ('function' :
different 'const' qualifiers), so the warning was disabled.
2016-12-24 18:01:14 +03:00
Ruslan Ermilov
853c208fc9 Configure: detect nginx version for nginx.pm at make time. 2016-12-16 19:54:37 +03:00
Maxim Dounin
0a90c428b8 Perl: removed special environment handling for the perl module.
In Perl 5.8.6 the default was switched to use putenv() when used as
embedded library unless "PL_use_safe_putenv = 0" is explicitly used
in the code.  Therefore, for modern versions of Perl it is no longer
necessary to restore previous environment when calling perl_destruct().
2016-12-07 19:03:26 +03:00
Maxim Dounin
4c6e31a857 Configure: honor dependencies of dynamic modules.
Dependencies of dynamic modules are added to NGX_ADDON_DEPS (and
it is now used for dynamic modules) to be in line with what happens
in case of static compilation.

To avoid duplication, MAIL_DEPS and STREAM_DEPS are no longer passed
to auto/module when these modules are compiled as dynamic ones.  Mail
and stream dependencies are handled explicitly via corresponding
variables.
2016-11-21 16:49:19 +03:00
Valentin Bartenev
9ec0b1fe12 Image filter: support for WebP.
In collaboration with Ivan Poluyanov.
2016-10-21 15:18:44 +03:00
Maxim Dounin
2c84f7af2c Configure: removed the --with-ipv6 option.
IPv6 now compiled-in automatically if support is found.  If there is a need
to disable it for some reason, --with-cc-opt="-DNGX_HAVE_INET6=0" can be used
for this.
2016-10-04 16:38:14 +03:00
Maxim Dounin
f99724f2e0 Modules compatibility: --with-compat configure option. 2016-10-03 15:58:16 +03:00
Konstantin Pavlov
c8526aca25 Perl: pass additional linker options to perl module.
Previously flags passed by --with-ld-opt were not used when building perl
module, which meant hardening flags provided by package build systems were not
applied.
2016-09-20 22:11:23 +03:00
Vladimir Homutov
5a7afb1b0d Stream: ssl_preread module.
The ssl_preread module extracts information from the SSL Client Hello message
without terminating SSL.  Currently, only $ssl_preread_server_name variable
is supported, which contains server name from the SNI extension.
2016-09-15 14:56:51 +03:00
Roman Arutyunyan
04b9434b18 Stream: filters. 2016-09-15 14:55:46 +03:00
Dmitry Volyntsev
fe2774a9d6 Stream: realip module. 2016-09-01 14:45:33 +03:00
Vladimir Homutov
68a7b9b5a3 Stream: log module. 2016-09-05 17:50:16 +03:00
Valentin Bartenev
5c2dd3913a Events: support for EPOLLEXCLUSIVE.
This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().
2016-07-15 15:18:57 +03:00
Vladimir Homutov
6c2b086d0e Stream: split_clients module. 2016-07-12 17:34:52 +03:00
Vladimir Homutov
bb790f5d30 Stream: geo module. 2016-06-30 16:12:50 +03:00
Vladimir Homutov
4cf0e28483 Stream: geoip module. 2016-07-12 17:34:43 +03:00
Vladimir Homutov
4105225310 Stream: individual build options for modules. 2016-07-12 12:38:01 +03:00
Piotr Sikora
678991a8f6 Configure: stop polluting NGX_ namespace.
While there, fix the only test that used alternative variable name.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:06 -07:00
Piotr Sikora
70f7141074 Configure: fix build with -Werror=old-style-definition.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:05 -07:00
Piotr Sikora
b3d891a47e Configure: fix build with -Werror=nonnull.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:04 -07:00
Piotr Sikora
f8c6a0800c Configure: fix build with -Werror=unused-but-set-variable.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:03 -07:00
Piotr Sikora
d8a2b25cb8 Configure: fix build with -Werror=unused-value.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:02 -07:00
Piotr Sikora
356ab319d3 Configure: style.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:01 -07:00
Piotr Sikora
22ed22e15e Configure: remove auto/lib/test, unused since nginx-0.1.2.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-23 18:21:33 -07:00
Roman Arutyunyan
a7c6f8c1d7 Stream: return module. 2016-05-18 22:08:49 +03:00
Vladimir Homutov
05db6ddfa1 Stream: map module. 2016-06-29 12:46:12 +03:00
Vladimir Homutov
c31773ea60 Stream: variables and script.
This is a port of corresponding http code with unrelated features excluded.
2016-07-04 16:37:36 +03:00
Maxim Dounin
c60b61a290 Internal md5 and sha1 implementations are now always used.
This reduces the number of moving parts in ABI compatibility checks.
Additionally, it also allows to use OpenSSL in FIPS mode while still
using md5 for non-security tasks.
2016-06-30 18:57:39 +03:00
Andrei Belov
72d4e5d793 Set IP_BIND_ADDRESS_NO_PORT socket option for upstream sockets. 2016-06-20 10:41:17 +03:00
Maxim Dounin
ab8504b937 An internal SHA1 implementation. 2016-06-09 16:55:38 +03:00
Sergey Kandaurov
5d9419704f Configure: revised GCC version processing.
Now GCC 6 and onwards will use -Wno-unused-parameter.
2016-06-07 12:15:56 +03:00
Roman Arutyunyan
be79f5cb16 Upstream: the "transparent" parameter of proxy_bind and friends.
This parameter lets binding the proxy connection to a non-local address.
Upstream will see the connection as coming from that address.
When used with $remote_addr, upstream will accept the connection from real
client address.

Example:

    proxy_bind $remote_addr transparent;
2015-12-18 19:05:27 +03:00
Josh Soref
73d27510c0 Fixed spelling. 2016-04-07 11:50:13 +03:00
Maxim Dounin
5fd9cfa376 Compatibility with FreeBSD 2.2.9.
Added (RTLD_NOW | RTLD_GLOBAL) to dlopen() test.  There is no RTLD_GLOBAL
on FreeBSD 2.2.9.

Added uint32_t test, with fallback to u_int32_t, similar to uint64_t one.
Added fallback to u_int32_t in in_addr_t test.

With these changes it is now possible to compile nginx on FreeBSD 2.2.9
with only few minor warnings (assuming -Wno-error).
2016-04-01 16:38:31 +03:00
Maxim Dounin
cab0ac3d50 Configure: improved multiple types handling in auto/types/typedef. 2016-04-01 16:38:30 +03:00
Maxim Dounin
622d152b9f Configure: fixed autotest source code logging.
Fixed a regression introduced in rev. 434548349838 that prevented
auto/types/sizeof and auto/types/typedef properly reporting autotest
source code to autoconf.err in case of test failure.
2016-04-01 16:38:28 +03:00
Maxim Dounin
e6f04424af SSL: initialization changes for OpenSSL 1.1.0.
OPENSSL_config() deprecated in OpenSSL 1.1.0.  Additionally,
SSL_library_init(), SSL_load_error_strings() and OpenSSL_add_all_algorithms()
are no longer available if OPENSSL_API_COMPAT is set to 0x10100000L.

The OPENSSL_init_ssl() function is now used instead with appropriate
arguments to trigger the same behaviour.  The configure test changed to
use SSL_CTX_set_options().

Deinitialization now happens automatically in OPENSSL_cleanup() called
via atexit(3), so we no longer call EVP_cleanup() and ENGINE_cleanup()
directly.
2016-03-31 23:38:33 +03:00
Roman Arutyunyan
2ce791f2cd Stream: UDP proxy. 2016-01-20 19:52:12 +03:00
Ruslan Ermilov
cf48794407 Configure: style.
Generate Makefile with not so long lines.
2016-03-10 18:31:05 +03:00
Maxim Dounin
5835963d61 Dynamic modules: do not overwrite old modules on install.
Just using "cp" is incorrect, as it will overwrite old files
possibly used by OS, leading to unexpected effects.  Changed
to "mv + cp", much like used for the main binary.
2016-03-10 16:50:13 +03:00
Ruslan Ermilov
2301b095e6 Configure: style.
Removed extraneous braces around shell variables.
2016-03-10 10:43:00 +03:00
Ruslan Ermilov
89b8f57768 Dynamic modules: perl. 2016-02-26 14:27:04 +03:00
Ruslan Ermilov
39b78fdf96 Dynamic modules: expose the "modules" target. 2016-02-29 18:52:33 +03:00
Ruslan Ermilov
7a10604ab6 Dynamic modules: make sure to call config.make for dynamic addons. 2016-02-25 15:22:05 +03:00
Maxim Dounin
4275d0a8a0 Configure: added "build" target.
The "build" target introduced to do all build-related tasks, and
it is now used in Makefile and in objs/Makefile as a dependency for
the "install" target.

In particular, this resolves problems as observed with dynamic modules
by people trying to do "make install" without calling "make" first.
2016-02-19 18:13:54 +03:00
Sergey Kandaurov
fef872a9ba Configure: skip building OpenSSL documentation to conserve time.
The install_sw target first appeared in OpenSSL 0.9.7e and is documented since
OpenSSL 1.0.0 as the way to install the OpenSSL software without documentation.
2016-02-19 13:31:55 +03:00
Ruslan Ermilov
6fccc00aa8 Configure: fixed static nginx build with OpenSSL (ticket #903).
Before 7142b04337d6, it was possible to build the OpenSSL library
along with nginx, and link nginx statically with this library
(--with-openssl=DIR --with-ld-opt=-static --with-http_ssl_module).
This was broken on Linux by not adding -ldl after -lcrypto.

The fix also makes it possible to link nginx statically on Linux
with the system OpenSSL library, which never worked before.
2016-02-18 11:39:57 +03:00
Maxim Dounin
4cfd9ba3c1 Win32: simplified and improved handling of MSVC versions.
Now we always set NGX_CC_NAME to "msvc", and additionally test compiler
version as reported by "cl" in auto/cc/msvc (the same version is also
available via the _MSC_VER define).  In particular, this approach allows
to properly check for C99 variadic macros support, which previously was
not used with MSVC versions not explicitly recognized.

Now unneeded wildcards in NGX_CC_NAME tests for msvc removed accordingly,
as well as unused wildcards for owc and icc.
2016-02-13 06:47:34 +03:00
Valentin Bartenev
531e6fbfd6 HTTP/2: implemented HPACK Huffman encoding for response headers.
This reduces the size of headers by over 30% on average.

Based on the patch by Vlad Krasnov:
http://mailman.nginx.org/pipermail/nginx-devel/2015-December/007682.html
2016-02-11 15:35:36 +03:00
Ruslan Ermilov
6b2e4f336c Dynamic modules: added auth_basic module libs via ngx_module_libs=. 2016-02-10 11:36:25 +03:00
Maxim Dounin
86c82d4376 Dynamic modules: NGX_STREAM define removed.
It's not used and contradicts the idea of dynamic loading.
2016-02-08 18:02:04 +03:00
Valentin Bartenev
c2a00bacac Dynamic modules: added dlsym() to configure test.
It appears that AddressSanitizer in GCC 5 intercepts dlopen() and dlclose()
but not dlsym().
2016-02-05 21:48:25 +03:00
Ruslan Ermilov
4814d78312 Dynamic modules: fixed a copy-n-paste error. 2016-02-05 14:02:54 +03:00
Maxim Dounin
97f59dda09 Dynamic modules.
The auto/module script is extended to understand ngx_module_link=DYNAMIC.
When set, it links the module as a shared object rather than statically
into nginx binary.  The module can later be loaded using the "load_module"
directive.

New auto/module parameter ngx_module_order allows to define module loading
order in complex cases.  By default the order is set based on ngx_module_type.

3rd party modules can be compiled dynamically using the --add-dynamic-module
configure option, which will preset ngx_module_link to "DYNAMIC" before
calling the module config script.

Win32 support is rudimentary, and only works when using MinGW gcc (which
is able to handle exports/imports automatically).

In collaboration with Ruslan Ermilov.
2016-02-04 20:25:29 +03:00
Maxim Dounin
0805ba14e7 Dynamic modules: auto/module script.
This script simplifies configuration of additional modules,
including 3rd party ones.  The script is extensible, and
will be used to introduce dynamic linking of modules in upcoming
changes.

3rd party module config scripts are called with ngx_module_link
preset to "ADDON" - this allows config scripts to call auto/module
without ngx_module_link explicitly defined, as well as testing if
new interface is in place if compatibility with older nginx versions
is desired.

In collaboration with Ruslan Ermilov.
2016-02-04 18:30:21 +03:00
Maxim Dounin
359803e457 Dynamic modules: introduced HTTP_INIT_FILTER_MODULES.
Additionally, HTTP_HEADERS_FILTER_MODULE now added to HTTP_FILTER_MODULES.
This avoids explict use of modules at the later stages, now only module
lists are used.  This will be needed in later patches.
2016-02-04 18:30:21 +03:00
Maxim Dounin
86cc342a26 Dynamic modules: dlopen() support. 2016-02-04 18:30:21 +03:00
Maxim Dounin
7988334570 Dynamic modules: moved module-related stuff to separate files. 2016-02-04 18:30:21 +03:00
Roman Arutyunyan
8ba626ccd7 Slice filter.
Splits a request into subrequests, each providing a specific range of response.
The variable "$slice_range" must be used to set subrequest range and proper
cache key.  The directive "slice" sets slice size.

The following example splits requests into 1-megabyte cacheable subrequests.

server {
    listen 8000;

    location / {
        slice 1m;

        proxy_cache cache;
        proxy_cache_key $uri$is_args$args$slice_range;
        proxy_set_header Range $slice_range;
        proxy_cache_valid 200 206 1h;
        proxy_pass http://127.0.0.1:9000;
    }
}
2015-12-07 16:30:48 +03:00
Ruslan Ermilov
62ae9544fe Configure: improved workaround for system perl on OS X.
The workaround from baf2816d556d stopped to work because the order of
"-arch x86_64" and "-arch i386" has changed.
2015-11-30 12:04:29 +03:00
Ruslan Ermilov
e6ba472990 Configure: removed comment obsolete in 3b763d36e055. 2015-11-30 19:01:53 +03:00
Maxim Dounin
0d3cad3864 Configure: fixed using OpenSSL include paths. 2015-11-23 22:48:31 +03:00
Valentin Bartenev
d862ae8e68 Used the pwritev() syscall for writing files where possible.
It is more effective, because it doesn't require a separate lseek().
2015-11-17 19:01:41 +03:00
Piotr Sikora
33cd01ed57 Configure: style fixes for autoconf.err.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-23 18:21:33 -07:00
Valentin Bartenev
ee37ff613f The HTTP/2 implementation (RFC 7240, 7241).
The SPDY support is removed, as it's incompatible with the new module.
2015-09-11 20:13:06 +03:00
Vladimir Homutov
14ff3d4f87 Stream: connection limiting module.
stream {
    limit_conn_zone $binary_remote_addr zone=perip:1m;
    limit_conn_log_level error;

    server {
        ...
        limit_conn perip 1;
    }
}
2015-06-18 14:17:30 +03:00
Piotr Sikora
58957fa3fc Configure: create missing intermediates for build directory.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2015-06-10 19:18:19 -07:00
Ruslan Ermilov
72c3706bc5 Configure: fix tests with multi-level relative build directory.
Based on a patch by Piotr Sikora.
2015-06-17 14:15:27 +03:00
Maxim Dounin
9984f3053f Moved ngx_http_parse_time() to core, renamed accordingly.
The function is now called ngx_parse_http_time(), and can be used by
any code to parse HTTP-style date and time.  In particular, it will be
used for OCSP stapling.

For compatibility, a macro to map ngx_http_parse_time() to the new name
provided for a while.
2015-06-11 20:42:31 +03:00
Valentin Bartenev
93874766db Configure: added gcc5 to the list of known GCC versions. 2015-06-10 19:18:20 +03:00
Ruslan Ermilov
72125c7a22 Configure: search OpenSSL in a bunch of standard places. 2015-06-10 12:25:45 +03:00
Ruslan Ermilov
76be6f5d70 Configure: moved NGX_SBIN_PATH variable initialization.
It's now initialized in auto/options like the rest of variables
for system paths.

As a side effect, the currently unused macro NGX_SBIN_PATH now
gets the correct value.
2015-06-10 12:25:31 +03:00
Vladimir Homutov
8ab1aa612d Stream: access module.
stream {
    server {
        ...
        allow 127.0.0.1;
        deny all;
    }
}
2015-06-04 13:04:12 +03:00
Ruslan Ermilov
af50336263 Fixed misspellings of the word "dependencies". 2015-06-03 08:23:35 +03:00
Maxim Dounin
226647e397 Configure: GNU Hurd properly recognized.
With this change it's no longer needed to pass -D_GNU_SOURCE manually,
and -D_FILE_OFFSET_BITS=64 is set to use 64-bit off_t.

Note that nginx currently fails to work properly with master process
enabled on GNU Hurd, as fcntl(F_SETOWN) returns EOPNOTSUPP for sockets
as of GNU Hurd 0.6.  Additionally, our strerror() preloading doesn't
work well with GNU Hurd, as it uses large numbers for most errors.
2015-05-25 17:58:13 +03:00
Maxim Dounin
f7f1607bf2 The "reuseport" option of the "listen" directive.
When configured, an individual listen socket on a given address is
created for each worker process.  This allows to reduce in-kernel lock
contention on configurations with high accept rates, resulting in better
performance.  As of now it works on Linux and DragonFly BSD.

Note that on Linux incoming connection requests are currently tied up
to a specific listen socket, and if some sockets are closed, connection
requests will be reset, see https://lwn.net/Articles/542629/.  With
nginx, this may happen if the number of worker processes is reduced.
There is no such problem on DragonFly BSD.

Based on previous work by Sepherosa Ziehau and Yingqi Lu.
2015-05-20 15:51:56 +03:00
Maxim Dounin
e58321a4ca Configure: style. 2015-05-20 15:51:13 +03:00
Ruslan Ermilov
1a4ea1acc7 Configure: handle deprecated options.
Removed the deprecated --without-http_limit_zone_module option.
Deprecated the --with-imap and --with-imap_ssl_module options.
2015-04-29 14:59:02 +03:00
Ruslan Ermilov
33b8e5bc06 Removed the obsolete rtsig module. 2015-04-23 14:17:40 +03:00
Ruslan Ermilov
c1882d9f3f Removed the obsolete aio module. 2015-04-22 18:57:32 +03:00
Sergey Kandaurov
b6517ea696 Fixed building --with-stream when precompiled headers are used. 2015-04-20 17:36:51 +03:00
Ruslan Ermilov
c799c82faa Stream: port from NGINX+. 2015-04-20 13:05:11 +03:00
Ruslan Ermilov
cf31347ee8 Upstream: the "zone" directive.
Upstreams with the "zone" directive are kept in shared memory,
with a consistent view of all worker processes.
2015-04-14 19:01:25 +03:00
Ruslan Ermilov
3fc23e2542 Core: read/write locks. 2015-03-21 14:05:08 +03:00
Maxim Dounin
76bf2f9ab5 Configure: style. 2015-04-03 18:20:57 +03:00
Ruslan Ermilov
babd64e344 Removed busy locks. 2015-03-20 06:45:32 +03:00
Ruslan Ermilov
d1ec868e32 Removed old pthread implementation. 2015-03-20 06:43:19 +03:00
Ruslan Ermilov
c84c19f5bf Removed old FreeBSD rfork() thread implementation. 2015-03-20 06:43:19 +03:00
Valentin Bartenev
e10e7a4831 Events: implemented epoll notification mechanism. 2015-03-14 17:37:13 +03:00
Valentin Bartenev
305fc021db Thread pools implementation. 2015-03-14 17:37:07 +03:00
Ruslan Ermilov
08e05a4042 Configure: removed obsolete threads bits. 2015-03-13 19:08:27 +03:00