Commit Graph

273 Commits

Author SHA1 Message Date
Ruslan Ermilov
dcdf9eed8d Upstream: allow to intercept responses with status 300.
This fixes an omission made in 9e7926763f87 where all 3XX statuses
were allowed for "error_page".
2013-05-13 14:10:22 +04:00
Sergey Kandaurov
7a7650aeb1 Upstream: fixed $upstream_response_length without buffering.
Reported by Piotr Sikora.
2013-04-11 13:49:13 +00:00
Valentin Bartenev
e297091c28 Upstream: removed surplus ngx_resolve_name_done() call.
It will be called in ngx_http_upstream_finalize_request().
2013-04-04 14:19:06 +00:00
Maxim Dounin
cc0e56370d Upstream: fixed tcp_nodelay with connection upgrade (ticket #325). 2013-03-27 15:18:34 +00:00
Ruslan Ermilov
46b469a8ee Upstream: only call peer.free() if peer.get() selected a peer. 2013-03-25 13:14:49 +00:00
Valentin Bartenev
2686cb4452 Preliminary experimental support for SPDY draft 2. 2013-03-20 10:36:57 +00:00
Maxim Dounin
3f70ddcfc6 Upstream: fixed previous commit.
Store r->connection on stack to make sure it's still available if request
finalization happens to actually free request memory.
2013-03-14 16:22:43 +00:00
Maxim Dounin
c49abd2317 Upstream: call ngx_http_run_posted_requests() on resolve errors.
If proxy_pass to a host with dynamic resolution was used to handle
a subrequest, and host resolution failed, the main request wasn't run
till something else happened on the connection.  E.g. request to "/zzz"
with the following configuration hanged:

    addition_types *;
    resolver 8.8.8.8;

    location /test {
        set $ihost xxx;
        proxy_pass http://$ihost;
    }

    location /zzz {
      add_after_body /test;
      return 200 "test";
    }

Report and original version of the patch by Lanshun Zhou,
http://mailman.nginx.org/pipermail/nginx-devel/2013-March/003476.html.
2013-03-14 12:37:54 +00:00
Valentin Bartenev
a32d3f8b6b Removed c->single_connection flag.
The c->single_connection was intended to be used as lock mechanism
to serialize modifications of request object from several threads
working with client and upstream connections.  The flag is redundant
since threads in nginx have never been used that way.
2013-03-07 18:07:16 +00:00
Maxim Dounin
82d48e1eba Proxy: fixed do_write handling in previous commit.
As rightfully complained by MSVC, do_write variable was used uninitialized.
Correct fix is to set it's initial value based on event happened.
2013-02-18 15:08:46 +00:00
Maxim Dounin
08a73b4aad Proxy: support for connection upgrade (101 Switching Protocols).
This allows to proxy WebSockets by using configuration like this:

    location /chat/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

Connection upgrade is allowed as long as it was requested by a client
via the Upgrade request header.
2013-02-18 13:50:52 +00:00
Ruslan Ermilov
5d143ca864 Fixed and improved the "*_bind" directives of proxying modules.
The "proxy_bind", "fastcgi_bind", "uwsgi_bind", "scgi_bind" and
"memcached_bind" directives are now inherited; inherited value
can be reset by the "off" parameter.  Duplicate directives are
now detected.  Parameter value can now contain variables.
2013-01-16 09:42:57 +00:00
Ruslan Ermilov
a2a229193a Fixed "proxy_pass" with IP address and no port (ticket #276).
Upstreams created by "proxy_pass" with IP address and no port were
broken in 1.3.10, by not initializing port in u->sockaddr.

API change: ngx_parse_url() was modified to always initialize port
(in u->sockaddr and in u->port), even for the u->no_resolve case;
ngx_http_upstream() and ngx_http_upstream_add() were adopted.
2013-01-10 12:58:55 +00:00
Valentin Bartenev
cb90df084f Fixed HEAD requests handling when proxying is used (closes #261). 2012-12-24 17:32:53 +00:00
Maxim Dounin
658296290c Upstream: fixed SIGSEGV with the "if" directive.
Configuration like

    location / {
        set $true 1;

        if ($true) {
            proxy_pass http://backend;
        }

        if ($true) {
            # nothing
        }
    }

resulted in segmentation fault due to NULL pointer dereference as the
upstream configuration wasn't initialized in an implicit location created
by the last if(), but the r->content_handler was set due to first if().

Instead of committing a suicide by dereferencing a NULL pointer, return
500 (Internal Server Error) in such cases, i.e. if uscf is NULL.  Better
fix would be to avoid such cases by fixing the "if" directive handling,
but it's out of scope of this patch.

Prodded by Piotr Sikora.
2012-12-13 16:05:59 +00:00
Maxim Dounin
246cbd21ce Trailing whitespace fix. 2012-11-17 00:36:44 +00:00
Maxim Dounin
e1d5455a74 Upstream: better detection of connect() failures with kqueue.
Pending EOF might be reported on both read and write events, whichever
comes first, so check both of them.

Patch by Yichun Zhang (agentzh), slightly modified.
2012-11-16 18:29:19 +00:00
Maxim Dounin
8e67fb4226 Event pipe: fixed handling of buf_to_file data.
Input filter might free a buffer if there is no data in it, and in case
of first buffer (used for cache header and request header, aka p->buf_to_file)
this resulted in cache corruption.  Buffer memory was reused to read upstream
response before headers were written to disk.

Fix is to avoid moving pointers in ngx_event_pipe_add_free_buf() to a buffer
start if we were asked to free a buffer used by p->buf_to_file.

This fixes occasional cache file corruption, usually resulted
in "cache file ... has md5 collision" alerts.

Reported by Anatoli Marinov.
2012-10-30 11:14:24 +00:00
Maxim Dounin
21be49ae59 Upstream: hide_headers/pass_headers inheritance fix.
Hide headers and pass headers arrays might not be inherited correctly
into a nested location, e.g. in configuration like

    server {
        proxy_hide_header X-Foo;
        location / {
            location /nested/ {
                proxy_pass_header X-Pad;
            }
        }
    }

the X-Foo header wasn't hidden in the location /nested/.

Reported by Konstantin Svist,
http://mailman.nginx.org/pipermail/nginx-ru/2012-July/047555.html
2012-07-30 10:35:26 +00:00
Ruslan Ermilov
45d2ae646b Slight optimization in ngx_http_upstream_add(): replaced an expression
known to be constant with the constant value.
2012-07-29 19:44:09 +00:00
Ruslan Ermilov
b163010872 ngx_http_upstream_add() should return NULL if an error occurs. 2012-07-29 19:38:25 +00:00
Valentin Bartenev
d8ec4910ce Fixed returned value handling from the cookie rewrite handler.
If the "proxy_cookie_domain" or "proxy_cookie_path" directive is used and there
are no matches in Set-Cookie header then ngx_http_proxy_rewrite_cookie() returns
NGX_DECLINED to indicate that the header was not rewritten. Returning this value
further from the upstream headers copy handler resulted in 500 error response.

See here for report:
http://mailman.nginx.org/pipermail/nginx/2012-May/033858.html
2012-05-30 12:30:03 +00:00
Ruslan Ermilov
47a04aaa27 Fixed spelling in multiline C comments. 2012-04-03 07:37:31 +00:00
Maxim Konovalov
acf6c79ac7 For the sake of case/switch code readability, 'fall through'
comments added.
2012-03-19 14:57:29 +00:00
Ruslan Ermilov
b74f8ffce4 Fixed spelling in single-line comments. 2012-02-28 11:31:05 +00:00
Maxim Dounin
9f38b20db5 Time parsing cleanup.
Nuke NGX_PARSE_LARGE_TIME, it's not used since 0.6.30.  The only error
ngx_parse_time() can currently return is NGX_ERROR, check it explicitly
and make sure to cast it to appropriate type (either time_t or ngx_msec_t)
to avoid signedness warnings on platforms with unsigned time_t (notably QNX).
2012-02-13 15:41:11 +00:00
Maxim Dounin
01c133cda4 Fix for proxy_store leaving temporary files for subrequests.
Temporary files might not be removed if the "proxy_store" or "fastcgi_store"
directives were used for subrequests (e.g. ssi includes) and client closed
connection prematurely.

Non-active subrequests are finalized out of the control of the upstream
module when client closes a connection.  As a result, the code to remove
unfinished temporary files in ngx_http_upstream_process_request() wasn't
executed.

Fix is to move relevant code into ngx_http_upstream_finalize_request() which
is called in all cases, either directly or via the cleanup handler.
2012-02-13 15:28:19 +00:00
Valentin Bartenev
b3e3b2e75a Upstream: added callback hook for the "Set-Cookie" header.
No functional changes.
2012-02-13 11:01:58 +00:00
Maxim Dounin
060b92451b Upstream: fixed "too big header" check.
If header filter postponed processing of a header by returning NGX_AGAIN
and not moved u->buffer->pos, previous check incorrectly assumed there
is additional space and did another recv() with zero-size buffer.  This
resulted in "upstream prematurely closed connection" error instead
of correct "upstream sent too big header" one.

Patch by Feibo Li.
2012-02-10 14:31:04 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Dounin
822fe46934 Cache locks initial implementation.
New directives: proxy_cache_lock on/off, proxy_cache_lock_timeout.  With
proxy_cache_lock set to on, only one request will be allowed to go to
upstream for a particular cache item.  Others will wait for a response
to appear in cache (or cache lock released) up to proxy_cache_lock_timeout.

Waiting requests will recheck if they have cached response ready (or are
allowed to run) every 500ms.

Note: we intentionally don't intercept NGX_DECLINED possibly returned by
ngx_http_file_cache_read().  This needs more work (possibly safe, but needs
further investigation).  Anyway, it's exceptional situation.

Note: probably there should be a way to disable caching of responses
if there is already one request fetching resource to cache (without waiting
at all).  Two possible ways include another cache lock option ("no_cache")
or using proxy_no_cache with some supplied variable.

Note: probably there should be a way to lock updating requests as well.  For
now "proxy_cache_use_stale updating" is available.
2011-12-26 11:15:23 +00:00
Maxim Dounin
d79f4523f8 Added clearing of r->valid_unparsed_uri on internal redirects.
This resolves issue with try_files (see ticket #70), configuration like

   location / { try_files $uri /index.php; }
   location /index.php { proxy_pass http://backend; }

caused nginx to use original request uri in a request to a backend.

Historically, not clearing of the r->valid_unparsed_uri on internal redirect
was a feature: it allowed to pass the same request to (another) upstream
server via error_page redirection.  Since then named locations appeared
though, and it's time to start resetting r->valid_unparsed_uri on internal
redirects.  Configurations still using this feature should be converted
to use named locations instead.

Patch by Lanshun Zhou.
2011-12-19 14:11:48 +00:00
Valentin Bartenev
50546b26d9 Added the ngx_http_upstream_param_set_slot(). 2011-12-09 13:19:57 +00:00
Maxim Dounin
e0c1a63028 Upstream: don't cache unfinished responses.
Check if received data length match Content-Length header (if present),
don't cache response if no match found.  This prevents caching of corrupted
response in case of premature connection close by upstream.
2011-11-18 15:09:08 +00:00
Maxim Dounin
b8203e46a0 Additional headers for proxy/fastcgi/uwsgi/scgi_ignore_headers.
Now the following headers may be ignored as well: X-Accel-Limit-Rate,
X-Accel-Buffering, X-Accel-Charset.
2011-10-11 18:10:49 +00:00
Ruslan Ermilov
6e86fb02d6 Tweaked error messages. 2011-10-07 07:57:24 +00:00
Maxim Dounin
20139ff13a Fixed cache bypass caching of non-cacheable replies (ticket #21).
If cache was bypassed with proxy_cache_bypass, cache-controlling headers
(Cache-Control, Expires) wasn't considered and response was cached even
if it was actually non-cacheable.

Patch by John Ferlito.
2011-10-05 10:14:21 +00:00
Maxim Dounin
886c6295ee Better handling of late upstream creation.
Configuration with duplicate upstream blocks defined after first use, i.e.
like

    server {
        ...
        location / {
            proxy_pass http://backend;
        }
    }

    upstream backend { ... }
    upstream backend { ... }

now correctly results in "duplicate upstream" error.

Additionally, upstream blocks defined after first use now handle various
server directive parameters ("weight", "max_fails", etc.).  Previously
configuration like

    server {
        ...
        location / {
            proxy_pass http://backend;
        }
    }

    upstream backend {
        server 127.0.0.1 max_fails=5;
    }

incorrectly resulted in "invalid parameter "max_fails=5"" error.
2011-09-27 11:18:51 +00:00
Maxim Dounin
b16918ed08 Cache: fix for sending of stale responses.
For normal cached responses ngx_http_cache_send() sends last buffer and then
request finalized via ngx_http_finalize_request() call, i.e. everything is
ok.

But for stale responses (i.e. when upstream died, but we have something in
cache) the same ngx_http_cache_send() sends last buffer, but then in
ngx_http_upstream_finalize_request() another last buffer is send.  This
causes duplicate final chunk to appear if chunked encoding is used (and
resulting problems with keepalive connections and so on).

Fix this by not sending in ngx_http_upstream_finalize_request()
another last buffer if we know response was from cache.
2011-09-27 11:17:11 +00:00
Maxim Dounin
28b001f897 Upstream: clearing of u->peer.connection on close.
This fixes crashes observed with some 3rd party balancer modules.  Standard
balancer modules (round-robin and ip hash) explicitly set pc->connection
(aka u->peer.connection) to NULL and aren't affected.
2011-09-25 20:00:36 +00:00
Maxim Dounin
afe2e3d082 Fix of separate pool for upstream connections (r4117).
Pool may not be created if connection was created but rejected in connect()
call.  Make sure to check if it is here before trying to destroy it.
2011-09-20 10:00:46 +00:00
Maxim Dounin
f84c69a301 Upstream: Connection header processing. 2011-09-15 19:21:19 +00:00
Maxim Dounin
4686f30a0c Upstream: Transfer-Encoding header processing. 2011-09-15 19:20:08 +00:00
Maxim Dounin
2d6be3fe93 Upstream: keepalive flag.
This patch introduces r->upstream->keepalive flag, which is set by protocol
handlers if connection to upstream is in good state and can be kept alive.
2011-09-15 19:03:15 +00:00
Maxim Dounin
a746bab7c1 Upstream: pipe length and input_filter_init in buffered mode.
As long as ngx_event_pipe() has more data read from upstream than specified
in p->length it's passed to input filter even if buffer isn't yet full.  This
allows to process data with known length without relying on connection close
to signal data end.

By default p->length is set to -1 in upstream module, i.e. end of data is
indicated by connection close.  To set it from per-protocol handlers upstream
input_filter_init() now called in buffered mode (as well as in
unbuffered mode).
2011-09-15 19:00:47 +00:00
Maxim Dounin
ffe4f11417 Upstream: r->upstream->length type change to off_t.
Previous use of size_t may cause wierd effects on 32bit platforms with certain
big responses transferred in unbuffered mode.

Nuke "if (size > u->length)" check as it's not usefull anyway (preread
body data isn't subject to this check) and now requires additional check
for u->length being positive.
2011-09-15 18:43:19 +00:00
Maxim Dounin
e19f005daf Upstream: content_length_n API change.
We no longer use r->headers_out.content_length_n as a primary source of
backend's response length.  Instead we parse response length to
u->headers_in.content_length_n and copy to r->headers_out.content_length_n
when needed.
2011-09-15 18:33:43 +00:00
Maxim Dounin
360ed25d65 Upstream: separate pool for peer connections.
This is required to support persistent https connections as various ssl
structures are allocated from connection's pool.
2011-09-15 18:21:24 +00:00
Maxim Dounin
c42c70f478 Workaround for cpu hog on errors with cached connections.
Just doing another connect isn't safe as peer.get() may expect peer.tries
to be strictly positive (this is the case e.g. with round robin with multiple
upstream servers).  Increment peer.tries to at least avoid cpu hog in
round robin balancer (with the patch alert will be seen instead).

This is not enough to fully address the problem though, hence TODO.  We
should be able to inform balancer that the error wasn't considered fatal
and it may make sense to retry the same peer.
2011-09-15 18:12:58 +00:00
Maxim Dounin
d7c2673d3f API change: ngx_chain_update_chains() now requires pool.
The ngx_chain_update_chains() needs pool to free chain links used for buffers
with non-matching tags.  Providing one helps to reduce memory consumption
for long-lived requests.
2011-09-15 16:03:17 +00:00