Commit Graph

5102 Commits

Author SHA1 Message Date
Valentin Bartenev
20d41493d4 SPDY: fixed check for too long header name or value.
For further progress a new buffer must be at least two bytes larger than
the remaining unparsed data.  One more byte is needed for null-termination
and another one for further progress.  Otherwise inflate() fails with
Z_BUF_ERROR.
2014-11-07 17:22:19 +03:00
Valentin Bartenev
42b6d57fb5 SPDY: improved debug logging of inflate() calls. 2014-11-07 17:19:12 +03:00
Maxim Dounin
1fd4cd0b96 SSL: logging level of "inappropriate fallback" (ticket #662).
Patch by Erik Dubbelboer.
2014-11-17 16:38:48 +03:00
Toshikuni Fukaya
d9f5baa0b8 Upstream: support named location for X-Accel-Redirect. 2014-11-04 19:56:23 +09:00
Piotr Sikora
a9d9b09103 Upstream: add "proxy_ssl_certificate" and friends.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-10-30 04:30:41 -07:00
Maxim Dounin
fb96936c1a SPDY: fixed "too long header line" logging.
This fixes possible one byte buffer overrun and makes sure ellipsis are
always added, see 21043ce2a005.
2014-11-07 17:38:55 +03:00
Maxim Dounin
e2bc3c11b2 Cache: removed dead store in ngx_http_file_cache_vary_header().
Found by Clang Static Analyzer.
2014-11-05 18:53:26 +03:00
Valentin Bartenev
f9b99baed3 Access log: cancel the flush timer on graceful shutdown.
Previously, it could prevent a worker process from exiting
for up to the configured flush timeout.
2014-08-25 13:41:31 +04:00
Valentin Bartenev
8b30fb7c97 Events: introduced cancelable timers. 2014-08-13 22:45:04 +04:00
Valentin Bartenev
16403bc7b1 Events: simplified cycle in ngx_event_expire_timers(). 2014-08-25 13:37:06 +04:00
Valentin Bartenev
246152c864 Events: removed broken thread support from event timers.
It's mostly dead code.  And the idea of thread support for this task has
been deprecated.
2014-08-25 13:34:39 +04:00
Peter Wu
2d16e3c3a1 Contrib: add more directives to vim syntax.
uwsgi is not a third-party module anymore. 'split_clients' is a new
block directive type. The directives were automatically extracted from
the ngx_command_t arrays, sorted in the C locale and inserted.

Trailing spaces got removed at some places.
2014-10-22 15:31:19 +02:00
Sergey Kandaurov
33f5555940 SSL: simplified ssl_password_file error handling.
Instead of collecting a number of the possible SSL_CTX_use_PrivateKey_file()
error codes that becomes more and more difficult with the rising variety of
OpenSSL versions and its derivatives, just continue with the next password.

Multiple passwords in a single ssl_password_file feature was broken after
recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e).

Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3.

Reported by Piotr Sikora.
2014-10-24 04:28:00 -07:00
Piotr Sikora
54606d4625 SPDY: stop emitting multiple empty header values.
Previously, nginx would emit empty values in a header with multiple,
NULL-separated values.

This is forbidden by the SPDY specification, which requires headers to
have either a single (possibly empty) value or multiple, NULL-separated
non-empty values.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-10-27 14:25:56 -07:00
Valentin Bartenev
78dd8b5eda Version bump. 2014-10-28 21:58:49 +03:00
Maxim Dounin
71fe74726a release-1.7.7 tag 2014-10-28 18:04:46 +03:00
Maxim Dounin
029605ea15 nginx-1.7.7-RELEASE 2014-10-28 18:04:46 +03:00
Maxim Dounin
23f27c2829 Updated OpenSSL used for win32 builds. 2014-10-28 17:35:00 +03:00
Kouhei Sutou
b3f9a94e6a Win32: made build-able with MinGW-w64 gcc. 2014-10-15 21:15:01 +09:00
Gu Feng
726c5726fb Upstream: limited next_upstream time and tries when resolving DNS.
When got multiple upstream IP addresses using DNS resolving, the number of
upstreams tries and the maxinum time spent for these tries were not affected.
This patch fixed it.
2014-10-27 19:52:03 +08:00
Roman Arutyunyan
cf1e4781a9 Write filter: stored delay in a variable, no functional changes.
The code is now similar to ngx_event_pipe_read_upstream().
2014-10-28 12:29:59 +03:00
Roman Arutyunyan
18e4d042b0 Upstream: proxy_limit_rate and friends.
The directives limit the upstream read rate.  For example,
"proxy_limit_rate 42" limits proxy upstream read rate to
42 bytes per second.
2014-10-28 12:29:59 +03:00
Roman Arutyunyan
0989d63f06 Core: added limit to recv_chain(). 2014-10-28 12:29:58 +03:00
Maxim Dounin
5f625b7df0 Cache: normalization of some Vary headers.
Spaces in Accept-Charset, Accept-Encoding, and Accept-Language headers
are now ignored.  As per syntax of these headers spaces can only appear
in places where they are optional.
2014-10-27 21:14:12 +03:00
Maxim Dounin
6255935e0f Cache: multiple variants of a resource now can be stored.
If a variant stored can't be used to respond to a request, the variant
hash is used as a secondary key.

Additionally, if we previously switched to a secondary key, while storing
a response to cache we check if the variant hash still apply.  If not, we
switch back to the original key, to handle cases when Vary changes.
2014-10-27 21:14:10 +03:00
Maxim Dounin
83f00adc9b Cache: c->reading flag introduced.
It replaces c->buf in checks in ngx_http_file_cache_open(), making it possible
to reopen the file without clearing c->buf.  No functional changes.
2014-10-27 21:14:07 +03:00
Maxim Dounin
1332e76b20 Cache: hash of Vary headers now stored in cache.
To cache responses with Vary, we now calculate hash of headers listed
in Vary, and return the response from cache only if new request headers
match.

As of now, only one variant of the same resource can be stored in cache.
2014-10-27 21:13:58 +03:00
Maxim Dounin
fc785b12a0 Cache: disable caching of responses with Vary (ticket #118).
The "proxy_ignore_header" directive now undersands the "Vary" parameter
to ignore the header as needed.
2014-10-27 21:13:39 +03:00
Maxim Dounin
97e618c556 Gzip, gunzip: flush busy buffers if any.
Previous code resulted in transfer stalls when client happened
to read all the data in buffers at once, while all gzip buffers
were exhausted (but ctx->nomem wasn't set).  Make sure to call
next body filter at least once per call if there are busy buffers.

Additionally, handling of calls with NULL chain was changed to follow
the same logic, i.e., next body filter is only called with NULL chain
if there are busy buffers.  This is expected to fix "output chain is empty"
alerts as reported by some users after c52a761a2029 (1.5.7).
2014-10-15 22:57:23 +04:00
Maxim Dounin
9369cf8df3 Style. 2014-10-14 20:19:36 +04:00
Roman Arutyunyan
2244a5e9cf Upstream: proxy_force_ranges and friends.
The directives enable byte ranges for both cached and uncached
responses regardless of backend headers.
2014-10-14 18:32:01 +04:00
Kouhei Sutou
8ae7751878 Win32: suppressed warnings by "-Werror=sign-compare". 2014-10-11 21:09:29 +09:00
Kouhei Sutou
3df66a632a Win32: fixed wrong type cast.
GetQueuedCompletionStatus() document on MSDN says the
following signature:

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa364986.aspx

    BOOL WINAPI GetQueuedCompletionStatus(
      _In_   HANDLE CompletionPort,
      _Out_  LPDWORD lpNumberOfBytes,
      _Out_  PULONG_PTR lpCompletionKey,
      _Out_  LPOVERLAPPED *lpOverlapped,
      _In_   DWORD dwMilliseconds
    );

In the latest specification, the type of the third argument
(lpCompletionKey) is PULONG_PTR not LPDWORD.
2014-10-11 20:56:35 +09:00
Maxim Dounin
c01481a4cb Fixed possible buffer overrun in "too long header line" logging.
Additionally, ellipsis now always added to make it clear that
the header logged is incomplete.

Reported by Daniil Bondarev.
2014-10-08 17:16:04 +04:00
Yichun Zhang
52e4dc2f74 Core: fixed buffer overrun when hash max_size reached. 2014-10-02 12:00:17 -07:00
Piotr Sikora
4a2fba2d46 Upstream: fix $upstream_cache_last_modified variable.
Due to the u->headers_in.last_modified_time not being correctly initialized,
this variable was evaluated to "Thu, 01 Jan 1970 00:00:00 GMT" for responses
cached without the "Last-Modified" header which resulted in subsequent proxy
requests being sent with "If-Modified-Since: Thu, 01 Jan 1970 00:00:00 GMT"
header.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-10-01 15:48:53 -07:00
Valentin Bartenev
840b347bb2 Fixed counting of sent bytes in the send chain functions on EINTR.
Previously, a value of the "send" variable wasn't properly adjusted
in a rare case when syscall was interrupted by a signal.  As a result,
these functions could send less data than the limit allows.
2014-08-27 20:51:01 +04:00
Valentin Bartenev
70995077ad Version bump. 2014-10-02 22:36:27 +04:00
Maxim Dounin
28fd65e06a release-1.7.6 tag 2014-09-30 17:20:33 +04:00
Maxim Dounin
92180950d2 nginx-1.7.6-RELEASE 2014-09-30 17:20:32 +04:00
Maxim Dounin
403a9efc0c Upstream keepalive: reset c->sent on cached connections.
The c->sent is reset to 0 on each request by server-side http code,
so do the same on client side.  This allows to count number of bytes
sent in a particular request.
2014-09-29 22:27:45 +04:00
Valentin Bartenev
c9fbbc8273 Limit req: reduced number of parameters in the lookup function.
No functional changes.
2014-09-24 21:55:19 +04:00
Valentin Bartenev
021a9df15b Limit req: use complex value in limit_req_zone.
One intentional side effect of this change is that key is allowed only
in the first position.  Previously, it was possible to specify the key
variable at any position, but that was never documented, and is contrary
with nginx configuration practice for positional parameters.
2014-09-24 21:55:19 +04:00
Valentin Bartenev
98f7d0efb2 Limit conn: aligned field names in structures.
No functional changes.
2014-09-24 21:55:19 +04:00
Valentin Bartenev
dd1ae4348a Limit conn: use complex value in limit_conn_zone (ticket #121).
One intentional side effect of this change is that key is allowed only
in the first position.  Previously, it was possible to specify the key
variable at any position, but that was never documented, and is contrary
to nginx configuration practice for positional parameters.
2014-09-24 21:55:19 +04:00
Valentin Bartenev
1866f15d7d Limit conn: removed deprecated "limit_zone" directive.
It's deprecated since 260d591cb6a3 (1.1.8).  The "limit_conn_zone" directive
should be used instead.
2014-09-24 21:55:19 +04:00
Vladimir Homutov
27fa3123f9 Syslog: improved error handling of unix domain sockets.
If a syslog daemon is restarted and the unix socket is used, further logging
might stop to work.  In case of send error, socket is closed, forcing
a reconnection at the next logging attempt.
2014-08-26 14:56:54 +04:00
Vladimir Homutov
d79cbf15e6 Syslog: enabled logging of send errors.
The ngx_cycle->log is used when sending the message.  This allows to log syslog
send errors in another log.

Logging to syslog after its cleanup handler has been executed was prohibited.
Previously, this was possible from ngx_destroy_pool(), which resulted in error
messages caused by attempts to write into the closed socket.

The "processing" flag is renamed to "busy" to better match its semantics.
2014-09-01 17:55:07 +04:00
Gu Feng
bba2ce8aae Avoided to add duplicate hash key in ngx_http_types_slot(). 2014-09-17 22:52:02 +08:00
Valentin Bartenev
840d205bac Removed duplicate initialization of the "rev" variable. 2014-09-22 19:48:23 +04:00