Commit Graph

151 Commits

Author SHA1 Message Date
Sergey Kandaurov
88cb4d3ab0 Merged with the default branch. 2020-10-01 12:21:11 +01:00
Pavel Pautov
c85d6fec21 Stream: set module.
Adds 'set' directive to the stream server context.
2020-08-28 14:10:54 -07:00
Roman Arutyunyan
47ed87f855 HTTP/3: renamed ngx_http_v3.c to ngx_http_v3_encode.c.
The file contains only encoding functions.
2020-07-13 12:38:08 +03:00
Roman Arutyunyan
36f2873f6b QUIC: added "quic" listen parameter in Stream.
Also, introduced ngx_stream_quic_module.
2020-07-21 23:08:39 +03:00
Roman Arutyunyan
b813b9ec35 QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.

Also, introduced ngx_http_quic_module and moved QUIC settings there
2020-07-21 23:09:22 +03:00
Sergey Kandaurov
b7b3aca704 Configure: unbreak with old OpenSSL, --with-http_v3_module added. 2020-04-30 15:47:43 +03:00
Roman Arutyunyan
01dc7445f0 Refactored HTTP/3 parser. 2020-03-18 13:46:35 +03:00
Vladimir Homutov
23dc6a68a4 Extracted transport part of the code into separate file.
All code dealing with serializing/deserializing
is moved int srv/event/ngx_event_quic_transport.c/h file.

All macros for dealing with data are internal to source file.

The header file exposes frame types and error codes.

The exported functions are currently packet header parsers and writers
and frames parser/writer.

The ngx_quic_header_t structure is updated with 'log' member. This avoids
passing extra argument to parsing functions that need to report errors.
2020-03-18 12:58:27 +03:00
Vladimir Homutov
d0ebfa4cb9 Split transport and crypto parts into separate files.
New files:
    src/event/ngx_event_quic_protection.h
    src/event/ngx_event_quic_protection.c

The protection.h header provides interface to the crypto part of the QUIC:

2 functions to initialize corresponding secrets:

ngx_quic_set_initial_secret()
ngx_quic_set_encryption_secret()

and 2 functions to deal with packet processing:

ngx_quic_encrypt()
ngx_quic_decrypt()

Also, structures representing secrets are defined there.

All functions require SSL connection and a pool, only crypto operations
inside, no access to nginx connections or events.

Currently pool->log is used for the logging (instead of original c->log).
2020-03-16 19:00:47 +03:00
Roman Arutyunyan
7739b6073b HTTP/3. 2020-03-13 19:36:33 +03:00
Sergey Kandaurov
812a0b69a0 QUIC add_handshake_data callback, varint routines. 2020-02-28 13:09:51 +03:00
Sergey Kandaurov
26ac1c73f0 Initial QUIC support in http. 2020-02-28 13:09:51 +03:00
Roman Arutyunyan
a39380a41e Unconditional compilation of the postpone filter.
Postpone filter is an essential part of subrequest functionality.  In absence
of it a subrequest response body is sent to the client out of order with
respect to the main request header and body, as well as other subrequests.
For in-memory subrequests the response is also sent to the client instead of
being stored in memory.

Currently the postpone filter is automatically enabled if one of the following
standard modules which are known to create subrequests is enabled: ssi, slice,
addition.  However a third-party module that creates subrequests can still be
built without the postpone filter or be dynamically loaded in nginx built
without it.
2019-05-08 19:22:13 +03:00
Vladimir Homutov
0c4ccbea23 Upstream: ngx_http_upstream_random module.
The module implements random load-balancing algorithm with optional second
choice.  In the latter case, the best of two servers is chosen, accounting
number of connections and server weight.

Example:

upstream u {
    random [two [least_conn]];

    server 127.0.0.1:8080;
    server 127.0.0.1:8081;
    server 127.0.0.1:8082;
    server 127.0.0.1:8083;
}
2018-06-15 11:46:14 +03:00
Maxim Dounin
56ad960e7a The gRPC proxy module.
The module allows passing requests to upstream gRPC servers.
The module is built by default as long as HTTP/2 support is compiled in.
Example configuration:

    grpc_pass 127.0.0.1:9000;

Alternatively, the "grpc://" scheme can be used:

    grpc_pass grpc://127.0.0.1:9000;

Keepalive support is available via the upstream keepalive module.  Note
that keepalive connections won't currently work with grpc-go as it fails
to handle SETTINGS_HEADER_TABLE_SIZE.

To use with SSL:

    grpc_pass grpcs://127.0.0.1:9000;

SSL connections use ALPN "h2" when available.  At least grpc-go works fine
without ALPN, so if ALPN is not available we just establish a connection
without it.

Tested with grpc-c++ and grpc-go.
2018-03-17 23:04:24 +03:00
Maxim Dounin
c554dd1434 HTTP/2: externalized various constants and interfaces. 2018-03-17 23:04:20 +03:00
Ruslan Ermilov
2437532e7f HTTP/2: push additional request headers (closes #1478).
The Accept-Encoding, Accept-Language, and User-Agent header fields
are now copied from the original request to pushed requests.
2018-02-15 17:51:32 +03:00
Roman Arutyunyan
3900d1cb3c Mirror module. 2017-07-20 08:50:49 +03:00
Roman Arutyunyan
129b06dc5d Precontent phase.
The phase is added instead of the try_files phase.  Unlike the old phase, the
new one supports registering multiple handlers.  The try_files implementation is
moved to a separate ngx_http_try_files_module, which now registers a precontent
phase handler.
2017-07-20 15:51:11 +03:00
Ruslan Ermilov
435670165a Configure: fixed --without_http.
Instead of turning off some randomly selected http modules
when --without-http is specified, just don't process the
whole http modules section.
2017-03-16 20:38:31 +03:00
Ruslan Ermilov
99e20ba5f9 Configure: fixed build with --with-stream.
Some combinations of options might cause the builds with the
--with-stream option to break due to invalid value of the
STREAM_INCS make variable, e.g.

auto/configure \
    --with-stream \
    --with-http_perl_module=dynamic \
    --without-http_memcached_module \
    --without-http_empty_gif_module \
    --without-http_browser_module \
    --without-http_upstream_hash_module \
    --without-http_upstream_ip_hash_module \
    --without-http_upstream_least_conn_module \
    --without-http_upstream_keepalive_module \
    --without-http_upstream_zone_module \

Explicit initialization of ngx_module_libs and ngx_module_link
matches what we already do when processing mail modules, and
is also required after the next change.
2017-03-16 20:38:26 +03:00
Maxim Dounin
4c6e31a857 Configure: honor dependencies of dynamic modules.
Dependencies of dynamic modules are added to NGX_ADDON_DEPS (and
it is now used for dynamic modules) to be in line with what happens
in case of static compilation.

To avoid duplication, MAIL_DEPS and STREAM_DEPS are no longer passed
to auto/module when these modules are compiled as dynamic ones.  Mail
and stream dependencies are handled explicitly via corresponding
variables.
2016-11-21 16:49:19 +03:00
Maxim Dounin
f99724f2e0 Modules compatibility: --with-compat configure option. 2016-10-03 15:58:16 +03:00
Vladimir Homutov
5a7afb1b0d Stream: ssl_preread module.
The ssl_preread module extracts information from the SSL Client Hello message
without terminating SSL.  Currently, only $ssl_preread_server_name variable
is supported, which contains server name from the SNI extension.
2016-09-15 14:56:51 +03:00
Roman Arutyunyan
04b9434b18 Stream: filters. 2016-09-15 14:55:46 +03:00
Dmitry Volyntsev
fe2774a9d6 Stream: realip module. 2016-09-01 14:45:33 +03:00
Vladimir Homutov
68a7b9b5a3 Stream: log module. 2016-09-05 17:50:16 +03:00
Valentin Bartenev
5c2dd3913a Events: support for EPOLLEXCLUSIVE.
This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().
2016-07-15 15:18:57 +03:00
Vladimir Homutov
6c2b086d0e Stream: split_clients module. 2016-07-12 17:34:52 +03:00
Vladimir Homutov
bb790f5d30 Stream: geo module. 2016-06-30 16:12:50 +03:00
Vladimir Homutov
4cf0e28483 Stream: geoip module. 2016-07-12 17:34:43 +03:00
Vladimir Homutov
4105225310 Stream: individual build options for modules. 2016-07-12 12:38:01 +03:00
Roman Arutyunyan
a7c6f8c1d7 Stream: return module. 2016-05-18 22:08:49 +03:00
Vladimir Homutov
05db6ddfa1 Stream: map module. 2016-06-29 12:46:12 +03:00
Vladimir Homutov
c31773ea60 Stream: variables and script.
This is a port of corresponding http code with unrelated features excluded.
2016-07-04 16:37:36 +03:00
Maxim Dounin
c60b61a290 Internal md5 and sha1 implementations are now always used.
This reduces the number of moving parts in ABI compatibility checks.
Additionally, it also allows to use OpenSSL in FIPS mode while still
using md5 for non-security tasks.
2016-06-30 18:57:39 +03:00
Ruslan Ermilov
89b8f57768 Dynamic modules: perl. 2016-02-26 14:27:04 +03:00
Ruslan Ermilov
6b2e4f336c Dynamic modules: added auth_basic module libs via ngx_module_libs=. 2016-02-10 11:36:25 +03:00
Maxim Dounin
86c82d4376 Dynamic modules: NGX_STREAM define removed.
It's not used and contradicts the idea of dynamic loading.
2016-02-08 18:02:04 +03:00
Ruslan Ermilov
4814d78312 Dynamic modules: fixed a copy-n-paste error. 2016-02-05 14:02:54 +03:00
Maxim Dounin
97f59dda09 Dynamic modules.
The auto/module script is extended to understand ngx_module_link=DYNAMIC.
When set, it links the module as a shared object rather than statically
into nginx binary.  The module can later be loaded using the "load_module"
directive.

New auto/module parameter ngx_module_order allows to define module loading
order in complex cases.  By default the order is set based on ngx_module_type.

3rd party modules can be compiled dynamically using the --add-dynamic-module
configure option, which will preset ngx_module_link to "DYNAMIC" before
calling the module config script.

Win32 support is rudimentary, and only works when using MinGW gcc (which
is able to handle exports/imports automatically).

In collaboration with Ruslan Ermilov.
2016-02-04 20:25:29 +03:00
Maxim Dounin
0805ba14e7 Dynamic modules: auto/module script.
This script simplifies configuration of additional modules,
including 3rd party ones.  The script is extensible, and
will be used to introduce dynamic linking of modules in upcoming
changes.

3rd party module config scripts are called with ngx_module_link
preset to "ADDON" - this allows config scripts to call auto/module
without ngx_module_link explicitly defined, as well as testing if
new interface is in place if compatibility with older nginx versions
is desired.

In collaboration with Ruslan Ermilov.
2016-02-04 18:30:21 +03:00
Maxim Dounin
359803e457 Dynamic modules: introduced HTTP_INIT_FILTER_MODULES.
Additionally, HTTP_HEADERS_FILTER_MODULE now added to HTTP_FILTER_MODULES.
This avoids explict use of modules at the later stages, now only module
lists are used.  This will be needed in later patches.
2016-02-04 18:30:21 +03:00
Roman Arutyunyan
8ba626ccd7 Slice filter.
Splits a request into subrequests, each providing a specific range of response.
The variable "$slice_range" must be used to set subrequest range and proper
cache key.  The directive "slice" sets slice size.

The following example splits requests into 1-megabyte cacheable subrequests.

server {
    listen 8000;

    location / {
        slice 1m;

        proxy_cache cache;
        proxy_cache_key $uri$is_args$args$slice_range;
        proxy_set_header Range $slice_range;
        proxy_cache_valid 200 206 1h;
        proxy_pass http://127.0.0.1:9000;
    }
}
2015-12-07 16:30:48 +03:00
Valentin Bartenev
ee37ff613f The HTTP/2 implementation (RFC 7240, 7241).
The SPDY support is removed, as it's incompatible with the new module.
2015-09-11 20:13:06 +03:00
Vladimir Homutov
14ff3d4f87 Stream: connection limiting module.
stream {
    limit_conn_zone $binary_remote_addr zone=perip:1m;
    limit_conn_log_level error;

    server {
        ...
        limit_conn perip 1;
    }
}
2015-06-18 14:17:30 +03:00
Vladimir Homutov
8ab1aa612d Stream: access module.
stream {
    server {
        ...
        allow 127.0.0.1;
        deny all;
    }
}
2015-06-04 13:04:12 +03:00
Ruslan Ermilov
33b8e5bc06 Removed the obsolete rtsig module. 2015-04-23 14:17:40 +03:00
Ruslan Ermilov
c799c82faa Stream: port from NGINX+. 2015-04-20 13:05:11 +03:00
Ruslan Ermilov
cf31347ee8 Upstream: the "zone" directive.
Upstreams with the "zone" directive are kept in shared memory,
with a consistent view of all worker processes.
2015-04-14 19:01:25 +03:00