Commit Graph

5163 Commits

Author SHA1 Message Date
Igor Sysoev
415c8ec4b4 A bounds check of %N format on Windows.
Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.
2015-01-27 15:38:15 +03:00
Vladimir Homutov
7e1eba5faa Upstream: $upstream_header_time variable.
Keeps time spent on obtaining the header from an upstream server.  The value is
formatted similar to the $upstream_response_time variable.
2015-01-14 09:03:35 +03:00
Valentin Bartenev
3149ddd320 Year 2015. 2015-01-13 20:13:16 +03:00
Maxim Dounin
a1f330a0a2 Core: added disk_full_time checks to error log. 2015-01-13 19:51:37 +03:00
Maxim Dounin
2754fd3c80 Fixed sendfile() trailers on OS X (8e903522c17a, 1.7.8).
The trailer.count variable was not initialized if there was a header,
resulting in "sendfile() failed (22: Invalid argument)" alerts on OS X
if the "sendfile" directive was used.  The bug was introduced
in 8e903522c17a (1.7.8).
2015-01-13 18:58:23 +03:00
Valentin Bartenev
843fb552ec Upstream: use_temp_path parameter of proxy_cache_path and friends.
When set to "off", temporary files for cacheable responses will be stored
inside cache directory.
2014-12-26 16:22:59 +03:00
Valentin Bartenev
1858857c25 Cache: update variant while setting header.
Some parts of code related to handling variants of a resource moved into
a separate function that is called earlier.  This allows to use cache file
name as a prefix for temporary file in the following patch.
2014-12-26 16:22:56 +03:00
Valentin Bartenev
a54e37edda Core: added prefix-based temporary files.
Now, if the "path" parameter is NULL, ngx_create_temp_file() will use
file->name as a predefined file path prefix.
2014-12-26 16:22:54 +03:00
Valentin Bartenev
c07bebdcd1 Unified handling of ngx_create_temp_file() return value.
The original check for NGX_AGAIN was surplus, since the function returns
only NGX_OK or NGX_ERROR.  Now it looks similar to other places.

No functional changes.
2014-12-26 16:22:50 +03:00
Maxim Dounin
cb6f338a8c Trailing space fix. 2014-12-24 19:02:58 +03:00
Maxim Dounin
b8ee1ec7d3 Fixed building with musl libc (ticket #685). 2014-12-24 19:01:22 +03:00
Maxim Dounin
fe4b25c731 Version bump. 2014-12-24 18:53:38 +03:00
Maxim Dounin
efa5e372b7 release-1.7.9 tag 2014-12-23 18:28:38 +03:00
Maxim Dounin
9eb555c9c9 nginx-1.7.9-RELEASE 2014-12-23 18:28:37 +03:00
Valentin Bartenev
7817df480e Upstream: added variables support to proxy_cache and friends. 2014-12-22 12:59:09 +03:00
Valentin Bartenev
b24ad42008 Upstream: preset some cache configuration when bypassing.
No functional changes.
2014-12-22 12:59:06 +03:00
Valentin Bartenev
c40a72761c Upstream: refactored proxy_cache and friends.
The configuration handling code has changed to look similar to the proxy_store
directive and friends.  This simplifies adding variable support in the following
patch.

No functional changes.
2014-12-22 12:59:02 +03:00
Valentin Bartenev
66dcbab7a1 Upstream: mutually exclusive inheritance of "cache" and "store".
Currently, storing and caching mechanisms cannot work together, and a
configuration error is thrown when the proxy_store and proxy_cache
directives (as well as their friends) are configured on the same level.

But configurations like in the example below were allowed and could result
in critical errors in the error log:

    proxy_store on;

    location / {
        proxy_cache one;
    }

Only proxy_store worked in this case.

For more predictable and errorless behavior these directives now prevent
each other from being inherited from the previous level.
2014-12-22 12:58:59 +03:00
Valentin Bartenev
492844dbb1 Upstream: simplified proxy_store and friends configuration code.
This changes internal API related to handling of the "store"
flag in ngx_http_upstream_conf_t.  Previously, a non-null value
of "store_lengths" was enough to enable store functionality with
custom path.  Now, the "store" flag is also required to be set.

No functional changes.
2014-12-22 12:58:56 +03:00
Lukas Tribus
cf92831131 SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
The flag was recently removed by BoringSSL.
2014-12-17 15:12:50 +01:00
Valentin Bartenev
16f248ebbb Autoindex: implemented XML output format. 2014-12-12 20:25:42 +03:00
Valentin Bartenev
5453f0afe6 Autoindex: implemented JSON output format. 2014-12-12 20:25:35 +03:00
Valentin Bartenev
921f728526 Autoindex: rendering code moved to a separate function.
No functional changes.
2014-12-12 20:25:28 +03:00
Maxim Dounin
d8c7616074 Headers filter: variables support in expires (ticket #113). 2014-12-11 23:42:11 +03:00
Maxim Dounin
cf21308885 Headers filter: local variables for config, no functional changes. 2014-12-11 23:42:06 +03:00
Valentin Bartenev
fb7d63250e Upstream: fixed inheritance of proxy_store and friends.
The proxy_store, fastcgi_store, scgi_store and uwsgi_store were inherited
incorrectly if a directive with variables was defined, and then redefined
to the "on" value, i.e. in configurations like:

    proxy_store /data/www$upstream_http_x_store;

    location / {
        proxy_store on;
    }
2014-10-09 20:30:11 +04:00
Maxim Dounin
827b2511e6 Proxy: fixed incorrect URI change due to if (ticket #86).
In the following configuration request was sent to a backend without
URI changed to '/' due to if:

    location /proxy-pass-uri {
        proxy_pass http://127.0.0.1:8080/;

        set $true 1;

        if ($true) {
            # nothing
        }
    }

Fix is to inherit conf->location from the location where proxy_pass was
configured, much like it's done with conf->vars.
2014-12-09 18:22:39 +03:00
Maxim Dounin
8d7c6491fe Upstream: fixed unexpected inheritance into limit_except blocks.
The proxy_pass directive and other handlers are not expected to be inherited
into nested locations, but there is a special code to inherit upstream
handlers into limit_except blocks, as well as a configuration into if{}
blocks.  This caused incorrect behaviour in configurations with nested
locations and limit_except blocks, like this:

    location / {
        proxy_pass http://u;

        location /inner/ {
            # no proxy_pass here

            limit_except GET {
                # nothing
            }
        }
    }

In such a configuration the limit_except block inside "location /inner/"
unexpectedly used proxy_pass defined in "location /", while it shouldn't.
Fix is to avoid inheritance of conf->upstream.upstream (and
conf->proxy_lengths) into locations which don't have noname flag.
2014-12-09 18:22:31 +03:00
Maxim Dounin
c863e1b3b5 Upstream: inheritance of proxy_pass and friends (ticket #645).
Instead of independant inheritance of conf->upstream.upstream (proxy_pass
without variables) and conf->proxy_lengths (proxy_pass with variables)
we now test them both and inherit only if neither is set.  Additionally,
SSL context is also inherited only in this case now.

Based on the patch by Alexey Radkov.
2014-12-09 18:21:55 +03:00
Maxim Dounin
88ed2d39af Proxy: the "TE" header now stripped by default (ticket #537). 2014-12-09 18:20:19 +03:00
Piotr Sikora
1ea64b3f8f Cache: send conditional requests only for cached 200/206 responses.
RFC7232 says:

   The 304 (Not Modified) status code indicates that a conditional GET
   or HEAD request has been received and would have resulted in a 200
   (OK) response if it were not for the fact that the condition
   evaluated to false.

which means that there is no reason to send requests with "If-None-Match"
and/or "If-Modified-Since" headers for responses cached with other status
codes.

Also, sending conditional requests for responses cached with other status
codes could result in a strange behavior, e.g. upstream server returning
304 Not Modified for cached 404 Not Found responses, etc.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-11-26 18:35:37 -08:00
Dmitrii Pichulin
cf5013dd3f SSL: loading certificate keys via ENGINE_load_private_key(). 2014-08-04 11:03:20 +04:00
Maxim Dounin
811281ec36 Version bump. 2014-12-04 16:37:31 +03:00
Maxim Dounin
f4904d2deb release-1.7.8 tag 2014-12-02 16:02:14 +03:00
Maxim Dounin
e5270249f6 nginx-1.7.8-RELEASE 2014-12-02 16:02:14 +03:00
Maxim Dounin
cee54d89dc Trailing spaces removed, typo fixed. 2014-12-02 07:01:37 +03:00
Maxim Dounin
6d52912a2a Cache: proper wakeup of subrequests.
In case of a cache lock timeout and in the aio handler we now call
r->write_event_handler() instead of a connection write handler,
to make sure to run appropriate subrequest.  Previous code failed to run
inactive subrequests and hence resulted in suboptimal behaviour, see
report by Yichun Zhang:

http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004435.html

(Infinite hang claimed in the report seems impossible without 3rd party
modules, as subrequests will be eventually woken up by the postpone filter.)
2014-12-02 05:54:56 +03:00
Maxim Dounin
10345663c8 Upstream: improved subrequest logging.
To ensure proper logging make sure to set current_request in all event
handlers, including resolve, ssl handshake, cache lock wait timer and
aio read handlers.  A macro ngx_http_set_log_request() introduced to
simplify this.
2014-12-02 05:54:54 +03:00
Sergey Kandaurov
778cc4b42e Access log: restricted "log_format" to "http" level.
Specifying the "log_format" directive on levels other than "http"
is deprecated since 73d37e1ccb91 (1.1.11).
2014-12-01 14:51:36 +03:00
Maxim Dounin
ece388033a Write filter: fixed handling of sync bufs (ticket #132). 2014-11-28 16:58:39 +03:00
Maxim Dounin
7fa89c744a Fixed post_action to not trigger "header already sent" alert.
The alert was introduced in 03ff14058272 (1.5.4), and was triggered on each
post_action invocation.

There is no real need to call header filters in case of post_action,
so return NGX_OK from ngx_http_send_header() if r->post_action is set.
2014-11-28 16:57:50 +03:00
Maxim Dounin
d228fa5093 Typo. 2014-11-28 16:57:23 +03:00
Valentin Bartenev
decaffa805 SPDY: push pending data while closing a stream as with keepalive.
This helps to avoid delays in sending the last chunk of data because
of bad interaction between Nagle's algorithm on nginx side and
delayed ACK on the client side.

Delays could also be caused by TCP_CORK/TCP_NOPUSH if SPDY was
working without SSL and sendfile() was used.
2014-11-21 22:51:49 +03:00
Vladimir Homutov
742b5dd045 Syslog: allowed underscore symbol in tag (ticket #667). 2014-11-20 20:02:21 +03:00
Ruslan Ermilov
ef563debf1 Resolver: fixed debug event logging.
In 954867a2f0a6, we switched to using resolver node as the timer event data.
This broke debug event logging.

Replaced now unused ngx_resolver_ctx_t.ident with ngx_resolver_node_t.ident
so that ngx_event_ident() extracts something sensible when accessing
ngx_resolver_node_t as ngx_connection_t.
2014-11-20 15:24:42 +03:00
Ruslan Ermilov
d4b7b74686 Resolver: fixed use-after-free memory access.
In 954867a2f0a6, we switched to using resolver node as the
timer event data, so make sure we do not free resolver node
memory until the corresponding timer is deleted.
2014-11-20 15:24:40 +03:00
Valentin Bartenev
96a62f1396 Style. 2014-11-19 21:46:01 +03:00
Valentin Bartenev
1276d8483e Fixed type of sendfile() return value on Linux.
There was no real problem since the amount of bytes can be sent is limited by
NGX_SENDFILE_MAXSIZE to less than 2G.  But that can be changed in the future
2014-11-19 21:18:13 +03:00
Valentin Bartenev
a301e1a706 Moved writev() handling code to a separate function.
This reduces code duplication and unifies debug logging of the writev() syscall
among various send chain functions.
2014-08-13 15:11:45 +04:00
Valentin Bartenev
79ddab189f Merged conditions in the ngx_*_sendfile_chain() functions.
No functional changes.
2014-08-13 15:11:45 +04:00