Commit Graph

41 Commits

Author SHA1 Message Date
Igor Sysoev
5b4b7c58cc *) $ssl_client_verify
*) "ssl_verify_client ask" was changed to "ssl_verify_client optional"
2009-07-22 17:41:42 +00:00
Igor Sysoev
260c4321d7 return NULL instead of NGX_CONF_ERROR on a create conf failure 2009-06-02 16:09:44 +00:00
Igor Sysoev
c7f876bd4c move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory 2009-04-16 19:25:09 +00:00
Igor Sysoev
ee0da9ad53 fix building by MSVC8 2009-04-15 19:28:10 +00:00
Igor Sysoev
f100c7816d *) listen ssl
*) no default ssl_cetificate and ssl_cetificate_key
2008-09-01 14:19:01 +00:00
Igor Sysoev
4c756c46cd fix typo 2008-07-29 14:31:03 +00:00
Igor Sysoev
49ed6f3eec *) ssl_verify_client ask
*) test ssl_client_certificate for ssl_verify_client
*) $ssl_client_cert adds TAB before each line except first one
*) $ssl_client_raw_cert contains certificate as is
2008-07-29 14:29:02 +00:00
Igor Sysoev
81f9c9dc72 $ssl_client_cert 2008-06-16 05:54:18 +00:00
Igor Sysoev
df83e6f81a DH parameters, ssl_dhparam 2008-06-16 05:51:32 +00:00
Igor Sysoev
d6548faf64 ssl_session_cache none 2008-05-26 07:14:13 +00:00
Igor Sysoev
6ff850baf8 ssl_session_cache off 2007-12-26 20:27:22 +00:00
Igor Sysoev
2d3f3f6eb6 fix English grammar 2007-10-14 18:56:15 +00:00
Igor Sysoev
f42ed05e9c Sun Studio on sparc uses different bit order 2007-07-17 09:23:23 +00:00
Igor Sysoev
e60303cdca SNI support 2007-05-29 15:21:09 +00:00
Igor Sysoev
3364dc6eb7 move the session cache callbacks to the ngx_openssl_module 2007-01-03 15:25:40 +00:00
Igor Sysoev
528cdb7c2c ssl_session_cache 2007-01-02 23:55:05 +00:00
Igor Sysoev
daf66de4a5 style fix: scf > sscf 2007-01-02 23:50:10 +00:00
Igor Sysoev
018b2a6376 style fix 2007-01-02 23:41:54 +00:00
Igor Sysoev
ebf2bbc310 ngx_ssl_get_server_conf() 2007-01-02 23:37:25 +00:00
Igor Sysoev
c55a104fcb nginx-0.3.57-RELEASE import
*) Feature: the $ssl_client_serial variable.

    *) Bugfix: in the "!-e" operator of the "if" directive.
       Thanks to Andrian Budanstov.

    *) Bugfix: while a client certificate verification nginx did not send
       to a client the required certificates information.

    *) Bugfix: the $document_root variable did not support the variables in
       the "root" directive.
2006-08-09 19:59:45 +00:00
Igor Sysoev
b71c690895 nginx-0.3.56-RELEASE import
*) Feature: the "dav_access" directive.

    *) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e",
       "-x", and "!-x" operators.

    *) Bugfix: a segmentation fault occurred if a request returned a
       redirect and some sent to client header lines were logged in the
       access log.
2006-08-04 16:04:04 +00:00
Igor Sysoev
8f1255877c nginx-0.3.55-RELEASE import
*) Feature: the "stub" parameter in the "include" SSI command.

    *) Feature: the "block" SSI command.

    *) Feature: the unicode2nginx script was added to contrib.

    *) Bugfix: if a "root" was specified by variable only, then the root
       was relative to a server prefix.

    *) Bugfix: if the request contained "//" or "/./" and escaped symbols
       after them, then the proxied request was sent unescaped.

    *) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now
       returns all "Cookie" header lines.

    *) Bugfix: a segmentation fault occurred if
       "client_body_in_file_only on" was used and nginx switched to a next
       upstream.

    *) Bugfix: on some condition while reconfiguration character codes
       inside the "charset_map" may be treated invalid; the bug had
       appeared in 0.3.50.
2006-07-28 15:16:17 +00:00
Igor Sysoev
44d872259c nginx-0.3.45-RELEASE import
*) Feature: the "ssl_verify_client", "ssl_verify_depth", and
       "ssl_client_certificate" directives.

    *) Change: the $request_method variable now returns the main request
       method.

    *) Change: the ° symbol codes were changed in koi-win conversion
       table.

    *) Feature: the euro and N symbols were added to koi-win conversion
       table.

    *) Bugfix: if nginx distributed the requests among several backends and
       some backend failed, then requests intended for this backend was
       directed to one live backend only instead of being distributed among
       the rest.
2006-05-06 16:28:56 +00:00
Igor Sysoev
7bdb720d6a nginx-0.3.40-RELEASE import
*) Feature: the ngx_http_dav_module supports the MKCOL method.

    *) Feature: the "create_full_put_path" directive.

    *) Feature: the "$limit_rate" variable.
2006-04-19 15:30:56 +00:00
Igor Sysoev
ffe714403d nginx-0.3.27-RELEASE import
*) Change: the "variables_hash_max_size" and
       "variables_hash_bucket_size" directives.

    *) Feature: the $body_bytes_sent variable can be used not only in the
       "log_format" directive.

    *) Feature: the $ssl_protocol and $ssl_cipher variables.

    *) Feature: the cache line size detection for widespread CPUs at start
       time.

    *) Feature: now the "accept_mutex" directive is supported using
       fcntl(2) on platforms different from i386, amd64, sparc64, and ppc.

    *) Feature: the "lock_file" directive and the --with-lock-path=PATH
       autoconfiguration directive.

    *) Bugfix: if the HTTPS protocol was used in the "proxy_pass" directive
       then the requests with the body was not transferred.
2006-02-08 15:33:12 +00:00
Igor Sysoev
9bf11aa193 nginx-0.3.21-RELEASE import
*) Feature: the ngx_http_perl_module.

    *) Change: the "valid_referers" directive allows the referreres without
       URI part.
2006-01-16 14:56:53 +00:00
Igor Sysoev
09c684b2d5 nginx-0.3.8-RELEASE import
*) Security: nginx now checks URI got from a backend in
       "X-Accel-Redirect" header line or in SSI file for the "/../" paths
       and zeroes.

    *) Change: nginx now does not treat the empty user name in the
       "Authorization" header line as valid one.

    *) Feature: the "ssl_session_timeout" directives of the
       ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Feature: the "auth_http_header" directive of the
       ngx_imap_auth_http_module.

    *) Feature: the "add_header" directive.

    *) Feature: the ngx_http_realip_module.

    *) Feature: the new variables to use in the "log_format" directive:
       $bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
       $request_time, $request_length, $upstream_status,
       $upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
       $connection, $pipe, and $msec. The parameters in the "%name" form
       will be canceled soon.

    *) Change: now the false variable values in the "if" directive are the
       empty string "" and string starting with "0".

    *) Bugfix: while using proxied or FastCGI-server nginx may leave
       connections and temporary files with client requests in open state.

    *) Bugfix: the worker processes did not flush the buffered logs on
       graceful exit.

    *) Bugfix: if the request URI was changes by the "rewrite" directive
       and the request was proxied in location given by regular expression,
       then the incorrect request was transferred to backend; the bug had
       appeared in 0.2.6.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" header.

    *) Bugfix: nginx may stop to accept requests if the "rtsig" method and
       several worker processes were used.

    *) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
       SSI commands.

    *) Bugfix: if the response was ended just after the SSI command and
       gzipping was used, then the response did not transferred complete or
       did not transferred at all.
2005-11-09 17:25:55 +00:00
Igor Sysoev
c2068d08f0 nginx-0.3.3-RELEASE import
*) Change: the "bl" and "af" parameters of the "listen" directive was
       renamed to the "backlog" and "accept_filter".

    *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
       directive.

    *) Change: the "$msec" log parameter does not require now the
       additional the gettimeofday() system call.

    *) Feature: the -t switch now tests the "listen" directives.

    *) Bugfix: if the invalid address was specified in the "listen"
       directive, then after the -HUP signal nginx left an open socket in
       the CLOSED state.

    *) Bugfix: the mime type may be incorrectly set to default value for
       index file with variable in the name; the bug had appeared in 0.3.0.

    *) Feature: the "timer_resolution" directive.

    *) Feature: the millisecond "$upstream_response_time" log parameter.

    *) Bugfix: a temporary file with client request body now is removed
       just after the response header was transferred to a client.

    *) Bugfix: OpenSSL 0.9.6 compatibility.

    *) Bugfix: the SSL certificate and key file paths could not be relative.

    *) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
       the ngx_imap_ssl_module.

    *) Bugfix: the "ssl_protocols" directive allowed to specify the single
       protocol only.
2005-10-19 12:33:58 +00:00
Igor Sysoev
9fa5a823c4 nginx-0.2.2-RELEASE import
*) Feature: the "config errmsg" command of the ngx_http_ssi_module.

    *) Change: the ngx_http_geo_module variables can be overridden by the
       "set" directive.

    *) Feature: the "ssl_protocols" and "ssl_prefer_server_ciphers"
       directives of the ngx_http_ssl_module and ngx_imap_ssl_module.

    *) Bugfix: the ngx_http_autoindex_module did not show correctly the
       long file names;

    *) Bugfix: the ngx_http_autoindex_module now do not show the files
       starting by dot.

    *) Bugfix: if the SSL handshake failed then another connection may be
       closed too.
       Thanks to Rob Mueller.

    *) Bugfix: the export versions of MSIE 5.x could not connect via HTTPS.
2005-09-30 14:41:25 +00:00
Igor Sysoev
31eb8c015d nginx-0.2.0-RELEASE import
*) The pid-file names used during online upgrade was changed and now is
       not required a manual rename operation. The old master process adds
       the ".oldbin" suffix to its pid-file and executes a new binary file.
       The new master process creates usual pid-file without the ".newbin"
       suffix. If the master process exits, then old master process renames
       back its pid-file with the ".oldbin" suffix to the pid-file without
       suffix.

    *) Change: the "worker_connections" directive, new name of the
       "connections" directive; now the directive specifies maximum number
       of connections, but not maximum socket descriptor number.

    *) Feature: SSL supports the session cache inside one worker process.

    *) Feature: the "satisfy_any" directive.

    *) Change: the ngx_http_access_module and ngx_http_auth_basic_module do
       not run for subrequests.

    *) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending"
       directives.

    *) Bugfix: if all backend using in load-balancing failed after one
       error, then nginx did not try do connect to them during 60 seconds.

    *) Bugfix: in IMAP/POP3 command argument parsing.
       Thanks to Rob Mueller.

    *) Bugfix: errors while using SSL in IMAP/POP3 proxy.

    *) Bugfix: errors while using SSI and gzipping.

    *) Bugfix: the "Expires" and "Cache-Control" header lines were omitted
       from the 304 responses.
       Thanks to Alexandr Kukushkin.
2005-09-23 11:02:22 +00:00
Igor Sysoev
e573380f24 nginx-0.1.45-RELEASE import
*) Change: the "ssl_engine" directive was canceled in the
       ngx_http_ssl_module and now is introduced at global level.

    *) Bugfix: the responses with SSI subrequests did not transferred via
       SSL connection.

    *) Various bug fixes in the IMAP/POP3 proxy.
2005-09-08 14:36:09 +00:00
Igor Sysoev
187b7d9558 nginx-0.1.39-RELEASE import
*) The changes in the ngx_http_charset_module: the "default_charset"
       directive was canceled; the "charset" directive sets the response
       charset; the "source_charset" directive sets the source charset only.

    *) Bugfix: the backend "WWW-Authenticate" header line did not
       transferred while the 401 response code redirecting.

    *) Bugfix: the ngx_http_proxy_module and ngx_http_fastcgi_module may
       close a connection before anything was transferred to a client; the
       bug had appeared in 0.1.38.

    *) Workaround: the Linux glibc crypt_r() initialization bug.

    *) Bugfix: the ngx_http_ssi_module did not support the relative URI in
       the "include virtual" command.

    *) Bugfix: if the backend response had the "Location" header line and
       nginx should not rewrite this line, then the 500 code response body
       was transferred; the bug had appeared in 0.1.29.

    *) Bugfix: some directives of the ngx_http_proxy_module and
       ngx_http_fastcgi_module were not inherited from the server to the
       location level; the bug had appeared in 0.1.29.

    *) Bugfix: the ngx_http_ssl_module did not support the certificate
       chain.

    *) Bugfix: the ngx_http_autoindex_module did not show correctly the
       long file names; the bug had appeared in 0.1.38.

    *) Bugfixes in IMAP/POP3 proxy in interaction with a backend at the
       login state.
2005-07-14 12:51:53 +00:00
Igor Sysoev
899b44eab2 nginx-0.1.29-RELEASE import
*) Feature: the ngx_http_ssi_module supports "include virtual" command.

    *) Feature: the ngx_http_ssi_module supports the condition command like
       'if expr="$NAME"' and "else" and "endif" commands. Only one nested
       level is supported.

    *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and
       DATE_GMT variables and "config timefmt" command.

    *) Feature: the "ssi_ignore_recycled_buffers" directive.

    *) Bugfix: the "echo" command did not show the default value for the
       empty QUERY_STRING variable.

    *) Change: the ngx_http_proxy_module was rewritten.

    *) Feature: the "proxy_redirect", "proxy_pass_request_headers",
       "proxy_pass_request_body", and "proxy_method" directives.

    *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was
       canceled and must be replaced with the proxy_set_header directive.

    *) Change: the "proxy_preserve_host" is canceled and must be replaced
       with the "proxy_set_header Host $host" and the "proxy_redirect off"
       directives, the "proxy_set_header Host $host:$proxy_port" directive
       and the appropriate proxy_redirect directives.

    *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced
       with the "proxy_set_header X-Real-IP $remote_addr" directive.

    *) Change: the "proxy_add_x_forwarded_for" is canceled and must be
       replaced with
       the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
       directive.

    *) Change: the "proxy_set_x_url" is canceled and must be replaced with
       the "proxy_set_header X-URL http://$host:$server_port$request_uri"
       directive.

    *) Feature: the "fastcgi_param" directive.

    *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params"
       directive are canceled and must be replaced with the fastcgi_param
       directives.

    *) Feature: the "index" directive can use the variables.

    *) Feature: the "index" directive can be used at http and server levels.

    *) Change: the last index only in the "index" directive can be absolute.

    *) Feature: the "rewrite" directive can use the variables.

    *) Feature: the "internal" directive.

    *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR,
       SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME,
       REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables.

    *) Change: nginx now passes the invalid lines in a client request
       headers or a backend response header.

    *) Bugfix: if the backend did not transfer response for a long time and
       the "send_timeout" was less than "proxy_read_timeout", then nginx
       returned the 408 response.

    *) Bugfix: the segmentation fault was occurred if the backend sent an
       invalid line in response header; the bug had appeared in 0.1.26.

    *) Bugfix: the segmentation fault may occurred in FastCGI fault
       tolerance configuration.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" and "Cache-Control" headers.

    *) Bugfix: nginx did not take into account trailing dot in "Host"
       header line.

    *) Bugfix: the ngx_http_auth_module did not work under Linux.

    *) Bugfix: the rewrite directive worked incorrectly, if the arguments
       were in a request.

    *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 14:58:06 +00:00
Igor Sysoev
02f742b45e nginx-0.1.28-RELEASE import
*) Bugfix: nginx hogs CPU while proxying the huge files.

    *) Bugfix: nginx could not be built by gcc 4.0 on Linux.
2005-04-08 15:18:55 +00:00
Igor Sysoev
c15717285d nginx-0.1.25-RELEASE import
*) Bugfix: nginx did run on Linux parisc.

    *) Feature: nginx now does not start under FreeBSD if the sysctl
       kern.ipc.somaxconn value is too big.

    *) Bugfix: if a request was internally redirected by the
       ngx_http_index_module module to the ngx_http_proxy_module or
       ngx_http_fastcgi_module modules, then the index file was not closed
       after request completion.

    *) Feature: the "proxy_pass" can be used in location with regular
       expression.

    *) Feature: the ngx_http_rewrite_filter_module module supports the
       condition like "if ($HTTP_USER_AGENT ~ MSIE)".

    *) Bugfix: nginx started too slow if the large number of addresses and
       text values were used in the "geo" directive.

    *) Change: a variable name must be declared as "$name" in the "geo"
       directive. The previous variant without "$" is still supported, but
       will be removed soon.

    *) Feature: the "%{VARIABLE}v" logging parameter.

    *) Feature: the "set $name value" directive.

    *) Bugfix: gcc 4.0 compatibility.

    *) Feature: the --with-openssl-opt=OPTIONS autoconfiguration directive.
2005-03-19 12:38:37 +00:00
Igor Sysoev
805d9db723 nginx-0.1.17-RELEASE import
*) Change: the ngx_http_rewrite_module was rewritten from the scratch.
       Now it is possible to redirect, to return the error codes, to check
       the variables and referrers. The directives can be used inside
       locations. The redirect directive was canceled.

    *) Feature: the ngx_http_geo_module.

    *) Feature: the proxy_set_x_var and fastcgi_set_var directives.

    *) Bugfix: the location configuration with "=" modifier may be used in
       another location.

    *) Bugfix: the correct content type was set only for requests that use
       small caps letters in extension.

    *) Bugfix: if the proxy_pass or fastcgi_pass directives were set in the
       location, and access was denied, and the error was redirected to a
       static page, then the segmentation fault occurred.

    *) Bugfix: if in a proxied "Location" header was a relative URL, then a
       host name and a slash were added to them; the bug had appeared in
       0.1.14.

    *) Bugfix: the system error message was not logged on Linux.
2005-02-03 19:33:37 +00:00
Igor Sysoev
02025fd6bd nginx-0.1.14-RELEASE import
*) Feature: the autoconfiguration directives:
       --http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and
       --http-fastcgi-temp-path=PATH

    *) Change: the directory name for the temporary files with the client
       request body is specified by directive client_body_temp_path, by
       default it is <prefix>/client_body_temp.

    *) Feature: the ngx_http_fastcgi_module and the directives:
       fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params,
       fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout,
       fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers,
       fastcgi_busy_buffers_size, fastcgi_temp_path,
       fastcgi_max_temp_file_size, fastcgi_temp_file_write_size,
       fastcgi_next_upstream, and fastcgi_x_powered_by.

    *) Bugfix: the "[alert] zero size buf" error; the bug had appeared in
       0.1.3.

    *) Change: the URI must be specified after the host name in the
       proxy_pass directive.

    *) Change: the %3F symbol in the URI was considered as the argument
       string start.

    *) Feature: the unix domain sockets support in the
       ngx_http_proxy_module.

    *) Feature: the ssl_engine and ssl_ciphers directives.
       Thanks to Sergey Skvortsov for SSL-accelerator.
2005-01-18 13:03:58 +00:00
Igor Sysoev
ff8da91784 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright 2004-09-29 16:00:49 +00:00
Igor Sysoev
d90282d8ba nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files 2004-09-28 08:34:51 +00:00
Igor Sysoev
74a5ddb47a nginx-0.0.7-2004-07-18-23:11:20 import 2004-07-18 19:11:20 +00:00
Igor Sysoev
f38e046a0a nginx-0.0.7-2004-07-16-21:11:43 import 2004-07-16 17:11:43 +00:00