Commit Graph

3943 Commits

Author SHA1 Message Date
Andrey Belov
3d87bcf9ae Corrected $request_length calculation for pipelined requests. 2012-07-06 04:27:06 +00:00
Ruslan Ermilov
bbfc96c703 Fixed typo in a function name. 2012-07-03 13:06:40 +00:00
Ruslan Ermilov
2219c566d7 Made sure to initialize the entire "struct flock" allocated on stack. 2012-07-03 13:05:18 +00:00
Maxim Dounin
3484e6d21c Reset r->uri_changed in a named location (ticket #184). 2012-07-03 11:30:05 +00:00
Ruslan Ermilov
f9c03b49eb map: strip final dot before looking up in a map of hostnames.
(closes #182)
2012-06-29 20:33:26 +00:00
Ruslan Ermilov
56cb80834c Version bump. 2012-06-29 11:03:01 +00:00
Maxim Dounin
a83578384c Mp4: fixed build on win32 after r4689. 2012-06-26 12:31:40 +00:00
Maxim Dounin
c6d5225e5b Style. 2012-06-25 18:09:38 +00:00
Ruslan Ermilov
8c861f06c8 Fixed a harmless error in spelling of "Connection: close" when computing
the response header length.
2012-06-25 13:08:25 +00:00
Ruslan Ermilov
42444811b9 Fixed compile-time conditionals used to detect if X-Forwarded-For support
is needed.
2012-06-21 11:02:22 +00:00
Igor Sysoev
992a4d11da Disabled gzip compression in OpenSSL prior to 1.0.0 version.
This saves about 522K per connection.
2012-06-20 12:55:28 +00:00
Ruslan Ermilov
36a931aba6 Added IPv6 support to ip_hash. 2012-06-19 12:36:54 +00:00
Maxim Dounin
29844cd55c Upstream keepalive: "single" parameter deprecated.
The original idea was to optimize edge cases in case of interchangeable
backends, i.e. don't establish a new connection if we have any one
cached.  This causes more harm than good though, as it screws up
underlying balancer's idea about backends used and may result in
various unexpected problems.
2012-06-18 14:23:42 +00:00
Maxim Dounin
91c654debc Fixed return type of ngx_strerror_init(). 2012-06-18 14:12:03 +00:00
Maxim Dounin
97f7bf25c9 Fixed "sendmsg() failed" alerts on HP-UX.
HP-UX needs _HPUX_ALT_XOPEN_SOCKET_API to be defined to be able to
use various POSIX versions of networking functions.  Notably sendmsg()
resulted in "sendmsg() failed (9: Bad file number)" alerts without it.

See xopen_networking(7) for more details.
2012-06-18 14:11:29 +00:00
Maxim Dounin
a769c530ff Fixed segfault with poll and resolver used.
Poll event method needs ngx_cycle->files to work, and use of ngx_exit_cycle
without files set caused null pointer dereference in resolver's cleanup
on udp socket close.
2012-06-18 14:10:50 +00:00
Maxim Dounin
40a366c5a8 Fixed handling of conflicting wildcard server names.
With previous code wildcard names were added to hash even if conflict
was detected.  This resulted in identical names in hash and segfault
later in ngx_hash_wildcard_init().
2012-06-18 14:06:00 +00:00
Maxim Dounin
859dc4ce01 Mp4: fixed streaming if moov atom is at buffer edge. 2012-06-18 14:02:20 +00:00
Maxim Dounin
e1e2e2eb3a Mp4: fixed non-keyframe seeks in some cases (ticket #175).
Number of entries in stsc atom was wrong if we've added an entry to
split a chunk.

Additionally, there is no need to add an entry if we are going to split
last chunk in an entry, it's enough to update the entry we already have.
Previously new entry was added and old one was left as is, resulting in
incorrect entry with zero chunks which might confuse some software.
2012-06-18 14:01:18 +00:00
Andrey Belov
0cf52376fb Style fix. 2012-06-18 13:51:20 +00:00
Andrey Belov
e91b210b56 New core variable: $status.
Contains response status code as a 3-digit integer
(with leading zeroes if necessary), or one of the following values:

    000 - response status code has not yet been assigned
    009 - HTTP/0.9 request is being processed
2012-06-18 13:43:44 +00:00
Ruslan Ermilov
2c49af818b When "resolver" is configured with a domain name, only the first
resolved address was used.  Now all addresses will be used.
2012-06-18 12:46:05 +00:00
Ruslan Ermilov
da8bb22634 Fixed crash in ngx_resolver_cleanup_tree().
If sending a DNS request fails with an error (e.g., when mistakenly trying
to send it to a local IP broadcast), such a request is not deleted if there
are clients waiting on it.  However, it was still erroneously removed from
the queue.  Later ngx_resolver_cleanup_tree() attempted to remove it from
the queue again that resulted in a NULL pointer dereference.
2012-06-18 12:30:45 +00:00
Ruslan Ermilov
b9feaa8dd9 Version bump. 2012-06-18 11:07:44 +00:00
Ruslan Ermilov
d4353c6fd3 Fixed spelling of "endianness", and called it "byte ordering" in the
user visible part.
2012-06-08 09:41:55 +00:00
Maxim Dounin
0d7720ddc0 Win32: uris with ":$" are now rejected.
There are too many problems with special NTFS streams, notably "::$data",
"::$index_allocation" and ":$i30:$index_allocation".

For now we don't reject all URIs with ":" like Apache does as there are no
good reasons seen yet, and there are multiple programs using it in URLs
(e.g. MediaWiki).
2012-06-05 13:38:27 +00:00
Maxim Dounin
f83598a359 Win32: normalization of trailing dot inside uri.
Windows treats "/directory./" identical to "/directory/".  Do the same
when working on Windows.  Note that the behaviour is different from one
with last path component (where multiple spaces and dots are ignored by
Windows).
2012-06-05 13:37:29 +00:00
Maxim Dounin
db80a7adfc Win32: disallowed access to various non-canonical name variants.
This includes trailings dots and spaces, NTFS streams (and short names, as
previously checked).  The checks are now also done in ngx_file_info(), thus
allowing to use the "try_files" directive to protect external scripts.
2012-06-05 13:36:09 +00:00
Ruslan Ermilov
ac7f704931 Support for IPv6 literals and an optional port in resolver. 2012-06-04 14:23:27 +00:00
Maxim Dounin
596226f6f7 Support for IPv6 literals in proxy_pass and so on. 2012-06-04 14:07:34 +00:00
Maxim Dounin
4888969baa Upstream: least_conn compilation fixes.
Removed duplicate call of ngx_http_upstream_init_round_robin_peer()
overlooked during code changes.  Rewritten "return lcp->free_rr_peer(...)"
as MSVC doesn't like it.
2012-06-04 00:00:28 +00:00
Maxim Dounin
1ba6ecd4f3 Upstream: weights support in ip_hash balancer. 2012-06-03 23:22:41 +00:00
Maxim Dounin
4cb4e8d179 Upstream: least_conn balancer module. 2012-06-03 23:21:26 +00:00
Maxim Dounin
01f1e4d1dc Resolver: fixed format specification.
Patch by Yichun Zhang (agentzh).
2012-06-03 23:18:24 +00:00
Ruslan Ermilov
887f514e9f Code reduction (no functional changes). 2012-06-01 11:35:09 +00:00
Valentin Bartenev
2195eb554b Removed mistaken setting of NGX_SSL_BUFFERED flag in ngx_ssl_send_chain()
if SSL buffer is not used.
2012-05-30 12:43:27 +00:00
Valentin Bartenev
d8ec4910ce Fixed returned value handling from the cookie rewrite handler.
If the "proxy_cookie_domain" or "proxy_cookie_path" directive is used and there
are no matches in Set-Cookie header then ngx_http_proxy_rewrite_cookie() returns
NGX_DECLINED to indicate that the header was not rewritten. Returning this value
further from the upstream headers copy handler resulted in 500 error response.

See here for report:
http://mailman.nginx.org/pipermail/nginx/2012-May/033858.html
2012-05-30 12:30:03 +00:00
Ruslan Ermilov
94d8df6098 geoip: got rid of ugly casts when calling ngx_free().
This is done by removing the "const" qualifier from the common return
type of handler functions returning either "const char *" or "char *".
2012-05-29 09:19:51 +00:00
Ruslan Ermilov
49fbd88466 Fixed broken build. 2012-05-28 14:20:04 +00:00
Ruslan Ermilov
9fbd0d7c1d Fixed memory leak if $geoip_org variable was used.
Patch by Denis F. Latypoff (slightly modified).
2012-05-28 13:17:48 +00:00
Ruslan Ermilov
526fd681b5 Fixed the reuse of parsed DTDs and XSLTs.
Patch by Kuramoto Eiji.
2012-05-24 07:35:12 +00:00
Maxim Dounin
e1133ca60e Fixed compilation with -DNGX_DEBUG_MALLOC on FreeBSD 10.
After jemalloc 3.0.0 import there is no _malloc_options symbol, it has
been replaced with the malloc_conf one with a different syntax.
2012-05-23 15:07:01 +00:00
Maxim Dounin
a272b2da28 Fixed warning during nginx.xs compilation. 2012-05-23 10:36:12 +00:00
Ruslan Ermilov
d2e005c39d Fixed potential null pointer dereference in ngx_resolver_create().
While here, improved error message.
2012-05-22 13:12:14 +00:00
Ruslan Ermilov
d230df40b2 Removed historical and now redundant syntax pre-checks in ngx_parse_url(). 2012-05-21 10:55:10 +00:00
Maxim Dounin
34229e9d4d Fixed core variables dynamic access after reconfiguration.
If variable was indexed in previous configuration but not in current
one, the NGX_HTTP_VAR_INDEXED flag was left set and confused
ngx_http_get_variable().

Patch by Yichun Zhang (agentzh), slightly modified.
2012-05-17 18:10:34 +00:00
Maxim Dounin
d2143f11cb Fixed segfault with filter_finalize introduced in r4621 (1.3.0).
Example configuration to reproduce:

    location /image/ {
        error_page 415 = /zero;
        image_filter crop 100 100;
        proxy_pass http://127.0.0.1:8080;
        proxy_store on;
    }

    location /zero {
        return 204;
    }

The problem appeared if upstream returned (big enough) non-image file,
causing 415 to be generated by image filter.
2012-05-17 17:41:40 +00:00
Valentin Bartenev
1c168c7875 Fixed the ngx_regex.h header file compatibility with C++. 2012-05-17 13:47:04 +00:00
Ruslan Ermilov
1b4397443f Zero padded the returned and logged HTTP status code, and fixed possible
buffer overrun in $status handling.
2012-05-16 13:27:04 +00:00
Ruslan Ermilov
befc111d4f Capped the status code that may be returned with "return" and "try_files". 2012-05-16 13:22:03 +00:00
Ruslan Ermilov
10c205a1b3 Added syntax checking of the second parameter of the "split_clients" directive. 2012-05-16 13:14:53 +00:00
Ruslan Ermilov
6888516b2b Version bump. 2012-05-16 13:09:39 +00:00
Ruslan Ermilov
e3bb319e34 Fixed win32 build after changes in r4624. 2012-05-15 08:10:59 +00:00
Valentin Bartenev
0215fcc9b8 Update c->sent in ngx_ssl_send_chain() even if SSL buffer is not used. 2012-05-14 16:30:33 +00:00
Ruslan Ermilov
9a79c3431a Reverted previous attempt to fix complation warning introduced in
r4624 and actually fixed it.
2012-05-14 15:52:37 +00:00
Ruslan Ermilov
d4ba06c31a geoip: trusted proxies support and partial IPv6 support.
The module now supports recursive search of client address through the
chain of trusted proxies (closes #100), in the same scope as the geo
module.  Proxies are listed by the "geoip_proxy" directive, recursive
search is enabled by the "geoip_proxy_recursive" directive.  IPv6 is
partially supported: proxies may be specified with IPv6 addresses.

Example:
    geoip_country .../GeoIP.dat;
    geoip_proxy 127.0.0.1;
    geoip_proxy ::1;
    geoip_proxy 10.0.0.0/8;
    geoip_proxy_recursive on;
2012-05-14 14:00:17 +00:00
Ruslan Ermilov
69521ddebf geo: chains of trusted proxies and partial IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "proxy_recursive"
directive in the "geo" block.  It also gets partial IPv6 support:
now proxies may be specified with IPv6 addresses.

Example:
    geo $test {
        ...
        proxy 127.0.0.1;
        proxy ::1;
        proxy_recursive;
    }

There's also a slight change in behavior.  When original client
address (as specified by the "geo" directive) is one of the
trusted proxies, and the value of the X-Forwarded-For request
header cannot not be parsed as a valid address, an original client
address will be used for lookup.  Previously, 255.255.255.255 was
used in this case.
2012-05-14 13:53:22 +00:00
Ruslan Ermilov
11a8e26d29 Fixed compilation warning introduced in r4624. 2012-05-14 13:15:22 +00:00
Ruslan Ermilov
7627530b50 realip: chains of trusted proxies and IPv6 support.
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "real_ip_recursive"
directive (closes #2).  It also gets full IPv6 support (closes #44)
and canonical value of the $client_addr variable on address change.

Example:
    real_ip_header X-Forwarded-For;
    set_real_ip_from 127.0.0.0/8;
    set_real_ip_from ::1;
    set_real_ip_from unix:;
    real_ip_recursive on;
2012-05-14 12:41:03 +00:00
Ruslan Ermilov
8e5dc474e5 New function ngx_http_get_forwarded_addr() to look up real client address.
On input it takes an original address, string in the X-Forwarded-For format
and its length, list of trusted proxies, and a flag indicating to perform
the recursive search.  On output it returns NGX_OK and the "deepest" valid
address in a chain, or NGX_DECLINED.  It supports AF_INET and AF_INET6.
Additionally, original address and/or proxy may be specified as AF_UNIX.
2012-05-14 12:27:41 +00:00
Maxim Dounin
4d5759e098 Upstream: fixed ip_hash rebalancing with the "down" flag.
Due to weight being set to 0 for down peers, order of peers after sorting
wasn't the same as without the "down" flag (with down peers at the end),
resulting in client rebalancing for clients on other servers.  The only
rebalancing which should happen after adding "down" to a server is one
for clients on the server.

The problem was introduced in r1377 (which fixed endless loop by setting
weight to 0 for down servers).  The loop is no longer possible with new
smooth algorithm, so preserving original weight is safe.
2012-05-14 09:58:07 +00:00
Maxim Dounin
52327e0627 Upstream: smooth weighted round-robin balancing.
For edge case weights like { 5, 1, 1 } we now produce { a, a, b, a, c, a, a }
sequence instead of { c, b, a, a, a, a, a } produced previously.

Algorithm is as follows: on each peer selection we increase current_weight
of each eligible peer by its weight, select peer with greatest current_weight
and reduce its current_weight by total number of weight points distributed
among peers.

In case of { 5, 1, 1 } weights this gives the following sequence of
current_weight's:

     a  b  c
     0  0  0  (initial state)

     5  1  1  (a selected)
    -2  1  1

     3  2  2  (a selected)
    -4  2  2

     1  3  3  (b selected)
     1 -4  3

     6 -3  4  (a selected)
    -1 -3  4

     4 -2  5  (c selected)
     4 -2 -2

     9 -1 -1  (a selected)
     2 -1 -1

     7  0  0  (a selected)
     0  0  0

To preserve weight reduction in case of failures the effective_weight
variable was introduced, which usually matches peer's weight, but is
reduced temporarily on peer failures.

This change also fixes loop with backup servers and proxy_next_upstream
http_404 (ticket #47), and skipping alive upstreams in some cases if there
are multiple dead ones (ticket #64).
2012-05-14 09:57:20 +00:00
Maxim Dounin
e302ed6fc3 Fixed possible request hang with filter finalization.
With r->filter_finalize set the ngx_http_finalize_connection() wasn't
called from ngx_http_finalize_request() called with NGX_OK, resulting in
r->main->count not being decremented, thus causing request hang in some
rare situations.

See here for more details:
http://mailman.nginx.org/pipermail/nginx-devel/2012-May/002190.html

Patch by Yichun Zhang (agentzh).
2012-05-14 09:48:05 +00:00
Maxim Dounin
7d863c0181 Resolver: protection from duplicate responses.
If we already had CNAME in resolver node (i.e. rn->cnlen and rn->u.cname
set), and got additional response with A record, it resulted in rn->cnlen
set and rn->u.cname overwritten by rn->u.addr (or rn->u.addrs), causing
segmentation fault later in ngx_resolver_free_node() on an attempt to free
overwritten rn->u.cname.  The opposite (i.e. CNAME got after A) might cause
similar problems as well.
2012-05-14 09:13:45 +00:00
Maxim Dounin
0e3b423dc6 Accept moderation in case of EMFILE/ENFILE.
In case of EMFILE/ENFILE returned from accept() we disable accept events,
and (in case of no accept mutex used) arm timer to re-enable them later.
With accept mutex we just drop it, and rely on normal accept mutex handling
to re-enable accept events once it's acquired again.

As we now handle errors in question, logging level was changed to "crit"
(instead of "alert" used for unknown errors).

Note: the code might call ngx_enable_accept_events() multiple times if
there are many listen sockets.  The ngx_enable_accept_events() function was
modified to check if connection is already active (via c->read->active) and
skip it then, thus making multiple calls safe.
2012-05-11 13:33:06 +00:00
Maxim Dounin
74d939974d Rewrite: fixed escaping and possible segfault (ticket #162).
The following code resulted in incorrect escaping of uri and possible
segfault:

    location / {
        rewrite ^(.*) $1?c=$1;
        return 200 "$uri";
    }

If there were arguments in a rewrite's replacement string, and length was
actually calculated (due to duplicate captures as in the example above,
or variables present), the is_args flag was set and incorrectly copied
after length calculation.  This resulted in escaping applied to the uri part
of the replacement, resulting in incorrect escaping.  Additionally, buffer
was allocated without escaping expected, thus this also resulted in buffer
overrun and possible segfault.
2012-05-11 13:19:22 +00:00
Maxim Dounin
9114f08863 Fastcgi: fixed padding handling on fixed-size records.
Padding was incorrectly ignored on end request, empty stdout and stderr
fastcgi records.  This resulted in protocol desynchronization if fastcgi
application used these records with padding for some reason.

Reported by Ilia Vinokurov.
2012-05-11 13:14:58 +00:00
Maxim Dounin
b34f84d8de Added r->state reset on fastcgi/scgi/uwsgi request start.
Failing to do so results in problems if 400 or 414 requests are
redirected to fastcgi/scgi/uwsgi upstream, as well as after invalid
headers got from upstream.  This was already fixed for proxy in r3478,
but fastcgi (the only affected protocol at that time) was missed.

Reported by Matthieu Tourne.
2012-05-11 13:09:24 +00:00
Maxim Dounin
e0e1c4567c Added write event handler reset in ngx_http_named_location().
On internal redirects this happens via ngx_http_handler() call, which is
not called on named location redirect.  As a result incorrect write handler
remained (if previously set) and this might cause incorrect behaviour (likely
request hang).

Patch by Yichun Zhang (agentzh).
2012-05-04 11:35:22 +00:00
Ruslan Ermilov
700364f62d debug_connection: added the IPv6 and UNIX-domain socket support. 2012-04-29 22:02:18 +00:00
Valentin Bartenev
a0025f2d81 Removed surplus condition. 2012-04-27 10:48:42 +00:00
Andrey Belov
eeec229e3e Allows particular modules to handle subrequests properly. 2012-04-26 13:06:27 +00:00
Ruslan Ermilov
487ba70126 Fixed segmentation fault in ngx_resolver_create_name_query().
If name passed for resolution was { 0, NULL } (e.g. as a result
of name server returning CNAME pointing to ".") pointer wrapped
to (void *) -1 resulting in segmentation fault on an attempt to
dereference it.

Reported by Lanshun Zhou.
2012-04-26 12:58:42 +00:00
Maxim Dounin
6ad02389c3 Version bump. 2012-04-26 11:20:29 +00:00
Maxim Dounin
d68dd358e1 Version bump. 2012-04-23 12:54:14 +00:00
Igor Sysoev
c7bb66a9a3 Fix of "%f" format handling.
ngx_sprintf("%.2f", 0.999) incorrectly resulted in "0.100" instead of "1.00".
2012-04-23 11:11:32 +00:00
Maxim Dounin
c7bb162ffe Proxy: added ctx checking to input filters.
The proxy module context may be NULL in case of filter finalization
(e.g. by image_filter) followed by an internal redirect.  This needs
some better handling, but for now just check if ctx is still here.
2012-04-23 10:40:01 +00:00
Maxim Dounin
8b89c882ce Image filter: compare aspect ratio more accurately during crop.
Previously used fixed-point calculation caused wrong code path selection
in some cases, resulting in incorrect image size.

See here for report:
http://mailman.nginx.org/pipermail/nginx-devel/2012-April/002123.html
2012-04-21 19:02:21 +00:00
Maxim Dounin
e8fe3ce098 Fixed segfault with try_files (ticket #152).
The problem occured if first uri in try_files was shorter than request uri,
resulting in reserve being 0 and hence allocation skipped.  The bug was
introduced in r4584 (1.1.19).
2012-04-19 15:48:03 +00:00
Maxim Dounin
a73ce28e0a Fixed master exit if there is no events section (ticket #150).
Instead of checking if there is events{} section present in configuration
in init_module handler we now do the same in init_conf handler.  This
allows master process to detect incorrect configuration early and
reject it.
2012-04-18 14:47:10 +00:00
Ruslan Ermilov
e9a7f4f5f6 Don't silently ignore the last line of configuration file that
consists solely of one unterminated token (inspired by #150).
2012-04-18 13:30:43 +00:00
Maxim Dounin
0abb0bce5f Fixed ngx_readv_chain() to honor IOV_MAX (ticket #14).
Not using full chain passed is ok as consumers are expected to check
event's ready flag to determine if another call is needed, not the
returned size.
2012-04-17 09:13:58 +00:00
Maxim Dounin
578c02f3a1 IOV_MAX handling microoptimization.
We now stop on IOV_MAX iovec entries only if we are going to add new one,
i.e. next buffer can't be coalesced into last iovec.

This also fixes incorrect checks for trailer creation on FreeBSD and
Mac OS X, header.nelts was checked instead of trailer.nelts.
2012-04-17 09:13:15 +00:00
Maxim Dounin
96d73e291f Fixed loop in ngx_writev_chain() and ngx_solaris_sendfilev_chain().
The "complete" flag wasn't cleared on loop iteration start, resulting in
broken behaviour if there were more than IOV_MAX buffers and first
iteration was fully completed (and hence the "complete" flag was set
to 1).
2012-04-17 09:10:50 +00:00
Maxim Dounin
9e2f86cfc0 Fixed log->action after ssl handshake. 2012-04-16 13:05:20 +00:00
Ruslan Ermilov
43d2b1c045 Fixed grammar in error messages. 2012-04-12 19:35:41 +00:00
Maxim Dounin
e6724ebe54 Version bump. 2012-04-12 16:34:59 +00:00
Maxim Dounin
7ae525bd90 Mp4: sanity checks cleanup. 2012-04-12 12:18:14 +00:00
Ruslan Ermilov
3995395dcb Reduced the number of lines of code in ngx_inet_addr(). 2012-04-12 10:20:33 +00:00
Ruslan Ermilov
3f25e12517 Fixed buffer overflow when long URI is processed by "try_files" in
regex location with "alias" (fixes ticket #135).
2012-04-12 09:19:14 +00:00
Ruslan Ermilov
a5bb616af4 Improved readability of the code that produces bitmask from prefix.
In collaboration with Maxim Dounin.
2012-04-11 17:18:15 +00:00
Ruslan Ermilov
62b937b333 Fixed directives inheritance. 2012-04-11 09:56:30 +00:00
Maxim Dounin
b9c226abe0 Access module: fixed inheritance of allow/deny ipv6 rules.
Previous (incorrect) behaviour was to inherit ipv6 rules separately from
ipv4 ones.  Now all rules are either inherited (if there are no rules
defined at current level) or not (if there are any rules defined).
2012-04-10 13:25:53 +00:00
Igor Sysoev
3ef52765c8 Fixed debug logging. 2012-04-10 11:28:59 +00:00
Igor Sysoev
654a56e06a Fixed previous commit. 2012-04-10 11:27:43 +00:00
Igor Sysoev
cbc51bb295 Fixed mp4 module seek. 2012-04-10 11:21:47 +00:00
Maxim Dounin
baa239c487 Fixed signed integer overflows in timer code (ticket #145).
Integer overflow is undefined behaviour in C and this indeed caused
problems on Solaris/SPARC (at least in some cases).  Fix is to
subtract unsigned integers instead, and then cast result to a signed
one, which is implementation-defined behaviour and used to work.

Strictly speaking, we should compare (unsigned) result with the maximum
value of the corresponding signed integer type instead, this will be
defined behaviour.  This will require much more changes though, and
considered to be overkill for now.
2012-04-06 23:46:09 +00:00
Andrey Belov
bd6d421816 Comment fixed. 2012-04-05 19:49:34 +00:00
Maxim Konovalov
13d5d85861 Style: the function type should be on a line by itself
preceding the function.  No functional changes.
2012-04-05 15:32:43 +00:00
Ruslan Ermilov
bffbbeb73f In ngx_ptocidr(), check that the supplied prefix length is within
the allowed range.
2012-04-03 08:22:00 +00:00
Ruslan Ermilov
47a04aaa27 Fixed spelling in multiline C comments. 2012-04-03 07:37:31 +00:00
Maxim Dounin
7744472c8e Win32: improved ngx_mutex_init() stub (ticket #138).
This allows to run nginx with "master_process off" under Windows.
2012-04-02 21:31:45 +00:00
Maxim Dounin
9063bc8713 Win32: fixed memory allocation for shmem name (ticket #134). 2012-04-02 21:30:58 +00:00
Maxim Dounin
a5d4f66ad6 Upstream: reject upstreams without normal servers.
Such upstreams cause CPU hog later in the code as number of peers isn't
expected to be 0.  Currently this may happen either if there are only backup
servers defined in an upstream block, or if server with ipv6 address used
in an upstream block.
2012-04-02 21:29:35 +00:00
Maxim Dounin
525e1f75e4 Version bump. 2012-04-02 21:28:31 +00:00
Ruslan Ermilov
b4ab3ddf9d Corrected spelling of error message (ticket #136). 2012-03-29 19:47:27 +00:00
Maxim Dounin
889ad51f17 Fixed win32 build after realpath changes in r4559. 2012-03-28 13:04:39 +00:00
Ruslan Ermilov
feda353cb3 Replaced ngx_http_realip_from_t with ngx_in_cidr_t. 2012-03-28 09:29:09 +00:00
Ruslan Ermilov
52fcfd042e Fixed calculation of range boundaries. 2012-03-28 06:50:23 +00:00
Maxim Dounin
5d5c866bee Xslt: parser options now set with xmlCtxtUseOptions().
Note that "ctxt->loadsubset = 1" previously used isn't really correct as
ctxt->loadsubset is a bitfield now.  The use of xmlCtxtUseOptions() with
XML_PARSE_DTDLOAD is believed to be a better way to do the same thing.

Patch by Laurence Rowe.
2012-03-28 01:56:49 +00:00
Maxim Dounin
36aef0c383 Fixed unconditional MAX_PATH usage (ticket #22).
POSIX doesn't require it to be defined, and Debian GNU/Hurd doesn't define
it.  Note that if there is no MAX_PATH defined we have to use realpath()
with NULL argument and free() the result.
2012-03-27 16:42:34 +00:00
Maxim Dounin
7b2b17a6b3 Added explicit include of time.h.
Most of the systems have it included due to namespace pollution, but
relying on this is a bad idea.  Explicit include is required for at least
Debian GNU/Hurd.
2012-03-27 16:37:43 +00:00
Maxim Dounin
e34ff16f67 Resolver: added missing sanity checking when creating name queries.
Found by Veracode.
2012-03-22 11:57:18 +00:00
Maxim Dounin
8e6728ef13 Win32: added missing call to srand().
Found by Veracode.
2012-03-22 10:45:08 +00:00
Maxim Dounin
1aa5fbb1a8 Added xslt_param and xslt_string_param directives.
Based on patch by Samuel Behan.
2012-03-22 10:44:00 +00:00
Maxim Dounin
3333c6c7c8 Fixed off-by-one in xslt parameter parsing.
The problem was introduced in 0.7.44 (r2589) during conversion to complex
values.  Previously string.len included space for terminating NUL, but
with complex values it doesn't.
2012-03-22 10:43:33 +00:00
Maxim Dounin
ae11f08cad Restricted keepalive_disable safari to OS X only.
The problem doesn't affect non-Apple systems for sure, and many pretend
to be Safari now.

Prodded by Piotr Sikora.
2012-03-22 10:42:27 +00:00
Maxim Dounin
dc863179a3 Removed safari from keepalive_disable default.
The bug in question is likely already fixed (though unfortunately we have
no information available as Apple's bugtracker isn't open), and the
workaround seems to be too pessimistic for modern versions of Safari
as well as other webkit-based browsers pretending to be Safari.
2012-03-22 10:41:29 +00:00
Ruslan Ermilov
fbd32d4d19 worker_cpu_affinity: cleaned up Linux implementation, added FreeBSD support. 2012-03-21 13:58:51 +00:00
Ruslan Ermilov
d4b1e5f58b If we inserted "Last-Modified" in r->headers_out.headers, don't
forget to set the r->headers_out.last_modified pointer to it.
2012-03-21 07:35:43 +00:00
Ruslan Ermilov
89467caf43 Minor ngx_http_headers_filter_module.c code cleanup.
- Removed "hash" element from ngx_http_header_val_t which was always 1.
- Replaced NGX_HTTP_EXPIRES_* with ngx_http_expires_t enum type.
- Added prototype for ngx_http_add_header()
- Simplified ngx_http_set_last_modified().
2012-03-21 06:19:11 +00:00
Maxim Konovalov
acf6c79ac7 For the sake of case/switch code readability, 'fall through'
comments added.
2012-03-19 14:57:29 +00:00
Ruslan Ermilov
926ded6f4c Implemented $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd, and
$tcpinfo_rcv_space variables.  Supported on Linux and FreeBSD.
2012-03-16 19:15:33 +00:00
Ruslan Ermilov
5d1d368cf4 Local variable "ngx_http_next_filter" renamed to "ngx_http_next_body_filter"
for consistency with other modules.
2012-03-15 20:08:58 +00:00
Ruslan Ermilov
849e3b09ae The "error_log" directive specified in the "http", "server", and
"location" sections now understands the special "stderr" parameter.
It was already treated specially when specified in the main section.
2012-03-15 20:04:50 +00:00
Ruslan Ermilov
091f6ffce6 Slight optimization in ngx_http_get_variable_index(). 2012-03-15 19:41:35 +00:00
Ruslan Ermilov
06733ae8cf - New variable: $connection_requests.
- While here, fixed format specifier for $connection.
2012-03-15 19:37:32 +00:00
Maxim Dounin
d694ff7798 Version bump. 2012-03-15 17:43:54 +00:00
Maxim Dounin
d1ed97b18b Headers with null character are now rejected.
Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems.  They are now unconditionally rejected.
2012-03-15 11:27:57 +00:00
Maxim Dounin
eb526b7d7d Fixed incorrect ngx_cpystrn() usage in ngx_http_*_process_header().
This resulted in a disclosure of previously freed memory if upstream
server returned specially crafted response, potentially exposing
sensitive information.

Reported by Matthew Daley.
2012-03-15 11:27:12 +00:00
Maxim Dounin
030e235ec7 Fixed ssi and perl interaction.
Embedded perl module assumes there is a space for terminating NUL character,
make sure to provide it in all situations by allocating one extra byte for
value buffer.  Default ssi_value_length is reduced accordingly to
preserve 256 byte allocations.

While here, fixed another one byte value buffer overrun possible in
ssi_quoted_symbol_state.

Reported by Matthew Daley.
2012-03-15 11:23:07 +00:00
Maxim Dounin
205394e6f9 Uwsgi: merged r->http_version fixes from scgi module.
Fixed incorrect use of r->http_version (r4372).  Removed duplicate function
declaration (r4373).  Removed error if there is no Status header (r4374).
2012-03-15 11:21:54 +00:00
Maxim Dounin
ee187436af Whitespace fixes. 2012-03-05 18:09:06 +00:00
Maxim Dounin
382499aa1f Version bump. 2012-03-05 18:06:15 +00:00
Maxim Dounin
a95c85e78a Raised simultaneous subrequest limit from 50 to 200.
It wasn't enforced for a long time, and there are reports that people
use up to 100 simultaneous subrequests now.  As this is a safety limit
to prevent loops, it's raised accordingly.
2012-02-28 14:54:23 +00:00
Maxim Dounin
db402276e1 Added msleep() on reload to allow new processes to start.
This is expected to ensure smoother operation on reload (and with less
chance of listen queue overflows).

Prodded by Igor Sysoev.
2012-02-28 11:40:18 +00:00
Ruslan Ermilov
b74f8ffce4 Fixed spelling in single-line comments. 2012-02-28 11:31:05 +00:00
Maxim Dounin
c66a1e7a17 Workaround for fs_size on ZFS (ticket #46).
ZFS reports incorrect st_blocks until file settles on disk, and this
may take a while (i.e. just after creation of a file the st_blocks value
is incorrect).  As a workaround we now use st_blocks only if
st_blocks * 512 > st_size, this should fix ZFS problems while still
preserving accuracy for other filesystems.

The problem had appeared in r3900 (1.0.1).
2012-02-28 11:09:02 +00:00
Maxim Dounin
7ca6c1ff78 Fix of rbtree lookup on hash collisions.
Previous code incorrectly assumed that nodes with identical keys are linked
together.  This might not be true after tree rebalance.

Patch by Lanshun Zhou.
2012-02-27 22:15:39 +00:00
Maxim Dounin
53d9677de4 Fixed null pointer dereference in resolver (ticket #91).
The cycle->new_log.file may not be set before config parsing finished if
there are no error_log directive defined at global level.  Fix is to
copy it after config parsing.

Patch by Roman Arutyunyan.
2012-02-27 16:57:02 +00:00
Valentin Bartenev
5c95f88503 Disable symlinks: added the "from=" parameter to the "disable_symlinks"
directive.
2012-02-27 16:54:10 +00:00
Valentin Bartenev
0e05ca0404 Disable symlinks: initialization of the "disable_symlinks" field in
ngx_open_file_info_t moved to a separate function.

This is preparation for the "from=" parameter implementation of the
"disable_symlinks" directive.
2012-02-27 16:51:28 +00:00
Valentin Bartenev
346791187f Disable symlinks: added the "from" parameter support to the open file cache. 2012-02-27 16:46:57 +00:00
Ruslan Ermilov
1c57fb8790 Added support for the 307 Temporary Redirect. 2012-02-27 11:43:40 +00:00
Ruslan Ermilov
09422e632f Renamed constants and fixed off-by-one error in "msie_padding on" handling. 2012-02-22 16:23:29 +00:00
Maxim Dounin
b5d0d7a232 Event pipe: fixed buffer loss in p->length case.
With previous code raw buffer might be lost if p->input_filter() was called
on a buffer without any data and used ngx_event_pipe_add_free_buf() to
return it to the free list.  This eventually might cause "all buffers busy"
problem, resulting in segmentation fault due to null pointer dereference in
ngx_event_pipe_write_chain_to_temp_file().

In ngx_event_pipe_add_free_buf() the buffer was added to the list start
due to pos == last, and then "p->free_raw_bufs = cl->next" in
ngx_event_pipe_read_upstream() dropped both chain links to the buffer
from the p->free_raw_bufs list.

Fix is to move "p->free_raw_bufs = cl->next" before calling the
p->input_filter().
2012-02-22 11:28:53 +00:00
Valentin Bartenev
86c5513ecb Disable symlinks: use O_SEARCH|O_DIRECTORY to open path components. 2012-02-21 15:10:13 +00:00
Valentin Bartenev
15b3173c5e Disable symlinks: don't allow creating or truncating a file via a symlink in
the last path component if "if_not_owner" parameter is used.

To prevent race condition we have to open a file before checking its owner and
there's no way to change access flags for already opened file descriptor, so
we disable symlinks for the last path component at all if flags allow creating
or truncating the file.
2012-02-21 15:04:41 +00:00
Valentin Bartenev
8c27e6429a Disable symlinks: cleanups once again.
In collaboration with Ruslan Ermilov.
2012-02-21 15:01:25 +00:00
Maxim Dounin
7ba66f42a0 Disable symlinks: added explicit cast of AT_FDCWD (ticket #111).
Solaris has AT_FDCWD defined to unsigned value, and comparison of a file
descriptor with it causes warnings in modern versions of gcc.  Explicitly
cast AT_FDCWD to ngx_fd_t to resolve these warnings.
2012-02-20 19:14:35 +00:00
Maxim Dounin
6bb86e3d58 Disable symlinks: error handling cleanup again. 2012-02-20 19:14:07 +00:00
Maxim Dounin
3c00e341ea Version bump. 2012-02-20 19:12:48 +00:00
Maxim Dounin
32b000bad7 Disable symlinks: fixed edge cases of path handling.
This includes non-absolute pathnames, multiple slashes and trailing
slashes.  In collaboration with Valentin Bartenev.
2012-02-15 12:18:55 +00:00
Maxim Dounin
04015a48ca Disable symlinks: cleanup error handling.
Notably this fixes NGX_INVALID_FILE/NGX_FILE_ERROR mess, and adds
logging of close() errors.  In collaboration with Valentin Bartenev.
2012-02-15 12:17:24 +00:00
Andrey Belov
8ce8f6667f Support for disable_symlinks in various modules. 2012-02-13 16:32:21 +00:00
Andrey Belov
bd1e719bf9 Added disable_symlinks directive.
To completely disable symlinks (disable_symlinks on)
we use openat(O_NOFOLLOW) for each path component
to avoid races.

To allow symlinks with the same owner (disable_symlinks if_not_owner),
use openat() (followed by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW),
and then compare uids between fstat() and fstatat().

As there is a race between openat() and fstatat() we don't
know if openat() in fact opened symlink or not.  Therefore,
we have to compare uids even if fstatat() reports the opened
component isn't a symlink (as we don't know whether it was
symlink during openat() or not).

Default value is off, i.e. symlinks are allowed.
2012-02-13 16:29:04 +00:00
Andrey Belov
32c8df44d5 Changed ngx_open_and_stat_file() to use ngx_str_t.
No functional changes.
2012-02-13 16:16:45 +00:00
Andrey Belov
71205c3fbc Added openat()/fstatat(). 2012-02-13 16:13:21 +00:00
Maxim Dounin
9f38b20db5 Time parsing cleanup.
Nuke NGX_PARSE_LARGE_TIME, it's not used since 0.6.30.  The only error
ngx_parse_time() can currently return is NGX_ERROR, check it explicitly
and make sure to cast it to appropriate type (either time_t or ngx_msec_t)
to avoid signedness warnings on platforms with unsigned time_t (notably QNX).
2012-02-13 15:41:11 +00:00
Maxim Dounin
8cb7134f49 Fixed build with embedded perl and --with-openssl. 2012-02-13 15:38:48 +00:00
Maxim Dounin
7dff998495 Core: protection from cycles with named locations and post_action.
Now redirects to named locations are counted against normal uri changes
limit, and post_action respects this limit as well.  As a result at least
the following (bad) configurations no longer trigger infinite cycles:

1. Post action which recursively triggers post action:

    location / {
        post_action /index.html;
    }

2. Post action pointing to nonexistent named location:

    location / {
        post_action @nonexistent;
    }

3. Recursive error page for 500 (Internal Server Error) pointing to
   a nonexistent named location:

    location / {
        recursive_error_pages on;
        error_page 500 @nonexistent;
        return 500;
    }
2012-02-13 15:35:48 +00:00
Maxim Dounin
1b0ad6ee72 Core: protection from subrequest loops.
Without the protection, subrequest loop results in r->count overflow and
SIGSEGV.  Protection was broken in 0.7.25.

Note that this also limits number of parallel subrequests.  This
wasn't exactly the case before 0.7.25 as local subrequests were
completed directly.

See here for details:
http://nginx.org/pipermail/nginx-ru/2010-February/032184.html
2012-02-13 15:33:08 +00:00
Maxim Dounin
947fc03ca3 Variables: honor no_cacheable for not_found variables.
Variables with the "not_found" flag set follow the same rules as ones with
the "valid" flag set.  Make sure ngx_http_get_flushed_variable() will flush
non-cacheable variables with the "not_found" flag set.

This fixes at least one known problem with $args not available in a subrequest
(with args) when there were no args in the main request and $args variable was
queried in the main request (reported by Laurence Rowe aka elro on irc).

Also this eliminates unneeded call to ngx_http_get_indexed_variable() in
cacheable case (as it will return cached value anyway).
2012-02-13 15:31:07 +00:00
Maxim Dounin
01c133cda4 Fix for proxy_store leaving temporary files for subrequests.
Temporary files might not be removed if the "proxy_store" or "fastcgi_store"
directives were used for subrequests (e.g. ssi includes) and client closed
connection prematurely.

Non-active subrequests are finalized out of the control of the upstream
module when client closes a connection.  As a result, the code to remove
unfinished temporary files in ngx_http_upstream_process_request() wasn't
executed.

Fix is to move relevant code into ngx_http_upstream_finalize_request() which
is called in all cases, either directly or via the cleanup handler.
2012-02-13 15:28:19 +00:00
Maxim Dounin
71ce7a13ed Gzip filter: handling of empty flush buffers.
Empty flush buffers are legitimate and may happen e.g. due to $r->flush()
calls in embedded perl.  If there are no data buffered in zlib, deflate()
will return Z_BUF_ERROR (i.e. no progress possible) without adding anything
to output.  Don't treat Z_BUF_ERROR as fatal and correctly send empty flush
buffer if we have no data in output at all.

See this thread for details:
http://mailman.nginx.org/pipermail/nginx/2010-November/023693.html
2012-02-13 15:23:43 +00:00
Maxim Dounin
37c6228d43 Removed r->cache/r->cached dependencies in range filter.
This is a layering violation, use correct offset calculations instead.
2012-02-13 15:20:49 +00:00
Valentin Bartenev
a113cb3543 Proxy: added the "proxy_cookie_path" directive. 2012-02-13 11:08:05 +00:00
Valentin Bartenev
e9df2d6f46 Proxy: added the "proxy_cookie_domain" directive. 2012-02-13 11:04:45 +00:00
Valentin Bartenev
b3e3b2e75a Upstream: added callback hook for the "Set-Cookie" header.
No functional changes.
2012-02-13 11:01:58 +00:00
Valentin Bartenev
85551e58fe Proxy: generic regex related code from the "proxy_redirect" directive moved
to a separate function.

No functional changes.
2012-02-13 11:00:08 +00:00
Valentin Bartenev
7c611aa186 Proxy: generic rewrite code from the "proxy_redirect" handlers moved to a
separate function with trivial optimization.

No functional changes.
2012-02-13 10:56:09 +00:00
Valentin Bartenev
582dac116d Proxy: renamed some "proxy_redirect" related declarations to a more general and
reusable.

No functional changes.
2012-02-13 10:42:44 +00:00
Maxim Dounin
060b92451b Upstream: fixed "too big header" check.
If header filter postponed processing of a header by returning NGX_AGAIN
and not moved u->buffer->pos, previous check incorrectly assumed there
is additional space and did another recv() with zero-size buffer.  This
resulted in "upstream prematurely closed connection" error instead
of correct "upstream sent too big header" one.

Patch by Feibo Li.
2012-02-10 14:31:04 +00:00
Valentin Bartenev
891b43db32 Added ngx_ncpu detection for most *nix platforms.
This inaccurate detection by using sysconf(_SC_NPROCESSORS_ONLN) can improve
usage of the mutex lock optimization on multicore systems.
2012-02-10 11:24:19 +00:00
Valentin Bartenev
9e8708cbd6 Limit conn: returned to the old behavior of using the first actual limit on
the way.

It was unintentionally changed in r4272, so that it could only limit the first
location where the processing of the request has reached PREACCESS phase.
2012-02-10 10:48:58 +00:00
Valentin Bartenev
e35ff2a08c Fixed module name in comment. It was forgotten in r4281. 2012-02-10 09:56:37 +00:00
Maxim Dounin
0f3d6715e7 Version bump. 2012-02-09 16:18:02 +00:00
Maxim Dounin
11cc9dac44 Limit req: unbreak compilation with MSVC. 2012-01-30 13:19:25 +00:00
Valentin Bartenev
fbf7a0a48a Fixed memory leak on HUP signal when PCRE JIT was used.
The PCRE JIT compiler uses mmap to allocate memory for its executable codes, so
we have to explicitly call the pcre_free_study() function to free this memory.
2012-01-30 12:53:57 +00:00
Valentin Bartenev
3feafa765f Fixed proxy_redirect off inheritance.
Example configuration to reproduce:

  server {
      proxy_redirect off;

      location / {
          proxy_pass http://localhost:8000;
          proxy_redirect http://localhost:8000/ /;

          location ~ \.php$ {
              proxy_pass http://localhost:8000;
              # proxy_redirect must be inherited from the level above,
              # but instead it was switched off here
          }
      }
  }
2012-01-30 11:22:56 +00:00
Maxim Dounin
4a23bc5705 Fixed error handling in ngx_event_connect_peer().
Previously if ngx_add_event() failed a connection was freed two times (once
in the ngx_event_connect_peer(), and again by a caller) as pc->connection was
left set.  Fix is to always use ngx_close_connection() to close connection
properly and set pc->connection to NULL on errors.

Patch by Piotr Sikora.
2012-01-30 11:12:52 +00:00
Valentin Bartenev
b06200f3dc Limit req: support for multiple "limit_req" limits. 2012-01-30 10:17:56 +00:00
Valentin Bartenev
73d0b6a721 Limit req: number of cleanup calls reduced.
Doing a cleanup before every lookup seems to be too aggressive. It can lead to
premature removal of the nodes still usable, which increases the amount of work
under a mutex lock and therefore decreases performance.

In order to improve cleanup behavior, cleanup function call has been moved right
before the allocation of a new node.
2012-01-30 10:01:39 +00:00
Valentin Bartenev
8dab3b5a39 Limit req: allocation and initialization of a new node moved to the lookup
function.

No functional changes.
2012-01-30 09:41:49 +00:00
Valentin Bartenev
5f5205ba87 Limit req: improved error handling when parsing "zone" parameter of
"limit_req_zone" directive; minimum size of zone is increased.

Previously an unsigned variable was used to keep the return value of
ngx_parse_size() function, which led to an incorrect zone size if NGX_ERROR
was returned.

The new code has been taken from the "limit_conn_zone" directive.
2012-01-30 09:26:08 +00:00
Valentin Bartenev
d4dbf6ad59 Limit req: error messages fixed. 2012-01-30 09:02:29 +00:00
Maxim Dounin
b3e461e63c Fixed AIO error handling on FreeBSD.
The aio_return() must be called regardless of the error returned by
aio_error().  Not calling it resulted in various problems up to segmentation
faults (as AIO events are level-triggered and were reported again and again).

Additionally, in "aio sendfile" case r->blocked was incremented in case of
error returned from ngx_file_aio_read(), thus causing request hangs.
2012-01-30 07:39:47 +00:00
Maxim Dounin
90a7a8f5d9 Removed ENGINE_load_builtin_engines() call.
It's already called by OPENSSL_config().  Calling it again causes some
openssl engines (notably GOST) to corrupt memory, as they don't expect
to be created more than once.
2012-01-30 07:38:27 +00:00
Valentin Bartenev
94992aa62e Fixed grammar in PCRE JIT error log message. 2012-01-24 10:20:42 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Konovalov
8e1ef760da Version bump. 2012-01-18 15:04:17 +00:00
Maxim Konovalov
4fb388107b Version bump. 2012-01-18 14:33:17 +00:00
Valentin Bartenev
363a0c53e7 Fixed division by zero exception in ngx_hash_init().
The ngx_hash_init() function did not expect call with zero elements count,
which caused FPE error on configs with an empty "types" block in http context
and "types_hash_max_size" > 10000.

Example configuration to reproduce:

  events { }

  http {
          types_hash_max_size 10001;
          types {}
          server {}
  }
2012-01-16 12:42:07 +00:00
Maxim Dounin
b904676b5e Fixed sched_setaffinity(2) to correctly pass size.
Second argument (cpusetsize) is size in bytes, not in bits.  Previously
used constant 32 resulted in reading of uninitialized memory and caused
EINVAL to be returned on some Linux kernels.
2012-01-16 11:13:48 +00:00
Maxim Dounin
9572920af0 Fixed handling of mp4 above 2G and 32bit offsets (ticket #84). 2012-01-16 11:03:27 +00:00
Maxim Dounin
2c55914a9f Fixed proxy_cache_use_stale in "no live upstreams" case. 2012-01-16 11:01:52 +00:00
Maxim Dounin
4efcbce328 Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Support for TLSv1.1 and TLSv1.2 protocols was introduced in OpenSSL 1.0.1
(-beta1 was recently released).  This change makes it possible to disable
these protocols and/or enable them without other protocols.
2012-01-11 11:15:00 +00:00
Maxim Dounin
f2ef9db230 Fixed limit_req burst/nodelay inheritance (ticket #76).
The problem was introduced in r4381 (1.1.12).
2012-01-11 11:09:05 +00:00
Valentin Bartenev
b8ef9d9255 Fixed: proxy_redirect with regex might broke Refresh header.
The problem was localized in ngx_http_proxy_rewrite_redirect_regex() handler
function which did not take into account prefix when overwriting header value.
2012-01-10 15:09:45 +00:00
Ruslan Ermilov
d55ce18c95 Changed ngx_log_debugN() macros to verify the number of arguments
when built with debugging.
2012-01-10 07:28:32 +00:00
Maxim Dounin
11f09dd07d Version bump. 2011-12-27 11:56:48 +00:00
Valentin Bartenev
bc5191c7bc Added support for regex study and PCRE JIT (ticket #41) optimizations on
configuration phase.
2011-12-26 13:10:36 +00:00
Maxim Dounin
947bdfa7fe Fixed build without debug. 2011-12-26 11:33:11 +00:00
Maxim Dounin
da8a43dee9 Cache lock support for fastcgi, scgi, uwsgi. 2011-12-26 11:16:19 +00:00
Maxim Dounin
822fe46934 Cache locks initial implementation.
New directives: proxy_cache_lock on/off, proxy_cache_lock_timeout.  With
proxy_cache_lock set to on, only one request will be allowed to go to
upstream for a particular cache item.  Others will wait for a response
to appear in cache (or cache lock released) up to proxy_cache_lock_timeout.

Waiting requests will recheck if they have cached response ready (or are
allowed to run) every 500ms.

Note: we intentionally don't intercept NGX_DECLINED possibly returned by
ngx_http_file_cache_read().  This needs more work (possibly safe, but needs
further investigation).  Anyway, it's exceptional situation.

Note: probably there should be a way to disable caching of responses
if there is already one request fetching resource to cache (without waiting
at all).  Two possible ways include another cache lock option ("no_cache")
or using proxy_no_cache with some supplied variable.

Note: probably there should be a way to lock updating requests as well.  For
now "proxy_cache_use_stale updating" is available.
2011-12-26 11:15:23 +00:00
Maxim Dounin
0c88994a03 Fixed interaction of limit_rate and sendfile_max_chunk.
It's possible that configured limit_rate will permit more bytes per
single operation than sendfile_max_chunk.  To protect disk from takeover
by a single client it is necessary to apply sendfile_max_chunk as a limit
regardless of configured limit_rate.

See here for report (in Russian):
http://mailman.nginx.org/pipermail/nginx-ru/2010-March/032806.html
2011-12-26 10:51:24 +00:00
Maxim Dounin
41a77d183c Fixed throughput problems with large limit_rate.
Previous attempt to fix this was in r1658 (0.6.18), though that one wasn't
enough (it was a noop).
2011-12-26 10:49:57 +00:00
Maxim Dounin
6a56732e98 Fixed mp4 if first entry in stsc was skipped (ticket #72).
If first entry in stsc atom was skipped, and seek was to chunk boundary,
than first_chunk in the generated stsc table wasn't set to 1.
2011-12-26 10:49:03 +00:00
Valentin Bartenev
b65597ecd5 SSI: added regex captures support in the expression of the "if" command. 2011-12-25 20:08:37 +00:00
Valentin Bartenev
39f01e526f Fixed limit_conn_log_level/limit_req_log_level inheritance.
The directives did not work if there were no limit_conn/limit_req specified on
the same level.
2011-12-25 19:32:31 +00:00
Maxim Dounin
aa4492612b Proxy: made proxy_pass with variables more consistent.
If proxy_pass was used with variables and there was no URI component,
nginx always used unparsed URI.  This isn't consistent with "no variables"
case, where e.g. rewrites are applied even if there is no URI component.

Fix is to use the same logic in both cases, i.e. only use unparsed URI if
it's valid and request is the main one.
2011-12-23 16:04:09 +00:00
Maxim Dounin
d79f4523f8 Added clearing of r->valid_unparsed_uri on internal redirects.
This resolves issue with try_files (see ticket #70), configuration like

   location / { try_files $uri /index.php; }
   location /index.php { proxy_pass http://backend; }

caused nginx to use original request uri in a request to a backend.

Historically, not clearing of the r->valid_unparsed_uri on internal redirect
was a feature: it allowed to pass the same request to (another) upstream
server via error_page redirection.  Since then named locations appeared
though, and it's time to start resetting r->valid_unparsed_uri on internal
redirects.  Configurations still using this feature should be converted
to use named locations instead.

Patch by Lanshun Zhou.
2011-12-19 14:11:48 +00:00
Valentin Bartenev
c5968a998c SSI bugfix: the "if" command did not work inside the "block" command and
produced parsing errors.
2011-12-19 13:28:22 +00:00
Maxim Dounin
8a85ab8e20 Scgi: removed error if there is no Status header.
The SCGI specification doesn't specify format of the response, and assuming
CGI specs should be used there is no reason to complain.  RFC 3875
explicitly states that "A Status header field is optional, and status
200 'OK' is assumed if it is omitted".
2011-12-19 11:25:40 +00:00
Maxim Dounin
32e2038026 Scgi: removed duplicate function declaration. 2011-12-19 11:24:32 +00:00
Maxim Dounin
4d1e32d9d8 Fixed incorrect use of r->http_version in scgi module.
The r->http_version is a version of client's request, and modules must
not set it unless they are really willing to downgrade protocol version
used for a response (i.e. to HTTP/0.9 if no response headers are available).
In neither case r->http_version may be upgraded.

The former code downgraded response from HTTP/1.1 to HTTP/1.0 for no reason,
causing various problems (see ticket #66).  It was also possible that
HTTP/0.9 requests were upgraded to HTTP/1.0.
2011-12-19 11:23:16 +00:00
Maxim Dounin
afb7f22c03 Version bump. 2011-12-19 11:21:46 +00:00
Maxim Dounin
614a7ef18d Cache: only complain on long locked entries.
There have been multiple reports of cases where a real locked entry was
removed, resulting in a segmentation fault later in a worker which locked
the entry.  It looks like default inactive timeout isn't enough in real
life.

For now just ignore such locked entries, and move them to the top of the
inactive queue to allow processing of other entries.
2011-12-12 10:49:14 +00:00
Maxim Dounin
64a9f70092 Cache: handling of cache files with long headers.
There are two possible situations which can lead to this: response was
cached with bigger proxy_buffer_size value (and nginx was restared since
then, i.e. shared memory zone content was lost), or due to the race in
the cache update code (see [1]) we've end up with fcn->body_start from
a different response stored in shared memory zone.

[1] http://mailman.nginx.org/pipermail/nginx-devel/2011-September/001287.html
2011-12-12 10:47:48 +00:00
Maxim Dounin
b839e6febb Cache: obsolete code removed.
The ngx_http_cache() and ngx_http_no_cache_set_slot() functions were replaced
by ngx_http_test_predicates() and ngx_http_set_predicate_slot() in 0.8.46 and
no longer used since then.
2011-12-12 10:46:43 +00:00
Ruslan Ermilov
f28b7e8ef3 Renamed some constants to improve readability, no functional changes. 2011-12-12 10:45:05 +00:00
Valentin Bartenev
0be9554bda Proxy: added variables and regexp support to the first parameter of
the "proxy_redirect" directive.
2011-12-12 09:02:29 +00:00
Maxim Dounin
ae0e919135 Microoptimization of sendfile(2) usage under FreeBSD.
FreeBSD kernel checks headers/trailers pointer against NULL, not
corresponding count.  Passing NULL if there are no headers/trailers
helps to avoid unneeded work in kernel, as well as unexpected 0 bytes
GIO in traces.
2011-12-11 16:30:42 +00:00
Valentin Bartenev
8d3ef1a3b3 Fixed: some of $sent_http_* variables may contain header entries that actually
haven't been sent to a client.

The ngx_http_variable_headers() and ngx_http_variable_unknown_header() functions
did not ignore response header entries with zero "hash" field.

Thanks to Yichun Zhang (agentzh).
2011-12-09 16:17:12 +00:00
Valentin Bartenev
247332a1e2 Added the $https variable. 2011-12-09 14:38:11 +00:00
Valentin Bartenev
df54c36d90 SCGI: added "if_not_empty" flag support to the "scgi_param" directive. 2011-12-09 14:03:06 +00:00
Valentin Bartenev
582b5319b7 uwsgi: added "if_not_empty" flag support to the "uwsgi_param" directive. 2011-12-09 13:47:04 +00:00
Valentin Bartenev
a826eb6720 FastCGI: added "if_not_empty" flag support to the "fastcgi_param" directive. 2011-12-09 13:32:51 +00:00
Valentin Bartenev
50546b26d9 Added the ngx_http_upstream_param_set_slot(). 2011-12-09 13:19:57 +00:00
Ruslan Ermilov
59a2b77039 - Improved error message when parsing of the "buffer" parameter of the
"access_log" directive fails.

- Added a warning if "log_format" is used in contexts other than "http".
2011-12-06 21:07:10 +00:00
Valentin Bartenev
5ee62edffe Removed unused function ngx_regex_capture_count().
The function has been unused since r3326.
2011-12-06 15:49:40 +00:00
Maxim Dounin
8618370487 Fix for read_head with try_files and open_file_cache.
The of.read_ahead wasn't set in try_files code path, causing read_ahead
directive to be a nop if try_files and open_file_cache were used.
2011-12-06 13:23:37 +00:00
Maxim Dounin
08f2256b29 Version bump. 2011-12-06 13:22:32 +00:00
Valentin Bartenev
92edf47ff9 Added the "so_keepalive=" parameter to the "listen" directive.
The "so_keepalive" directive in mail module was deprecated.

Thanks to Vsevolod Stakhov for initial work.
2011-12-05 08:06:15 +00:00
Maxim Dounin
c09d65b179 Fixed AIO on Linux, broken in r4306.
Events from eventfd do not have c->write set, and the stale event
check added in r4306 causes null pointer dereference.
2011-11-29 17:27:13 +00:00
Maxim Dounin
b99492595c Version bump. 2011-11-29 17:25:31 +00:00
Maxim Dounin
a4484b1369 Added (void) as we intentionally ignore returned values.
Requested by Igor Sysoev.
2011-11-28 11:01:42 +00:00
Maxim Dounin
1d13c0dd34 Allowed add_header for proxied 206 replies.
It was working for nginx's own 206 replies as they are seen as 200 in the
headers filter module (range filter goes later in the headers filter chain),
but not for proxied replies.
2011-11-28 10:00:47 +00:00
Valentin Bartenev
1373558163 Added support for IP-literal in the Host header and request line (ticket #1).
Additional parsing logic added to correctly handle RFC 3986 compliant IPv6 and
IPvFuture characters enclosed in square brackets.

The host validation was completely rewritten. The behavior for non IP literals
was changed in a more proper and safer way:

 - Host part is now delimited either by the first colon or by the end of string
   if there's no colon. Previously the last colon was used as delimiter which
   allowed substitution of a port number in the $host variable.
   (e.g. Host: 127.0.0.1:9000:80)

 - Fixed stripping of the ending dot in the Host header when the host was also
   followed by a port number.
   (e.g. Host: nginx.com.:80)

 - Fixed upper case characters detection. Previously it was broken which led to
   wasting memory and CPU.
2011-11-28 09:15:33 +00:00
Maxim Dounin
1b9b19d7e2 Added escaping of double quotes in ngx_escape_html().
Patch by Zaur Abasmirzoev.
2011-11-25 16:36:02 +00:00
Maxim Dounin
13717da19e Unlock of shared memory zones on process crash.
If process exited abnormally while holding lock on some shared memory zone -
unlock it.  It may be not safe thing to do (as crash with lock held may
result in corrupted shared memory structure, and other processes will
subsequently crash while trying to access shared data), therefore complain
loudly if unlock succeeds.
2011-11-23 14:09:19 +00:00
Maxim Dounin
ddb7cd1c41 Fixed build without atomic operations. 2011-11-23 14:07:06 +00:00
Maxim Dounin
91ecc8f43c Added shmtx interface to forcibly unlock mutexes.
It is currently used from master process on abnormal worker termination to
unlock accept mutex (unlocking of accept mutex was broken in 1.0.2).  It is
expected to be used in the future to unlock other mutexes as well.

Shared mutex code was rewritten to make this possible in a safe way, i.e.
with a check if lock was actually held by the exited process.  We again use
pid to lock mutex, and use separate atomic variable for a count of processes
waiting in sem_wait().
2011-11-23 13:55:38 +00:00
Ruslan Ermilov
1e5f239170 Fixed "rotate" to always work when combined with "resize/crop". 2011-11-23 10:22:44 +00:00
Ruslan Ermilov
ca2cce23cc Cosmetics. 2011-11-23 10:16:30 +00:00
Igor Sysoev
79df789b47 Fix of mp4 module seeking. 2011-11-23 07:22:15 +00:00
Maxim Dounin
7f59728d5b Protection from stale write events in epoll.
Stale write event may happen if epoll_wait() reported both read and write
events, and processing of the read event closed descriptor.

Patch by Yichun Zhang (agentzh).
2011-11-22 17:02:21 +00:00
Maxim Dounin
0560ae55bc Fixed segfault on ssl servers without cert with SNI (ticket #54).
Non-default servers may not have ssl context created if there are no
certificate defined.  Make sure to check if ssl context present before
using it.
2011-11-22 16:27:45 +00:00
Ruslan Ermilov
1725621e8a Fixed "keepalive_disable".
Patch by Alexander Usov.  The bug has been introduced in r4267.
2011-11-21 07:31:59 +00:00
Maxim Konovalov
f61b7b3a83 FreeBSD 10-current has recently gotten POSIX_FADV_* macros.
A fix for the broken build applied.

Patch from Igor Sysoev.
2011-11-18 18:42:00 +00:00
Maxim Dounin
e0c1a63028 Upstream: don't cache unfinished responses.
Check if received data length match Content-Length header (if present),
don't cache response if no match found.  This prevents caching of corrupted
response in case of premature connection close by upstream.
2011-11-18 15:09:08 +00:00
Maxim Dounin
5eef168a22 Fixed flv header to match specification.
Used "\x5" in 5th byte to claim presence of both audio and video.  Used
previous tag size 0 in the beginning of the flv body (bytes 10 .. 13) as
required by specification (see http://www.adobe.com/devnet/f4v.html).

Patch by Piotr Sikora.
2011-11-18 14:41:01 +00:00
Ruslan Ermilov
777879c832 Silenced a warning for some compilers. 2011-11-16 13:27:33 +00:00
Ruslan Ermilov
bec516bec9 Now nginx uses TTL of a DNS response when calculating cache validity.
Previously it used a hardcoded value of 300 seconds.  Also added the
"valid=" parameter to the "resolver" directive that can be used to
override the cache validity time.

Patch by Kirill A. Korinskiy with minor changes.
2011-11-16 13:11:39 +00:00
Valentin Bartenev
963315aca0 Fixed incorrect counting the length of headers in a SCGI request. 2011-11-16 12:51:27 +00:00
Maxim Dounin
2b24a67268 Fixed handling of SIGWINCH/NOACCEPT signal.
After first upgrade it was ignored since r4020 (1.1.1, 1.0.9) as
ngx_daemonized wasn't set.
2011-11-15 20:35:41 +00:00
Maxim Dounin
2fd9b49334 Version bump. 2011-11-15 20:33:37 +00:00
Igor Sysoev
07bb4ed971 Introduction of simple ngx_write_stderr() instead of ngx_log_stderr()
for output of ./configure options, etc., since ngx_log_stderr() output
length is limited by 2048 characters defined as NGX_MAX_ERROR_STR.
2011-11-14 14:59:00 +00:00
Igor Sysoev
dd4490c4e4 Fix of "Content-Length" header of MP4 response if start argument was used.
Patch by Piotr Sikora.
2011-11-14 14:42:48 +00:00
Valentin Bartenev
255e20ad21 Renamed ngx_http_limit_zone_module to ngx_http_limit_conn_module. 2011-11-14 14:04:42 +00:00
Maxim Dounin
80e3cba5fd Reverted incorrect change in internal md5 (part of r3928). 2011-11-14 13:38:02 +00:00
Maxim Dounin
030523dff0 Fixed fastcgi/scgi/uwsgi_param inheritance.
The following problems were fixed:

1. Directive fastcgi_cache affected headers sent to backends in unrelated
   servers / locations (see ticket #45).

2. If-Unmodified-Since, If-Match and If-Range headers were sent to backends
   if fastcgi_cache was used.

3. Cache-related headers were sent to backends if there were no fastcgi_param
   directives and fastcgi_cache was used at server level.
2011-11-14 13:26:18 +00:00
Maxim Dounin
ca01f46103 Separate functions to merge fastcgi/scgi/uwsgi params.
No functional changes.
2011-11-14 13:24:43 +00:00
Maxim Dounin
86a851907b Fixed Upgrade header clearing with proxy_cache.
This was missed in proxy HTTP/1.1 support commit (r4127).
2011-11-14 13:21:10 +00:00
Maxim Dounin
962727b259 Fixed proxy_set_header inheritance with proxy_set_body. 2011-11-14 13:19:56 +00:00
Maxim Dounin
b5984de06b Fixed proxy_set_header inheritance with proxy_cache (ticket #45).
Headers cleared with cache enabled (If-Modified-Since etc.) might be cleared
in unrelated servers/locations without proxy_cache enabled if proxy_cache was
used in some server/location.

Example config which triggered the problem:

    proxy_set_header X-Test "test";
    server { location /1 { proxy_cache name; proxy_pass ... } }
    server { location /2 { proxy_pass ... } }

Another one:

    server {
        proxy_cache name;
        location /1 { proxy_pass ... }
        location /2 { proxy_cache off; proxy_pass ... }
    }

In both cases If-Modified-Since header wasn't sent to backend in location /2.

Fix is to not modify conf->headers_source, but instead merge user-supplied
headers from conf->headers_source and default headers (either cache or not)
into separate headers_merged array.
2011-11-14 13:18:15 +00:00
Sergey Budnevitch
66a60a62cc Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse. 2011-11-14 09:12:15 +00:00
Valentin Bartenev
1dbd331849 Limit zone: added the "limit_conn_zone" directive.
It supersedes old "limit_zone" directive (deprecated accordingly) and uses
syntax consistent with the "limit_req_zone" directive.
2011-11-10 16:25:08 +00:00
Valentin Bartenev
aaf5a5772f Limit zone: support for multiple "limit_conn" limits. 2011-11-10 16:08:13 +00:00
Valentin Bartenev
54660dcf74 Limit zone: rbtree lookup moved to a separate function.
No functional changes.
2011-11-10 15:51:55 +00:00
Ruslan Ermilov
2f37fbc8f9 Changed error message to be more appropriate in the imaginary
"open_file_cache max=0" case.
2011-11-10 09:13:09 +00:00
Igor Sysoev
eb499bab59 Fixed compression pointer processing in DNS response greater than 255 bytes.
Thanks to Ben Hawkes.
2011-11-09 13:54:07 +00:00
Igor Sysoev
d0bcad3445 Fix of "keepalive_disable" directive. 2011-11-08 13:48:23 +00:00
Igor Sysoev
a8963fbbcf The "image_filter_sharpen" directive. 2011-11-08 13:17:14 +00:00
Igor Sysoev
ff2bee1fa9 Ancient incomplete ngx_http_status_module removal. 2011-11-01 15:16:28 +00:00
Igor Sysoev
0d03a44aab Version bump. 2011-11-01 15:10:46 +00:00
Igor Sysoev
a2ffa56106 Silently ignoring a stale global SSL error left after disabled renegotiation. 2011-10-31 14:30:03 +00:00
Maxim Dounin
ca495238bd Fixed segfault on configuration testing with ssl (ticket #37).
The following config caused segmentation fault due to conf->file not
being properly set if "ssl on" was inherited from the http level:

http {
    ssl on;
    server {
    }
}
2011-10-31 09:57:14 +00:00
Maxim Dounin
0d59500343 Event pipe: reduced number of file buffers used.
If possible we now just extend already present file buffer in p->out chain
instead of keeping ngx_buf_t for each buffer we've flushed to disk.  This
saves about 120 bytes of memory per buffer flushed to disk, and resolves
high CPU usage observed in edge cases (due to coalescing these buffers on
send).
2011-10-31 09:54:55 +00:00
Maxim Dounin
59205ce109 Event pipe: fixes for complex protocols.
1. In ngx_event_pipe_write_chain_to_temp_file() make sure to fully write
   all shadow buffers up to last_shadow.  With this change recycled buffers
   cannot appear in p->out anymore.  This also fixes segmentation faults
   observed due to ngx_event_pipe_write_chain_to_temp() not freeing any
   raw buffers while still returning NGX_OK.

2. In ngx_event_pipe_write_to_downstream() we now properly check for busy
   size as a size of buffers, not a size of data in these buffers.  This
   fixes situations where all available buffers became busy (including
   segmentation faults due to this).

3. The ngx_event_pipe_free_shadow_raw_buf() function is dropped.  It's
   incorrect and not needed.
2011-10-31 09:53:16 +00:00
Igor Sysoev
59695881ce Decrease of log level of some SSL handshake errors. 2011-10-25 15:04:09 +00:00
Ruslan Ermilov
f12d6ceb65 Fixed port range checking. 2011-10-25 13:48:43 +00:00
Ruslan Ermilov
c5762451a9 Fixed range checking for the "somaxconn" sysctl. 2011-10-25 13:48:05 +00:00
Igor Sysoev
620718102b Support of several servers in the "resolver" directive.
Patch by Kirill A. Korinskiy.
2011-10-24 16:09:05 +00:00
Igor Sysoev
ba71972b21 Using of junk value in slab allocator similar to modern FreeBSD values. 2011-10-24 15:50:19 +00:00
Igor Sysoev
efc6ecab82 malloc() debugging on MacOSX. 2011-10-24 15:46:48 +00:00
Igor Sysoev
b9c859e6d5 FreeBSD's MALLOC_OPTIONS must be set before any malloc() call.
The bug has been introduced in r3799.
2011-10-24 12:59:01 +00:00
Maxim Dounin
ce61ff9c45 Fixed another return in unix ngx_write_chain_to_file().
Previous patch missed special case for one iovec, it needs total bytes
written to be returned as well.
2011-10-21 11:04:46 +00:00
Maxim Dounin
aecb2eda13 Fixed unix ngx_write_chain_to_file() to return total bytes written.
Previously result of last iteration's writev() was returned.  This was
unnoticed as return value was only used if chain contained only one or
two buffers.
2011-10-20 12:40:26 +00:00
Igor Sysoev
5f81070523 Fixing conflict with SDK off_t definition. 2011-10-20 07:12:45 +00:00
Igor Sysoev
1472e7964b Recent SDKs allow to build IPV6 only for Windows XP or above. 2011-10-20 07:00:04 +00:00
Maxim Dounin
b167c46ca2 Fixed "expires @time" with unknown last modified time (ticket #32). 2011-10-17 17:32:08 +00:00
Maxim Dounin
81b43370d5 Fixed "expires @00h". 2011-10-17 17:30:18 +00:00
Igor Sysoev
6242f77617 Version bump. 2011-10-17 15:39:59 +00:00
Maxim Dounin
31f5a59fae Added clearing of modules' contexts in ngx_http_named_location().
Patch by Yichun Zhang (agentzh).
2011-10-15 21:42:03 +00:00
Maxim Dounin
ba76a89d4b Fixed utf8 decode (ticket #25).
Patch by Alexey Kuts.
2011-10-13 13:56:41 +00:00
Igor Sysoev
d51bcf6f63 Skipping location rewrite phase for server null location. 2011-10-13 12:43:22 +00:00
Maxim Dounin
b713e480ca Better recheck of dead upstream servers.
Previously nginx used to mark backend again as live as soon as fail_timeout
passes (10s by default) since last failure.  On the other hand, detecting
dead backend takes up to 60s (proxy_connect_timeout) in typical situation
"backend is down and doesn't respond to any packets".  This resulted in
suboptimal behaviour in the above situation (up to 23% of requests were
directed to dead backend with default settings).

More detailed description of the problem may be found here (in Russian):
http://mailman.nginx.org/pipermail/nginx-ru/2011-August/042172.html

Fix is to only allow one request after fail_timeout passes, and
mark backend as "live" only if this request succeeds.

Note that with new code backend will not be marked "live" unless "check"
request is completed, and this may take a while in some specific workloads
(e.g. streaming).  This is believed to be acceptable.
2011-10-12 14:22:48 +00:00
Maxim Dounin
72df0f400a Clear old Location header (if any) while adding a new one.
This prevents incorrect behaviour when another redirect is issued within
error_page 302 handler.
2011-10-12 13:28:03 +00:00
Maxim Dounin
8650c1eb24 Wording fix, "many data" is incorrect.
Noted by Piotr Sikora.
2011-10-12 13:24:59 +00:00
Ruslan Ermilov
fc55962698 Fixed two minor bugs in "types" parsing code. 2011-10-12 09:36:21 +00:00
Ruslan Ermilov
b5c3336e3e Fixed grammar in a comment. 2011-10-12 09:34:53 +00:00
Ruslan Ermilov
dce7a0c00f Replaced magic constants representing default values of some directives
with appropriate #define's.
2011-10-12 09:33:43 +00:00
Ruslan Ermilov
51a2423633 Stylistic change in checking the boolean expression. 2011-10-12 09:27:34 +00:00
Igor Sysoev
bfe7be45b8 Preallocating exact number of default MIME types entries. 2011-10-12 09:19:57 +00:00
Ruslan Ermilov
c8fdda4c2f Removed old warning that suggested to use "server_name_in_redirect off"
(now the default) in place of no longer supported "server_name *".
2011-10-12 07:20:20 +00:00
Maxim Dounin
b8203e46a0 Additional headers for proxy/fastcgi/uwsgi/scgi_ignore_headers.
Now the following headers may be ignored as well: X-Accel-Limit-Rate,
X-Accel-Buffering, X-Accel-Charset.
2011-10-11 18:10:49 +00:00
Maxim Dounin
012e6b6378 Handling of Content-Encoding set from perl.
This fixes double gzipping in case of gzip filter being enabled while perl
returns already gzipped response.
2011-10-11 18:01:38 +00:00
Maxim Dounin
0f5f4cb180 Fix for socket leak with "aio sendfile" and "limit_rate".
Second aio post happened when timer set by limit_rate expired while we have
aio request in flight, resulting in "second aio post" alert and socket leak.

The patch adds actual protection from aio calls with r->aio already set to
aio sendfile code in ngx_http_copy_filter().  This should fix other cases
as well, e.g. when sending buffered to disk upstream replies while still
talking to upstream.

The ngx_http_writer() is also fixed to handle the above case (though it's
mostly optimization now).

Reported by Oleksandr V. Typlyns'kyi.
2011-10-11 18:00:23 +00:00
Maxim Dounin
b7af402cc4 Fix for connection drops with AIO.
Connections serving content with AIO to fast clients were dropped with
"client timed out" messages after send_timeout from response start.
2011-10-11 17:58:51 +00:00
Maxim Dounin
5cc1fb1d5b Autoindex: escape html in file names. 2011-10-11 17:57:41 +00:00
Maxim Dounin
6226fe3512 Autoindex: escape '?' in file names.
For files with '?' in their names autoindex generated links with '?' not
escaped.  This resulted in effectively truncated links as '?' indicates
query string start.

This is an updated version of the patch originally posted at [1].  It
introduces generic NGX_ESCAPE_URI_COMPONENT which escapes everything but
unreserved characters as per RFC 3986.  This approach also renders unneeded
special colon processing (as colon is percent-encoded now), it's dropped
accordingly.

[1] http://nginx.org/pipermail/nginx-devel/2010-February/000112.html

Reported by Konstantin Leonov.
2011-10-11 17:56:51 +00:00
Maxim Dounin
e3d6c5a33c Improved access log escaping to better protect other software.
Some character sets (notably ISO-8859-1) have C1 control characters in
upper half, make sure to escape them.

Reported by Jesus Olmos Gonzalez.
2011-10-11 17:54:38 +00:00
Igor Sysoev
0d19f020ba Fixing directive name in error message if types hash size is not enough. 2011-10-11 11:11:44 +00:00
Igor Sysoev
840ef3980c Fixing mp4 module seeking on 32-bit platforms. 2011-10-11 10:12:44 +00:00
Ruslan Ermilov
2fdb547f3a Fixed macro name. 2011-10-10 08:38:28 +00:00
Igor Sysoev
94b5460c70 Releasing memory of idle SSL connection. This saves about 34K per SSL
connection. The SSL_MODE_RELEASE_BUFFERS option is available since
OpenSSL 1.0.0d.
2011-10-07 12:15:20 +00:00
Igor Sysoev
95084f7e1c Disabling SSL compression. This saves about 300K per SSL connection.
The SSL_OP_NO_COMPRESSION option is available since OpenSSL 1.0.0.
2011-10-07 10:59:02 +00:00
Igor Sysoev
3f34960fde Version bump. 2011-10-07 10:41:13 +00:00
Ruslan Ermilov
a610127fe3 Improved ngx_parse_time() code readability. 2011-10-07 08:03:16 +00:00
Ruslan Ermilov
6e86fb02d6 Tweaked error messages. 2011-10-07 07:57:24 +00:00
Igor Sysoev
ab0078a4c8 Version bump. 2011-10-05 13:13:25 +00:00
Maxim Dounin
20139ff13a Fixed cache bypass caching of non-cacheable replies (ticket #21).
If cache was bypassed with proxy_cache_bypass, cache-controlling headers
(Cache-Control, Expires) wasn't considered and response was cached even
if it was actually non-cacheable.

Patch by John Ferlito.
2011-10-05 10:14:21 +00:00
Maxim Dounin
3aba768855 Added uwsgi_buffering and scgi_buffering directives.
Patch by Peter Smit.
2011-09-30 11:53:27 +00:00
Igor Sysoev
f3ae6a6102 Using strtod() instead of atofp() to support a lot of digits after dot in
"start" parameter value.
2011-09-30 09:18:28 +00:00
Igor Sysoev
a40e7eed30 Fix of building on platforms with 32-bit off_t. (closed #23) 2011-09-29 15:19:36 +00:00
Maxim Dounin
5cc90f309d Fixed segmentation fault with empty config on Windows.
See here for report:
http://mailman.nginx.org/pipermail/nginx-ru/2011-September/043288.html
2011-09-27 12:07:09 +00:00
Maxim Dounin
554768dabb Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). 2011-09-27 12:06:07 +00:00
Maxim Dounin
886c6295ee Better handling of late upstream creation.
Configuration with duplicate upstream blocks defined after first use, i.e.
like

    server {
        ...
        location / {
            proxy_pass http://backend;
        }
    }

    upstream backend { ... }
    upstream backend { ... }

now correctly results in "duplicate upstream" error.

Additionally, upstream blocks defined after first use now handle various
server directive parameters ("weight", "max_fails", etc.).  Previously
configuration like

    server {
        ...
        location / {
            proxy_pass http://backend;
        }
    }

    upstream backend {
        server 127.0.0.1 max_fails=5;
    }

incorrectly resulted in "invalid parameter "max_fails=5"" error.
2011-09-27 11:18:51 +00:00
Maxim Dounin
b16918ed08 Cache: fix for sending of stale responses.
For normal cached responses ngx_http_cache_send() sends last buffer and then
request finalized via ngx_http_finalize_request() call, i.e. everything is
ok.

But for stale responses (i.e. when upstream died, but we have something in
cache) the same ngx_http_cache_send() sends last buffer, but then in
ngx_http_upstream_finalize_request() another last buffer is send.  This
causes duplicate final chunk to appear if chunked encoding is used (and
resulting problems with keepalive connections and so on).

Fix this by not sending in ngx_http_upstream_finalize_request()
another last buffer if we know response was from cache.
2011-09-27 11:17:11 +00:00
Maxim Dounin
84c58a30e6 Cache: fix for sending of empty responses.
Revert wrong fix for empty responses introduced in 0.8.31 and apply new one,
rewritten to match things done by static module as close as possible.
2011-09-27 11:15:35 +00:00
Maxim Dounin
4a3884ae56 Incorrect special case for "return 204" removed.
The special case in question leads to replies without body in
configuration like

    location / { error_page 404 /zero; return 404; }
    location /zero { return 204; }

while replies with empty body are expected per protocol specs.

Correct one will look like

    if (status == NGX_HTTP_NO_CONTENT) {

        rc = ngx_http_send_header(r);

        if (rc == NGX_ERROR || r->header_only) {
            return rc;
        }

        return ngx_http_send_special(r, NGX_HTTP_LAST);
    }

though it looks like it's better to drop this special case at all.
2011-09-27 11:14:02 +00:00
Maxim Dounin
77ca973d11 Fix for "return 202" not discarding body.
Big POST (not fully preread) to a

    location / {
        return 202;
    }

resulted in incorrect behaviour due to "return" code path not calling
ngx_http_discard_request_body().  The same applies to all "return" used
with 2xx/3xx codes except 201 and 204, and to all "return ... text" uses.

Fix is to add ngx_http_discard_request_body() call to ngx_http_send_response()
function where it looks appropriate.  Discard body call from emtpy gif module
removed as it's now redundant.

Reported by Pyry Hakulinen, see
http://mailman.nginx.org/pipermail/nginx/2011-August/028503.html
2011-09-27 11:13:00 +00:00
Maxim Dounin
ad5ef15e08 Fix for double content when return is used in error_page handler.
Test case:

   location / {
       error_page 405 /nope;
       return 405;
   }

   location /nope {
       return 200;
   }

This is expected to return 405 with empty body, but in 0.8.42+ will return
builtin 405 error page as well (though not counted in Content-Length, thus
breaking protocol).

Fix is to use status provided by rewrite script execution in case
it's less than NGX_HTTP_BAD_REQUEST even if r->error_status set.  This
check is in line with one in ngx_http_script_return_code().

Note that this patch also changes behaviour for "return 302 ..." and
"rewrite ... redirect" used as error handler.  E.g.

    location / {
        error_page 405 /redirect;
        return 405;
    }

    location /redirect {
        rewrite ^ http://example.com/;
    }

will actually return redirect to "http://example.com/" instead of builtin 405
error page with meaningless Location header.  This looks like correct change
and it's in line with what happens on e.g. directory redirects in error
handlers.
2011-09-27 11:11:30 +00:00
Maxim Dounin
bfb42ad97c Fix for incorrect 201 replies from dav module.
Replies with 201 code contain body, and we should clearly indicate it's
empty if it's empty.  Before 0.8.32 chunked was explicitly disabled for
201 replies and as a result empty body was indicated by connection close
(not perfect, but worked).  Since 0.8.32 chunked is enabled, and this
causes incorrect responses from dav module when HTTP/1.1 is used: with
"Transfer-Encoding: chunked" but no chunks at all.

Fix is to actually return empty body in special response handler instead
of abusing r->header_only flag.

See here for initial report:
http://mailman.nginx.org/pipermail/nginx-ru/2010-October/037535.html
2011-09-27 11:09:55 +00:00
Maxim Dounin
5c56f20ae7 Proxy: logging levels tuned, double logging fixed. 2011-09-25 20:04:20 +00:00
Maxim Dounin
aa12f3c7f3 Proxy: whitespaces after chunk size allowed.
Whitespaces after chunk size seems to be be allowed by the "implied *LWS" rule
and emitted by some servers.
2011-09-25 20:03:27 +00:00
Maxim Dounin
28b001f897 Upstream: clearing of u->peer.connection on close.
This fixes crashes observed with some 3rd party balancer modules.  Standard
balancer modules (round-robin and ip hash) explicitly set pc->connection
(aka u->peer.connection) to NULL and aren't affected.
2011-09-25 20:00:36 +00:00
Ruslan Ermilov
b1565cf96b Fixed error message. 2011-09-23 20:15:27 +00:00
Maxim Dounin
afe2e3d082 Fix of separate pool for upstream connections (r4117).
Pool may not be created if connection was created but rejected in connect()
call.  Make sure to check if it is here before trying to destroy it.
2011-09-20 10:00:46 +00:00
Maxim Dounin
265e51aa0b Fixed loss of chain links in ngx_event_pipe_read_upstream(). 2011-09-20 09:56:35 +00:00
Maxim Dounin
d1b9a0388d Fixed loss of chain links in fastcgi module. 2011-09-20 09:56:05 +00:00
Maxim Dounin
e4dab80e80 Fix of cpu hog in event pipe.
If client closed connection in ngx_event_pipe_write_to_downstream(), buffers
in the "out" chain were lost.  This caused cpu hog if all available buffers
were in the "out" chain.  Fix is to call ngx_chain_update_chains() before
checking return code of output filter to avoid loosing buffers in the "out"
chain.

Note that this situation (all available buffers in the "out" chain) isn't
normal, it should be prevented by busy buffers limit.  Though right now it
may happen with complex protocols like fastcgi.  This should be addressed
separately.
2011-09-20 09:55:27 +00:00
Igor Sysoev
c8df23cb29 The "worker_aio_requests" directive.
The default value is 32 AIO simultaneous requests per worker. Previously
they were hardcoded to 1024, and it was too large, since Linux allocated
them early on io_setup(), but not on request itself. So with default value
of /proc/sys/fs/aio-max-nr equal to 65536 only 64 worker processes could
be run simultaneously. 32 AIO requests are enough for modern disks even if
server runs only 1 worker.
2011-09-20 07:30:09 +00:00
Ruslan Ermilov
a823c550e4 Replaced "can not" with "cannot" and "could not" in a bunch of places.
Fixed nearby grammar errors.
2011-09-19 14:48:29 +00:00
Ruslan Ermilov
3b7ed02583 Cosmetics: replaced NGX_CONF_TAKE1 to NGX_CONF_FLAG for "sendfile"
and "chunked_transfer_encoding" directives, to be in line with all
directives taking a boolean argument.  Both flags will ensure that
a directive takes one argument.
2011-09-19 12:41:13 +00:00
Ruslan Ermilov
5d4aed0175 Overhauled diagnostic messages. 2011-09-19 12:37:22 +00:00
Igor Sysoev
aa997c0289 Fixing Linux AIO initiatialization: AIO operations are disabled if kernel
does not support them.  Previously worker just exited.
2011-09-16 13:41:52 +00:00
Igor Sysoev
4134b48b68 Fixing Linux AIO syscalls return value handling:
syscall(2) uses usual libc convention, it returns -1 on error and
sets errno. Obsolete _syscall(2) returns negative value of error.

Thanks to Hagai Avrahami.
2011-09-16 12:43:16 +00:00
Maxim Dounin
c6353a5654 Trailing space fix. 2011-09-16 12:08:52 +00:00
Maxim Dounin
44002e541f Upstream keepalive module. 2011-09-15 19:28:18 +00:00
Maxim Dounin
2fe0a7a0f6 Proxy: basic HTTP/1.1 support (including keepalive).
By default we still send requests using HTTP/1.0.  This may be changed with
new proxy_http_version directive.
2011-09-15 19:23:20 +00:00
Maxim Dounin
f2fcf11b25 Protocol version parsing in ngx_http_parse_status_line().
Once we know protocol version, set u->headers_in.connection_close to indicate
implicitly assumed connection close with HTTP before 1.1.
2011-09-15 19:22:35 +00:00
Maxim Dounin
f84c69a301 Upstream: Connection header processing. 2011-09-15 19:21:19 +00:00
Maxim Dounin
4686f30a0c Upstream: Transfer-Encoding header processing. 2011-09-15 19:20:08 +00:00
Maxim Dounin
2da36b30c3 Keepalive support in fastcgi.
By default follow the old behaviour, i.e. FASTCGI_KEEP_CONN flag isn't set
in request and application is responsible for closing connection once request
is done.  To keep connections alive fastcgi_keep_conn must be activated.
2011-09-15 19:05:23 +00:00
Maxim Dounin
05552a23a2 Keepalive support in memcached. 2011-09-15 19:04:25 +00:00
Maxim Dounin
2d6be3fe93 Upstream: keepalive flag.
This patch introduces r->upstream->keepalive flag, which is set by protocol
handlers if connection to upstream is in good state and can be kept alive.
2011-09-15 19:03:15 +00:00
Maxim Dounin
a746bab7c1 Upstream: pipe length and input_filter_init in buffered mode.
As long as ngx_event_pipe() has more data read from upstream than specified
in p->length it's passed to input filter even if buffer isn't yet full.  This
allows to process data with known length without relying on connection close
to signal data end.

By default p->length is set to -1 in upstream module, i.e. end of data is
indicated by connection close.  To set it from per-protocol handlers upstream
input_filter_init() now called in buffered mode (as well as in
unbuffered mode).
2011-09-15 19:00:47 +00:00
Maxim Dounin
ffe4f11417 Upstream: r->upstream->length type change to off_t.
Previous use of size_t may cause wierd effects on 32bit platforms with certain
big responses transferred in unbuffered mode.

Nuke "if (size > u->length)" check as it's not usefull anyway (preread
body data isn't subject to this check) and now requires additional check
for u->length being positive.
2011-09-15 18:43:19 +00:00
Maxim Dounin
e19f005daf Upstream: content_length_n API change.
We no longer use r->headers_out.content_length_n as a primary source of
backend's response length.  Instead we parse response length to
u->headers_in.content_length_n and copy to r->headers_out.content_length_n
when needed.
2011-09-15 18:33:43 +00:00
Maxim Dounin
360ed25d65 Upstream: separate pool for peer connections.
This is required to support persistent https connections as various ssl
structures are allocated from connection's pool.
2011-09-15 18:21:24 +00:00
Maxim Dounin
c42c70f478 Workaround for cpu hog on errors with cached connections.
Just doing another connect isn't safe as peer.get() may expect peer.tries
to be strictly positive (this is the case e.g. with round robin with multiple
upstream servers).  Increment peer.tries to at least avoid cpu hog in
round robin balancer (with the patch alert will be seen instead).

This is not enough to fully address the problem though, hence TODO.  We
should be able to inform balancer that the error wasn't considered fatal
and it may make sense to retry the same peer.
2011-09-15 18:12:58 +00:00
Maxim Dounin
d7c2673d3f API change: ngx_chain_update_chains() now requires pool.
The ngx_chain_update_chains() needs pool to free chain links used for buffers
with non-matching tags.  Providing one helps to reduce memory consumption
for long-lived requests.
2011-09-15 16:03:17 +00:00
Maxim Dounin
a890b313f3 Buffers reuse in chunked filter.
There were 2 buffers allocated on each buffer chain sent through chunked
filter (one buffer for chunk size, another one for trailing CRLF, about
120 bytes in total on 32-bit platforms).  This resulted in large memory
consumption with long-lived requests sending many buffer chains.  Usual
example of problematic scenario is streaming though proxy with
proxy_buffering set to off.

Introduced buffers reuse reduces memory consumption in the above problematic
scenario.

See here for initial report:
http://mailman.nginx.org/pipermail/nginx/2010-April/019814.html
2011-09-15 15:25:42 +00:00
Igor Sysoev
57b4fdb6c8 MP4 co64 atom support added. 2011-09-15 13:23:03 +00:00
Igor Sysoev
c940f5fc99 Fix of struct field name. 2011-09-15 05:15:16 +00:00
Igor Sysoev
1fc9a8dec6 Style fix. 2011-09-14 15:26:11 +00:00
Igor Sysoev
acdac73688 Fixing building by gcc-4.7. 2011-09-14 15:25:46 +00:00
Igor Sysoev
4a383594fb Version bump. 2011-09-14 15:20:01 +00:00
Igor Sysoev
9c5d25179c Fix of the previous commit: is_directio flag processing introduced in r4077
is still worthwhile.
2011-09-14 14:28:55 +00:00
Igor Sysoev
7ffb73c6b7 Bugfix: open_file_cache did not update file info on retest.
If file inode was not changed, cached file information was not updated
on retest.  As a result stale information might be cached forever if file
attributes was changed and/or file was extended.

This fix also makes obsolete r4077 change of is_directio flag handling,
since this flag is updated together with other file information.
2011-09-14 14:12:35 +00:00
Igor Sysoev
2cc42b74c7 Skipping traks with unsupported media formats. 2011-09-14 14:04:41 +00:00
Igor Sysoev
dcea2ce7d1 Fix of case when start sample does not reside on chunk boundary. 2011-09-14 05:16:20 +00:00
Ruslan Ermilov
59efbc4bcb In Mac OS X Lion, Apple deprecated the use of the system OpenSSL library
in favour of their CommonCrypto library.  This change adds a work-around
that allows nginx to still be built on Lion with OpenSSL.
2011-09-13 09:18:43 +00:00
Igor Sysoev
f824fb47fe Fix of debug message format. 2011-09-12 15:15:00 +00:00
Igor Sysoev
d44855067d Fix of codec debug message. 2011-09-12 14:54:28 +00:00
Igor Sysoev
3d9ae84bf9 Fix of error message. 2011-09-12 14:46:06 +00:00
Igor Sysoev
7e8ee656a8 Fix of error message. 2011-09-12 13:06:22 +00:00
Igor Sysoev
e07a3577a9 mp4_max_moov_size directive has been renamed to mp4_max_buffer_size. 2011-09-12 09:38:04 +00:00
Igor Sysoev
b1c79a449e bugfix of r4086: nginx could not be built without debug log. 2011-09-09 11:56:49 +00:00
Igor Sysoev
5d01ac5af3 Bugfix of r4086: directio was always enabled if mp4 file was sent as is. 2011-09-09 11:13:55 +00:00
Igor Sysoev
dde4d7e300 ngx_http_mp4_module 2011-09-09 10:22:34 +00:00
Maxim Dounin
4f65a05d18 Bugfix: open_file_cache lost is_directio flag.
On file retest open_file_cache lost is_directio if file wasn't changed.
This caused unaligned operations under Linux to fail with EINVAL.
It wasn't noticeable with AIO though, as errors wasn't properly logged.
2011-09-05 16:36:19 +00:00
Igor Sysoev
3a73e50498 Version bump. 2011-09-05 16:26:51 +00:00
Maxim Dounin
bfbbfc85df Bugfix: read event was not blocked after reading body.
Read event should be blocked after reading body, else undefined behaviour
might occur on additional client activity.  This fixes segmentation faults
observed with proxy_ignore_client_abort set.
2011-09-05 12:43:31 +00:00
Maxim Dounin
82854d0d78 Proper setting of read->eof in pipe code.
Setting read->eof to 0 seems to be just a typo.  It appeared in
nginx-0.0.1-2003-10-28-18:45:41 import (r164), while identical code in
ngx_recv.c introduced in the same import do actually set read->eof to 1.

Failure to set read->eof to 1 results in EOF not being generally detectable
from connection flags.  On the other hand, kqueue won't report any read
events on such a connection since we use EV_CLEAR.  This resulted in read
timeouts if such connection was cached and used for another request.
2011-09-01 15:10:41 +00:00
Maxim Dounin
a9e3c65d22 Proper SSL shutdown handling.
If connection has unsent alerts, SSL_shutdown() tries to send them even
if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This can be prevented by SSL_set_quiet_shutdown().  SSL_set_shutdown()
is required nevertheless to preserve session.
2011-09-01 13:49:36 +00:00
Igor Sysoev
09be2f18c5 Now if client requests more ranges than "max_ranges" permits,
nginx disables ranges and returns just the source response.
2011-09-01 13:03:55 +00:00
Igor Sysoev
f560419c54 The "max_ranges" directive.
"max_ranges 0" disables ranges support at all,
"max_ranges 1" allows the single range, etc.
By default number of ranges is unlimited, to be precise, 2^31-1.
2011-08-31 09:40:55 +00:00
Igor Sysoev
e81c293289 Style fix: removal of tabs introduced in the previous commit. 2011-08-31 09:26:07 +00:00
Igor Sysoev
65b1592d02 *) fix of r4060: start value should be tested after the "found" label;
*) optimization: start value may be tested against end value only,
   since end value here may not be greater than content_length.
2011-08-30 20:34:58 +00:00
Igor Sysoev
1f3280bae2 Unsatisfiable range with start value greater than content length
was not properly skipped. The bug has been introduced in r4057.
2011-08-30 14:25:35 +00:00
Igor Sysoev
e766153451 ngx_http_range_parse() should be static. 2011-08-30 13:07:33 +00:00
Igor Sysoev
9162057731 Ranges processing small optimization. 2011-08-30 13:06:12 +00:00
Igor Sysoev
451df22b3f Now unsatisfiable ranges are processed according to RFC 2616. 2011-08-30 13:01:55 +00:00
Igor Sysoev
584703b84a Ranges processing small optimization. 2011-08-30 12:45:24 +00:00
Igor Sysoev
f2575bd878 Style fix. 2011-08-30 12:28:01 +00:00
Igor Sysoev
c2c3e3105f Now if total size of all ranges is greater than source response size,
then nginx disables ranges and returns just the source response.
This fix should not affect well-behaving applications but will defeat
DoS attempts exploiting malicious byte ranges.
2011-08-26 09:42:50 +00:00
Igor Sysoev
8b2bf08165 Cache size accounting fix: actual cache size on disk was less than
needed by sum of sizes of files loaded by worker processes themselves
while cache loader was running.

The bug has been introduced in r3900.
2011-08-25 17:29:34 +00:00
Maxim Dounin
fbc51e4c44 Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).

As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.

Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.

Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
2011-08-23 14:36:31 +00:00
Igor Sysoev
631fa929d3 Version bump. 2011-08-23 14:22:34 +00:00
Igor Sysoev
566dfe0c7f SIGWINCH/NOACCEPT signal is disabled now in non-daemon mode.
Non-daemon mode is currently used by supervisord, daemontools and so on
or during debugging. The NOACCEPT signal is only used for online upgrade
which is not supported when nginx is run under supervisord, etc.,
so this change should not break existant setups.
2011-08-22 12:34:48 +00:00
Igor Sysoev
0d18687b03 The change in adaptive loader behaviour introduced in r3975:
now cache loader processes either as many files as specified by loader_files
or works no more than time specified by loader_threshold during each iteration.

loader_threshold was previously used to decrease loader_files or
to increase loader_timeout and this might eventually result in
downgrading loader_files to 1 and increasing loader_timeout to large values
causing loading cache for forever.
2011-08-22 10:16:49 +00:00
Maxim Dounin
de1a3e1e0c Fix buffer overrun under Windows. 2011-08-22 10:07:27 +00:00
Maxim Dounin
ec8186c733 Move SO_ACCEPTFILTER and TCP_DEFER_ACCEPT checks into configure.
NetBSD 5.0+ has SO_ACCEPTFILTER support merged from FreeBSD, and having
accept filter check in FreeBSD-specific ngx_freebsd_config.h prevents it
from being used on NetBSD.  Therefore move the check into configure (and
do the same for Linux-specific TCP_DEFER_ACCEPT, just to be in line).
2011-08-21 11:37:37 +00:00
Maxim Dounin
5a52d67a08 Fix ignored headers handling in fastcgi/scgi/uwsgi.
The bug had appeared in r3561 (fastcgi), r3638 (scgi), r3567 (uwsgi).
2011-08-19 20:11:39 +00:00
Maxim Dounin
65c32b255d Complain on invalid log levels.
Previously only first log level was required to be correct, while error_log
directive in fact accepts list of levels (e.g. one may specify "error_log ...
debug_core debug_http;").  This resulted in (avoidable) wierd behaviour on
missing semicolon after error_log directive, e.g.

    error_log /path/to/log info
    index index.php;

silently skipped index directive and it's arguments (trying to interpret
them as log levels without checking to be correct).
2011-08-18 21:48:13 +00:00
Maxim Dounin
b7fcb430c1 Upstream: properly allocate memory for tried flags.
Previous allocation only took into account number of non-backup servers, and
this caused memory corruption with many backup servers.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-May/026531.html
2011-08-18 17:04:52 +00:00
Maxim Dounin
624fbe94a2 Fixing cpu hog with all upstream servers marked "down".
The following configuration causes nginx to hog cpu due to infinite loop
in ngx_http_upstream_get_peer():

    upstream backend {
        server 127.0.0.1:8080 down;
        server 127.0.0.1:8080 down;
    }

    server {
       ...
       location / {
           proxy_pass http://backend;
       }
    }

Make sure we don't loop infinitely in ngx_http_upstream_get_peer() but stop
after resetting peer weights once.

Return 0 if we are stuck.  This is guaranteed to work as peer 0 always exists,
and eventually ngx_http_upstream_get_round_robin_peer() will do the right
thing falling back to backup servers or returning NGX_BUSY.
2011-08-18 16:52:38 +00:00
Maxim Dounin
9bc8fc4602 Fixing proxy_set_body and proxy_pass_request_body with SSL.
Flush flag wasn't set in constructed buffer and this prevented any data
from being actually sent to upstream due to SSL buffering.  Make sure
we always set flush in the last buffer we are going to sent.

See here for report:
http://nginx.org/pipermail/nginx-ru/2011-June/041552.html
2011-08-18 16:34:24 +00:00
Igor Sysoev
c4ff39ae2b Fix names of the referer hash size directives introduced in r3940. 2011-08-18 16:27:30 +00:00
Maxim Dounin
b09ceca261 Fix body with request_body_in_single_buf.
If there were preread data and request body was big enough first part
of the request body was duplicated.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-July/027756.html
2011-08-18 15:52:00 +00:00
Maxim Dounin
f48b451195 Correctly set body if it's preread and there are extra data.
Previously all available data was used as body, resulting in garbage after
real body e.g. in case of pipelined requests.  Make sure to use only as many
bytes as request's Content-Length specifies.
2011-08-18 15:27:57 +00:00
Igor Sysoev
de236d3a2c fix gzip quantity: "q=0." and "q=1." are valid values according to RFC 2011-08-05 08:51:29 +00:00
Igor Sysoev
48d17bca94 refactor gzip quantity introduced in r3981: it ignored "q=1.000" 2011-08-04 14:50:59 +00:00
Igor Sysoev
dfd81a23b2 A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.

The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
2011-08-04 11:12:30 +00:00
Igor Sysoev
c42be75569 removal of error message about %name log_format parameters,
they have been deleted long ago in 0.5.0-RELEASE
2011-08-03 16:01:36 +00:00
Igor Sysoev
7cce1cacaa fix typo introduced in r3985 2011-08-02 12:43:01 +00:00
Igor Sysoev
475a5dfcf1 bump version 2011-08-02 12:39:38 +00:00
Igor Sysoev
72a96bfdcb fix r3981 again for case "Accept-Encoding: gzip" 2011-08-01 14:38:09 +00:00
Igor Sysoev
21fd22d089 always set timer in discard body handler, this fixes the cases
when request for static file is redirected by error_page to an SSI page

patch by Maxim Dounin
2011-08-01 13:52:54 +00:00
Igor Sysoev
2505587b4d lingering_close "off|on|always"
patch by Maxim Dounin
2011-08-01 13:26:55 +00:00
Igor Sysoev
41c8a1d27f do not send RST on normal lingering close read timeout,
if reset_timedout_connection is on

patch by Maxim Dounin
2011-08-01 13:08:03 +00:00
Igor Sysoev
bd7dfe44c5 fix r3981 for case "Accept-Encoding: gzip" 2011-08-01 11:21:46 +00:00
Igor Sysoev
2f3668b59b enable lingering close for pipelined requests
patch by Maxim Dounin
2011-08-01 11:08:57 +00:00
Igor Sysoev
721f47ed3c Accept-Encoding refactoring: "gzip; q=0" support 2011-08-01 11:02:12 +00:00
Igor Sysoev
d743a2339e Accept-Encoding refactoring: test first the most common case "gzip," 2011-07-30 07:34:12 +00:00
Igor Sysoev
6652cc5962 Accept-Encoding refactoring: remove ancient MSIE 4.x test for gzip 2011-07-30 06:20:06 +00:00
Igor Sysoev
c9468026e7 test length of proxy_pass with variables
patch by Lanshun Zhou
2011-07-30 06:11:46 +00:00
Igor Sysoev
c2f852c260 update r3945 with more descriptive error message 2011-07-29 15:33:03 +00:00
Igor Sysoev
922f106582 loader_files, loader_sleep, and loader_threshold 2011-07-29 15:09:02 +00:00
Igor Sysoev
d5a25a4b97 set correct configuration file values while adding path
patch by Maxim Dounin
2011-07-25 10:22:38 +00:00
Igor Sysoev
1850ce09a1 rename ngx_http_file_cache_manager_sleep() to ngx_http_file_cache_loader_sleep()
and do not use it all in cache manager: this is a vestige of the times when
cache manager loaded cache
2011-07-25 09:45:00 +00:00
Igor Sysoev
d8ce166e2e do not close connection if cache file is too small: replace it with valid one 2011-07-24 20:04:47 +00:00
Igor Sysoev
c2cafadfa5 elimination of reading cache files by cache loader 2011-07-24 19:46:53 +00:00
Igor Sysoev
92161bac79 fix r3968 2011-07-24 19:43:52 +00:00
Igor Sysoev
6cb6fc4a09 update the previous commit:
removing dependencies on file uniq since WIN32_FIND_DATA has no such field
2011-07-24 17:36:26 +00:00
Igor Sysoev
c1250b6a49 The cache loader performs two tasks: inserting cache objects in inactivity
list and evaluating total cache size. Reading just directory is enough for
this purpose. Elimination of reading cache files saves at least one disk I/O
operation per file.

Preparation for elimination of reading cache files by cache loader:
removing dependencies on the reading:
*) cache node valid_sec and valid_msec are used only for caching errors;
*) upstream buffer size can be used instead of cache node body_start.
2011-07-24 16:47:31 +00:00
Igor Sysoev
bb389f6111 fuse two if's in one condition 2011-07-24 16:10:06 +00:00
Igor Sysoev
64d024605a style fix 2011-07-24 16:06:24 +00:00
Igor Sysoev
08b597592f do not try to reuse and save a SSL session for a peer created on the fly
by ngx_http_upstream_create_round_robin_peer(), since the peer lives
only during request so the saved SSL session will never be used again
and just causes memory leak

patch by Maxim Dounin
2011-07-22 16:30:17 +00:00
Igor Sysoev
a3741fb24d finalizing with rc == 0 in unbuffered proxy mode caused nginx to wait
for another send_timeout before actually closing client's connection
if client timed out while still talking to upstream server

patch by Maxim Dounin
2011-07-22 13:30:16 +00:00
Igor Sysoev
b0b6bcedfc fix SSL connection issues on platforms with 32-bit off_t
patch by Maxim Dounin
2011-07-22 12:53:04 +00:00
Igor Sysoev
a7ed0951e3 fix build by gcc46 with -Wunused-value option
patch by Maxim Dounin
2011-07-22 10:43:50 +00:00
Igor Sysoev
f39642a907 ECDHE support
patch by Adrian Kotelba
2011-07-20 15:42:40 +00:00
Igor Sysoev
e61ba26744 MSIE export versions are rare now, so RSA 512 key is generated on demand
and is shared among all hosts instead of pregenerating for every HTTPS host
on configuraiton phase. This decreases start time for configuration with
large number of HTTPS hosts.
2011-07-20 12:59:24 +00:00
Igor Sysoev
2551f4a55d bump version: 1.1.0 development version 2011-07-20 09:29:25 +00:00
Igor Sysoev
6c3c3bbe42 fix segfault if cache key is larger than upstream buffer size
patch by Lanshun Zhou
2011-07-19 11:24:16 +00:00
Igor Sysoev
82afb9cc86 $uid_reset 2011-07-19 11:21:50 +00:00
Igor Sysoev
a0202f26c6 fix r3756: release lock to allow other process to delete cache node
patch by Maxim Dounin
2011-07-19 10:35:02 +00:00
Igor Sysoev
99f2b9e063 fix building by MSVC 2011-07-18 15:00:05 +00:00
Igor Sysoev
87ee007022 revert r3935 and fix "stalled cache updating" alert
by freeing cache at upstream finalize phase
patch by Maxim Dounin
2011-06-28 13:26:08 +00:00
Igor Sysoev
f58154db2f referer_hash_max_size and referer_hash_bucket_size directives
patch by Witold Filipczyk
2011-06-28 10:40:44 +00:00
Igor Sysoev
8d7b1d222e use !aNULL to disable all anonymous cipher suites
patch by Rob Stradling
2011-06-27 15:47:51 +00:00
Igor Sysoev
0a860a1c1d bump version 2011-06-27 15:34:44 +00:00
Igor Sysoev
1788ec0c48 fix "stalled cache updating" alert,
when non-cachable HEAD response did not not free an expired cache node
2011-06-01 08:02:34 +00:00
Igor Sysoev
5343bf3221 revert r3875 since now map uses case sensetive regexes by default 2011-05-30 14:24:17 +00:00
Igor Sysoev
53d05b969b change ngx_http_map_find(): use case sensitive regexes 2011-05-30 12:36:17 +00:00
Igor Sysoev
36aadf7eba fix building on FreeBSD 6 or earlier against system md5 2011-05-27 13:30:53 +00:00
Igor Sysoev
e620fdac65 make built-in ngx_md5_update() interface consistent with other implemenations 2011-05-27 10:00:46 +00:00
Igor Sysoev
c4793b6505 fix building --without-http_auth_basic_module,
the bug has been introduced in r3923
2011-05-26 07:32:48 +00:00
Igor Sysoev
ce2229e2f7 bump version 2011-05-26 07:31:40 +00:00
Igor Sysoev
5dc5945ccf "$apr1", "{PLAIN}", and "{SSHA}" password methods in auth basic module
patch by Maxim Dounin
2011-05-16 14:54:50 +00:00
Igor Sysoev
ffc7271250 fix testing IPv4 address mapped to IPv6, when only IPv6 access rules are defined 2011-05-16 14:01:23 +00:00
Igor Sysoev
529b5f1938 support IPv4 mapped to IPv6 in geo module 2011-05-16 13:54:42 +00:00
Igor Sysoev
dd39f60014 support IPv4 mapped to IPv6 in geoip module 2011-05-16 13:50:58 +00:00
Igor Sysoev
868db976d7 fix debug logging 2011-05-13 10:06:56 +00:00
Igor Sysoev
0d6283918f fix a broken cached response if bypass/no_cache directive values are different,
the bug has been introduced in r3700
2011-05-13 10:05:38 +00:00
Igor Sysoev
50733a53ec geoip_org
patch by Alexander Uskov
2011-05-11 09:34:21 +00:00
Igor Sysoev
20b52bec63 fix typo 2011-05-11 09:25:37 +00:00
Igor Sysoev
dc336358ab bump version 2011-05-11 09:19:48 +00:00
Igor Sysoev
49ae93034d gdImageCopyRotated() may images of even height or width
patch by Adam Bocim
2011-05-10 12:04:57 +00:00
Igor Sysoev
e2c8ad7122 use POSIX semaphores in shmtx instead of sched_yield()
number of spinlock spins are increased twice
2011-05-10 11:39:13 +00:00
Igor Sysoev
e691d94a39 bump version 2011-05-04 12:20:32 +00:00
Igor Sysoev
eecc540da8 test zero value in an "if" directive consistently with predicates fixed in r3894
thanks to Maxim Dounin
2011-05-03 09:52:27 +00:00
Igor Sysoev
2bd01a0f01 revert r3864, it may cause kernel panic on some kernels while working with IPv6 2011-04-23 17:27:55 +00:00
Igor Sysoev
efde3eb92e fix building by gcc 4.6 without --with-debug 2011-04-23 17:25:06 +00:00
Igor Sysoev
c37192b537 style fix: remove trailing spaces 2011-04-23 13:11:17 +00:00
Igor Sysoev
ef1f33b0db Use more precise stat.st_blocks to account cache size on Unix
instead of file length rounded to a file system block size.
There is no similar way on Windows, so rounding to a cache->bsize is kept.
2011-04-22 10:06:43 +00:00
Igor Sysoev
64efecc2b5 allow to use $upstream_... variables in SSI 2011-04-21 10:07:07 +00:00
Igor Sysoev
423ee58e76 fix r3713
thanks to Igor A. Valcov
2011-04-19 12:29:16 +00:00
Igor Sysoev
b3451785fe an internal MD5 implemenation
patch by Maxim Dounin
2011-04-15 15:58:06 +00:00
Igor Sysoev
9813a1999c fix segfault in IPv6 parsing while processing invalid IPv4 address X.YYYY.Z
patch by Maxim Dounin
2011-04-15 13:50:27 +00:00
Igor Sysoev
14fe2dd94a values starting with '0' were incorrectly assumed to be false
patch by Maxim Dounin
2011-04-15 12:24:18 +00:00
Igor Sysoev
432760ee4d use MurmurHash2 for split_clients, because
its distribution is much better than CRC32's one
2011-04-15 10:59:57 +00:00
Igor Sysoev
42f1e1cb96 ngx_murmur_hash2() 2011-04-15 10:59:24 +00:00
Igor Sysoev
0bd0b2894c bump version 2011-04-15 10:58:44 +00:00
Igor Sysoev
d63104eea4 use memmove() in appropriate places 2011-04-12 08:02:46 +00:00
Igor Sysoev
d80bcbcd0f "satisfy any" disabled custom 401 error page 2011-04-11 14:17:31 +00:00
Igor Sysoev
711eeb8514 fix CPU hog in cache manager
patch by Maxim Dounin
2011-04-08 15:27:53 +00:00
Igor Sysoev
ea38fe54bd fix "image_filter rotate 180" and crop case
the bug has been introduced in r3879
2011-04-07 09:12:30 +00:00
Igor Sysoev
f352259dd6 bump version 2011-04-07 09:08:52 +00:00
Igor Sysoev
4956ac5108 reuse keepalive connections if there are no free worker connections
patch by Maxim Dounin
2011-04-04 12:26:53 +00:00
Igor Sysoev
fde7d51392 fix case when a host in fastcgi_pass, scgi_pass, and uwsgi_pass
is given by expression and refers to a defined upstream
2011-04-04 10:43:21 +00:00
Igor Sysoev
450c981ab9 image filter rotate
patch by Adam Bocim
2011-04-04 09:57:32 +00:00
Igor Sysoev
b8fb0a15a2 bump version 2011-04-04 09:46:00 +00:00
Igor Sysoev
921ac21acf map tests values in low case only, so caseless regex has no sense 2011-03-21 15:18:59 +00:00
Igor Sysoev
c9d671cd81 $time_iso8601 log variable
patch by Michael Lustfield
2011-03-16 15:46:57 +00:00
Igor Sysoev
0519b43a77 allow regex as "map" parameter 2011-03-16 15:32:31 +00:00
Igor Sysoev
32c73df97a remove semicolon, because it is already in "nginx: " prefix 2011-02-21 11:47:28 +00:00
Igor Sysoev
22434e4c72 fix warnings 2011-02-21 11:44:26 +00:00
Igor Sysoev
2a526d4969 bump version 2011-02-21 10:03:28 +00:00
Igor Sysoev
d53c836214 fix u->one_addr handling in ngx_inet_resolve_host()
patch by Maxim Dounin
2011-02-17 15:01:16 +00:00
Igor Sysoev
95899a3f19 use backlog -1 on Linux
thanks to Andrei Nigmatulin
2011-02-17 14:14:50 +00:00
Igor Sysoev
b2492255f8 always test proxy_redirect with slash, this fixes a case when nginx uses
proxy_pass "http://www", upstream redirects to "http://www.host/uri",
and nginx rewrites it as ".host/uri"
patch by Maxim Dounin
2011-02-17 11:54:35 +00:00
Igor Sysoev
4d6db4a7ab set current atime while setting mtime
patch by Andrei Nigmatulin
2011-02-11 08:02:35 +00:00
Igor Sysoev
64d5f9ba26 fix "error_page 497 https://" case
patch by Maxim Dounin
the bug has been introduced in r3782
2011-02-01 16:18:55 +00:00
Igor Sysoev
eb1a344dd3 utf8 parameter of geoip_country and geoip_city
patch by Denis F. Latypoff
2011-01-27 12:51:59 +00:00
Igor Sysoev
ab54e21633 bump version 2011-01-27 12:43:11 +00:00
Igor Sysoev
8dbc8a97dd server_name $hostname 2011-01-20 15:31:24 +00:00
Igor Sysoev
d19c93d127 style fix: remove trailing spaces 2011-01-20 15:29:53 +00:00
Igor Sysoev
cfc5c25589 move setting conf->server_name in merge phase 2011-01-20 15:15:50 +00:00
Igor Sysoev
cc878dc6ac use SwitchToThread() instead of Sleep(0), because the later
may not yield control, if there is no thread with higher priority
2011-01-20 13:06:21 +00:00
Igor Sysoev
3d86ad3f95 fix building on Fedora 14
patch by Kirill A. Korinskiy
2011-01-20 12:33:17 +00:00
Igor Sysoev
8e8251a317 fix large stderr handling without http cache
patch by Maxim Dounin
the bug has been introduced in r3461
2011-01-20 12:23:00 +00:00
Igor Sysoev
26cf2c96ea introduce 494 code "Request Header Too Large" 2011-01-20 10:37:58 +00:00
Igor Sysoev
87f744c24b use boolean expression instead of "if" 2010-12-15 14:10:33 +00:00
Igor Sysoev
f00e81d75a rename NGX_HTTP_OWN_CODES to NGX_HTTP_NGINX_CODES 2010-12-14 23:04:26 +00:00
Igor Sysoev
dc61c0a153 bump version 2010-12-14 22:54:04 +00:00
Igor Sysoev
2567c92ace allow "env" to work in the single process mode 2010-12-13 10:55:15 +00:00
Igor Sysoev
5644c43caf always run regex in server_name to get captures for IPv6 addresses,
the same fix for IPv4 addresses has been made in r2584
2010-12-12 21:13:27 +00:00
Igor Sysoev
1fdb004f52 test wildcard tail hash existance for IPv6 addresses,
the same fix for IPv4 addresses has been made in r2581
2010-12-12 21:10:59 +00:00
Igor Sysoev
7c2611a231 style fix 2010-12-12 20:11:31 +00:00
Igor Sysoev
076ad1672b remove semicolon, because it is already in "nginx: " prefix 2010-12-11 10:59:26 +00:00
Igor Sysoev
5491139caf bump version 2010-12-06 14:40:40 +00:00
Igor Sysoev
3e3ee60b99 remove SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG becuase of CVE-2010-4180 2010-12-06 11:17:03 +00:00
Igor Sysoev
ec4df838c8 "If-Unmodified-Since" support 2010-12-06 11:11:05 +00:00
Igor Sysoev
0c39c27412 fix building by msvc8 introduced by the previous commit 2010-12-02 14:20:51 +00:00
Igor Sysoev
a07d6ec39f fallback to accept() if accept4() is not implemented,
the issue has been introduced in r3787
2010-12-02 10:05:41 +00:00
Igor Sysoev
86ffd9b10f bump version 2010-11-30 13:26:21 +00:00
Igor Sysoev
f5798d8c0d fix comment 2010-11-29 19:41:53 +00:00
Igor Sysoev
bd4c8e88ee revert processing NGX_OK in rewrite phase changed in r3798,
this broke "return 204" and "return code text"
2010-11-29 19:40:54 +00:00
Igor Sysoev
c219a6f7d0 bump version 2010-11-29 19:39:26 +00:00
Igor Sysoev
c19b848976 add "nginx: " prefix when logging to the stderr 2010-11-29 15:01:06 +00:00
Igor Sysoev
a979d9fb30 move ngx_strerror_init() at the very start 2010-11-29 15:00:02 +00:00
Igor Sysoev
8c6144f022 revert processing NGX_OK and NGX_DONE in rewrite phase changed in r3634 2010-11-29 14:01:17 +00:00
Igor Sysoev
d4b08c9134 allocate last zero byte in ngx_crypt() 2010-11-29 09:23:25 +00:00
Igor Sysoev
f83d6cf0f7 style fix 2010-11-26 13:58:28 +00:00
Igor Sysoev
02677300d1 fix building by icc8 2010-11-26 13:36:36 +00:00
Igor Sysoev
6946ed75b6 keepalive_disable 2010-11-26 12:40:56 +00:00
Igor Sysoev
97d32cb169 allow variable as "map" value 2010-11-26 12:25:51 +00:00
Igor Sysoev
07335d89df use "\" to escape "default", "include", and "hostnames" values instead of "!" 2010-11-25 15:36:24 +00:00
Igor Sysoev
04e145d2da allow empty value as "map" parameter 2010-11-25 15:24:29 +00:00
Igor Sysoev
67e6bafc90 allow expressions in the first "map" parameter 2010-11-25 15:22:43 +00:00
Igor Sysoev
7f31a2098d use copied strerror() messages and autoconfigured sys_nerr value 2010-11-25 11:04:03 +00:00
Igor Sysoev
40747ad861 Linux accept4() support 2010-11-25 10:15:04 +00:00
Igor Sysoev
601ca7cd6e bump version 2010-11-24 13:41:37 +00:00
Igor Sysoev
a64b716b22 allow override redirect status in error_page 2010-10-18 10:14:00 +00:00
Igor Sysoev
c5d1790e1d change order of limit_req lookup result processing 2010-10-14 09:20:01 +00:00
Igor Sysoev
622721a598 an excess was logged as 0.000 if requests were limited without delay:
*) use a real excess value instead of non-updated limit_req rbtree node field,
*) move inactivity queue handling inside ngx_http_limit_req_lookup()
   since the node is not required outside the lookup function;

the bug has been introduced in r3184
2010-10-13 20:58:41 +00:00
Igor Sysoev
824856fc10 always update an aio_senfile connection flag accodring to a current
location configuration, this clears the flag for requests passed
via a keep-alive connection
2010-10-12 12:18:39 +00:00
Igor Sysoev
3bff22f2e2 update event flags after successful io_submit() 2010-10-12 12:11:11 +00:00
Igor Sysoev
89eae52df8 file AIO read may be posted inside loop 2010-10-12 12:06:52 +00:00
Igor Sysoev
7087d5d72a add default listen port at the end of server block parsing instead of
merge phase: otherwise the first server without an listen directive
did not become the default server if there was no explicit default server;
the bug has been introduced in r3218
2010-10-11 18:48:18 +00:00
Igor Sysoev
21dba41f5b fix testing, the bug has been introduced in r3218 2010-10-08 11:42:05 +00:00
Igor Sysoev
5fffff997f gzip_disable degradation 2010-10-04 15:03:00 +00:00
Igor Sysoev
81aa52829a ngx_http_degraded() 2010-10-04 14:59:41 +00:00
Igor Sysoev
61d5e5e67f bump version 2010-10-04 13:50:09 +00:00
Igor Sysoev
bfec9887ce nginx uses SSL mode for a listen socket with any option set,
the bug has been introduced in r3765
2010-09-28 06:50:52 +00:00
Igor Sysoev
a397c7faaa bump version 2010-09-28 06:46:58 +00:00
Igor Sysoev
f79878e5d9 allow duplicate listen ssl options 2010-09-27 11:48:12 +00:00
Igor Sysoev
49ac2b2b45 decrease resolver errors level to error 2010-09-27 11:23:45 +00:00
Igor Sysoev
8c70e67f7b worker_rlimit_core should be off_t 2010-09-15 15:24:21 +00:00
Igor Sysoev
9a62648f7b fix typo 2010-09-13 12:44:43 +00:00
Igor Sysoev
12f4da4695 discard "secure_link_expires on|off" 2010-09-06 14:19:18 +00:00
Igor Sysoev
c13a4098b7 bump version 2010-09-06 11:07:07 +00:00
Igor Sysoev
94e9aaa8ad new ngx_http_secure_link_module with secure_link, secure_link_md5, and
secure_link_expires
2010-09-02 14:37:16 +00:00
Igor Sysoev
a256afd064 fix race condition if during reconfiguration two cache managers try
to delete old inactive entries: one of them removes a entry just locked by
other manager from the queue and the rbtree as long inactive entry,
causes the latter manager to segfault leaving cache mutex locked,
the bug has been introduced in r3727
2010-09-02 14:31:47 +00:00
Igor Sysoev
3730543c26 gzip_disable msie6 ignored other patterns 2010-09-02 14:02:57 +00:00
Igor Sysoev
31e6fc82cc gzip_disable compiled always the first pattern only 2010-09-02 14:01:58 +00:00
Igor Sysoev
4db3b3e2c4 gzip_disable msie6 did not inherited if nginx was built without PCRE 2010-09-02 13:54:28 +00:00
Igor Sysoev
8a9f761927 add "Global\" prefix for signal events 2010-09-02 13:49:05 +00:00
Igor Sysoev
2cb30f153f the -q switch 2010-09-02 13:43:02 +00:00
Igor Sysoev
f7dd767e57 if a location is specified by regex, then always compile an "alias",
even into one static string script: this elimates testing this
too specific case inside ngx_http_map_uri_to_path()
2010-08-26 12:33:08 +00:00
Igor Sysoev
f380df5e20 bump version 2010-08-25 12:30:08 +00:00
Igor Sysoev
d39b9ec19d image_filter_jpeg_quality supports variables 2010-08-06 15:55:05 +00:00
Igor Sysoev
7268cc8c6e zero fcn->updating after node allocation 2010-08-04 13:34:23 +00:00
Igor Sysoev
2b74841a4f error status codes could be cached for next request only,
the bug has been introduced in r3712
2010-08-04 12:55:27 +00:00
Igor Sysoev
541d8c698a we can free GeoIPRecord just after GeoIP_region_name_by_code(),
because it returns a statically allocated string
2010-08-03 18:38:08 +00:00
Igor Sysoev
a999586594 fix segfault, the bug has been introduced in r3738 2010-08-03 18:27:56 +00:00
Igor Sysoev
6dd6aefaa7 bump version 2010-08-03 18:24:18 +00:00
Igor Sysoev
395f35e5fa $geoip_region_name 2010-08-03 15:01:34 +00:00
Igor Sysoev
dc87ab5a69 $geoip_dma_code and $geoip_area_code 2010-08-03 14:19:49 +00:00
Igor Sysoev
41212d27fa fix fastcgi_split_path_info, if URI was not fully captured 2010-08-03 13:35:48 +00:00
Igor Sysoev
81cd5e4f6f *) make code consistent to fastcgi, etc
*) remove STUB comment
2010-08-03 12:59:14 +00:00
Igor Sysoev
e4994fbacb use NULL instead of 0 2010-08-03 12:53:06 +00:00
Igor Sysoev
b16b8ddae6 delete surplus assignment 2010-08-03 09:42:53 +00:00
Igor Sysoev
90f95522a5 inherit proxy_pass, fastcgi_pass, uwsgi_pass, scgi_pass inside
a limit_except block if no handler was defined for the block
2010-08-03 09:24:25 +00:00
Igor Sysoev
0ec5492189 ngx_http_conf_get_module_srv_conf() and ngx_http_conf_get_module_loc_conf()
may be used at merge phase
2010-08-02 15:28:04 +00:00
Igor Sysoev
6d9d07b16a fix directive type 2010-08-02 12:47:52 +00:00
Igor Sysoev
029299aaa4 change logic slightly 2010-08-02 12:34:15 +00:00
Igor Sysoev
c7b2e2a570 change order 2010-08-02 12:32:33 +00:00
Igor Sysoev
2108fabea2 *) delete cache key node after a cache file removal
*) move fileless cache key node removal in ngx_http_file_cache_delete()
2010-08-02 12:27:58 +00:00
Igor Sysoev
0e0e0af51b escape ";" in arguments 2010-07-30 13:25:19 +00:00
Igor Sysoev
1cd46b88a4 count cache key node usage for cached error statuses 2010-07-30 12:41:55 +00:00
Igor Sysoev
09ce1e2d89 do not free unused cache node if cache min_uses > 1,
the bug has been introduced in r3695, r3708, r3711
2010-07-30 10:20:08 +00:00
Igor Sysoev
10f8d5d74e return 415 on too big image in image filter 2010-07-29 15:40:03 +00:00
Igor Sysoev
7c50789e2a change default server_name_in_redirect value to off,
since default server_name is empty
2010-07-29 10:01:31 +00:00
Igor Sysoev
a69cf2d005 use an empty name as default server_name instread of hostname 2010-07-29 10:00:04 +00:00
Igor Sysoev
e8cf60da34 allow server_name "" as the first name 2010-07-29 09:55:54 +00:00
Igor Sysoev
6b45b065fe decrease SSL handshake error level to info 2010-07-29 09:30:15 +00:00
Igor Sysoev
6f2796af04 bump version 2010-07-29 08:10:22 +00:00
Igor Sysoev
9135a0e022 move debug logging inside ngx_http_file_cache_free() 2010-07-28 15:56:56 +00:00
Igor Sysoev
14c95f99ac fix $request_time for subrequests 2010-07-28 15:51:50 +00:00
Igor Sysoev
406a68003c several changes in cache cleanup handling:
*) now ngx_http_file_cache_cleanup() uses ngx_http_file_cache_free()
*) ngx_http_file_cache_free() interface has been changed to accept r->cache
   ngx_http_file_cache_cleanup() must use r->cache, but not r, because
   there can be several r->cache's during request processing, r->cache may
   be NULL at request finalising, etc.
*) test if updating request does not complete correctly
2010-07-28 15:49:34 +00:00
Igor Sysoev
18b36e5035 fix r3708 and r3695: valid_sec is set only for caching error status codes 2010-07-27 19:11:17 +00:00
Igor Sysoev
6af21b7cda fix r3707: cache node should be freed be a response is not cached 2010-07-27 15:26:33 +00:00
Igor Sysoev
3cf3100977 fix typo 2010-07-27 13:04:13 +00:00
Igor Sysoev
4b7637adb6 fix r3695: this commit
*) freed valid keys zone node
*) and did not decrease cache size, so cache manager process ete CPU time,
   if cache checking max_size was enabled
2010-07-27 11:22:59 +00:00
Igor Sysoev
f297d0dd27 an intercepted error code was not cached 2010-07-19 15:31:46 +00:00
Igor Sysoev
cc963cd7e2 style fix 2010-07-19 15:29:16 +00:00
Igor Sysoev
b1327bd842 initialize r->cache->file.fd with NGX_INVALID_FILE 2010-07-19 15:28:22 +00:00
Igor Sysoev
1daef7d1b0 bump version 2010-07-19 15:27:06 +00:00
Igor Sysoev
47f5f947bc add warnings for proxy_no_cache and fastcgi_no_cache 2010-07-19 09:55:43 +00:00
Igor Sysoev
f7d659aa52 proxy_cache_pass, fastcgi_cache_bypass, uwsgi_cache_bypass, scgi_cache_bypass 2010-07-19 09:36:04 +00:00
Igor Sysoev
6a47b43234 rename ngx_http_file_cache_create() to ngx_http_file_cache_new() 2010-07-16 10:01:49 +00:00
Igor Sysoev
9aa3d7f667 ngx_http_file_cache_create() 2010-07-15 14:01:02 +00:00
Igor Sysoev
9e9cbee81e ngx_http_file_cache_name() 2010-07-15 13:46:32 +00:00
Igor Sysoev
0e73a5bfb7 style fix 2010-07-15 13:10:05 +00:00
Igor Sysoev
85992f9eb3 delete empty cache zone node if we could not get response to cache 2010-07-15 13:08:51 +00:00
Igor Sysoev
4769d10604 fix scgi_no_cache and uwsgi_no_cache initialization 2010-07-14 11:29:19 +00:00
Igor Sysoev
f3870c66df use ngx_http_test_predicates(), ngx_http_set_predicate_slot()
delete ngx_http_cache(), ngx_http_no_cache_set_slot()
2010-07-14 11:15:45 +00:00
Igor Sysoev
7fc29052e8 ngx_http_test_predicates(), ngx_http_set_predicate_slot() 2010-07-14 11:13:59 +00:00
Igor Sysoev
e48f042f40 bump version 2010-07-14 11:09:56 +00:00
Igor Sysoev
5a19097c9b allow setfib=0 2010-07-13 10:17:09 +00:00
Igor Sysoev
618703b5b6 use xmlSAXHandler._private field to store xslt filter context 2010-07-12 12:52:01 +00:00
Igor Sysoev
a2d9995ca1 fix building by msvc7 2010-07-08 16:17:11 +00:00
Igor Sysoev
f9dd541edb fix typo 2010-07-08 14:02:09 +00:00
Igor Sysoev
40b4ba1663 style fix 2010-07-08 13:49:21 +00:00
Igor Sysoev
7aa1f5bf4a update r->buffered after processing SSI command,
the bug has been probably introduced in r2378
2010-07-07 10:17:19 +00:00
Igor Sysoev
a2e846242f bump version 2010-07-07 10:09:44 +00:00
Igor Sysoev
0bd7a7d894 listen setfib=X 2010-07-05 13:49:16 +00:00
Igor Sysoev
1a5d7553da fix case of partially matched patterns on buffer border in sub_filter 2010-07-05 13:45:10 +00:00
Igor Sysoev
a5ee005a27 fix recognition of SSLv2 Client Hello Packet large than 255 bytes 2010-07-05 13:35:20 +00:00
Igor Sysoev
802bc23574 try to use C99 variadic macros first:
AIX 5.3's XL C has problems with GCC style variadic macros
2010-07-05 13:02:25 +00:00
Igor Sysoev
ee37271a0f fix building by owc12: GetLongPathName() is available since Win2K only 2010-07-05 12:47:35 +00:00
Igor Sysoev
497c13774d HP/UX uses EWOULDBLOCK instead of EAGAIN 2010-07-03 20:16:55 +00:00
Igor Sysoev
0cb0c67e3a do not use a cache headers set to hide 2010-07-02 10:05:40 +00:00
Igor Sysoev
0bd1809f05 treat Set-Cookie as a header that forbids caching 2010-07-02 09:49:27 +00:00
Igor Sysoev
9a00d69413 update the previous commit 2010-07-02 09:28:50 +00:00
Igor Sysoev
7e14b50c28 use shared ngx_http_upstream_ignore_headers_masks[] 2010-07-02 09:25:38 +00:00
Igor Sysoev
187538d1eb bump version 2010-07-01 12:56:32 +00:00
Igor Sysoev
fb7b45d20e remove r->zero_body unused since the previous commit 2010-06-30 14:42:15 +00:00
Igor Sysoev
ffcae99251 Fix processing
error_page 502 504 /zero;
    location = /zero { return 204; }

The bug has been introduced in r3634.
The fix also allow to use:
    error_page 502 504 = /zero;
    location = /zero { return 200; }

This case still does not work:
    error_page 502 504 /zero;
    location = /zero { return 200; }
2010-06-30 14:39:28 +00:00
Igor Sysoev
bcd78e22e9 change logic introduced in r3649:
*) now $uid_set is cacheable again
*) allow to see at any processing stage that uid cookie is remarked
2010-06-30 14:30:55 +00:00
Igor Sysoev
178cd2da2b style fix: remove tabs 2010-06-30 14:28:54 +00:00
Igor Sysoev
6db47f4c81 set uid values for main request only 2010-06-30 13:15:20 +00:00
Igor Sysoev
ce03ba019e fix IPv6 listen socket handling while reconfiguring 2010-06-30 12:01:56 +00:00
Igor Sysoev
c31c38b95e fix ngx_write_file() buf 2010-06-30 10:33:02 +00:00
Igor Sysoev
ffcc2f4a9e test binary geo range base size 2010-06-30 10:13:51 +00:00
Igor Sysoev
3b0ddc2097 test the second binary geo range base existence 2010-06-30 10:12:46 +00:00
Igor Sysoev
e3d88fb8eb test binary geo ranges base only for ranges 2010-06-30 10:05:56 +00:00
Igor Sysoev
4655c721e8 test binary gep range base mtime 2010-06-30 10:02:05 +00:00
Igor Sysoev
edf29ef8cd binary geo ranges base cache 2010-06-29 16:06:20 +00:00
Igor Sysoev
865db9bbf3 ngx_create_file_mapping() 2010-06-29 15:18:50 +00:00
Igor Sysoev
325bd4ea98 change duplicate default geo range processing 2010-06-29 13:36:16 +00:00
Igor Sysoev
a81a383053 fix building without IPv6 after the previous commit 2010-06-25 13:17:33 +00:00
Igor Sysoev
80dd7e5015 Now $uid_set may be used at any time, r2013 states the same is wrong.
Besides, now $uid_set is not cacheable and may have two values:
before and after header filter processing.
This allows to log case, when uid cookie is remarked.
2010-06-25 12:16:31 +00:00
Igor Sysoev
55c3f1b31b make logic more clear 2010-06-25 12:06:37 +00:00
Igor Sysoev
23d053fa97 delete stale comments 2010-06-25 12:05:12 +00:00
Igor Sysoev
70485d6b7c eliminate a number of ranges: about 18,000 /16 networks are empty,
this change saves about 70K/140K on 32/64-bit platforms
2010-06-24 15:26:05 +00:00
Igor Sysoev
daab61e40c fix a bug when ngx_cpymem() returns a cast type:
p = (type *) ngx_cpymem(...)
2010-06-24 15:17:06 +00:00
Igor Sysoev
e3693e3b37 break cycle early 2010-06-24 13:16:19 +00:00
Igor Sysoev
aa6936e61a style fix 2010-06-23 16:34:54 +00:00
Igor Sysoev
0923d08148 change ngx_http_variable_value_node_t to more generic ngx_str_node_t 2010-06-23 15:31:33 +00:00
Igor Sysoev
2c72df5ed4 bump version 2010-06-23 14:49:57 +00:00
Igor Sysoev
ee5f9e50b9 ngx_http_scgi_module 2010-06-18 15:51:14 +00:00
Igor Sysoev
4115de9fe3 Test regex location if URI matches exactly to non-exact location.
Revert a feature introduced in r2028. The feature confuses mostly,
the only gain was not to test regex for a frequent request such as
"/" in "locaiton /".
2010-06-18 15:38:31 +00:00
Igor Sysoev
082d9965a3 use ngx_http_send_response() in empty_gif 2010-06-18 15:17:07 +00:00
Igor Sysoev
b2ee47c0c7 add files missed in the previuos commit 2010-06-18 15:16:18 +00:00
Igor Sysoev
4c1b0770ca return code text 2010-06-18 15:15:20 +00:00
Igor Sysoev
01213e18a7 ngx_http_send_response() 2010-06-18 15:08:44 +00:00
Igor Sysoev
ebd883092b 303 See Other 2010-06-18 14:58:52 +00:00
Igor Sysoev
0f6ae5906d style fix 2010-06-15 15:30:00 +00:00
Igor Sysoev
2515f8efe9 fix r3628 2010-06-15 15:27:06 +00:00
Igor Sysoev
1cc1b311af make code more obviuos 2010-06-15 15:21:37 +00:00
Igor Sysoev
54b35b009a use ngx_http_parse_status_line() 2010-06-15 15:15:06 +00:00
Igor Sysoev
0aae446c7c ngx_http_parse_status_line() 2010-06-15 15:13:34 +00:00
Igor Sysoev
bef315509b update the previous commit 2010-06-15 15:09:18 +00:00
Igor Sysoev
85fe9bf6b1 support CGI-style response 2010-06-15 14:30:13 +00:00
Igor Sysoev
68294d776d style fix 2010-06-15 12:45:33 +00:00
Igor Sysoev
dede73dda9 bump version 2010-06-15 12:41:13 +00:00
Igor Sysoev
da7b5e15de allow spaces in URI 2010-06-15 09:31:19 +00:00
Igor Sysoev
d50e53e675 do not free() stack allocated buffer 2010-06-14 18:09:52 +00:00
Igor Sysoev
ea16b14cc5 PATCH method 2010-06-10 11:08:28 +00:00
Igor Sysoev
34cd1cc656 allow Destination URL without host 2010-06-10 08:17:16 +00:00
Igor Sysoev
f0bf9956dc delete empty Server and Date header used only in proxy mode 2010-06-08 19:33:53 +00:00
Igor Sysoev
a17adae005 change variable names 2010-06-08 16:15:47 +00:00
Igor Sysoev
741caead25 delete surplus flush 2010-06-08 13:43:20 +00:00
Igor Sysoev
cd04da475d do not try to calculate procent sum if there was an error 2010-06-08 09:06:57 +00:00
Igor Sysoev
27b54fda94 delete useless code 2010-06-07 14:37:56 +00:00
Igor Sysoev
82e1933529 fix rewritten Refresh header length 2010-06-07 14:33:50 +00:00
Igor Sysoev
1f5cf36a27 202 Accepted status code 2010-06-07 13:38:39 +00:00
Igor Sysoev
7935d4bff7 bump version 2010-06-07 13:34:56 +00:00
Igor Sysoev
4cf7f2727d fix "/dir/%3F../" and "/dir/%23../" cases 2010-06-04 16:05:55 +00:00
Igor Sysoev
04e1156d2e test default NTFS stream "::$DATA" 2010-06-04 15:37:49 +00:00
Igor Sysoev
1f07392c42 *) delete no longer used unix domain sockets
*) fix unix domain socket comparison
2010-06-04 13:34:23 +00:00
Igor Sysoev
bf8f69cf74 uwsgi cache 2010-06-04 12:55:01 +00:00
Igor Sysoev
45cb0a086e uwsgi_bind 2010-06-04 12:32:08 +00:00