This includes "debug_connection", upstreams, "proxy_pass", etc.
(ticket #92)
To preserve compatibility, "listen" specified with a domain name
selects the first IPv4 address, if available. If not available,
the first IPv6 address will be used (ticket #186).
On Mac OS X system toolchain by default prefers include files
from /usr/local/include, but libraries from /usr/lib. This might result in
various problems, in particular the one outlined below.
If the PCRE library is installed into /usr/local/, this results in pcre.h
being used from /usr/local/include (with PCRE_CONFIG_JIT defined), but
libpcre from /usr/lib (as shipped with the OS, without pcre_free_study()
symbol). As a result build fails as we use pcre_free_study() function
if we try to compile with PCRE JIT support.
Obvious workaround is to the root cause is to ask compiler to prefer
library from /usr/local/lib via ./configure --with-ld-opt="-L/usr/local/lib".
On the other hand, in any case it would be good to check if the function
we are going to use is available, hence the change.
See thread here for details:
http://mailman.nginx.org/pipermail/nginx-devel/2012-December/003074.html
Prodded by Piotr Sikora.
Very basic version without any OCSP responder query code, assuming valid
DER-encoded OCSP response is present in a ssl_stapling_file configured.
Such file might be produced with openssl like this:
openssl ocsp -issuer root.crt -cert domain.crt -respout domain.staple \
-url http://ocsp.example.com
HP-UX needs _HPUX_ALT_XOPEN_SOCKET_API to be defined to be able to
use various POSIX versions of networking functions. Notably sendmsg()
resulted in "sendmsg() failed (9: Bad file number)" alerts without it.
See xopen_networking(7) for more details.
This fixes alignment problems observerd on ARMs, and likely also needed
for MIPSes. Unless we know alignment is not required just assume we
need 16, which appears to be safe default for all architectures.
See here for details:
http://mailman.nginx.org/pipermail/nginx/2012-June/034139.html
New versions of icc confuse auto/cc/name due to introduced handling
of a "icc -v":
$ icc -v
icc version 12.1.3 (gcc version 4.6.0 compatibility)
$ icc -V
Intel(R) C Compiler XE for applications running on IA-32, Version 12.1.3.293 Build 20120212
Copyright (C) 1985-2012 Intel Corporation. All rights reserved.
FOR NON-COMMERCIAL USE ONLY
See report here:
http://mailman.nginx.org/pipermail/nginx/2012-February/032177.html
in the sys_nerr test.
o When sys_nerr and _sys_nerr are missed on a particular platform
and our euristic for a maximum errno detection applied always
print the maximum errno number we reached instead of printing void.[*]
* patch from Maxim Dounin
This commit makes possible to build nginx on AIX 7.1.
NetBSD 5.0+ has SO_ACCEPTFILTER support merged from FreeBSD, and having
accept filter check in FreeBSD-specific ngx_freebsd_config.h prevents it
from being used on NetBSD. Therefore move the check into configure (and
do the same for Linux-specific TCP_DEFER_ACCEPT, just to be in line).
At least Sun Studio 12 has problems with bit-fields exposed by nginx code
(caught by test suite). They seems to be fixed in Sun Studio 12.1. As a
workaround use "-fast -xalias_level=any" for older versions, it resolves
the problem.
Catch up with new Linux version numbering scheme as announced at [1] and
suppress unrecognized versions to actually use default 0.
[1] https://lkml.org/lkml/2011/5/29/204
This configure test must run before auto/make, because it adds library.
auto/unix was placed after auto/make just for historical reasons.
Patch by Denis F. Latypoff
Solaris strerror() invalid error code behaviour depends on version:
Solaris 10 returns "Unknown error" and sets errno to EINVAL,
Solaris 9 returns "Unknown error" and leaves errno intact,
Solaris 2 returns NULL.
options as --with-zlib=../zlib-1.2.3. It seems there is no common way
to learn the current directory in Win32 make's: although nmake has MAKEDIR
variable, nevertheless Borland make's MAKEDIR is the directory where make
is installed, and OpenWatcom wmake has no MAKEDIR at all.
this fixes wrong linking with /usr/local/lib/libmd5.so from libwww package
on FreeBSD. The library uses long's instead of int32_t's in MD5_CTX
and on 64-bit platforms its MD5_CTX is bigger than defined in <md5.h>
unsupported threaded environment, but now they complicate code:
*) perl_clone() requires at least duplicating nginx stash;
*) the multiplicity requires to re-evalute all precompiled subroutines
and nginx stash in new interpreter context.
*) Change in internal API: the HTTP modules initialization was moved
from the init module phase to the HTTP postconfiguration phase.
*) Change: now the request body is not read beforehand for the
ngx_http_perl_module: it's required to start the reading using the
$r->has_request_body method.
*) Feature: the ngx_http_perl_module supports the DECLINED return code.
*) Feature: the ngx_http_dav_module supports the incoming "Date" header
line for the PUT method.
*) Feature: the "ssi" directive is available inside the "if" block.
*) Bugfix: a segmentation fault occurred if there was an "index"
directive with variables and the first index name was without
variables; the bug had appeared in 0.1.29.
*) Feature: now is possible to do several redirection using the
"error_page" directive.
*) Bugfix: the "dav_access" directive did not support three parameters.
*) Bugfix: the "error_page" directive did not changes the
"Content-Type" header line after the "X-Accel-Redirect" was used;
the bug had appeared in 0.3.58.
*) Feature: the "dav_access" directive.
*) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e",
"-x", and "!-x" operators.
*) Bugfix: a segmentation fault occurred if a request returned a
redirect and some sent to client header lines were logged in the
access log.
*) Feature: the "stub" parameter in the "include" SSI command.
*) Feature: the "block" SSI command.
*) Feature: the unicode2nginx script was added to contrib.
*) Bugfix: if a "root" was specified by variable only, then the root
was relative to a server prefix.
*) Bugfix: if the request contained "//" or "/./" and escaped symbols
after them, then the proxied request was sent unescaped.
*) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now
returns all "Cookie" header lines.
*) Bugfix: a segmentation fault occurred if
"client_body_in_file_only on" was used and nginx switched to a next
upstream.
*) Bugfix: on some condition while reconfiguration character codes
inside the "charset_map" may be treated invalid; the bug had
appeared in 0.3.50.
*) Feature: nginx now logs the subrequest information to the error log.
*) Feature: the "proxy_next_upstream", "fastcgi_next_upstream", and
"memcached_next_upstream" directives support the "off" parameter.
*) Feature: the "debug_connection" directive supports the CIDR address
form.
*) Bugfix: if a response of proxied server or FastCGI server was
converted from UTF-8 or back, then it may be transferred incomplete.
*) Bugfix: the $upstream_response_time variable had the time of the
first request to a backend only.
*) Bugfix: nginx could not be built on amd64 platform; the bug had
appeared in 0.3.53.
*) Change: the "proxy_redirect_errors" and "fastcgi_redirect_errors"
directives was renamed to the "proxy_intercept_errors" and
"fastcgi_intercept_errors" directives.
*) Feature: the ngx_http_charset_module supports the recoding from the
single byte encodings to the UTF-8 encoding and back.
*) Feature: the "X-Accel-Charset" response header line is supported in
proxy and FastCGI mode.
*) Bugfix: the "\" escape symbol in the "\"" and "\'" pairs in the SSI
command was removed only if the command also has the "$" symbol.
*) Bugfix: the "<!--" string might be added on some conditions in the
SSI after inclusion.
*) Bugfix: if the "Content-Length: 0" header line was in response, then
in nonbuffered proxying mode the client connection was not closed.
*) Change: now the ngx_http_charset_module works for subrequests, if
the response has no "Content-Type" header line.
*) Bugfix: if the "proxy_pass" directive has no URI part, then the
"proxy_redirect default" directive add the unnecessary slash in
start of the rewritten redirect.
*) Bugfix: the internal redirect always transform client's HTTP method
to GET, now the transformation is made for the "X-Accel-Redirect"
redirects only and if the method is not HEAD; the bug had appeared
in 0.3.42.
*) Bugfix: the ngx_http_perl_module could not be built, if the perl was
built with the threads support; the bug had appeared in 0.3.46.
*) Feature: the "wait" parameter in the "include" SSI command.
*) Feature: the Ukrainian and Byelorussian characters were added to
koi-win conversion table.
*) Bugfix: in the SSI.
*) Feature: the "bind" option of the "listen" directive in IMAP/POP3
proxy.
*) Bugfix: if the same capture in the "rewrite" directive was used more
then once.
*) Bugfix: the $sent_http_content_type, $sent_http_content_length,
$sent_http_last_modified, $sent_http_connection,
$sent_http_keep_alive, and $sent_http_transfer_encoding variables
were not written to access log.
*) Bugfix: the $sent_http_cache_control returned value of the single
"Cache-Control" response header line.
*) Feature: the ngx_http_dav_module supports the MKCOL method.
*) Feature: the "create_full_put_path" directive.
*) Feature: the "$limit_rate" variable.
*) Feature: the "uninitialized_variable_warn" directive; the logging
level of the "uninitialized variable" message was lowered from
"alert" to "warn".
*) Feature: the "override_charset" directive.
*) Change: now if the unknown variable is used in the "echo" and "if
expr='$name'" SSI-commands, then the "unknown variable" message is
not logged.
*) Bugfix: the active connection counter increased on the exceeding of
the connection limit specified by the "worker_connections"
directive; the bug had appeared in 0.2.0.
*) Bugfix: the limit rate might not work on some condition; the bug had
appeared in 0.3.38.
*) Feature: the ngx_http_dav_module.
*) Change: the ngx_http_perl_module optimizations.
Thanks to Sergey Skvortsov.
*) Feature: the ngx_http_perl_module supports the $r->request_body_file
method.
*) Feature: the "client_body_in_file_only" directive.
*) Workaround: now on disk overflow nginx tries to write access logs
once a second only.
Thanks to Anton Yuzhaninov and Maxim Dounin.
*) Bugfix: now the "limit_rate" directive more precisely limits rate if
rate is more than 100 Kbyte/s.
Thanks to ForJest.
*) Bugfix: now the IMAP/POP3 proxy escapes the "\r" and "\n" symbols in
login and password to pass authorization server.
Thanks to Maxim Dounin.
*) Feature: the "limit_except" directive.
*) Feature: the "if" directive supports the "!~", "!~*", "-f", and
"!-f" operators.
*) Feature: the ngx_http_perl_module supports the $r->request_body
method.
*) Bugfix: in the ngx_http_addition_filter_module.
*) Feature: the ngx_http_addition_filter_module.
*) Feature: the "proxy_pass" and "fastcgi_pass" directives may be used
inside the "if" block.
*) Feature: the "proxy_ignore_client_abort" and
"fastcgi_ignore_client_abort" directives.
*) Feature: the "$request_completion" variable.
*) Feature: the ngx_http_perl_module supports the $r->request_method
and $r->remote_addr.
*) Feature: the ngx_http_ssi_module supports the "elif" command.
*) Bugfix: the "\/" string in the expression of the "if" command of the
ngx_http_ssi_module was treated incorrectly.
*) Bugfix: in the regular expressions in the "if" command of the
ngx_http_ssi_module.
*) Bugfix: if the relative path was specified in the
"client_body_temp_path", "proxy_temp_path", "fastcgi_temp_path", and
"perl_modules" directives, then the directory was used relatively to
a current path but not to a server prefix.
*) Feature: the "http_503" parameter of the "proxy_next_upstream" or
"fastcgi_next_upstream" directives.
*) Bugfix: ngx_http_perl_module did not work with inlined in the
configuration code, if it was not started with the "sub" word.
*) Bugfix: in the "post_action" directive.
*) Change: now nginx passes the malformed proxied backend responses.
*) Feature: the "listen" directives support the address in the "*:port"
form.
*) Feature: the EVFILER_TIMER support in MacOSX 10.4.
*) Workaround: for MacOSX 64-bit kernel kqueue millisecond timeout
bug.
Thanks to Andrei Nigmatulin.
*) Bugfix: if there were several "listen" directives listening one
various addresses inside one server, then server names like
"*.domain.tld" worked for first address only; the bug had appeared
in 0.3.18.
*) Bugfix: if the HTTPS protocol was used in the "proxy_pass" directive
and the request body was in temporarily file then the request was
not transferred.
*) Bugfix: perl 5.8.8 compatibility.
*) Feature: the "restrict_host_names" directive was canceled.
*) Feature: the --with-cpu-opt=ppc64 configuration parameter.
*) Bugfix: on some condition the proxied connection with a client was
terminated prematurely.
Thanks to Vladimir Shutoff.
*) Bugfix: the "X-Accel-Limit-Rate" header line was not taken into
account if the request was redirected using the "X-Accel-Redirect"
header line.
*) Bugfix: the "post_action" directive ran only after a successful
completion of a request.
*) Bugfix: the proxied response body generated by the "post_action"
directive was transferred to a client.
*) Change: the "variables_hash_max_size" and
"variables_hash_bucket_size" directives.
*) Feature: the $body_bytes_sent variable can be used not only in the
"log_format" directive.
*) Feature: the $ssl_protocol and $ssl_cipher variables.
*) Feature: the cache line size detection for widespread CPUs at start
time.
*) Feature: now the "accept_mutex" directive is supported using
fcntl(2) on platforms different from i386, amd64, sparc64, and ppc.
*) Feature: the "lock_file" directive and the --with-lock-path=PATH
autoconfiguration directive.
*) Bugfix: if the HTTPS protocol was used in the "proxy_pass" directive
then the requests with the body was not transferred.
*) Workaround: for bug in FreeBSD kqueue.
*) Bugfix: now a response generated by the "post_action" directive is
not transferred to a client.
*) Bugfix: the memory leaks were occurring if many log files were used.
*) Bugfix: the first "proxy_redirect" directive was working inside one
location.
*) Bugfix: on 64-bit platforms segmentation fault may occurred on start
if the many names were used in the "server_name" directives; the bug
had appeared in 0.3.18.
*) Feature: the ngx_http_perl_module supports the $r->args and
$r->unescape methods.
*) Feature: the method $r->query_string of ngx_http_perl_module was
canceled.
*) Bugfix: segmentation fault was occurred if the "none" or "blocked"
values was specified in the "valid_referers" directive; the bug had
appeared in 0.3.18.
*) Feature: the "path" and "alias" directives support the variables.
*) Change: now the "valid_referers" directive again checks the URI part.
*) Bugfix: in SSI handling.
*) Feature: the "server_names" directive supports the ".domain.tld"
names.
*) Feature: the "server_names" directive uses the hash for the
"*.domain.tld" names and more effective hash for usual names.
*) Change: the "server_names_hash_max_size" and
"server_names_hash_bucket_size" directives.
*) Change: the "server_names_hash" and "server_names_hash_threshold"
directives were canceled.
*) Feature: the "valid_referers" directive uses the hash site names.
*) Change: now the "valid_referers" directive checks the site names
only without the URI part.
*) Bugfix: some ".domain.tld" names incorrectly processed by the
ngx_http_map_module.
*) Bugfix: segmentation fault was occurred if configuration file did
not exist; the bug had appeared in 0.3.12.
*) Bugfix: on 64-bit platforms segmentation fault may occurred on
start; the bug had appeared in 0.3.16.
*) Change: now on Linux configure checks the presence of epoll and
sendfile64() in kernel.
*) Feature: the "map" directive supports domain names in the
".domain.tld" form.
*) Bugfix: the timeouts were not used in SSL handshake; the bug had
appeared in 0.2.4.
*) Bugfix: in the HTTPS protocol in the "proxy_pass" directive.
*) Bugfix: when the HTTPS protocol was used in the "proxy_pass"
directive the port 80 was used by default.
*) Feature: the ngx_http_map_module.
*) Feature: the "types_hash_max_size" and "types_hash_bucket_size"
directives.
*) Feature: the "ssi_value_length" directive.
*) Feature: the "worker_rlimit_core" directive.
*) Workaround: the connection number in logs was always 1 if nginx was
built by the icc 8.1 or 9.0 compilers with optimization for
Pentium 4.
*) Bugfix: the "config timefmt" SSI command set incorrect time format.
*) Bugfix: nginx did not close connection to IMAP/POP3 backend for the
SSL connections; the bug had appeared in 0.3.13.
Thanks to Rob Mueller.
*) Bugfix: segmentation fault may occurred in at SSL shutdown; the bug
had appeared in 0.3.13.
*) Feature: the IMAP/POP3 proxy supports STARTTLS and STLS.
*) Bugfix: the IMAP/POP3 proxy did not work with the select, poll, and
/dev/poll methods.
*) Bugfix: in SSI handling.
*) Bugfix: now Solaris sendfilev() is not used to transfer the client
request body to FastCGI-server via the unix domain socket.
*) Bugfix: the "auth_basic" directive did not disable the
authorization; the bug had appeared in 0.3.11.
*) Security: if nginx was built with the ngx_http_realip_module and the
"satisfy_any on" directive was used, then access and authorization
directives did not work. The ngx_http_realip_module was not built
and is not built by default.
*) Change: the "$time_gmt" variable name was changed to "$time_local".
*) Change: the "proxy_header_buffer_size" and
"fastcgi_header_buffer_size" directives was renamed to the
"proxy_buffer_size" and "fastcgi_buffer_size" directives.
*) Feature: the ngx_http_memcached_module.
*) Feature: the "proxy_buffering" directive.
*) Bugfix: the changes in accept mutex handling when the "rtsig" method
was used; the bug had appeared in 0.3.0.
*) Bugfix: if the client sent the "Transfer-Encoding: chunked" header
line, then nginx returns the 411 error.
*) Bugfix: if the "auth_basic" directive was inherited from the http
level, then the realm in the "WWW-Authenticate" header line was
without the "Basic realm" text.
*) Bugfix: if the "combined" format was explicitly specified in the
"access_log" directive, then the empty lines was written to the log;
the bug had appeared in 0.3.8.
*) Bugfix: nginx did not run on the sparc platform under any OS except
Solaris.
*) Bugfix: now it is not necessary to place space between the quoted
string and closing bracket in the "if" directive.
*) Change: the "valid_referers" directive and the "$invalid_referer"
variable were moved to the new ngx_http_referer_module from the
ngx_http_rewrite_module.
*) Change: the "$apache_bytes_sent" variable name was changed to
"$body_bytes_sent".
*) Feature: the "$sent_http_..." variables.
*) Feature: the "if" directive supports the "=" and "!=" operations.
*) Feature: the "proxy_pass" directive supports the HTTPS protocol.
*) Feature: the "proxy_set_body" directive.
*) Feature: the "post_action" directive.
*) Feature: the ngx_http_empty_gif_module.
*) Feature: the "worker_cpu_affinity" directive for Linux.
*) Bugfix: the "rewrite" directive did not unescape URI part in
redirect, now it is unescaped except the %00-%25 and %7F-%FF
characters.
*) Bugfix: nginx could not be built by the icc 9.0 compiler.
*) Bugfix: if the SSI was enabled for zero size static file, then the
chunked response was encoded incorrectly.
*) Security: nginx now checks URI got from a backend in
"X-Accel-Redirect" header line or in SSI file for the "/../" paths
and zeroes.
*) Change: nginx now does not treat the empty user name in the
"Authorization" header line as valid one.
*) Feature: the "ssl_session_timeout" directives of the
ngx_http_ssl_module and ngx_imap_ssl_module.
*) Feature: the "auth_http_header" directive of the
ngx_imap_auth_http_module.
*) Feature: the "add_header" directive.
*) Feature: the ngx_http_realip_module.
*) Feature: the new variables to use in the "log_format" directive:
$bytes_sent, $apache_bytes_sent, $status, $time_gmt, $uri,
$request_time, $request_length, $upstream_status,
$upstream_response_time, $gzip_ratio, $uid_got, $uid_set,
$connection, $pipe, and $msec. The parameters in the "%name" form
will be canceled soon.
*) Change: now the false variable values in the "if" directive are the
empty string "" and string starting with "0".
*) Bugfix: while using proxied or FastCGI-server nginx may leave
connections and temporary files with client requests in open state.
*) Bugfix: the worker processes did not flush the buffered logs on
graceful exit.
*) Bugfix: if the request URI was changes by the "rewrite" directive
and the request was proxied in location given by regular expression,
then the incorrect request was transferred to backend; the bug had
appeared in 0.2.6.
*) Bugfix: the "expires" directive did not remove the previous
"Expires" header.
*) Bugfix: nginx may stop to accept requests if the "rtsig" method and
several worker processes were used.
*) Bugfix: the "\"" and "\'" escape symbols were incorrectly handled in
SSI commands.
*) Bugfix: if the response was ended just after the SSI command and
gzipping was used, then the response did not transferred complete or
did not transferred at all.
*) Feature: the "access_log" supports the "buffer=" parameter.
*) Bugfix: nginx could not be built on platforms different from i386,
amd64, sparc, and ppc; the bug had appeared in 0.3.2.
*) Change: now the IMAP/POP3 proxy do not send the empty login to
authorization server.
*) Feature: the "log_format" supports the variables in the $name form.
*) Bugfix: if at least in one server was no the "listen" directive,
then nginx did not listen on the 80 port; the bug had appeared in
0.3.3.
*) Bugfix: if the URI part is omitted in "proxy_pass" directive, the
the 80 port was always used.
*) Change: the "bl" and "af" parameters of the "listen" directive was
renamed to the "backlog" and "accept_filter".
*) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directive.
*) Change: the "$msec" log parameter does not require now the
additional the gettimeofday() system call.
*) Feature: the -t switch now tests the "listen" directives.
*) Bugfix: if the invalid address was specified in the "listen"
directive, then after the -HUP signal nginx left an open socket in
the CLOSED state.
*) Bugfix: the mime type may be incorrectly set to default value for
index file with variable in the name; the bug had appeared in 0.3.0.
*) Feature: the "timer_resolution" directive.
*) Feature: the millisecond "$upstream_response_time" log parameter.
*) Bugfix: a temporary file with client request body now is removed
just after the response header was transferred to a client.
*) Bugfix: OpenSSL 0.9.6 compatibility.
*) Bugfix: the SSL certificate and key file paths could not be relative.
*) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
the ngx_imap_ssl_module.
*) Bugfix: the "ssl_protocols" directive allowed to specify the single
protocol only.
*) Feature: the Sun Studio 10 C compiler support.
*) Feature: the "proxy_upstream_max_fails",
"proxy_upstream_fail_timeout", "fastcgi_upstream_max_fails", and
"fastcgi_upstream_fail_timeout" directives.