Commit Graph

5895 Commits

Author SHA1 Message Date
Maxim Dounin
a747089a1d Mail: extensible auth methods in pop3 module. 2016-10-18 19:38:46 +03:00
Maxim Dounin
948a18ed54 Upstream: handling of proxy_set_header at http level.
When headers are set at the "http" level and not redefined in
a server block, we now preserve conf->headers into the "http"
section configuration to inherit it to all servers.

The same applies to conf->headers_cache, though it may not be effective
if no servers use cache at the "server" level as conf->headers_cache
is only initialized if cache is enabled on a given level.

Similar changes made in fastcgi/scgi/uwsgi to preserve conf->params
and conf->params_cache.
2016-10-14 19:48:26 +03:00
Maxim Dounin
97fc4ab790 Proxy: do not create conf->headers_source when not needed. 2016-10-14 19:48:26 +03:00
Maxim Dounin
c541cf70cf Upstream: hide_headers_hash handling at http level.
When headers to hide are set at the "http" level and not redefined in
a server block, we now preserve compiled headers hash into the "http"
section configuration to inherit this hash to all servers.
2016-10-14 19:48:26 +03:00
Maxim Dounin
f5dcb06f28 Upstream: hide_headers_hash inherited regardless of cache settings.
Dependency on cache settings existed prior to 2728c4e4a9ae (0.8.44)
as Set-Cookie header was automatically hidden from responses when
using cache.  This is no longer the case, and hide_headers_hash can
be safely inherited regardless of cache settings.
2016-10-14 19:48:26 +03:00
Maxim Dounin
71841601d2 Style. 2016-10-14 19:48:26 +03:00
Ruslan Ermilov
5e700a702c Cache: cache manager debugging. 2016-10-13 15:50:36 +03:00
Ruslan Ermilov
4009622702 Version bump. 2016-10-13 15:35:48 +03:00
Maxim Dounin
e8cb2a7946 release-1.11.5 tag 2016-10-11 18:03:01 +03:00
Maxim Dounin
06d88ca53b nginx-1.11.5-RELEASE 2016-10-11 18:03:00 +03:00
Maxim Dounin
27930db17c Updated OpenSSL used for win32 builds. 2016-10-11 16:52:48 +03:00
Maxim Dounin
a6cb821090 Modules compatibility: removed dependencies on NGX_MAIL_SSL.
External structures are now identical regardless of mail SSL module
compiled in or not.
2016-10-10 18:44:17 +03:00
Maxim Dounin
78f91756cd Modules compatibility: removed dependencies on NGX_STREAM_SSL.
External structures are now identical regardless of stream SSL module
compiled in or not.
2016-10-10 18:44:17 +03:00
Maxim Dounin
8fd8c32ccf Modules compatibility: compatibility with NGX_HTTP_SSL.
With this change it is now possible to load modules compiled without
the "--with-http_ssl_module" configure option into nginx binary compiled
with it, and vice versa (if a module doesn't use ssl-specific functions),
assuming both use the "--with-compat" option.
2016-10-10 18:44:17 +03:00
Maxim Dounin
844c78556b Modules compatibility: compatibility with NGX_HAVE_FILE_AIO.
With this change it is now possible to load modules compiled without
the "--with-file-aio" configure option into nginx binary compiled with it,
and vice versa, assuming both use the "--with-compat" option.
2016-10-10 18:44:17 +03:00
Maxim Dounin
9f6e8673f4 Modules compatibility: compatibility with NGX_THREADS.
With this change it is now possible to load modules compiled without
the "--with-threads" configure option into nginx binary compiled with it,
and vice versa (if a module does not use thread-specific functions),
assuming both use the "--with-compat" option.
2016-10-10 18:44:17 +03:00
Maxim Dounin
82ec849271 Allowed '-' in method names.
It is used at least by SOAP (M-POST method, defined by RFC 2774) and
by WebDAV versioning (VERSION-CONTROL and BASELINE-CONTROL methods,
defined by RFC 3253).
2016-10-10 16:24:50 +03:00
Maxim Dounin
f594b2bf6d Core: sockaddr lengths now respected by ngx_cmp_sockaddr().
Linux can return AF_UNIX sockaddrs with partially filled sun_path,
resulting in spurious comparison failures and failed binary upgrades.
Added proper checking of the lengths provided.

Reported by Jan Seda,
http://mailman.nginx.org/pipermail/nginx-devel/2016-September/008832.html.
2016-10-10 16:15:41 +03:00
Maxim Dounin
4c4fdc4754 Core: ngx_conf_set_access_slot() user access (ticket #1096).
Previously, user access bits were always set to "rw" unconditionally,
even with "user:r" explicitly specified.  With this change we only add
default user access bits (0600) if they weren't set explicitly.
2016-10-07 16:59:14 +03:00
Maxim Dounin
52892835ef Realip: fixed duplicate processing on redirects (ticket #1098).
Duplicate processing was possible if the address set by realip was
listed in set_realip_from, and there was an internal redirect so module
context was cleared.  This resulted in exactly the same address being set,
so this wasn't a problem before the $realip_remote_addr variable was
introduced, though now results in incorrect $realip_remote_addr being
picked.

Fix is to use ngx_http_realip_get_module_ctx() to look up module context
even if it was cleared.  Additionally, the order of checks was switched to
check the configuration first as it looks more effective.
2016-10-06 23:16:05 +03:00
Sergey Kandaurov
88dc647481 Stream ssl_preread: fixed $ssl_preread_server_name variable.
Made sure to set the variable length only after successful SNI parsing.
2016-10-05 18:11:39 +03:00
Dmitry Volyntsev
b072a6957c Cache: cache manager limits.
The new parameters "manager_files", "manager_sleep"
and "manager_threshold" were added to proxy_cache_path
and friends.

Note that ngx_path_manager_pt was changed to return ngx_msec_t
instead of time_t (API change).
2016-10-05 14:22:30 +03:00
Ruslan Ermilov
f9430de485 Core: use c->log while closing connection.
c->pool is not destroyed here since c52408583801.
2016-10-05 13:57:43 +03:00
Maxim Dounin
3c44339bfe SSL: use X509_check_host() with LibreSSL.
Explicit checks for OPENSSL_VERSION_NUMBER replaced with checks
for X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT, thus allowing X509_check_host()
to be used with other libraries.  In particular, X509_check_host() was
introduced in LibreSSL 2.5.0.
2016-10-04 17:26:45 +03:00
Maxim Dounin
2c84f7af2c Configure: removed the --with-ipv6 option.
IPv6 now compiled-in automatically if support is found.  If there is a need
to disable it for some reason, --with-cc-opt="-DNGX_HAVE_INET6=0" can be used
for this.
2016-10-04 16:38:14 +03:00
Roman Arutyunyan
967ebbec32 Addition filter: set last_in_chain flag when clearing last_buf.
When the last_buf flag is cleared for add_after_body to append more data from a
subrequest, other filters may still have buffered data, which should be flushed
at this point.  For example, the sub_filter may have a partial match buffered,
which will only be flushed after the subrequest is done, ending up with
interleaved data in output.

Setting last_in_chain instead of last_buf flushes the data and fixes the order
of output buffers.
2016-10-03 21:03:27 +03:00
Roman Arutyunyan
f3bbd1c87f Do not set last_buf flag in subrequests.
The last_buf flag should only be set in the last buffer of the main request.
Otherwise, several last_buf flags can appear in output.  This can, for example,
break the chunked filter, which will include several final chunks in output.
2016-10-03 20:48:51 +03:00
Ruslan Ermilov
2e12afb955 Modules compatibility: removed two NGX_HAVE_DEFERRED_ACCEPT checks.
Removed (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
from the signature accordingly.
2016-10-03 15:58:30 +03:00
Maxim Dounin
58b85017a4 Modules compatibility: removed unneeded NGX_HAVE_REUSEPORT checks.
Removed NGX_HAVE_REUSEPORT from the signature accordingly.
2016-10-03 15:58:29 +03:00
Maxim Dounin
0a961a0917 Modules compatibility: removed unneeded IPV6_V6ONLY checks.
The IPV6_V6ONLY macro is now checked only while parsing appropriate flag
and when using the macro.

The ipv6only field in listen structures is always initialized to 1,
even if not supported on a given platform.  This is expected to prevent
a module compiled without IPV6_V6ONLY from accidentally creating dual
sockets if loaded into main binary with proper IPV6_V6ONLY support.
2016-10-03 15:58:25 +03:00
Maxim Dounin
a7f80ec354 Modules compatibility: http2.
HTTP/2-specific fields in structures are now available unconditionally.
Removed NGX_HTTP_V2 from the signature accordingly.
2016-10-03 15:58:22 +03:00
Maxim Dounin
2641022229 Modules compatibility: degradation fields now always present.
There is no need to save these two bits as they are wasted anyway.
Removed NGX_HTTP_DEGRADATION from the signature accordingly.
2016-10-03 15:58:19 +03:00
Maxim Dounin
f99724f2e0 Modules compatibility: --with-compat configure option. 2016-10-03 15:58:16 +03:00
Ruslan Ermilov
c40de74682 Introduced the NGX_COMPAT macro.
When enabled, some structures are padded to be size compatible
with their NGINX Plus versions.
2016-09-29 15:28:24 +03:00
Dmitry Volyntsev
833d03a0a2 Resolver: introduced state field in ngx_resolver_srv_name_t.
It keeps the actual state value of a DNS SRV subrequest
and can be used to report a more detailed log for
failed SRV records.
2016-09-29 19:40:47 +03:00
Maxim Dounin
c7a6a18163 Modules compatibility: down flag promoted to a bitmask.
It is to be used as a bitmask with various bits set/reset when appropriate.
Any bit set means that the peer should not be used, that is, exactly what
current checks do, no additional changes required.
2016-09-29 18:06:05 +03:00
Maxim Dounin
7797fb04cd Modules compatibility: upstream config field.
It is to be used to track version of an upstream configuration used for
request processing.
2016-09-29 18:06:04 +03:00
Maxim Dounin
e900019ac4 Modules compatibility: status fields. 2016-09-29 18:06:03 +03:00
Maxim Dounin
0ce82fc33a Modules compatibility: health check fields. 2016-09-29 18:06:02 +03:00
Maxim Dounin
27c8065e7b Modules compatibility: cache purge fields. 2016-09-29 18:06:01 +03:00
Maxim Dounin
f3ece60723 Modules compatibility: slow start fields. 2016-09-29 18:06:00 +03:00
Maxim Dounin
07c914c0cb Modules compatibility: peer.notify.
This callback can be used to notify balancer about various events.
For now, it is only used in nginx-plus.
2016-09-29 18:05:59 +03:00
Ruslan Ermilov
10f419575a Stream: style.
Explicitly initialized peer's max_conns for upstreams created with
variables similar to how it's done in http.
2016-09-29 12:59:13 +03:00
Ruslan Ermilov
f674f32c09 Upstream: max_conns. 2016-09-22 19:32:47 +03:00
Ruslan Ermilov
fd9e74f656 Upstream: removed the quick recovery mechanism.
Its usefulness it questionable, and it interacts badly with max_conns.
2016-09-22 19:32:45 +03:00
Maxim Dounin
4d4542c838 Upstream: introduced u->upstream.
It holds upstream{} block configuration, including ones selected via
run-time lookup using variables.
2016-09-22 19:32:26 +03:00
Maxim Dounin
017cf96c9b Upstream: style. 2016-09-22 19:31:08 +03:00
Maxim Dounin
778c00c415 Upstream: style, ngx_http_upstream_rr_peer_t.next moved. 2016-07-25 16:23:35 +03:00
Konstantin Pavlov
c8526aca25 Perl: pass additional linker options to perl module.
Previously flags passed by --with-ld-opt were not used when building perl
module, which meant hardening flags provided by package build systems were not
applied.
2016-09-20 22:11:23 +03:00
Valentin Bartenev
89f82c1155 Fixed log levels of configuration parsing errors.
All the errors that prevent loading configuration must be printed on the "emerg"
log level.  Previously, nginx might silently fail to load configuration in some
cases as the default log level is "error".
2016-09-20 15:07:16 +03:00