Commit Graph

313 Commits

Author SHA1 Message Date
Maxim Dounin
08a73b4aad Proxy: support for connection upgrade (101 Switching Protocols).
This allows to proxy WebSockets by using configuration like this:

    location /chat/ {
        proxy_pass http://backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

Connection upgrade is allowed as long as it was requested by a client
via the Upgrade request header.
2013-02-18 13:50:52 +00:00
Ruslan Ermilov
5d143ca864 Fixed and improved the "*_bind" directives of proxying modules.
The "proxy_bind", "fastcgi_bind", "uwsgi_bind", "scgi_bind" and
"memcached_bind" directives are now inherited; inherited value
can be reset by the "off" parameter.  Duplicate directives are
now detected.  Parameter value can now contain variables.
2013-01-16 09:42:57 +00:00
Ruslan Ermilov
a2a229193a Fixed "proxy_pass" with IP address and no port (ticket #276).
Upstreams created by "proxy_pass" with IP address and no port were
broken in 1.3.10, by not initializing port in u->sockaddr.

API change: ngx_parse_url() was modified to always initialize port
(in u->sockaddr and in u->port), even for the u->no_resolve case;
ngx_http_upstream() and ngx_http_upstream_add() were adopted.
2013-01-10 12:58:55 +00:00
Valentin Bartenev
cb90df084f Fixed HEAD requests handling when proxying is used (closes #261). 2012-12-24 17:32:53 +00:00
Maxim Dounin
658296290c Upstream: fixed SIGSEGV with the "if" directive.
Configuration like

    location / {
        set $true 1;

        if ($true) {
            proxy_pass http://backend;
        }

        if ($true) {
            # nothing
        }
    }

resulted in segmentation fault due to NULL pointer dereference as the
upstream configuration wasn't initialized in an implicit location created
by the last if(), but the r->content_handler was set due to first if().

Instead of committing a suicide by dereferencing a NULL pointer, return
500 (Internal Server Error) in such cases, i.e. if uscf is NULL.  Better
fix would be to avoid such cases by fixing the "if" directive handling,
but it's out of scope of this patch.

Prodded by Piotr Sikora.
2012-12-13 16:05:59 +00:00
Maxim Dounin
246cbd21ce Trailing whitespace fix. 2012-11-17 00:36:44 +00:00
Maxim Dounin
e1d5455a74 Upstream: better detection of connect() failures with kqueue.
Pending EOF might be reported on both read and write events, whichever
comes first, so check both of them.

Patch by Yichun Zhang (agentzh), slightly modified.
2012-11-16 18:29:19 +00:00
Maxim Dounin
8e67fb4226 Event pipe: fixed handling of buf_to_file data.
Input filter might free a buffer if there is no data in it, and in case
of first buffer (used for cache header and request header, aka p->buf_to_file)
this resulted in cache corruption.  Buffer memory was reused to read upstream
response before headers were written to disk.

Fix is to avoid moving pointers in ngx_event_pipe_add_free_buf() to a buffer
start if we were asked to free a buffer used by p->buf_to_file.

This fixes occasional cache file corruption, usually resulted
in "cache file ... has md5 collision" alerts.

Reported by Anatoli Marinov.
2012-10-30 11:14:24 +00:00
Maxim Dounin
21be49ae59 Upstream: hide_headers/pass_headers inheritance fix.
Hide headers and pass headers arrays might not be inherited correctly
into a nested location, e.g. in configuration like

    server {
        proxy_hide_header X-Foo;
        location / {
            location /nested/ {
                proxy_pass_header X-Pad;
            }
        }
    }

the X-Foo header wasn't hidden in the location /nested/.

Reported by Konstantin Svist,
http://mailman.nginx.org/pipermail/nginx-ru/2012-July/047555.html
2012-07-30 10:35:26 +00:00
Ruslan Ermilov
45d2ae646b Slight optimization in ngx_http_upstream_add(): replaced an expression
known to be constant with the constant value.
2012-07-29 19:44:09 +00:00
Ruslan Ermilov
b163010872 ngx_http_upstream_add() should return NULL if an error occurs. 2012-07-29 19:38:25 +00:00
Valentin Bartenev
d8ec4910ce Fixed returned value handling from the cookie rewrite handler.
If the "proxy_cookie_domain" or "proxy_cookie_path" directive is used and there
are no matches in Set-Cookie header then ngx_http_proxy_rewrite_cookie() returns
NGX_DECLINED to indicate that the header was not rewritten. Returning this value
further from the upstream headers copy handler resulted in 500 error response.

See here for report:
http://mailman.nginx.org/pipermail/nginx/2012-May/033858.html
2012-05-30 12:30:03 +00:00
Ruslan Ermilov
47a04aaa27 Fixed spelling in multiline C comments. 2012-04-03 07:37:31 +00:00
Maxim Konovalov
acf6c79ac7 For the sake of case/switch code readability, 'fall through'
comments added.
2012-03-19 14:57:29 +00:00
Ruslan Ermilov
b74f8ffce4 Fixed spelling in single-line comments. 2012-02-28 11:31:05 +00:00
Maxim Dounin
9f38b20db5 Time parsing cleanup.
Nuke NGX_PARSE_LARGE_TIME, it's not used since 0.6.30.  The only error
ngx_parse_time() can currently return is NGX_ERROR, check it explicitly
and make sure to cast it to appropriate type (either time_t or ngx_msec_t)
to avoid signedness warnings on platforms with unsigned time_t (notably QNX).
2012-02-13 15:41:11 +00:00
Maxim Dounin
01c133cda4 Fix for proxy_store leaving temporary files for subrequests.
Temporary files might not be removed if the "proxy_store" or "fastcgi_store"
directives were used for subrequests (e.g. ssi includes) and client closed
connection prematurely.

Non-active subrequests are finalized out of the control of the upstream
module when client closes a connection.  As a result, the code to remove
unfinished temporary files in ngx_http_upstream_process_request() wasn't
executed.

Fix is to move relevant code into ngx_http_upstream_finalize_request() which
is called in all cases, either directly or via the cleanup handler.
2012-02-13 15:28:19 +00:00
Valentin Bartenev
b3e3b2e75a Upstream: added callback hook for the "Set-Cookie" header.
No functional changes.
2012-02-13 11:01:58 +00:00
Maxim Dounin
060b92451b Upstream: fixed "too big header" check.
If header filter postponed processing of a header by returning NGX_AGAIN
and not moved u->buffer->pos, previous check incorrectly assumed there
is additional space and did another recv() with zero-size buffer.  This
resulted in "upstream prematurely closed connection" error instead
of correct "upstream sent too big header" one.

Patch by Feibo Li.
2012-02-10 14:31:04 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Dounin
822fe46934 Cache locks initial implementation.
New directives: proxy_cache_lock on/off, proxy_cache_lock_timeout.  With
proxy_cache_lock set to on, only one request will be allowed to go to
upstream for a particular cache item.  Others will wait for a response
to appear in cache (or cache lock released) up to proxy_cache_lock_timeout.

Waiting requests will recheck if they have cached response ready (or are
allowed to run) every 500ms.

Note: we intentionally don't intercept NGX_DECLINED possibly returned by
ngx_http_file_cache_read().  This needs more work (possibly safe, but needs
further investigation).  Anyway, it's exceptional situation.

Note: probably there should be a way to disable caching of responses
if there is already one request fetching resource to cache (without waiting
at all).  Two possible ways include another cache lock option ("no_cache")
or using proxy_no_cache with some supplied variable.

Note: probably there should be a way to lock updating requests as well.  For
now "proxy_cache_use_stale updating" is available.
2011-12-26 11:15:23 +00:00
Maxim Dounin
d79f4523f8 Added clearing of r->valid_unparsed_uri on internal redirects.
This resolves issue with try_files (see ticket #70), configuration like

   location / { try_files $uri /index.php; }
   location /index.php { proxy_pass http://backend; }

caused nginx to use original request uri in a request to a backend.

Historically, not clearing of the r->valid_unparsed_uri on internal redirect
was a feature: it allowed to pass the same request to (another) upstream
server via error_page redirection.  Since then named locations appeared
though, and it's time to start resetting r->valid_unparsed_uri on internal
redirects.  Configurations still using this feature should be converted
to use named locations instead.

Patch by Lanshun Zhou.
2011-12-19 14:11:48 +00:00
Valentin Bartenev
50546b26d9 Added the ngx_http_upstream_param_set_slot(). 2011-12-09 13:19:57 +00:00
Maxim Dounin
e0c1a63028 Upstream: don't cache unfinished responses.
Check if received data length match Content-Length header (if present),
don't cache response if no match found.  This prevents caching of corrupted
response in case of premature connection close by upstream.
2011-11-18 15:09:08 +00:00
Maxim Dounin
b8203e46a0 Additional headers for proxy/fastcgi/uwsgi/scgi_ignore_headers.
Now the following headers may be ignored as well: X-Accel-Limit-Rate,
X-Accel-Buffering, X-Accel-Charset.
2011-10-11 18:10:49 +00:00
Ruslan Ermilov
6e86fb02d6 Tweaked error messages. 2011-10-07 07:57:24 +00:00
Maxim Dounin
20139ff13a Fixed cache bypass caching of non-cacheable replies (ticket #21).
If cache was bypassed with proxy_cache_bypass, cache-controlling headers
(Cache-Control, Expires) wasn't considered and response was cached even
if it was actually non-cacheable.

Patch by John Ferlito.
2011-10-05 10:14:21 +00:00
Maxim Dounin
886c6295ee Better handling of late upstream creation.
Configuration with duplicate upstream blocks defined after first use, i.e.
like

    server {
        ...
        location / {
            proxy_pass http://backend;
        }
    }

    upstream backend { ... }
    upstream backend { ... }

now correctly results in "duplicate upstream" error.

Additionally, upstream blocks defined after first use now handle various
server directive parameters ("weight", "max_fails", etc.).  Previously
configuration like

    server {
        ...
        location / {
            proxy_pass http://backend;
        }
    }

    upstream backend {
        server 127.0.0.1 max_fails=5;
    }

incorrectly resulted in "invalid parameter "max_fails=5"" error.
2011-09-27 11:18:51 +00:00
Maxim Dounin
b16918ed08 Cache: fix for sending of stale responses.
For normal cached responses ngx_http_cache_send() sends last buffer and then
request finalized via ngx_http_finalize_request() call, i.e. everything is
ok.

But for stale responses (i.e. when upstream died, but we have something in
cache) the same ngx_http_cache_send() sends last buffer, but then in
ngx_http_upstream_finalize_request() another last buffer is send.  This
causes duplicate final chunk to appear if chunked encoding is used (and
resulting problems with keepalive connections and so on).

Fix this by not sending in ngx_http_upstream_finalize_request()
another last buffer if we know response was from cache.
2011-09-27 11:17:11 +00:00
Maxim Dounin
28b001f897 Upstream: clearing of u->peer.connection on close.
This fixes crashes observed with some 3rd party balancer modules.  Standard
balancer modules (round-robin and ip hash) explicitly set pc->connection
(aka u->peer.connection) to NULL and aren't affected.
2011-09-25 20:00:36 +00:00
Maxim Dounin
afe2e3d082 Fix of separate pool for upstream connections (r4117).
Pool may not be created if connection was created but rejected in connect()
call.  Make sure to check if it is here before trying to destroy it.
2011-09-20 10:00:46 +00:00
Maxim Dounin
f84c69a301 Upstream: Connection header processing. 2011-09-15 19:21:19 +00:00
Maxim Dounin
4686f30a0c Upstream: Transfer-Encoding header processing. 2011-09-15 19:20:08 +00:00
Maxim Dounin
2d6be3fe93 Upstream: keepalive flag.
This patch introduces r->upstream->keepalive flag, which is set by protocol
handlers if connection to upstream is in good state and can be kept alive.
2011-09-15 19:03:15 +00:00
Maxim Dounin
a746bab7c1 Upstream: pipe length and input_filter_init in buffered mode.
As long as ngx_event_pipe() has more data read from upstream than specified
in p->length it's passed to input filter even if buffer isn't yet full.  This
allows to process data with known length without relying on connection close
to signal data end.

By default p->length is set to -1 in upstream module, i.e. end of data is
indicated by connection close.  To set it from per-protocol handlers upstream
input_filter_init() now called in buffered mode (as well as in
unbuffered mode).
2011-09-15 19:00:47 +00:00
Maxim Dounin
ffe4f11417 Upstream: r->upstream->length type change to off_t.
Previous use of size_t may cause wierd effects on 32bit platforms with certain
big responses transferred in unbuffered mode.

Nuke "if (size > u->length)" check as it's not usefull anyway (preread
body data isn't subject to this check) and now requires additional check
for u->length being positive.
2011-09-15 18:43:19 +00:00
Maxim Dounin
e19f005daf Upstream: content_length_n API change.
We no longer use r->headers_out.content_length_n as a primary source of
backend's response length.  Instead we parse response length to
u->headers_in.content_length_n and copy to r->headers_out.content_length_n
when needed.
2011-09-15 18:33:43 +00:00
Maxim Dounin
360ed25d65 Upstream: separate pool for peer connections.
This is required to support persistent https connections as various ssl
structures are allocated from connection's pool.
2011-09-15 18:21:24 +00:00
Maxim Dounin
c42c70f478 Workaround for cpu hog on errors with cached connections.
Just doing another connect isn't safe as peer.get() may expect peer.tries
to be strictly positive (this is the case e.g. with round robin with multiple
upstream servers).  Increment peer.tries to at least avoid cpu hog in
round robin balancer (with the patch alert will be seen instead).

This is not enough to fully address the problem though, hence TODO.  We
should be able to inform balancer that the error wasn't considered fatal
and it may make sense to retry the same peer.
2011-09-15 18:12:58 +00:00
Maxim Dounin
d7c2673d3f API change: ngx_chain_update_chains() now requires pool.
The ngx_chain_update_chains() needs pool to free chain links used for buffers
with non-matching tags.  Providing one helps to reduce memory consumption
for long-lived requests.
2011-09-15 16:03:17 +00:00
Igor Sysoev
c2f852c260 update r3945 with more descriptive error message 2011-07-29 15:33:03 +00:00
Igor Sysoev
a3741fb24d finalizing with rc == 0 in unbuffered proxy mode caused nginx to wait
for another send_timeout before actually closing client's connection
if client timed out while still talking to upstream server

patch by Maxim Dounin
2011-07-22 13:30:16 +00:00
Igor Sysoev
6c3c3bbe42 fix segfault if cache key is larger than upstream buffer size
patch by Lanshun Zhou
2011-07-19 11:24:16 +00:00
Igor Sysoev
87ee007022 revert r3935 and fix "stalled cache updating" alert
by freeing cache at upstream finalize phase
patch by Maxim Dounin
2011-06-28 13:26:08 +00:00
Igor Sysoev
1788ec0c48 fix "stalled cache updating" alert,
when non-cachable HEAD response did not not free an expired cache node
2011-06-01 08:02:34 +00:00
Igor Sysoev
0d6283918f fix a broken cached response if bypass/no_cache directive values are different,
the bug has been introduced in r3700
2011-05-13 10:05:38 +00:00
Igor Sysoev
64efecc2b5 allow to use $upstream_... variables in SSI 2011-04-21 10:07:07 +00:00
Igor Sysoev
fde7d51392 fix case when a host in fastcgi_pass, scgi_pass, and uwsgi_pass
is given by expression and refers to a defined upstream
2011-04-04 10:43:21 +00:00
Igor Sysoev
9135a0e022 move debug logging inside ngx_http_file_cache_free() 2010-07-28 15:56:56 +00:00
Igor Sysoev
406a68003c several changes in cache cleanup handling:
*) now ngx_http_file_cache_cleanup() uses ngx_http_file_cache_free()
*) ngx_http_file_cache_free() interface has been changed to accept r->cache
   ngx_http_file_cache_cleanup() must use r->cache, but not r, because
   there can be several r->cache's during request processing, r->cache may
   be NULL at request finalising, etc.
*) test if updating request does not complete correctly
2010-07-28 15:49:34 +00:00
Igor Sysoev
6af21b7cda fix r3707: cache node should be freed be a response is not cached 2010-07-27 15:26:33 +00:00
Igor Sysoev
3cf3100977 fix typo 2010-07-27 13:04:13 +00:00
Igor Sysoev
f297d0dd27 an intercepted error code was not cached 2010-07-19 15:31:46 +00:00
Igor Sysoev
cc963cd7e2 style fix 2010-07-19 15:29:16 +00:00
Igor Sysoev
f7d659aa52 proxy_cache_pass, fastcgi_cache_bypass, uwsgi_cache_bypass, scgi_cache_bypass 2010-07-19 09:36:04 +00:00
Igor Sysoev
6a47b43234 rename ngx_http_file_cache_create() to ngx_http_file_cache_new() 2010-07-16 10:01:49 +00:00
Igor Sysoev
9aa3d7f667 ngx_http_file_cache_create() 2010-07-15 14:01:02 +00:00
Igor Sysoev
f3870c66df use ngx_http_test_predicates(), ngx_http_set_predicate_slot()
delete ngx_http_cache(), ngx_http_no_cache_set_slot()
2010-07-14 11:15:45 +00:00
Igor Sysoev
0bd1809f05 treat Set-Cookie as a header that forbids caching 2010-07-02 09:49:27 +00:00
Igor Sysoev
7e14b50c28 use shared ngx_http_upstream_ignore_headers_masks[] 2010-07-02 09:25:38 +00:00
Igor Sysoev
de0b1d6f12 remove r->zero_in_uri 2010-05-24 12:35:10 +00:00
Igor Sysoev
9b2763a245 proxy_no_cache and fastcgi_no_cache 2010-05-24 11:01:05 +00:00
Igor Sysoev
402b2f07c2 do not cache response if it has "no-store" or "private"
in "Cache-Control" header
2010-05-14 12:04:58 +00:00
Igor Sysoev
05b1a8f1e3 ngx_str_set() and ngx_str_null() 2010-05-14 09:56:37 +00:00
Igor Sysoev
328df7a5cc use ngx_min() and ngx_max() 2010-05-14 09:55:33 +00:00
Igor Sysoev
5739072cfe fix segfault: ngx_http_upstream_cleanup() cleans r->cleanup,
the bug had been introduced in r3419
2010-05-14 09:22:58 +00:00
Igor Sysoev
4e20f24b5b delete u->cleanup mark, this fixes large values in $upstream_response_time,
the bug had been introduced in r3007
2010-01-29 16:45:14 +00:00
Igor Sysoev
e146ebd813 allow to handle 301/302 in error_page 2009-12-23 15:31:16 +00:00
Igor Sysoev
bd375b9566 fix typo 2009-12-23 14:22:17 +00:00
Igor Sysoev
601ab90cd4 fix handling cached HTTP/0.9 response 2009-11-29 20:48:01 +00:00
Igor Sysoev
8b816d88a9 change ngx_parse_addr() interface 2009-11-02 16:11:06 +00:00
Igor Sysoev
72e928755b proxy_bind, fastcgi_bind, and memcached_bind 2009-11-02 15:24:02 +00:00
Igor Sysoev
671236993a test comma separator in "Cache-Control" 2009-10-08 14:22:00 +00:00
Igor Sysoev
136dd8d1e6 use real file cache length, this fixes cache size counting for responses
without "Content-Length" header and 304 responses.
2009-10-07 12:55:58 +00:00
Igor Sysoev
65166cfa2f fix request counter in resolver handling, the bug was introduced in r3050 2009-09-28 12:31:47 +00:00
Igor Sysoev
a552ab476e check unsafe Destination 2009-09-25 09:30:06 +00:00
Igor Sysoev
12a7d493d4 fix request counter for X-Accel-Redirect, the bug was introduced in r3050 2009-09-13 13:45:32 +00:00
Igor Sysoev
3e751480b2 increase request counter before an upstream cleanup because the cleanup
decreases the counter via ngx_http_finalize_request(r, NGX_DONE),
the bug was introduced in r3050
2009-09-08 11:37:50 +00:00
Igor Sysoev
8013a83067 clean cache updating state if a response has uncacheable code or
cache prohibitive headers
2009-09-04 09:57:38 +00:00
Igor Sysoev
8b8e995eb8 do not create cache key in AIO invocation 2009-08-28 11:23:50 +00:00
Igor Sysoev
a39d4e1aee fix sending a cached file using AIO 2009-08-28 11:22:27 +00:00
Igor Sysoev
6fb506a215 directio_alignment 2009-08-28 08:15:55 +00:00
Igor Sysoev
a962506498 FreeBSD and Linux AIO support 2009-08-28 08:12:35 +00:00
Igor Sysoev
5297d456d8 axe r->connection->destroyed testing 2009-08-26 16:14:57 +00:00
Igor Sysoev
5374610ace process upstream ETag header 2009-08-23 16:10:39 +00:00
Igor Sysoev
9db33c9234 fix copy destination name length, introduced in r3025 2009-08-20 13:37:26 +00:00
Igor Sysoev
b7a09c5523 allow cross device temporary files atomic copying:
*) ngx_copy_file()
*) delete ngx_ext_rename_file_t.log_rename_error and .rename_error fields
2009-08-12 12:05:33 +00:00
Igor Sysoev
22fc3e656e fix segfault introduced in r3007 2009-08-07 13:16:42 +00:00
Igor Sysoev
15b7420aa6 ngx_http_upstream_create() to cleanup the previous upstream after
internal redirect
2009-07-27 13:25:29 +00:00
Igor Sysoev
ce1ba38b93 fix handling "Last-Modified" and "Accept-Ranges" for upstream responses 2009-07-27 13:14:45 +00:00
Igor Sysoev
7335dfa4b6 allow to proxy_pass_header/fastcgi_pass_header "X-Accel-Redirect",
"X-Accel-Limit-Rate", "X-Accel-Buffering", and "X-Accel-Charset"
2009-07-27 12:06:12 +00:00
Igor Sysoev
2e9542b910 fix ngx_http_send_special() for subrequests handled by perl 2009-07-09 13:32:51 +00:00
Igor Sysoev
704462ac85 fix building --without-http-cache, broken in r2953 2009-06-22 09:10:50 +00:00
Igor Sysoev
ad0d2fced4 fix segfault if there is error_page 401, proxy_intercept_errors is on
and backend does not return "WWW-Authenticate" header
2009-06-18 14:28:50 +00:00
Igor Sysoev
bd9eda9986 $upstream_cache_status 2009-06-18 13:34:47 +00:00
Igor Sysoev
0775182312 fix building --without-http-cache, broken in r2930 2009-06-15 14:25:08 +00:00
Igor Sysoev
83c93ba109 inherit proxy_set_header, proxy_hide_header, and fastcgi_hide_header
only if cache settings are similar
2009-06-08 12:33:11 +00:00
Igor Sysoev
55192e7470 proxy_cache_use_stale/fastcgi_cache_use_stale updating 2009-06-06 18:49:47 +00:00
Igor Sysoev
fa524e9063 delete useless r->cache->uses 2009-06-06 17:48:54 +00:00
Igor Sysoev
260c4321d7 return NULL instead of NGX_CONF_ERROR on a create conf failure 2009-06-02 16:09:44 +00:00