Commit Graph

6247 Commits

Author SHA1 Message Date
Maxim Dounin
319649f6cd release-1.11.11 tag 2017-03-21 18:04:22 +03:00
Maxim Dounin
80c2df69b0 nginx-1.11.11-RELEASE 2017-03-21 18:04:22 +03:00
Maxim Dounin
55266daacb Added HTTP/2 to win32 builds. 2017-03-21 17:28:15 +03:00
Ruslan Ermilov
05f5a7325d Fixed a comment. 2017-03-17 12:09:31 +03:00
Ruslan Ermilov
435670165a Configure: fixed --without_http.
Instead of turning off some randomly selected http modules
when --without-http is specified, just don't process the
whole http modules section.
2017-03-16 20:38:31 +03:00
Ruslan Ermilov
99e20ba5f9 Configure: fixed build with --with-stream.
Some combinations of options might cause the builds with the
--with-stream option to break due to invalid value of the
STREAM_INCS make variable, e.g.

auto/configure \
    --with-stream \
    --with-http_perl_module=dynamic \
    --without-http_memcached_module \
    --without-http_empty_gif_module \
    --without-http_browser_module \
    --without-http_upstream_hash_module \
    --without-http_upstream_ip_hash_module \
    --without-http_upstream_least_conn_module \
    --without-http_upstream_keepalive_module \
    --without-http_upstream_zone_module \

Explicit initialization of ngx_module_libs and ngx_module_link
matches what we already do when processing mail modules, and
is also required after the next change.
2017-03-16 20:38:26 +03:00
Ruslan Ermilov
b1682ecae4 Added missing "static" specifier found by gcc -Wtraditional.
This has somehow escaped from fbdaad9b0e7b.
2017-03-16 19:01:05 +03:00
Maxim Dounin
c265b11770 Style. 2017-03-07 18:51:17 +03:00
Maxim Dounin
12b9974d51 Introduced worker_shutdown_timeout.
The directive configures a timeout to be used when gracefully shutting down
worker processes.  When the timer expires, nginx will try to close all
the connections currently open to facilitate shutdown.
2017-03-07 18:51:16 +03:00
Maxim Dounin
1a58418ae7 Cancelable timers are now preserved if there are other timers.
There is no need to cancel timers early if there are other timers blocking
shutdown anyway.  Preserving such timers allows nginx to continue some
periodic work till the shutdown is actually possible.

With the new approach, timers with ev->cancelable are simply ignored when
checking if there are any timers left during shutdown.
2017-03-07 18:51:15 +03:00
Maxim Dounin
0212c7fac1 Core: introduced ngx_rbtree_next(). 2017-03-07 18:51:13 +03:00
Maxim Dounin
c1d8318d31 Access log: removed dead ev->timedout check in flush timer handler.
The ev->timedout flag is set on first timer expiration, and never reset
after it.  Due to this the code to stop the timer when the timer was
canceled never worked (except in a very specific time frame immediately
after start), and the timer was always armed again.  This essentially
resulted in a buffer flush at the end of an event loop iteration.

This behaviour actually seems to be better than just stopping the flush
timer for the whole shutdown, so it is preserved as is instead of fixing
the code to actually remove the timer.  It will be further improved by
upcoming changes to preserve cancelable timers if there are other timers
blocking shutdown.
2017-03-07 18:51:12 +03:00
Maxim Dounin
fca26c2e53 Converted hc->busy/hc->free to use chain links.
Most notably, this fixes possible buffer overflows if number of large
client header buffers in a virtual server is different from the one in
the default server.

Reported by Daniil Bondarev.
2017-03-07 18:49:31 +03:00
Ruslan Ermilov
422e0f8689 Removed casts not needed after 1f513d7f1b45. 2017-03-07 11:47:58 +03:00
Sergey Kandaurov
fbe9759e4b Mail: don't emit separator in capability lists for APOP.
Notably, this fixes CAPA and AUTH output.

The bug had appeared in nginx 1.11.6 (73b451d304c0).
2017-03-06 17:56:23 +03:00
Ruslan Ermilov
0f89206a10 Added missing "static" specifiers found by gcc -Wtraditional. 2017-03-06 11:09:47 +03:00
Eran Kornblau
0759f088a5 Added missing static specifiers. 2017-03-02 08:46:00 -05:00
othree
b4e9e37719 Contrib: vim syntax, update 3rd party module directives. 2017-03-01 23:41:39 +08:00
Maxim Dounin
0f00d3365f Fixed background update with "if".
Cloned subrequests should inherit r->content_handler.  This way they will
be able to use the same location configuration as the original request
if there are "if" directives in the configuration.

Without r->content_handler inherited, the following configuration tries
to access a static file in the update request:

    location / {
        set $true 1;
        if ($true) {
            # nothing
        }

        proxy_pass http://backend;
        proxy_cache one;
        proxy_cache_use_stale updating;
        proxy_cache_background_update on;
    }

See http://mailman.nginx.org/pipermail/nginx/2017-February/053019.html for
initial report.
2017-02-27 22:36:15 +03:00
othree
56757fd968 Contrib: vim syntax, update core module directives. 2017-02-24 18:05:58 +08:00
othree
178dba35bf Contrib: vim syntax, listen option and SSL/Mail protocol keywords. 2017-02-22 12:26:41 +08:00
Maxim Dounin
6183ca9ea8 Fixed ngx_parse_size() / ngx_parse_offset() with 0-length strings. 2017-02-17 17:01:27 +03:00
Maxim Dounin
ff16c6f99c Trailing space removed. 2017-02-16 18:37:22 +03:00
Maxim Dounin
35118947e1 Docs: changes.xslt regenerated. 2017-02-16 18:33:03 +03:00
Maxim Dounin
b4a2393927 Docs: changes.xml dates converted to ISO 8601 format.
Dates in ISO 8601 format are in line with what is used in nginx.org news,
and are generally less ambiguous and easier to work with.

The changes.xml was converted using sed:

$ sed 's/date="\(..\)\.\(..\)\.\(....\)"/date="\3-\2-\1"/g' changes.xml

Appropriate changes to changes.xsls were introduced.
2017-02-16 18:32:49 +03:00
Maxim Dounin
3418a6ec1c Version bump. 2017-02-16 18:20:14 +03:00
Maxim Dounin
ec5da9536c release-1.11.10 tag 2017-02-14 18:36:04 +03:00
Maxim Dounin
85f28f30bf nginx-1.11.10-RELEASE 2017-02-14 18:36:04 +03:00
Maxim Dounin
fb5c0baa45 Gzip: free chain links on the hot path (ticket #1046). 2017-02-13 21:45:01 +03:00
Maxim Dounin
68f4e482bd Upstream: read handler cleared on upstream finalization.
With "proxy_ignore_client_abort off" (the default), upstream module changes
r->read_event_handler to ngx_http_upstream_rd_check_broken_connection().
If the handler is not cleared during upstream finalization, it can be
triggered later, causing unexpected effects, if, for example, a request
was redirected to a different location using error_page or X-Accel-Redirect.
In particular, it makes "proxy_ignore_client_abort on" non-working after
a redirection in a configuration like this:

    location = / {
        error_page 502 = /error;
        proxy_pass http://127.0.0.1:8082;
    }

    location /error {
        proxy_pass http://127.0.0.1:8083;
        proxy_ignore_client_abort on;
    }

It is also known to cause segmentation faults with aio used, see
http://mailman.nginx.org/pipermail/nginx-ru/2015-August/056570.html.

Fix is to explicitly set r->read_event_handler to ngx_http_block_reading()
during upstream finalization, similar to how it is done in the request body
reading code and in the limit_req module.
2017-02-10 20:24:26 +03:00
Maxim Dounin
5544756296 Cache: increased cache header Vary and ETag lengths to 128.
This allows to store larger ETag values for proxy_cache_revalidate,
including ones generated as SHA256, and cache responses with longer
Vary (ticket #826).

In particular, this fixes caching of Amazon S3 responses with CORS
enabled, which now use "Vary: Origin, Access-Control-Request-Headers,
Access-Control-Request-Method".

Cache version bumped accordingly.
2017-02-10 17:49:19 +03:00
Roman Arutyunyan
b9a031622b Slice filter: fetch slices in cloned subrequests.
Previously, slice subrequest location was selected based on request URI.
If request is then redirected to a new location, its context array is cleared,
making the slice module loose current slice range information.  This lead to
broken output.  Now subrequests with the NGX_HTTP_SUBREQUEST_CLONE flag are
created for slices.  Such subrequests stay in the same location as the parent
request and keep the right slice context.
2017-02-10 16:33:12 +03:00
Roman Arutyunyan
3e4339eacd Upstream: proxy_cache_background_update and friends.
The directives enable cache updates in subrequests.
2017-02-10 15:13:41 +03:00
Roman Arutyunyan
da2b2cf1e0 Cache: support for stale-while-revalidate and stale-if-error.
Previously, there was no way to enable the proxy_cache_use_stale behavior by
reading the backend response.  Now, stale-while-revalidate and stale-if-error
Cache-Control extensions (RFC 5861) are supported.  They specify, how long a
stale response can be used when a cache entry is being updated, or in case of
an error.
2016-12-22 14:25:34 +03:00
Maxim Dounin
42f3dd2b84 Request body: commented out debug printing of old buffers.
This is not really needed in practice, and causes excessive debug output
in some of our tests.
2017-02-08 19:36:03 +03:00
Maxim Dounin
31a0cab931 Request body: c->error on "100 Continue" errors (ticket #1194). 2017-02-08 19:35:31 +03:00
Sergey Kandaurov
9af7dc2b44 SSL: clear error queue after OPENSSL_init_ssl().
The function may leave error in the error queue while returning success,
e.g., when taking a DSO reference to itself as of OpenSSL 1.1.0d:
https://git.openssl.org/?p=openssl.git;a=commit;h=4af9f7f

Notably, this fixes alert seen with statically linked OpenSSL on some platforms.

While here, check OPENSSL_init_ssl() return value.
2017-02-06 18:38:06 +03:00
Maxim Dounin
4abafc85d6 SSL: fixed ssl_buffer_size on SNI virtual hosts (ticket #1192).
Previously, buffer size was not changed from the one saved during
initial ngx_ssl_create_connection(), even if the buffer itself was not
yet created.  Fix is to change c->ssl->buffer_size in the SNI callback.

Note that it should be also possible to update buffer size even in non-SNI
virtual hosts as long as the buffer is not yet allocated.  This looks
like an overcomplication though.
2017-02-02 20:29:16 +03:00
Sergey Kandaurov
c76ccae991 Configure: removed execute bit from auto/unix. 2017-02-01 20:04:06 +03:00
Dmitry Volyntsev
897eaa9215 Variables: generic prefix variables. 2017-01-31 21:19:58 +03:00
Ruslan Ermilov
7e080678d6 Implemented the "server_tokens build" option.
Based on a patch by Tom Thorogood.
2017-01-31 12:09:40 +03:00
Maxim Dounin
10c43d8e81 Updated OpenSSL used for win32 builds. 2017-01-27 19:06:35 +03:00
Maxim Dounin
b077851bc3 Upstream: removed unused bl_time and bl_state fields. 2017-01-26 16:16:48 +03:00
Thibault Charbonnier
bbb82a736f Upstream: removed unused ngx_http_upstream_conf_t.timeout field. 2017-01-24 17:52:39 -08:00
Vladimir Homutov
20443cae62 Upstream: removed compatibility shims from ngx_http_upstream_t.
The type is no longer modified in NGINX Plus.
2017-01-25 15:39:22 +03:00
Vladimir Homutov
dbb698363b Version bump. 2017-01-26 11:44:55 +03:00
Maxim Dounin
9ccc7ac0e8 release-1.11.9 tag 2017-01-24 17:02:19 +03:00
Maxim Dounin
859d62f66a nginx-1.11.9-RELEASE 2017-01-24 17:02:18 +03:00
Maxim Dounin
a33ec3dabe Updated zlib and PCRE used for win32 builds. 2017-01-24 16:41:29 +03:00
Maxim Dounin
e66073c4d3 Upstream: fixed cache corruption and socket leaks with aio_write.
The ngx_event_pipe() function wasn't called on write events with
wev->delayed set.  As a result, threaded writing results weren't
properly collected in ngx_event_pipe_write_to_downstream() when a
write event was triggered for a completed write.

Further, this wasn't detected, as p->aio was reset by a thread completion
handler, and results were later collected in ngx_event_pipe_read_upstream()
instead of scheduling a new write of additional data.  If this happened
on the last reading from an upstream, last part of the response was never
written to the cache file.

Similar problems might also happen in case of timeouts when writing to
client, as this also results in ngx_event_pipe() not being called on write
events.  In this scenario socket leaks were observed.

Fix is to check if p->writing is set in ngx_event_pipe_read_upstream(), and
therefore collect results of previous write operations in case of read events
as well, similar to how we do so in ngx_event_pipe_write_downstream().
This is enough to fix the wev->delayed case.  Additionally, we now call
ngx_event_pipe() from ngx_http_upstream_process_request() if there are
uncollected write operations (p->writing and !p->aio).  This also fixes
the wev->timedout case.
2017-01-20 21:14:19 +03:00