Changes - j0ke.net Open Build Service

Changes of Revision 15

[-] [+]	Changed	nginx.spec
@@ -13,8 +13,8 @@ %define with_rtmp_ext 1 Name: nginx -Version: 1.7.1 -Release: 2 +Version: 1.7.3 +Release: 1 Summary: Robust, small and high performance http and reverse proxy server Group: System Environment/Daemons @@ -217,6 +217,9 @@ %changelog +* Fri Jun 28 2014 Juergen Gotteswinter <jgqinternetx.com> - 1.7.3-1 +- bump to 1.7.3 + * Fri Apr 26 2014 Juergen Gotteswinter <jgqinternetx.com> - 1.6.0-2 - added nginx-statsd module x 1 @@ -13,8 +13,8 @@ 2 %define with_rtmp_ext 1 3 4 Name: nginx 5 -Version: 1.7.1 6 -Release: 2 7 +Version: 1.7.3 8 +Release: 1 9 Summary: Robust, small and high performance http and reverse proxy server 10 Group: System Environment/Daemons 11 12 @@ -217,6 +217,9 @@ 13 14 15 %changelog 16 +* Fri Jun 28 2014 Juergen Gotteswinter <jgqinternetx.com> - 1.7.3-1 17 +- bump to 1.7.3 18 + 19 * Fri Apr 26 2014 Juergen Gotteswinter <jgqinternetx.com> - 1.6.0-2 20 - added nginx-statsd module 21 22
[-] [+]	Changed	nginx-1.7.3.tar.gz/CHANGES ^
@@ -1,4 +1,47 @@ +Changes with nginx 1.7.3 08 Jul 2014 + + ) Feature: weak entity tags are now preserved on response + modifications, and strong ones are changed to weak. + + ) Feature: cache revalidation now uses If-None-Match header if + possible. + + ) Feature: the "ssl_password_file" directive. + + ) Bugfix: the If-None-Match request header line was ignored if there + was no Last-Modified header in a response returned from cache. + + ) Bugfix: "peer closed connection in SSL handshake" messages were + logged at "info" level instead of "error" while connecting to + backends. + + ) Bugfix: in the ngx_http_dav_module module in nginx/Windows. + + ) Bugfix: SPDY connections might be closed prematurely if caching was + used. + + +Changes with nginx 1.7.2 17 Jun 2014 + + ) Feature: the "hash" directive inside the "upstream" block. + + ) Feature: defragmentation of free shared memory blocks. + Thanks to Wandenberg Peixoto and Yichun Zhang. + + ) Bugfix: a segmentation fault might occur in a worker process if the + default value of the "access_log" directive was used; the bug had + appeared in 1.7.0. + Thanks to Piotr Sikora. + + ) Bugfix: trailing slash was mistakenly removed from the last parameter + of the "try_files" directive. + + ) Bugfix: nginx could not be built on OS X in some cases. + + ) Bugfix: in the ngx_http_spdy_module. + + Changes with nginx 1.7.1 27 May 2014 ) Feature: the "$upstream_cookie_..." variables.
[-] [+]	Changed	nginx-1.7.3.tar.gz/CHANGES.ru ^
@@ -1,4 +1,47 @@ +Изменения в nginx 1.7.3 08.07.2014 + + ) Добавление: weak entity tags теперь не удаляются при изменениях + ответа, а strong entity tags преобразуются в weak. + + ) Добавление: ревалидация элементов кэша теперь, если это возможно, + использует заголовок If-None-Match. + + ) Добавление: директива ssl_password_file. + + ) Исправление: при возврате ответа из кэша заголовок запроса + If-None-Match игнорировался, если в ответе не было заголовка + Last-Modified. + + ) Исправление: сообщения "peer closed connection in SSL handshake" при + соединении с бэкендами логгировались на уровне info вместо error. + + ) Исправление: в модуле ngx_http_dav_module в nginx/Windows. + + ) Исправление: SPDY-соединения могли неожиданно закрываться, если + использовалось кэширование. + + +Изменения в nginx 1.7.2 17.06.2014 + + ) Добавление: директива hash в блоке upstream. + + ) Добавление: дефрагментация свободных блоков разделяемой памяти. + Спасибо Wandenberg Peixoto и Yichun Zhang. + + ) Исправление: в рабочем процессе мог произойти segmentation fault, + если использовалось значение access_log по умолчанию; ошибка + появилась в 1.7.0. + Спасибо Piotr Sikora. + + ) Исправление: завершающий слэш ошибочно удалялся из последнего + параметра директивы try_files. + + ) Исправление: nginx мог не собираться на OS X. + + ) Исправление: в модуле ngx_http_spdy_module. + + Изменения в nginx 1.7.1 27.05.2014 ) Добавление: переменные "$upstream_cookie_...".
[-] [+]	Changed	nginx-1.7.3.tar.gz/auto/cc/clang ^
@@ -88,6 +88,11 @@ # we have a lot of unused function arguments CFLAGS="$CFLAGS -Wno-unused-parameter" +# deprecated system OpenSSL library on OS X +if [ "$NGX_SYSTEM" = "Darwin" ]; then + CFLAGS="$CFLAGS -Wno-deprecated-declarations" +fi + # stop on warning CFLAGS="$CFLAGS -Werror"
[-] [+]	Changed	nginx-1.7.3.tar.gz/auto/cc/gcc ^
@@ -158,6 +158,11 @@ CFLAGS="$CFLAGS -Wno-unused-parameter" # 4.2.1 shows the warning in wrong places #CFLAGS="$CFLAGS -Wunreachable-code" + + # deprecated system OpenSSL library on OS X + if [ "$NGX_SYSTEM" = "Darwin" ]; then + CFLAGS="$CFLAGS -Wno-deprecated-declarations" + fi ;; *)
[-] [+]	Changed	nginx-1.7.3.tar.gz/auto/lib/perl/conf ^
@@ -41,6 +41,8 @@ ngx_perl_ldopts=`$NGX_PERL -MExtUtils::Embed -e ldopts` ngx_perl_dlext=`$NGX_PERL -MConfig -e 'print $Config{dlext}'` + ngx_perl_libdir="src/http/modules/perl/blib/arch/auto" + ngx_perl_module="$ngx_perl_libdir/nginx/nginx.$ngx_perl_dlext" if $NGX_PERL -V:usemultiplicity \| grep define > /dev/null; then have=NGX_HAVE_PERL_MULTIPLICITY . auto/have @@ -52,8 +54,14 @@ ngx_perl_ldopts=`echo $ngx_perl_ldopts \| sed 's/ -pthread//'` fi + if [ "$NGX_SYSTEM" = "Darwin" ]; then + # OS X system perl wants to link universal binaries + ngx_perl_ldopts=`echo $ngx_perl_ldopts \ + \| sed -e 's/-arch x86_64 -arch i386//'` + fi + CORE_LINK="$CORE_LINK $ngx_perl_ldopts" - LINK_DEPS="$LINK_DEPS $NGX_OBJS/src/http/modules/perl/blib/arch/auto/nginx/nginx.$ngx_perl_dlext" + LINK_DEPS="$LINK_DEPS $NGX_OBJS/$ngx_perl_module" if test -n "$NGX_PERL_MODULES"; then have=NGX_PERL_MODULES value="(u_char *) \"$NGX_PERL_MODULES\""
[-] [+]	Changed	nginx-1.7.3.tar.gz/auto/modules ^
@@ -371,6 +371,11 @@ HTTP_SRCS="$HTTP_SRCS $HTTP_MP4_SRCS" fi +if [ $HTTP_UPSTREAM_HASH = YES ]; then + HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_HASH_MODULE" + HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_HASH_SRCS" +fi + if [ $HTTP_UPSTREAM_IP_HASH = YES ]; then HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_IP_HASH_MODULE" HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_IP_HASH_SRCS"
[-] [+]	Changed	nginx-1.7.3.tar.gz/auto/options ^
@@ -99,6 +99,7 @@ HTTP_MP4=NO HTTP_GUNZIP=NO HTTP_GZIP_STATIC=NO +HTTP_UPSTREAM_HASH=YES HTTP_UPSTREAM_IP_HASH=YES HTTP_UPSTREAM_LEAST_CONN=YES HTTP_UPSTREAM_KEEPALIVE=YES @@ -251,6 +252,7 @@ --without-http_limit_req_module) HTTP_LIMIT_REQ=NO ;; --without-http_empty_gif_module) HTTP_EMPTY_GIF=NO ;; --without-http_browser_module) HTTP_BROWSER=NO ;; + --without-http_upstream_hash_module) HTTP_UPSTREAM_HASH=NO ;; --without-http_upstream_ip_hash_module) HTTP_UPSTREAM_IP_HASH=NO ;; --without-http_upstream_least_conn_module) HTTP_UPSTREAM_LEAST_CONN=NO ;; @@ -395,6 +397,8 @@ --without-http_limit_req_module disable ngx_http_limit_req_module --without-http_empty_gif_module disable ngx_http_empty_gif_module --without-http_browser_module disable ngx_http_browser_module + --without-http_upstream_hash_module + disable ngx_http_upstream_hash_module --without-http_upstream_ip_hash_module disable ngx_http_upstream_ip_hash_module --without-http_upstream_least_conn_module
[-] [+]	Changed	nginx-1.7.3.tar.gz/auto/sources ^
@@ -497,6 +497,10 @@ HTTP_GZIP_STATIC_SRCS=src/http/modules/ngx_http_gzip_static_module.c +HTTP_UPSTREAM_HASH_MODULE=ngx_http_upstream_hash_module +HTTP_UPSTREAM_HASH_SRCS=src/http/modules/ngx_http_upstream_hash_module.c + + HTTP_UPSTREAM_IP_HASH_MODULE=ngx_http_upstream_ip_hash_module HTTP_UPSTREAM_IP_HASH_SRCS=src/http/modules/ngx_http_upstream_ip_hash_module.c
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/core/nginx.h ^
@@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1007001 -#define NGINX_VERSION "1.7.1" +#define nginx_version 1007003 +#define NGINX_VERSION "1.7.3" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/core/ngx_connection.c ^
@@ -411,13 +411,11 @@ if (bind(s, ls[i].sockaddr, ls[i].socklen) == -1) { err = ngx_socket_errno; - if (err == NGX_EADDRINUSE && ngx_test_config) { - continue; + if (err != NGX_EADDRINUSE \|\| !ngx_test_config) { + ngx_log_error(NGX_LOG_EMERG, log, err, + "bind() to %V failed", &ls[i].addr_text); } - ngx_log_error(NGX_LOG_EMERG, log, err, - "bind() to %V failed", &ls[i].addr_text); - if (ngx_close_socket(s) == -1) { ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno, ngx_close_socket_n " %V failed", @@ -428,7 +426,9 @@ return NGX_ERROR; } - failed = 1; + if (!ngx_test_config) { + failed = 1; + } continue; }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/core/ngx_palloc.c ^
@@ -181,7 +181,7 @@ { u_char m; size_t psize; - ngx_pool_t p, new, current; + ngx_pool_t p, new; psize = (size_t) (pool->d.end - (u_char *) pool); @@ -200,18 +200,14 @@ m = ngx_align_ptr(m, NGX_ALIGNMENT); new->d.last = m + size; - current = pool->current; - - for (p = current; p->d.next; p = p->d.next) { + for (p = pool->current; p->d.next; p = p->d.next) { if (p->d.failed++ > 4) { - current = p->d.next; + pool->current = p->d.next; } } p->d.next = new; - pool->current = current ? current : new; - return m; }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/core/ngx_slab.c ^
@@ -129,6 +129,8 @@ pool->pages->slab = pages; } + pool->last = pool->pages + pages; + pool->log_nomem = 1; pool->log_ctx = &pool->zero; pool->zero = '\0'; @@ -396,6 +398,35 @@ } +void * +ngx_slab_calloc(ngx_slab_pool_t pool, size_t size) +{ + void p; + + ngx_shmtx_lock(&pool->mutex); + + p = ngx_slab_calloc_locked(pool, size); + + ngx_shmtx_unlock(&pool->mutex); + + return p; +} + + +void * +ngx_slab_calloc_locked(ngx_slab_pool_t pool, size_t size) +{ + void p; + + p = ngx_slab_alloc_locked(pool, size); + if (p) { + ngx_memzero(p, size); + } + + return p; +} + + void ngx_slab_free(ngx_slab_pool_t pool, void p) { @@ -626,6 +657,8 @@ if (page->slab >= pages) { if (page->slab > pages) { + page[page->slab - 1].prev = (uintptr_t) &page[pages]; + page[pages].slab = page->slab - pages; page[pages].next = page->next; page[pages].prev = page->prev; @@ -672,7 +705,8 @@ ngx_slab_free_pages(ngx_slab_pool_t pool, ngx_slab_page_t page, ngx_uint_t pages) { - ngx_slab_page_t prev; + ngx_uint_t type; + ngx_slab_page_t prev, join; page->slab = pages--; @@ -686,6 +720,59 @@ page->next->prev = page->prev; } + join = page + page->slab; + + if (join < pool->last) { + type = join->prev & NGX_SLAB_PAGE_MASK; + + if (type == NGX_SLAB_PAGE) { + + if (join->next != NULL) { + pages += join->slab; + page->slab += join->slab; + + prev = (ngx_slab_page_t ) (join->prev & ~NGX_SLAB_PAGE_MASK); + prev->next = join->next; + join->next->prev = join->prev; + + join->slab = NGX_SLAB_PAGE_FREE; + join->next = NULL; + join->prev = NGX_SLAB_PAGE; + } + } + } + + if (page > pool->pages) { + join = page - 1; + type = join->prev & NGX_SLAB_PAGE_MASK; + + if (type == NGX_SLAB_PAGE) { + + if (join->slab == NGX_SLAB_PAGE_FREE) { + join = (ngx_slab_page_t ) (join->prev & ~NGX_SLAB_PAGE_MASK); + } + + if (join->next != NULL) { + pages += join->slab; + join->slab += page->slab; + + prev = (ngx_slab_page_t ) (join->prev & ~NGX_SLAB_PAGE_MASK); + prev->next = join->next; + join->next->prev = join->prev; + + page->slab = NGX_SLAB_PAGE_FREE; + page->next = NULL; + page->prev = NGX_SLAB_PAGE; + + page = join; + } + } + } + + if (pages) { + page[pages].prev = (uintptr_t) page; + } + page->prev = (uintptr_t) &pool->free; page->next = pool->free.next;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/core/ngx_slab.h ^
@@ -29,6 +29,7 @@ size_t min_shift; ngx_slab_page_t pages; + ngx_slab_page_t last; ngx_slab_page_t free; u_char start; @@ -49,6 +50,8 @@ void ngx_slab_init(ngx_slab_pool_t pool); void ngx_slab_alloc(ngx_slab_pool_t pool, size_t size); void ngx_slab_alloc_locked(ngx_slab_pool_t pool, size_t size); +void ngx_slab_calloc(ngx_slab_pool_t pool, size_t size); +void ngx_slab_calloc_locked(ngx_slab_pool_t pool, size_t size); void ngx_slab_free(ngx_slab_pool_t pool, void p); void ngx_slab_free_locked(ngx_slab_pool_t pool, void p);
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/event/ngx_event_openssl.c ^
@@ -10,14 +10,20 @@ #include <ngx_event.h> +#define NGX_SSL_PASSWORD_BUFFER_SIZE 4096 + + typedef struct { ngx_uint_t engine; /* unsigned engine:1; / } ngx_openssl_conf_t; +static int ngx_ssl_password_callback(char buf, int size, int rwflag, + void userdata); static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX x509_store); static void ngx_ssl_info_callback(const ngx_ssl_conn_t ssl_conn, int where, int ret); +static void ngx_ssl_passwords_cleanup(void data); static void ngx_ssl_handshake_handler(ngx_event_t ev); static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t c, int n); static void ngx_ssl_write_handler(ngx_event_t wev); @@ -257,11 +263,13 @@ ngx_int_t ngx_ssl_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t cert, - ngx_str_t key) + ngx_str_t key, ngx_array_t passwords) { - BIO bio; - X509 x509; - u_long n; + BIO bio; + X509 x509; + u_long n; + ngx_str_t pwd; + ngx_uint_t tries; if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) { return NGX_ERROR; @@ -348,19 +356,76 @@ return NGX_ERROR; } - if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char ) key->data, - SSL_FILETYPE_PEM) - == 0) - { + if (passwords) { + tries = passwords->nelts; + pwd = passwords->elts; + + SSL_CTX_set_default_passwd_cb(ssl->ctx, ngx_ssl_password_callback); + SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, pwd); + + } else { + tries = 1; +#if (NGX_SUPPRESS_WARN) + pwd = NULL; +#endif + } + + for ( ;; ) { + + if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char ) key->data, + SSL_FILETYPE_PEM) + != 0) + { + break; + } + + if (--tries) { + n = ERR_peek_error(); + + if (ERR_GET_LIB(n) == ERR_LIB_EVP + && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) + { + ERR_clear_error(); + SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); + continue; + } + } + ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); return NGX_ERROR; } + SSL_CTX_set_default_passwd_cb(ssl->ctx, NULL); + return NGX_OK; } +static int +ngx_ssl_password_callback(char buf, int size, int rwflag, void userdata) +{ + ngx_str_t pwd = userdata; + + if (rwflag) { + ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, 0, + "ngx_ssl_password_callback() is called for encryption"); + return 0; + } + + if (pwd->len > (size_t) size) { + ngx_log_error(NGX_LOG_ERR, ngx_cycle->log, 0, + "password is truncated to %d bytes", size); + } else { + size = pwd->len; + } + + ngx_memcpy(buf, pwd->data, size); + + return size; +} + + ngx_int_t ngx_ssl_client_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t cert, ngx_int_t depth) @@ -597,6 +662,148 @@ } +ngx_array_t * +ngx_ssl_read_password_file(ngx_conf_t cf, ngx_str_t file) +{ + u_char p, last, end; + size_t len; + ssize_t n; + ngx_fd_t fd; + ngx_str_t pwd; + ngx_array_t passwords; + ngx_pool_cleanup_t cln; + u_char buf[NGX_SSL_PASSWORD_BUFFER_SIZE]; + + if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) { + return NULL; + } + + cln = ngx_pool_cleanup_add(cf->temp_pool, 0); + passwords = ngx_array_create(cf->temp_pool, 4, sizeof(ngx_str_t)); + + if (cln == NULL \|\| passwords == NULL) { + return NULL; + } + + cln->handler = ngx_ssl_passwords_cleanup; + cln->data = passwords; + + fd = ngx_open_file(file->data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); + if (fd == NGX_INVALID_FILE) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, + ngx_open_file_n " \"%s\" failed", file->data); + return NULL; + } + + len = 0; + last = buf; + + do { + n = ngx_read_fd(fd, last, NGX_SSL_PASSWORD_BUFFER_SIZE - len); + + if (n == -1) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, + ngx_read_fd_n " \"%s\" failed", file->data); + passwords = NULL; + goto cleanup; + } + + end = last + n; + + if (len && n == 0) { + end++ = LF; + } + + p = buf; + + for ( ;; ) { + last = ngx_strlchr(last, end, LF); + + if (last == NULL) { + break; + } + + len = last++ - p; + + if (len && p[len - 1] == CR) { + len--; + } + + if (len) { + pwd = ngx_array_push(passwords); + if (pwd == NULL) { + passwords = NULL; + goto cleanup; + } + + pwd->len = len; + pwd->data = ngx_pnalloc(cf->temp_pool, len); + + if (pwd->data == NULL) { + passwords->nelts--; + passwords = NULL; + goto cleanup; + } + + ngx_memcpy(pwd->data, p, len); + } + + p = last; + } + + len = end - p; + + if (len == NGX_SSL_PASSWORD_BUFFER_SIZE) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "too long line in \"%s\"", file->data); + passwords = NULL; + goto cleanup; + } + + ngx_memmove(buf, p, len); + last = buf + len; + + } while (n != 0); + + if (passwords->nelts == 0) { + pwd = ngx_array_push(passwords); + if (pwd == NULL) { + passwords = NULL; + goto cleanup; + } + + ngx_memzero(pwd, sizeof(ngx_str_t)); + } + +cleanup: + + if (ngx_close_file(fd) == NGX_FILE_ERROR) { + ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno, + ngx_close_file_n " \"%s\" failed", file->data); + } + + ngx_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE); + + return passwords; +} + + +static void +ngx_ssl_passwords_cleanup(void data) +{ + ngx_array_t passwords = data; + + ngx_str_t pwd; + ngx_uint_t i; + + pwd = passwords->elts; + + for (i = 0; i < passwords->nelts; i++) { + ngx_memzero(pwd[i].data, pwd[i].len); + } +} + + ngx_int_t ngx_ssl_dhparam(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *file) { @@ -905,8 +1112,8 @@ c->read->eof = 1; if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) { - ngx_log_error(NGX_LOG_INFO, c->log, err, - "peer closed connection in SSL handshake"); + ngx_connection_error(c, err, + "peer closed connection in SSL handshake"); return NGX_ERROR; }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/event/ngx_event_openssl.h ^
@@ -112,7 +112,7 @@ ngx_int_t ngx_ssl_init(ngx_log_t log); ngx_int_t ngx_ssl_create(ngx_ssl_t ssl, ngx_uint_t protocols, void data); ngx_int_t ngx_ssl_certificate(ngx_conf_t cf, ngx_ssl_t ssl, - ngx_str_t cert, ngx_str_t key); + ngx_str_t cert, ngx_str_t key, ngx_array_t passwords); ngx_int_t ngx_ssl_client_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t cert, ngx_int_t depth); ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t cf, ngx_ssl_t ssl, @@ -124,6 +124,7 @@ ngx_resolver_t resolver, ngx_msec_t resolver_timeout); RSA ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t ssl_conn, int is_export, int key_length); +ngx_array_t ngx_ssl_read_password_file(ngx_conf_t cf, ngx_str_t file); ngx_int_t ngx_ssl_dhparam(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t file); ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t name); ngx_int_t ngx_ssl_session_cache(ngx_ssl_t ssl, ngx_str_t *sess_ctx,
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/event/ngx_event_pipe.c ^
@@ -439,7 +439,11 @@ } } - if (p->cacheable && p->in) { + if (p->cacheable && (p->in \|\| p->buf_to_file)) { + + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0, + "pipe write chain"); + if (ngx_event_pipe_write_chain_to_temp_file(p) == NGX_ABORT) { return NGX_ABORT; } @@ -515,15 +519,6 @@ p->in = NULL; } - if (p->cacheable && p->buf_to_file) { - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0, - "pipe write chain"); - - if (ngx_event_pipe_write_chain_to_temp_file(p) == NGX_ABORT) { - return NGX_ABORT; - } - } - ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0, "pipe write downstream done");
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_addition_filter_module.c ^
@@ -121,7 +121,7 @@ ngx_http_clear_content_length(r); ngx_http_clear_accept_ranges(r); - ngx_http_clear_etag(r); + ngx_http_weak_etag(r); return ngx_http_next_header_filter(r); }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_fastcgi_module.c ^
@@ -573,7 +573,7 @@ { ngx_string("HTTP_IF_MODIFIED_SINCE"), ngx_string("$upstream_cache_last_modified") }, { ngx_string("HTTP_IF_UNMODIFIED_SINCE"), ngx_string("") }, - { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("") }, + { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("$upstream_cache_etag") }, { ngx_string("HTTP_IF_MATCH"), ngx_string("") }, { ngx_string("HTTP_RANGE"), ngx_string("") }, { ngx_string("HTTP_IF_RANGE"), ngx_string("") },
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_gunzip_filter_module.c ^
@@ -165,7 +165,7 @@ ngx_http_clear_content_length(r); ngx_http_clear_accept_ranges(r); - ngx_http_clear_etag(r); + ngx_http_weak_etag(r); return ngx_http_next_header_filter(r); }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_gzip_filter_module.c ^
@@ -306,7 +306,7 @@ ngx_http_clear_content_length(r); ngx_http_clear_accept_ranges(r); - ngx_http_clear_etag(r); + ngx_http_weak_etag(r); return ngx_http_next_header_filter(r); }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_log_module.c ^
@@ -1109,16 +1109,13 @@ return NGX_CONF_ERROR; } + ngx_memzero(log, sizeof(ngx_http_log_t)); + log->file = ngx_conf_open_file(cf->cycle, &ngx_http_access_log); if (log->file == NULL) { return NGX_CONF_ERROR; } - log->script = NULL; - log->disk_full_time = 0; - log->error_log_time = 0; - log->syslog_peer = NULL; - lmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_log_module); fmt = lmcf->formats.elts;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_not_modified_filter_module.c ^
@@ -13,7 +13,7 @@ static ngx_uint_t ngx_http_test_if_unmodified(ngx_http_request_t r); static ngx_uint_t ngx_http_test_if_modified(ngx_http_request_t r); static ngx_uint_t ngx_http_test_if_match(ngx_http_request_t r, - ngx_table_elt_t header); + ngx_table_elt_t header, ngx_uint_t weak); static ngx_int_t ngx_http_not_modified_filter_init(ngx_conf_t cf); @@ -56,7 +56,7 @@ { if (r->headers_out.status != NGX_HTTP_OK \|\| r != r->main - \|\| r->headers_out.last_modified_time == -1) + \|\| r->disable_not_modified) { return ngx_http_next_header_filter(r); } @@ -69,7 +69,7 @@ } if (r->headers_in.if_match - && !ngx_http_test_if_match(r, r->headers_in.if_match)) + && !ngx_http_test_if_match(r, r->headers_in.if_match, 0)) { return ngx_http_filter_finalize_request(r, NULL, NGX_HTTP_PRECONDITION_FAILED); @@ -84,7 +84,7 @@ } if (r->headers_in.if_none_match - && !ngx_http_test_if_match(r, r->headers_in.if_none_match)) + && !ngx_http_test_if_match(r, r->headers_in.if_none_match, 1)) { return ngx_http_next_header_filter(r); } @@ -114,11 +114,15 @@ { time_t iums; + if (r->headers_out.last_modified_time == (time_t) -1) { + return 0; + } + iums = ngx_http_parse_time(r->headers_in.if_unmodified_since->value.data, r->headers_in.if_unmodified_since->value.len); ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http iums:%d lm:%d", iums, r->headers_out.last_modified_time); + "http iums:%T lm:%T", iums, r->headers_out.last_modified_time); if (iums >= r->headers_out.last_modified_time) { return 1; @@ -134,6 +138,10 @@ time_t ims; ngx_http_core_loc_conf_t clcf; + if (r->headers_out.last_modified_time == (time_t) -1) { + return 1; + } + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); if (clcf->if_modified_since == NGX_HTTP_IMS_OFF) { @@ -144,7 +152,7 @@ r->headers_in.if_modified_since->value.len); ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http ims:%d lm:%d", ims, r->headers_out.last_modified_time); + "http ims:%T lm:%T", ims, r->headers_out.last_modified_time); if (ims == r->headers_out.last_modified_time) { return 0; @@ -161,10 +169,11 @@ static ngx_uint_t -ngx_http_test_if_match(ngx_http_request_t r, ngx_table_elt_t header) +ngx_http_test_if_match(ngx_http_request_t r, ngx_table_elt_t header, + ngx_uint_t weak) { u_char start, end, ch; - ngx_str_t etag, list; + ngx_str_t etag, list; list = &header->value; @@ -176,25 +185,42 @@ return 0; } - etag = &r->headers_out.etag->value; + etag = r->headers_out.etag->value; ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http im:\"%V\" etag:%V", list, etag); + "http im:\"%V\" etag:%V", list, &etag); + + if (weak + && etag.len > 2 + && etag.data[0] == 'W' + && etag.data[1] == '/') + { + etag.len -= 2; + etag.data += 2; + } start = list->data; end = list->data + list->len; while (start < end) { - if (etag->len > (size_t) (end - start)) { + if (weak + && end - start > 2 + && start[0] == 'W' + && start[1] == '/') + { + start += 2; + } + + if (etag.len > (size_t) (end - start)) { return 0; } - if (ngx_strncmp(start, etag->data, etag->len) != 0) { + if (ngx_strncmp(start, etag.data, etag.len) != 0) { goto skip; } - start += etag->len; + start += etag.len; while (start < end) { ch = *start;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_proxy_module.c ^
@@ -677,7 +677,7 @@ { ngx_string("If-Modified-Since"), ngx_string("$upstream_cache_last_modified") }, { ngx_string("If-Unmodified-Since"), ngx_string("") }, - { ngx_string("If-None-Match"), ngx_string("") }, + { ngx_string("If-None-Match"), ngx_string("$upstream_cache_etag") }, { ngx_string("If-Match"), ngx_string("") }, { ngx_string("Range"), ngx_string("") }, { ngx_string("If-Range"), ngx_string("") },
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_scgi_module.c ^
@@ -379,7 +379,7 @@ { ngx_string("HTTP_IF_MODIFIED_SINCE"), ngx_string("$upstream_cache_last_modified") }, { ngx_string("HTTP_IF_UNMODIFIED_SINCE"), ngx_string("") }, - { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("") }, + { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("$upstream_cache_etag") }, { ngx_string("HTTP_IF_MATCH"), ngx_string("") }, { ngx_string("HTTP_RANGE"), ngx_string("") }, { ngx_string("HTTP_IF_RANGE"), ngx_string("") },
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_ssi_filter_module.c ^
@@ -369,10 +369,13 @@ if (r == r->main) { ngx_http_clear_content_length(r); ngx_http_clear_accept_ranges(r); - ngx_http_clear_etag(r); if (!slcf->last_modified) { ngx_http_clear_last_modified(r); + ngx_http_clear_etag(r); + + } else { + ngx_http_weak_etag(r); } }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_ssl_module.c ^
@@ -43,6 +43,8 @@ static char ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void conf); +static char ngx_http_ssl_password_file(ngx_conf_t cf, ngx_command_t cmd, + void conf); static char ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void conf); @@ -91,6 +93,13 @@ offsetof(ngx_http_ssl_srv_conf_t, certificate_key), NULL }, + { ngx_string("ssl_password_file"), + NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1, + ngx_http_ssl_password_file, + NGX_HTTP_SRV_CONF_OFFSET, + 0, + NULL }, + { ngx_string("ssl_dhparam"), NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1, ngx_conf_set_str_slot, @@ -514,6 +523,7 @@ sscf->buffer_size = NGX_CONF_UNSET_SIZE; sscf->verify = NGX_CONF_UNSET_UINT; sscf->verify_depth = NGX_CONF_UNSET_UINT; + sscf->passwords = NGX_CONF_UNSET_PTR; sscf->builtin_session_cache = NGX_CONF_UNSET; sscf->session_timeout = NGX_CONF_UNSET; sscf->session_tickets = NGX_CONF_UNSET; @@ -563,6 +573,8 @@ ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); + ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL); + ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, @@ -652,7 +664,7 @@ cln->data = &conf->ssl; if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, - &conf->certificate_key) + &conf->certificate_key, conf->passwords) != NGX_OK) { return NGX_CONF_ERROR; @@ -779,6 +791,29 @@ return NGX_CONF_OK; } + + +static char * +ngx_http_ssl_password_file(ngx_conf_t cf, ngx_command_t cmd, void conf) +{ + ngx_http_ssl_srv_conf_t sscf = conf; + + ngx_str_t value; + + if (sscf->passwords != NGX_CONF_UNSET_PTR) { + return "is duplicate"; + } + + value = cf->args->elts; + + sscf->passwords = ngx_ssl_read_password_file(cf, &value[1]); + + if (sscf->passwords == NULL) { + return NGX_CONF_ERROR; + } + + return NGX_CONF_OK; +} static char
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_ssl_module.h ^
@@ -42,6 +42,8 @@ ngx_str_t ciphers; + ngx_array_t passwords; + ngx_shm_zone_t shm_zone; ngx_flag_t session_tickets;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_sub_filter_module.c ^
@@ -175,10 +175,13 @@ if (r == r->main) { ngx_http_clear_content_length(r); - ngx_http_clear_etag(r); if (!slcf->last_modified) { ngx_http_clear_last_modified(r); + ngx_http_clear_etag(r); + + } else { + ngx_http_weak_etag(r); } }
[-] [+]	Added	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_upstream_hash_module.c ^
@@ -0,0 +1,631 @@ + +/* + * Copyright (C) Roman Arutyunyan + * Copyright (C) Nginx, Inc. + / + + +#include <ngx_config.h> +#include <ngx_core.h> +#include <ngx_http.h> + + +typedef struct { + uint32_t hash; + ngx_str_t server; +} ngx_http_upstream_chash_point_t; + + +typedef struct { + ngx_uint_t number; + ngx_http_upstream_chash_point_t point[1]; +} ngx_http_upstream_chash_points_t; + + +typedef struct { + ngx_http_complex_value_t key; + ngx_http_upstream_chash_points_t points; +} ngx_http_upstream_hash_srv_conf_t; + + +typedef struct { + / the round robin data must be first / + ngx_http_upstream_rr_peer_data_t rrp; + ngx_http_upstream_hash_srv_conf_t conf; + ngx_str_t key; + ngx_uint_t tries; + ngx_uint_t rehash; + uint32_t hash; + ngx_event_get_peer_pt get_rr_peer; +} ngx_http_upstream_hash_peer_data_t; + + +static ngx_int_t ngx_http_upstream_init_hash(ngx_conf_t cf, + ngx_http_upstream_srv_conf_t us); +static ngx_int_t ngx_http_upstream_init_hash_peer(ngx_http_request_t r, + ngx_http_upstream_srv_conf_t us); +static ngx_int_t ngx_http_upstream_get_hash_peer(ngx_peer_connection_t pc, + void data); + +static ngx_int_t ngx_http_upstream_init_chash(ngx_conf_t cf, + ngx_http_upstream_srv_conf_t us); +static void ngx_http_upstream_add_chash_point( + ngx_http_upstream_chash_points_t points, uint32_t hash, ngx_str_t server); +static ngx_uint_t ngx_http_upstream_find_chash_point( + ngx_http_upstream_chash_points_t points, uint32_t hash); +static ngx_int_t ngx_http_upstream_init_chash_peer(ngx_http_request_t r, + ngx_http_upstream_srv_conf_t us); +static ngx_int_t ngx_http_upstream_get_chash_peer(ngx_peer_connection_t pc, + void data); + +static void ngx_http_upstream_hash_create_conf(ngx_conf_t cf); +static char ngx_http_upstream_hash(ngx_conf_t cf, ngx_command_t cmd, + void conf); + + +static ngx_command_t ngx_http_upstream_hash_commands[] = { + + { ngx_string("hash"), + NGX_HTTP_UPS_CONF\|NGX_CONF_TAKE12, + ngx_http_upstream_hash, + NGX_HTTP_SRV_CONF_OFFSET, + 0, + NULL }, + + ngx_null_command +}; + + +static ngx_http_module_t ngx_http_upstream_hash_module_ctx = { + NULL, / preconfiguration / + NULL, / postconfiguration / + + NULL, / create main configuration / + NULL, / init main configuration / + + ngx_http_upstream_hash_create_conf, / create server configuration / + NULL, / merge server configuration / + + NULL, / create location configuration / + NULL / merge location configuration / +}; + + +ngx_module_t ngx_http_upstream_hash_module = { + NGX_MODULE_V1, + &ngx_http_upstream_hash_module_ctx, / module context / + ngx_http_upstream_hash_commands, / module directives / + NGX_HTTP_MODULE, / module type / + NULL, / init master / + NULL, / init module / + NULL, / init process / + NULL, / init thread / + NULL, / exit thread / + NULL, / exit process / + NULL, / exit master / + NGX_MODULE_V1_PADDING +}; + + +static ngx_int_t +ngx_http_upstream_init_hash(ngx_conf_t cf, ngx_http_upstream_srv_conf_t us) +{ + if (ngx_http_upstream_init_round_robin(cf, us) != NGX_OK) { + return NGX_ERROR; + } + + us->peer.init = ngx_http_upstream_init_hash_peer; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_upstream_init_hash_peer(ngx_http_request_t r, + ngx_http_upstream_srv_conf_t us) +{ + ngx_http_upstream_hash_srv_conf_t hcf; + ngx_http_upstream_hash_peer_data_t hp; + + hp = ngx_palloc(r->pool, sizeof(ngx_http_upstream_hash_peer_data_t)); + if (hp == NULL) { + return NGX_ERROR; + } + + r->upstream->peer.data = &hp->rrp; + + if (ngx_http_upstream_init_round_robin_peer(r, us) != NGX_OK) { + return NGX_ERROR; + } + + r->upstream->peer.get = ngx_http_upstream_get_hash_peer; + + hcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_hash_module); + + if (ngx_http_complex_value(r, &hcf->key, &hp->key) != NGX_OK) { + return NGX_ERROR; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "upstream hash key:\"%V\"", &hp->key); + + hp->conf = hcf; + hp->tries = 0; + hp->rehash = 0; + hp->hash = 0; + hp->get_rr_peer = ngx_http_upstream_get_round_robin_peer; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_upstream_get_hash_peer(ngx_peer_connection_t pc, void data) +{ + ngx_http_upstream_hash_peer_data_t hp = data; + + time_t now; + u_char buf[NGX_INT_T_LEN]; + size_t size; + uint32_t hash; + ngx_int_t w; + uintptr_t m; + ngx_uint_t i, n, p; + ngx_http_upstream_rr_peer_t peer; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "get hash peer, try: %ui", pc->tries); + + if (hp->tries > 20 \|\| hp->rrp.peers->single) { + return hp->get_rr_peer(pc, &hp->rrp); + } + + now = ngx_time(); + + pc->cached = 0; + pc->connection = NULL; + + for ( ;; ) { + + / + * Hash expression is compatible with Cache::Memcached: + * ((crc32([REHASH] KEY) >> 16) & 0x7fff) + PREV_HASH + * with REHASH omitted at the first iteration. + / + + ngx_crc32_init(hash); + + if (hp->rehash > 0) { + size = ngx_sprintf(buf, "%ui", hp->rehash) - buf; + ngx_crc32_update(&hash, buf, size); + } + + ngx_crc32_update(&hash, hp->key.data, hp->key.len); + ngx_crc32_final(hash); + + hash = (hash >> 16) & 0x7fff; + + hp->hash += hash; + hp->rehash++; + + if (!hp->rrp.peers->weighted) { + p = hp->hash % hp->rrp.peers->number; + + } else { + w = hp->hash % hp->rrp.peers->total_weight; + + for (i = 0; i < hp->rrp.peers->number; i++) { + w -= hp->rrp.peers->peer[i].weight; + if (w < 0) { + break; + } + } + + p = i; + } + + n = p / (8 sizeof(uintptr_t)); + m = (uintptr_t) 1 << p % (8 * sizeof(uintptr_t)); + + if (hp->rrp.tried[n] & m) { + goto next; + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "get hash peer, value:%uD, peer:%ui", hp->hash, p); + + peer = &hp->rrp.peers->peer[p]; + + if (peer->down) { + goto next; + } + + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) + { + goto next; + } + + break; + + next: + + if (++hp->tries > 20) { + return hp->get_rr_peer(pc, &hp->rrp); + } + } + + hp->rrp.current = p; + + pc->sockaddr = peer->sockaddr; + pc->socklen = peer->socklen; + pc->name = &peer->name; + + if (now - peer->checked > peer->fail_timeout) { + peer->checked = now; + } + + hp->rrp.tried[n] \|= m; + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_upstream_init_chash(ngx_conf_t cf, ngx_http_upstream_srv_conf_t us) +{ + u_char host, port, c; + size_t host_len, port_len, size; + uint32_t hash, base_hash, prev_hash; + ngx_str_t server; + ngx_uint_t npoints, i, j; + ngx_http_upstream_rr_peer_t peer; + ngx_http_upstream_rr_peers_t peers; + ngx_http_upstream_chash_points_t points; + ngx_http_upstream_hash_srv_conf_t hcf; + + if (ngx_http_upstream_init_round_robin(cf, us) != NGX_OK) { + return NGX_ERROR; + } + + us->peer.init = ngx_http_upstream_init_chash_peer; + + peers = us->peer.data; + npoints = peers->total_weight 160; + + size = sizeof(ngx_http_upstream_chash_points_t) + + sizeof(ngx_http_upstream_chash_point_t) * (npoints - 1); + + points = ngx_palloc(cf->pool, size); + if (points == NULL) { + return NGX_ERROR; + } + + points->number = 0; + + for (i = 0; i < peers->number; i++) { + peer = &peers->peer[i]; + server = &peer->server; + + /* + * Hash expression is compatible with Cache::Memcached::Fast: + * crc32(HOST \0 PORT PREV_HASH). + / + + if (server->len >= 5 + && ngx_strncasecmp(server->data, (u_char ) "unix:", 5) == 0) + { + host = server->data + 5; + host_len = server->len - 5; + port = NULL; + port_len = 0; + goto done; + } + + for (j = 0; j < server->len; j++) { + c = server->data[server->len - j - 1]; + + if (c == ':') { + host = server->data; + host_len = server->len - j - 1; + port = server->data + server->len - j; + port_len = j; + goto done; + } + + if (c < '0' \|\| c > '9') { + break; + } + } + + host = server->data; + host_len = server->len; + port = NULL; + port_len = 0; + + done: + + ngx_crc32_init(base_hash); + ngx_crc32_update(&base_hash, host, host_len); + ngx_crc32_update(&base_hash, (u_char ) "", 1); + ngx_crc32_update(&base_hash, port, port_len); + + prev_hash = 0; + npoints = peer->weight 160; + + for (j = 0; j < npoints; j++) { + hash = base_hash; + + ngx_crc32_update(&hash, (u_char ) &prev_hash, sizeof(uint32_t)); + ngx_crc32_final(hash); + + ngx_http_upstream_add_chash_point(points, hash, &peer->server); + + prev_hash = hash; + } + } + + hcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_hash_module); + hcf->points = points; + + return NGX_OK; +} + + +static void +ngx_http_upstream_add_chash_point(ngx_http_upstream_chash_points_t points, + uint32_t hash, ngx_str_t server) +{ + size_t size; + ngx_uint_t i; + ngx_http_upstream_chash_point_t point; + + i = ngx_http_upstream_find_chash_point(points, hash); + point = &points->point[i]; + + if (point->hash == hash) { + return; + } + + size = (points->number - i) * sizeof(ngx_http_upstream_chash_point_t); + + ngx_memmove(point + 1, point, size); + + points->number++; + point->hash = hash; + point->server = server; +} + + +static ngx_uint_t +ngx_http_upstream_find_chash_point(ngx_http_upstream_chash_points_t points, + uint32_t hash) +{ + ngx_uint_t i, j, k; + ngx_http_upstream_chash_point_t point; + + /* find first point >= hash / + + point = &points->point[0]; + + i = 0; + j = points->number; + + while (i < j) { + k = (i + j) / 2; + + if (hash > point[k].hash) { + i = k + 1; + + } else if (hash < point[k].hash) { + j = k; + + } else { + return k; + } + } + + return i; +} + + +static ngx_int_t +ngx_http_upstream_init_chash_peer(ngx_http_request_t r, + ngx_http_upstream_srv_conf_t us) +{ + uint32_t hash; + ngx_http_upstream_hash_srv_conf_t hcf; + ngx_http_upstream_hash_peer_data_t hp; + + if (ngx_http_upstream_init_hash_peer(r, us) != NGX_OK) { + return NGX_ERROR; + } + + r->upstream->peer.get = ngx_http_upstream_get_chash_peer; + + hp = r->upstream->peer.data; + hcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_hash_module); + + hash = ngx_crc32_long(hp->key.data, hp->key.len); + hp->hash = ngx_http_upstream_find_chash_point(hcf->points, hash); + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_upstream_get_chash_peer(ngx_peer_connection_t pc, void data) +{ + ngx_http_upstream_hash_peer_data_t hp = data; + + time_t now; + intptr_t m; + ngx_str_t server; + ngx_int_t total; + ngx_uint_t i, n; + ngx_http_upstream_rr_peer_t peer, best; + ngx_http_upstream_chash_point_t point; + ngx_http_upstream_chash_points_t points; + ngx_http_upstream_hash_srv_conf_t hcf; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "get consistent hash peer, try: %ui", pc->tries); + + pc->cached = 0; + pc->connection = NULL; + + now = ngx_time(); + hcf = hp->conf; + + points = hcf->points; + point = &points->point[0]; + + for ( ;; ) { + server = point[hp->hash % points->number].server; + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "consistent hash peer:%uD, server:\"%V\"", + hp->hash, server); + + best = NULL; + total = 0; + + for (i = 0; i < hp->rrp.peers->number; i++) { + + n = i / (8 * sizeof(uintptr_t)); + m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t)); + + if (hp->rrp.tried[n] & m) { + continue; + } + + peer = &hp->rrp.peers->peer[i]; + + if (peer->down) { + continue; + } + + if (peer->server.len != server->len + \|\| ngx_strncmp(peer->server.data, server->data, server->len) + != 0) + { + continue; + } + + if (peer->max_fails + && peer->fails >= peer->max_fails + && now - peer->checked <= peer->fail_timeout) + { + continue; + } + + peer->current_weight += peer->effective_weight; + total += peer->effective_weight; + + if (peer->effective_weight < peer->weight) { + peer->effective_weight++; + } + + if (best == NULL \|\| peer->current_weight > best->current_weight) { + best = peer; + } + } + + if (best) { + best->current_weight -= total; + + i = best - &hp->rrp.peers->peer[0]; + + hp->rrp.current = i; + + n = i / (8 * sizeof(uintptr_t)); + m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t)); + + hp->rrp.tried[n] \|= m; + + if (now - best->checked > best->fail_timeout) { + best->checked = now; + } + + pc->sockaddr = best->sockaddr; + pc->socklen = best->socklen; + pc->name = &best->name; + + return NGX_OK; + } + + hp->hash++; + hp->tries++; + + if (hp->tries >= points->number) { + return NGX_BUSY; + } + } +} + + +static void * +ngx_http_upstream_hash_create_conf(ngx_conf_t cf) +{ + ngx_http_upstream_hash_srv_conf_t conf; + + conf = ngx_palloc(cf->pool, sizeof(ngx_http_upstream_hash_srv_conf_t)); + if (conf == NULL) { + return NULL; + } + + conf->points = NULL; + + return conf; +} + + +static char * +ngx_http_upstream_hash(ngx_conf_t cf, ngx_command_t cmd, void conf) +{ + ngx_http_upstream_hash_srv_conf_t hcf = conf; + + ngx_str_t value; + ngx_http_upstream_srv_conf_t uscf; + ngx_http_compile_complex_value_t ccv; + + value = cf->args->elts; + + ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t)); + + ccv.cf = cf; + ccv.value = &value[1]; + ccv.complex_value = &hcf->key; + + if (ngx_http_compile_complex_value(&ccv) != NGX_OK) { + return NGX_CONF_ERROR; + } + + uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module); + + if (uscf->peer.init_upstream) { + ngx_conf_log_error(NGX_LOG_WARN, cf, 0, + "load balancing method redefined"); + } + + uscf->flags = NGX_HTTP_UPSTREAM_CREATE + \|NGX_HTTP_UPSTREAM_WEIGHT + \|NGX_HTTP_UPSTREAM_MAX_FAILS + \|NGX_HTTP_UPSTREAM_FAIL_TIMEOUT + \|NGX_HTTP_UPSTREAM_DOWN; + + if (cf->args->nelts == 2) { + uscf->peer.init_upstream = ngx_http_upstream_init_hash; + + } else if (ngx_strcmp(value[2].data, "consistent") == 0) { + uscf->peer.init_upstream = ngx_http_upstream_init_chash; + + } else { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter \"%V\"", &value[2]); + return NGX_CONF_ERROR; + } + + return NGX_CONF_OK; +}
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_uwsgi_module.c ^
@@ -507,7 +507,7 @@ { ngx_string("HTTP_IF_MODIFIED_SINCE"), ngx_string("$upstream_cache_last_modified") }, { ngx_string("HTTP_IF_UNMODIFIED_SINCE"), ngx_string("") }, - { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("") }, + { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("$upstream_cache_etag") }, { ngx_string("HTTP_IF_MATCH"), ngx_string("") }, { ngx_string("HTTP_RANGE"), ngx_string("") }, { ngx_string("HTTP_IF_RANGE"), ngx_string("") },
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/modules/ngx_http_xslt_filter_module.c ^
@@ -337,12 +337,14 @@ r->headers_out.content_length = NULL; } - ngx_http_clear_etag(r); - conf = ngx_http_get_module_loc_conf(r, ngx_http_xslt_filter_module); if (!conf->last_modified) { ngx_http_clear_last_modified(r); + ngx_http_clear_etag(r); + + } else { + ngx_http_weak_etag(r); } }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http.c ^
@@ -742,7 +742,7 @@ if (named) { clcfp = ngx_palloc(cf->pool, - (n + 1) * sizeof(ngx_http_core_loc_conf_t *)); + (n + 1) sizeof(ngx_http_core_loc_conf_t )); if (clcfp == NULL) { return NGX_ERROR; } @@ -768,7 +768,7 @@ if (regex) { clcfp = ngx_palloc(cf->pool, - (r + 1) sizeof(ngx_http_core_loc_conf_t *)); + (r + 1) sizeof(ngx_http_core_loc_conf_t *)); if (clcfp == NULL) { return NGX_ERROR; }
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_cache.h ^
@@ -24,6 +24,9 @@ #define NGX_HTTP_CACHE_SCARCE 8 #define NGX_HTTP_CACHE_KEY_LEN 16 +#define NGX_HTTP_CACHE_ETAG_LEN 42 + +#define NGX_HTTP_CACHE_VERSION 2 typedef struct { @@ -67,6 +70,8 @@ time_t last_modified; time_t date; + ngx_str_t etag; + size_t header_start; size_t body_start; off_t length; @@ -97,6 +102,7 @@ typedef struct { + ngx_uint_t version; time_t valid_sec; time_t last_modified; time_t date; @@ -104,6 +110,8 @@ u_short valid_msec; u_short header_start; u_short body_start; + u_char etag_len; + u_char etag[NGX_HTTP_CACHE_ETAG_LEN]; } ngx_http_file_cache_header_t;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_core_module.c ^
@@ -1851,6 +1851,46 @@ } +void +ngx_http_weak_etag(ngx_http_request_t r) +{ + size_t len; + u_char p; + ngx_table_elt_t etag; + + etag = r->headers_out.etag; + + if (etag == NULL) { + return; + } + + if (etag->value.len > 2 + && etag->value.data[0] == 'W' + && etag->value.data[1] == '/') + { + return; + } + + if (etag->value.len < 1 \|\| etag->value.data[0] != '"') { + r->headers_out.etag->hash = 0; + r->headers_out.etag = NULL; + return; + } + + p = ngx_pnalloc(r->pool, etag->value.len + 2); + if (p == NULL) { + r->headers_out.etag->hash = 0; + r->headers_out.etag = NULL; + return; + } + + len = ngx_sprintf(p, "W/%V", &etag->value) - p; + + etag->value.data = p; + etag->value.len = len; +} + + ngx_int_t ngx_http_send_response(ngx_http_request_t r, ngx_uint_t status, ngx_str_t ct, ngx_http_complex_value_t cv) @@ -4789,7 +4829,8 @@ tf[i].name = value[i + 1]; if (tf[i].name.len > 0 - && tf[i].name.data[tf[i].name.len - 1] == '/') + && tf[i].name.data[tf[i].name.len - 1] == '/' + && i + 2 < cf->args->nelts) { tf[i].test_dir = 1; tf[i].name.len--;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_core_module.h ^
@@ -501,6 +501,7 @@ ngx_int_t ngx_http_set_content_type(ngx_http_request_t r); void ngx_http_set_exten(ngx_http_request_t r); ngx_int_t ngx_http_set_etag(ngx_http_request_t r); +void ngx_http_weak_etag(ngx_http_request_t r); ngx_int_t ngx_http_send_response(ngx_http_request_t r, ngx_uint_t status, ngx_str_t ct, ngx_http_complex_value_t cv); u_char ngx_http_map_uri_to_path(ngx_http_request_t r, ngx_str_t name,
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_file_cache.c ^
@@ -498,6 +498,12 @@ h = (ngx_http_file_cache_header_t ) c->buf->pos; + if (h->version != NGX_HTTP_CACHE_VERSION) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "cache file \"%s\" version mismatch", c->file.name.data); + return NGX_DECLINED; + } + if (h->crc32 != c->crc32) { ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0, "cache file \"%s\" has md5 collision", c->file.name.data); @@ -519,6 +525,8 @@ c->valid_msec = h->valid_msec; c->header_start = h->header_start; c->body_start = h->body_start; + c->etag.len = h->etag_len; + c->etag.data = h->etag; r->cached = 1; @@ -678,8 +686,8 @@ goto done; } - fcn = ngx_slab_alloc_locked(cache->shpool, - sizeof(ngx_http_file_cache_node_t)); + fcn = ngx_slab_calloc_locked(cache->shpool, + sizeof(ngx_http_file_cache_node_t)); if (fcn == NULL) { ngx_shmtx_unlock(&cache->shpool->mutex); @@ -687,8 +695,8 @@ ngx_shmtx_lock(&cache->shpool->mutex); - fcn = ngx_slab_alloc_locked(cache->shpool, - sizeof(ngx_http_file_cache_node_t)); + fcn = ngx_slab_calloc_locked(cache->shpool, + sizeof(ngx_http_file_cache_node_t)); if (fcn == NULL) { rc = NGX_ERROR; goto failed; @@ -704,8 +712,6 @@ fcn->uses = 1; fcn->count = 1; - fcn->updating = 0; - fcn->deleting = 0; renew: @@ -877,6 +883,7 @@ ngx_memzero(h, sizeof(ngx_http_file_cache_header_t)); + h->version = NGX_HTTP_CACHE_VERSION; h->valid_sec = c->valid_sec; h->last_modified = c->last_modified; h->date = c->date; @@ -885,6 +892,11 @@ h->header_start = (u_short) c->header_start; h->body_start = (u_short) c->body_start; + if (c->etag.len <= NGX_HTTP_CACHE_ETAG_LEN) { + h->etag_len = (u_char) c->etag.len; + ngx_memcpy(h->etag, c->etag.data, c->etag.len); + } + p = buf + sizeof(ngx_http_file_cache_header_t); p = ngx_cpymem(p, ngx_http_file_cache_key, sizeof(ngx_http_file_cache_key)); @@ -1044,7 +1056,8 @@ goto done; } - if (h.last_modified != c->last_modified + if (h.version != NGX_HTTP_CACHE_VERSION + \|\| h.last_modified != c->last_modified \|\| h.crc32 != c->crc32 \|\| h.header_start != c->header_start \|\| h.body_start != c->body_start) @@ -1062,6 +1075,7 @@ ngx_memzero(&h, sizeof(ngx_http_file_cache_header_t)); + h.version = NGX_HTTP_CACHE_VERSION; h.valid_sec = c->valid_sec; h.last_modified = c->last_modified; h.date = c->date; @@ -1070,6 +1084,11 @@ h.header_start = (u_short) c->header_start; h.body_start = (u_short) c->body_start; + if (c->etag.len <= NGX_HTTP_CACHE_ETAG_LEN) { + h.etag_len = (u_char) c->etag.len; + ngx_memcpy(h.etag, c->etag.data, c->etag.len); + } + (void) ngx_write_file(&file, (u_char ) &h, sizeof(ngx_http_file_cache_header_t), 0); @@ -1618,8 +1637,8 @@ if (fcn == NULL) { - fcn = ngx_slab_alloc_locked(cache->shpool, - sizeof(ngx_http_file_cache_node_t)); + fcn = ngx_slab_calloc_locked(cache->shpool, + sizeof(ngx_http_file_cache_node_t)); if (fcn == NULL) { ngx_shmtx_unlock(&cache->shpool->mutex); return NGX_ERROR; @@ -1633,15 +1652,7 @@ ngx_rbtree_insert(&cache->sh->rbtree, &fcn->node); fcn->uses = 1; - fcn->count = 0; - fcn->valid_msec = 0; - fcn->error = 0; fcn->exists = 1; - fcn->updating = 0; - fcn->deleting = 0; - fcn->uniq = 0; - fcn->valid_sec = 0; - fcn->body_start = 0; fcn->fs_size = c->fs_size; cache->sh->size += c->fs_size;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_request.h ^
@@ -528,6 +528,7 @@ unsigned filter_need_temporary:1; unsigned allow_ranges:1; unsigned single_range:1; + unsigned disable_not_modified:1; #if (NGX_STAT_STUB) unsigned stat_reading:1;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_spdy.h ^
@@ -230,13 +230,16 @@ #else #define ngx_spdy_frame_write_uint16(p, s) \ - ((p)[0] = (u_char) (s) >> 8, (p)[1] = (u_char) (s), (p) + sizeof(uint16_t)) + ((p)[0] = (u_char) ((s) >> 8), \ + (p)[1] = (u_char) (s), \ + (p) + sizeof(uint16_t)) #define ngx_spdy_frame_write_uint32(p, s) \ - ((p)[0] = (u_char) (s) >> 24, \ - (p)[1] = (u_char) (s) >> 16, \ - (p)[2] = (u_char) (s) >> 8, \ - (p)[3] = (u_char) (s), (p) + sizeof(uint32_t)) + ((p)[0] = (u_char) ((s) >> 24), \ + (p)[1] = (u_char) ((s) >> 16), \ + (p)[2] = (u_char) ((s) >> 8), \ + (p)[3] = (u_char) (s), \ + (p) + sizeof(uint32_t)) #endif
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_upstream.c ^
@@ -19,6 +19,8 @@ ngx_http_variable_value_t v, uintptr_t data); static ngx_int_t ngx_http_upstream_cache_last_modified(ngx_http_request_t r, ngx_http_variable_value_t v, uintptr_t data); +static ngx_int_t ngx_http_upstream_cache_etag(ngx_http_request_t r, + ngx_http_variable_value_t v, uintptr_t data); #endif static void ngx_http_upstream_init_request(ngx_http_request_t r); @@ -87,6 +89,8 @@ ngx_table_elt_t h, ngx_uint_t offset); static ngx_int_t ngx_http_upstream_process_content_length(ngx_http_request_t r, ngx_table_elt_t h, ngx_uint_t offset); +static ngx_int_t ngx_http_upstream_process_last_modified(ngx_http_request_t r, + ngx_table_elt_t h, ngx_uint_t offset); static ngx_int_t ngx_http_upstream_process_set_cookie(ngx_http_request_t r, ngx_table_elt_t h, ngx_uint_t offset); static ngx_int_t @@ -174,8 +178,7 @@ ngx_http_upstream_copy_content_type, 0, 1 }, { ngx_string("Content-Length"), - ngx_http_upstream_process_content_length, - offsetof(ngx_http_upstream_headers_in_t, content_length), + ngx_http_upstream_process_content_length, 0, ngx_http_upstream_ignore_header_line, 0, 0 }, { ngx_string("Date"), @@ -185,8 +188,7 @@ offsetof(ngx_http_headers_out_t, date), 0 }, { ngx_string("Last-Modified"), - ngx_http_upstream_process_header_line, - offsetof(ngx_http_upstream_headers_in_t, last_modified), + ngx_http_upstream_process_last_modified, 0, ngx_http_upstream_copy_last_modified, 0, 0 }, { ngx_string("ETag"), @@ -367,6 +369,10 @@ ngx_http_upstream_cache_last_modified, 0, NGX_HTTP_VAR_NOCACHEABLE\|NGX_HTTP_VAR_NOHASH, 0 }, + { ngx_string("upstream_cache_etag"), NULL, + ngx_http_upstream_cache_etag, 0, + NGX_HTTP_VAR_NOCACHEABLE\|NGX_HTTP_VAR_NOHASH, 0 }, + #endif { ngx_null_string, NULL, NULL, 0, 0, 0 } @@ -1668,13 +1674,6 @@ c->tcp_nopush = NGX_TCP_NOPUSH_UNSET; } - ngx_add_timer(c->read, u->conf->read_timeout); - - if (c->read->ready) { - ngx_http_upstream_process_header(r, u); - return; - } - u->write_event_handler = ngx_http_upstream_dummy_handler; if (ngx_handle_write_event(c->write, 0) != NGX_OK) { @@ -1682,6 +1681,13 @@ NGX_HTTP_INTERNAL_SERVER_ERROR); return; } + + ngx_add_timer(c->read, u->conf->read_timeout); + + if (c->read->ready) { + ngx_http_upstream_process_header(r, u); + return; + } } @@ -2238,6 +2244,8 @@ r->headers_out.content_length_n = u->headers_in.content_length_n; + r->disable_not_modified = !u->cacheable; + u->length = -1; return NGX_OK; @@ -2349,21 +2357,17 @@ if (r->header_only) { - if (u->cacheable \|\| u->store) { - - if (ngx_shutdown_socket(c->fd, NGX_WRITE_SHUTDOWN) == -1) { - ngx_connection_error(c, ngx_socket_errno, - ngx_shutdown_socket_n " failed"); - } - - r->read_event_handler = ngx_http_request_empty_handler; - r->write_event_handler = ngx_http_request_empty_handler; - c->error = 1; + if (!u->buffering) { + ngx_http_upstream_finalize_request(r, u, rc); + return; + } - } else { + if (!u->cacheable && !u->store) { ngx_http_upstream_finalize_request(r, u, rc); return; } + + u->pipe->downstream_error = 1; } if (r->request_body && r->request_body->temp_file) { @@ -2492,15 +2496,18 @@ } if (valid) { - r->cache->last_modified = r->headers_out.last_modified_time; + r->cache->last_modified = u->headers_in.last_modified_time; r->cache->date = now; r->cache->body_start = (u_short) (u->buffer.pos - u->buffer.start); + if (u->headers_in.etag) { + r->cache->etag = u->headers_in.etag->value; + } + ngx_http_file_cache_set_header(r, u->buffer.start); } else { u->cacheable = 0; - r->headers_out.last_modified_time = -1; } } @@ -3730,6 +3737,29 @@ static ngx_int_t +ngx_http_upstream_process_last_modified(ngx_http_request_t r, + ngx_table_elt_t h, ngx_uint_t offset) +{ + ngx_http_upstream_t u; + + u = r->upstream; + + u->headers_in.last_modified = h; + +#if (NGX_HTTP_CACHE) + + if (u->cacheable) { + u->headers_in.last_modified_time = ngx_http_parse_time(h->value.data, + h->value.len); + } + +#endif + + return NGX_OK; +} + + +static ngx_int_t ngx_http_upstream_process_set_cookie(ngx_http_request_t r, ngx_table_elt_t h, ngx_uint_t offset) { @@ -4185,8 +4215,8 @@ #if (NGX_HTTP_CACHE) if (r->upstream->cacheable) { - r->headers_out.last_modified_time = ngx_http_parse_time(h->value.data, - h->value.len); + r->headers_out.last_modified_time = + r->upstream->headers_in.last_modified_time; } #endif @@ -4764,6 +4794,29 @@ return NGX_OK; } + +static ngx_int_t +ngx_http_upstream_cache_etag(ngx_http_request_t r, + ngx_http_variable_value_t v, uintptr_t data) +{ + if (r->upstream == NULL + \|\| !r->upstream->conf->cache_revalidate + \|\| r->upstream->cache_status != NGX_HTTP_CACHE_EXPIRED + \|\| r->cache->etag.len == 0) + { + v->not_found = 1; + return NGX_OK; + } + + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->len = r->cache->etag.len; + v->data = r->cache->etag.data; + + return NGX_OK; +} + #endif @@ -4851,6 +4904,12 @@ } } + uscf->servers = ngx_array_create(cf->pool, 4, + sizeof(ngx_http_upstream_server_t)); + if (uscf->servers == NULL) { + return NGX_CONF_ERROR; + } + /* parse inside upstream{} / @@ -4866,7 +4925,7 @@ return rv; } - if (uscf->servers == NULL) { + if (uscf->servers->nelts == 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "no servers are inside upstream"); return NGX_CONF_ERROR; @@ -4888,14 +4947,6 @@ ngx_uint_t i; ngx_http_upstream_server_t us; - if (uscf->servers == NULL) { - uscf->servers = ngx_array_create(cf->pool, 4, - sizeof(ngx_http_upstream_server_t)); - if (uscf->servers == NULL) { - return NGX_CONF_ERROR; - } - } - us = ngx_array_push(uscf->servers); if (us == NULL) { return NGX_CONF_ERROR; @@ -4905,20 +4956,6 @@ value = cf->args->elts; - ngx_memzero(&u, sizeof(ngx_url_t)); - - u.url = value[1]; - u.default_port = 80; - - if (ngx_parse_url(cf->pool, &u) != NGX_OK) { - if (u.err) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "%s in upstream \"%V\"", u.err, &u.url); - } - - return NGX_CONF_ERROR; - } - weight = 1; max_fails = 1; fail_timeout = 10; @@ -4998,6 +5035,21 @@ goto invalid; } + ngx_memzero(&u, sizeof(ngx_url_t)); + + u.url = value[1]; + u.default_port = 80; + + if (ngx_parse_url(cf->pool, &u) != NGX_OK) { + if (u.err) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "%s in upstream \"%V\"", u.err, &u.url); + } + + return NGX_CONF_ERROR; + } + + us->name = u.url; us->addrs = u.addrs; us->naddrs = u.naddrs; us->weight = weight;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_upstream.h ^
@@ -87,6 +87,7 @@ typedef struct { + ngx_str_t name; ngx_addr_t addrs; ngx_uint_t naddrs; ngx_uint_t weight; @@ -245,11 +246,12 @@ ngx_table_elt_t content_encoding; #endif - off_t content_length_n; - ngx_array_t cache_control; ngx_array_t cookies; + off_t content_length_n; + time_t last_modified_time; + unsigned connection_close:1; unsigned chunked:1; } ngx_http_upstream_headers_in_t;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_upstream_round_robin.c ^
@@ -30,6 +30,7 @@ ngx_url_t u; ngx_uint_t i, j, n, w; ngx_http_upstream_server_t server; + ngx_http_upstream_rr_peer_t peer; ngx_http_upstream_rr_peers_t peers, backup; us->peer.init = ngx_http_upstream_init_round_robin_peer; @@ -69,6 +70,7 @@ peers->name = &us->host; n = 0; + peer = peers->peer; for (i = 0; i < us->servers->nelts; i++) { if (server[i].backup) { @@ -76,15 +78,16 @@ } for (j = 0; j < server[i].naddrs; j++) { - peers->peer[n].sockaddr = server[i].addrs[j].sockaddr; - peers->peer[n].socklen = server[i].addrs[j].socklen; - peers->peer[n].name = server[i].addrs[j].name; - peers->peer[n].weight = server[i].weight; - peers->peer[n].effective_weight = server[i].weight; - peers->peer[n].current_weight = 0; - peers->peer[n].max_fails = server[i].max_fails; - peers->peer[n].fail_timeout = server[i].fail_timeout; - peers->peer[n].down = server[i].down; + peer[n].sockaddr = server[i].addrs[j].sockaddr; + peer[n].socklen = server[i].addrs[j].socklen; + peer[n].name = server[i].addrs[j].name; + peer[n].weight = server[i].weight; + peer[n].effective_weight = server[i].weight; + peer[n].current_weight = 0; + peer[n].max_fails = server[i].max_fails; + peer[n].fail_timeout = server[i].fail_timeout; + peer[n].down = server[i].down; + peer[n].server = server[i].name; n++; } } @@ -123,6 +126,7 @@ backup->name = &us->host; n = 0; + peer = backup->peer; for (i = 0; i < us->servers->nelts; i++) { if (!server[i].backup) { @@ -130,15 +134,16 @@ } for (j = 0; j < server[i].naddrs; j++) { - backup->peer[n].sockaddr = server[i].addrs[j].sockaddr; - backup->peer[n].socklen = server[i].addrs[j].socklen; - backup->peer[n].name = server[i].addrs[j].name; - backup->peer[n].weight = server[i].weight; - backup->peer[n].effective_weight = server[i].weight; - backup->peer[n].current_weight = 0; - backup->peer[n].max_fails = server[i].max_fails; - backup->peer[n].fail_timeout = server[i].fail_timeout; - backup->peer[n].down = server[i].down; + peer[n].sockaddr = server[i].addrs[j].sockaddr; + peer[n].socklen = server[i].addrs[j].socklen; + peer[n].name = server[i].addrs[j].name; + peer[n].weight = server[i].weight; + peer[n].effective_weight = server[i].weight; + peer[n].current_weight = 0; + peer[n].max_fails = server[i].max_fails; + peer[n].fail_timeout = server[i].fail_timeout; + peer[n].down = server[i].down; + peer[n].server = server[i].name; n++; } } @@ -187,15 +192,17 @@ peers->total_weight = n; peers->name = &us->host; + peer = peers->peer; + for (i = 0; i < u.naddrs; i++) { - peers->peer[i].sockaddr = u.addrs[i].sockaddr; - peers->peer[i].socklen = u.addrs[i].socklen; - peers->peer[i].name = u.addrs[i].name; - peers->peer[i].weight = 1; - peers->peer[i].effective_weight = 1; - peers->peer[i].current_weight = 0; - peers->peer[i].max_fails = 1; - peers->peer[i].fail_timeout = 10; + peer[i].sockaddr = u.addrs[i].sockaddr; + peer[i].socklen = u.addrs[i].socklen; + peer[i].name = u.addrs[i].name; + peer[i].weight = 1; + peer[i].effective_weight = 1; + peer[i].current_weight = 0; + peer[i].max_fails = 1; + peer[i].fail_timeout = 10; } us->peer.data = peers; @@ -269,6 +276,7 @@ socklen_t socklen; ngx_uint_t i, n; struct sockaddr sockaddr; + ngx_http_upstream_rr_peer_t peer; ngx_http_upstream_rr_peers_t peers; ngx_http_upstream_rr_peer_data_t rrp; @@ -293,15 +301,17 @@ peers->number = ur->naddrs; peers->name = &ur->host; + peer = peers->peer; + if (ur->sockaddr) { - peers->peer[0].sockaddr = ur->sockaddr; - peers->peer[0].socklen = ur->socklen; - peers->peer[0].name = ur->host; - peers->peer[0].weight = 1; - peers->peer[0].effective_weight = 1; - peers->peer[0].current_weight = 0; - peers->peer[0].max_fails = 1; - peers->peer[0].fail_timeout = 10; + peer[0].sockaddr = ur->sockaddr; + peer[0].socklen = ur->socklen; + peer[0].name = ur->host; + peer[0].weight = 1; + peer[0].effective_weight = 1; + peer[0].current_weight = 0; + peer[0].max_fails = 1; + peer[0].fail_timeout = 10; } else { @@ -333,15 +343,15 @@ len = ngx_sock_ntop(sockaddr, socklen, p, NGX_SOCKADDR_STRLEN, 1); - peers->peer[i].sockaddr = sockaddr; - peers->peer[i].socklen = socklen; - peers->peer[i].name.len = len; - peers->peer[i].name.data = p; - peers->peer[i].weight = 1; - peers->peer[i].effective_weight = 1; - peers->peer[i].current_weight = 0; - peers->peer[i].max_fails = 1; - peers->peer[i].fail_timeout = 10; + peer[i].sockaddr = sockaddr; + peer[i].socklen = socklen; + peer[i].name.len = len; + peer[i].name.data = p; + peer[i].weight = 1; + peer[i].effective_weight = 1; + peer[i].current_weight = 0; + peer[i].max_fails = 1; + peer[i].fail_timeout = 10; } } @@ -387,13 +397,15 @@ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, "get rr peer, try: %ui", pc->tries); - /* ngx_lock_mutex(rrp->peers->mutex); / - pc->cached = 0; pc->connection = NULL; - if (rrp->peers->single) { - peer = &rrp->peers->peer[0]; + peers = rrp->peers; + + / ngx_lock_mutex(peers->mutex); / + + if (peers->single) { + peer = &peers->peer[0]; if (peer->down) { goto failed; @@ -418,18 +430,16 @@ pc->socklen = peer->socklen; pc->name = &peer->name; - / ngx_unlock_mutex(rrp->peers->mutex); / + / ngx_unlock_mutex(peers->mutex); / - if (pc->tries == 1 && rrp->peers->next) { - pc->tries += rrp->peers->next->number; + if (pc->tries == 1 && peers->next) { + pc->tries += peers->next->number; } return NGX_OK; failed: - peers = rrp->peers; - if (peers->next) { / ngx_unlock_mutex(peers->mutex); */
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/http/ngx_http_upstream_round_robin.h ^
@@ -18,6 +18,7 @@ struct sockaddr *sockaddr; socklen_t socklen; ngx_str_t name; + ngx_str_t server; ngx_int_t current_weight; ngx_int_t effective_weight;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/mail/ngx_mail_ssl_module.c ^
@@ -21,6 +21,8 @@ void conf); static char ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t cmd, void conf); +static char ngx_mail_ssl_password_file(ngx_conf_t cf, ngx_command_t cmd, + void conf); static char ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void conf); @@ -74,6 +76,13 @@ offsetof(ngx_mail_ssl_conf_t, certificate_key), NULL }, + { ngx_string("ssl_password_file"), + NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1, + ngx_mail_ssl_password_file, + NGX_MAIL_SRV_CONF_OFFSET, + 0, + NULL }, + { ngx_string("ssl_dhparam"), NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1, ngx_conf_set_str_slot, @@ -195,6 +204,7 @@ scf->enable = NGX_CONF_UNSET; scf->starttls = NGX_CONF_UNSET_UINT; + scf->passwords = NGX_CONF_UNSET_PTR; scf->prefer_server_ciphers = NGX_CONF_UNSET; scf->builtin_session_cache = NGX_CONF_UNSET; scf->session_timeout = NGX_CONF_UNSET; @@ -231,6 +241,8 @@ ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); + ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL); + ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, @@ -302,7 +314,7 @@ cln->data = &conf->ssl; if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, - &conf->certificate_key) + &conf->certificate_key, conf->passwords) != NGX_OK) { return NGX_CONF_ERROR; @@ -419,6 +431,29 @@ return NGX_CONF_OK; } + + +static char +ngx_mail_ssl_password_file(ngx_conf_t cf, ngx_command_t cmd, void conf) +{ + ngx_mail_ssl_conf_t scf = conf; + + ngx_str_t value; + + if (scf->passwords != NGX_CONF_UNSET_PTR) { + return "is duplicate"; + } + + value = cf->args->elts; + + scf->passwords = ngx_ssl_read_password_file(cf, &value[1]); + + if (scf->passwords == NULL) { + return NGX_CONF_ERROR; + } + + return NGX_CONF_OK; +} static char
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/mail/ngx_mail_ssl_module.h ^
@@ -39,6 +39,8 @@ ngx_str_t ciphers; + ngx_array_t passwords; + ngx_shm_zone_t shm_zone; ngx_flag_t session_tickets;
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/os/unix/ngx_darwin_config.h ^
@@ -9,9 +9,6 @@ #define _NGX_DARWIN_CONFIG_H_INCLUDED_ -#define MAC_OS_X_VERSION_MIN_REQUIRED MAC_OS_X_VERSION_10_0 - - #include <sys/types.h> #include <sys/time.h> #include <unistd.h>
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/os/unix/ngx_darwin_sendfile_chain.c ^
@@ -13,7 +13,7 @@ /* * It seems that Darwin 9.4 (Mac OS X 1.5) sendfile() has the same * old bug as early FreeBSD sendfile() syscall: - * http://www.freebsd.org/cgi/query-pr.cgi?pr=33771 + * http://bugs.freebsd.org/33771 * * Besides sendfile() has another bug: if one calls sendfile() * with both a header and a trailer, then sendfile() ignores a file part
[-] [+]	Changed	nginx-1.7.3.tar.gz/src/os/unix/ngx_freebsd_sendfile_chain.c ^
@@ -265,7 +265,7 @@ /* * the "nbytes bug" of the old sendfile() syscall: - * http://www.freebsd.org/cgi/query-pr.cgi?pr=33771 + * http://bugs.freebsd.org/33771 */ if (!ngx_freebsd_sendfile_nbytes_bug) {