|
[-]
[+]
|
Changed |
nginx.spec
|
|
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/CHANGES
^
|
| @@ -1,4 +1,47 @@
+Changes with nginx 1.7.3 08 Jul 2014
+
+ *) Feature: weak entity tags are now preserved on response
+ modifications, and strong ones are changed to weak.
+
+ *) Feature: cache revalidation now uses If-None-Match header if
+ possible.
+
+ *) Feature: the "ssl_password_file" directive.
+
+ *) Bugfix: the If-None-Match request header line was ignored if there
+ was no Last-Modified header in a response returned from cache.
+
+ *) Bugfix: "peer closed connection in SSL handshake" messages were
+ logged at "info" level instead of "error" while connecting to
+ backends.
+
+ *) Bugfix: in the ngx_http_dav_module module in nginx/Windows.
+
+ *) Bugfix: SPDY connections might be closed prematurely if caching was
+ used.
+
+
+Changes with nginx 1.7.2 17 Jun 2014
+
+ *) Feature: the "hash" directive inside the "upstream" block.
+
+ *) Feature: defragmentation of free shared memory blocks.
+ Thanks to Wandenberg Peixoto and Yichun Zhang.
+
+ *) Bugfix: a segmentation fault might occur in a worker process if the
+ default value of the "access_log" directive was used; the bug had
+ appeared in 1.7.0.
+ Thanks to Piotr Sikora.
+
+ *) Bugfix: trailing slash was mistakenly removed from the last parameter
+ of the "try_files" directive.
+
+ *) Bugfix: nginx could not be built on OS X in some cases.
+
+ *) Bugfix: in the ngx_http_spdy_module.
+
+
Changes with nginx 1.7.1 27 May 2014
*) Feature: the "$upstream_cookie_..." variables.
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/CHANGES.ru
^
|
| @@ -1,4 +1,47 @@
+Изменения в nginx 1.7.3 08.07.2014
+
+ *) Добавление: weak entity tags теперь не удаляются при изменениях
+ ответа, а strong entity tags преобразуются в weak.
+
+ *) Добавление: ревалидация элементов кэша теперь, если это возможно,
+ использует заголовок If-None-Match.
+
+ *) Добавление: директива ssl_password_file.
+
+ *) Исправление: при возврате ответа из кэша заголовок запроса
+ If-None-Match игнорировался, если в ответе не было заголовка
+ Last-Modified.
+
+ *) Исправление: сообщения "peer closed connection in SSL handshake" при
+ соединении с бэкендами логгировались на уровне info вместо error.
+
+ *) Исправление: в модуле ngx_http_dav_module в nginx/Windows.
+
+ *) Исправление: SPDY-соединения могли неожиданно закрываться, если
+ использовалось кэширование.
+
+
+Изменения в nginx 1.7.2 17.06.2014
+
+ *) Добавление: директива hash в блоке upstream.
+
+ *) Добавление: дефрагментация свободных блоков разделяемой памяти.
+ Спасибо Wandenberg Peixoto и Yichun Zhang.
+
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
+ если использовалось значение access_log по умолчанию; ошибка
+ появилась в 1.7.0.
+ Спасибо Piotr Sikora.
+
+ *) Исправление: завершающий слэш ошибочно удалялся из последнего
+ параметра директивы try_files.
+
+ *) Исправление: nginx мог не собираться на OS X.
+
+ *) Исправление: в модуле ngx_http_spdy_module.
+
+
Изменения в nginx 1.7.1 27.05.2014
*) Добавление: переменные "$upstream_cookie_...".
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/auto/cc/clang
^
|
| @@ -88,6 +88,11 @@
# we have a lot of unused function arguments
CFLAGS="$CFLAGS -Wno-unused-parameter"
+# deprecated system OpenSSL library on OS X
+if [ "$NGX_SYSTEM" = "Darwin" ]; then
+ CFLAGS="$CFLAGS -Wno-deprecated-declarations"
+fi
+
# stop on warning
CFLAGS="$CFLAGS -Werror"
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/auto/cc/gcc
^
|
| @@ -158,6 +158,11 @@
CFLAGS="$CFLAGS -Wno-unused-parameter"
# 4.2.1 shows the warning in wrong places
#CFLAGS="$CFLAGS -Wunreachable-code"
+
+ # deprecated system OpenSSL library on OS X
+ if [ "$NGX_SYSTEM" = "Darwin" ]; then
+ CFLAGS="$CFLAGS -Wno-deprecated-declarations"
+ fi
;;
*)
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/auto/lib/perl/conf
^
|
| @@ -41,6 +41,8 @@
ngx_perl_ldopts=`$NGX_PERL -MExtUtils::Embed -e ldopts`
ngx_perl_dlext=`$NGX_PERL -MConfig -e 'print $Config{dlext}'`
+ ngx_perl_libdir="src/http/modules/perl/blib/arch/auto"
+ ngx_perl_module="$ngx_perl_libdir/nginx/nginx.$ngx_perl_dlext"
if $NGX_PERL -V:usemultiplicity | grep define > /dev/null; then
have=NGX_HAVE_PERL_MULTIPLICITY . auto/have
@@ -52,8 +54,14 @@
ngx_perl_ldopts=`echo $ngx_perl_ldopts | sed 's/ -pthread//'`
fi
+ if [ "$NGX_SYSTEM" = "Darwin" ]; then
+ # OS X system perl wants to link universal binaries
+ ngx_perl_ldopts=`echo $ngx_perl_ldopts \
+ | sed -e 's/-arch x86_64 -arch i386//'`
+ fi
+
CORE_LINK="$CORE_LINK $ngx_perl_ldopts"
- LINK_DEPS="$LINK_DEPS $NGX_OBJS/src/http/modules/perl/blib/arch/auto/nginx/nginx.$ngx_perl_dlext"
+ LINK_DEPS="$LINK_DEPS $NGX_OBJS/$ngx_perl_module"
if test -n "$NGX_PERL_MODULES"; then
have=NGX_PERL_MODULES value="(u_char *) \"$NGX_PERL_MODULES\""
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/auto/modules
^
|
| @@ -371,6 +371,11 @@
HTTP_SRCS="$HTTP_SRCS $HTTP_MP4_SRCS"
fi
+if [ $HTTP_UPSTREAM_HASH = YES ]; then
+ HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_HASH_MODULE"
+ HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_HASH_SRCS"
+fi
+
if [ $HTTP_UPSTREAM_IP_HASH = YES ]; then
HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_IP_HASH_MODULE"
HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_IP_HASH_SRCS"
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/auto/options
^
|
| @@ -99,6 +99,7 @@
HTTP_MP4=NO
HTTP_GUNZIP=NO
HTTP_GZIP_STATIC=NO
+HTTP_UPSTREAM_HASH=YES
HTTP_UPSTREAM_IP_HASH=YES
HTTP_UPSTREAM_LEAST_CONN=YES
HTTP_UPSTREAM_KEEPALIVE=YES
@@ -251,6 +252,7 @@
--without-http_limit_req_module) HTTP_LIMIT_REQ=NO ;;
--without-http_empty_gif_module) HTTP_EMPTY_GIF=NO ;;
--without-http_browser_module) HTTP_BROWSER=NO ;;
+ --without-http_upstream_hash_module) HTTP_UPSTREAM_HASH=NO ;;
--without-http_upstream_ip_hash_module) HTTP_UPSTREAM_IP_HASH=NO ;;
--without-http_upstream_least_conn_module)
HTTP_UPSTREAM_LEAST_CONN=NO ;;
@@ -395,6 +397,8 @@
--without-http_limit_req_module disable ngx_http_limit_req_module
--without-http_empty_gif_module disable ngx_http_empty_gif_module
--without-http_browser_module disable ngx_http_browser_module
+ --without-http_upstream_hash_module
+ disable ngx_http_upstream_hash_module
--without-http_upstream_ip_hash_module
disable ngx_http_upstream_ip_hash_module
--without-http_upstream_least_conn_module
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/auto/sources
^
|
| @@ -497,6 +497,10 @@
HTTP_GZIP_STATIC_SRCS=src/http/modules/ngx_http_gzip_static_module.c
+HTTP_UPSTREAM_HASH_MODULE=ngx_http_upstream_hash_module
+HTTP_UPSTREAM_HASH_SRCS=src/http/modules/ngx_http_upstream_hash_module.c
+
+
HTTP_UPSTREAM_IP_HASH_MODULE=ngx_http_upstream_ip_hash_module
HTTP_UPSTREAM_IP_HASH_SRCS=src/http/modules/ngx_http_upstream_ip_hash_module.c
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/core/nginx.h
^
|
| @@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1007001
-#define NGINX_VERSION "1.7.1"
+#define nginx_version 1007003
+#define NGINX_VERSION "1.7.3"
#define NGINX_VER "nginx/" NGINX_VERSION
#ifdef NGX_BUILD
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/core/ngx_connection.c
^
|
| @@ -411,13 +411,11 @@
if (bind(s, ls[i].sockaddr, ls[i].socklen) == -1) {
err = ngx_socket_errno;
- if (err == NGX_EADDRINUSE && ngx_test_config) {
- continue;
+ if (err != NGX_EADDRINUSE || !ngx_test_config) {
+ ngx_log_error(NGX_LOG_EMERG, log, err,
+ "bind() to %V failed", &ls[i].addr_text);
}
- ngx_log_error(NGX_LOG_EMERG, log, err,
- "bind() to %V failed", &ls[i].addr_text);
-
if (ngx_close_socket(s) == -1) {
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
ngx_close_socket_n " %V failed",
@@ -428,7 +426,9 @@
return NGX_ERROR;
}
- failed = 1;
+ if (!ngx_test_config) {
+ failed = 1;
+ }
continue;
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/core/ngx_palloc.c
^
|
| @@ -181,7 +181,7 @@
{
u_char *m;
size_t psize;
- ngx_pool_t *p, *new, *current;
+ ngx_pool_t *p, *new;
psize = (size_t) (pool->d.end - (u_char *) pool);
@@ -200,18 +200,14 @@
m = ngx_align_ptr(m, NGX_ALIGNMENT);
new->d.last = m + size;
- current = pool->current;
-
- for (p = current; p->d.next; p = p->d.next) {
+ for (p = pool->current; p->d.next; p = p->d.next) {
if (p->d.failed++ > 4) {
- current = p->d.next;
+ pool->current = p->d.next;
}
}
p->d.next = new;
- pool->current = current ? current : new;
-
return m;
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/core/ngx_slab.c
^
|
| @@ -129,6 +129,8 @@
pool->pages->slab = pages;
}
+ pool->last = pool->pages + pages;
+
pool->log_nomem = 1;
pool->log_ctx = &pool->zero;
pool->zero = '\0';
@@ -396,6 +398,35 @@
}
+void *
+ngx_slab_calloc(ngx_slab_pool_t *pool, size_t size)
+{
+ void *p;
+
+ ngx_shmtx_lock(&pool->mutex);
+
+ p = ngx_slab_calloc_locked(pool, size);
+
+ ngx_shmtx_unlock(&pool->mutex);
+
+ return p;
+}
+
+
+void *
+ngx_slab_calloc_locked(ngx_slab_pool_t *pool, size_t size)
+{
+ void *p;
+
+ p = ngx_slab_alloc_locked(pool, size);
+ if (p) {
+ ngx_memzero(p, size);
+ }
+
+ return p;
+}
+
+
void
ngx_slab_free(ngx_slab_pool_t *pool, void *p)
{
@@ -626,6 +657,8 @@
if (page->slab >= pages) {
if (page->slab > pages) {
+ page[page->slab - 1].prev = (uintptr_t) &page[pages];
+
page[pages].slab = page->slab - pages;
page[pages].next = page->next;
page[pages].prev = page->prev;
@@ -672,7 +705,8 @@
ngx_slab_free_pages(ngx_slab_pool_t *pool, ngx_slab_page_t *page,
ngx_uint_t pages)
{
- ngx_slab_page_t *prev;
+ ngx_uint_t type;
+ ngx_slab_page_t *prev, *join;
page->slab = pages--;
@@ -686,6 +720,59 @@
page->next->prev = page->prev;
}
+ join = page + page->slab;
+
+ if (join < pool->last) {
+ type = join->prev & NGX_SLAB_PAGE_MASK;
+
+ if (type == NGX_SLAB_PAGE) {
+
+ if (join->next != NULL) {
+ pages += join->slab;
+ page->slab += join->slab;
+
+ prev = (ngx_slab_page_t *) (join->prev & ~NGX_SLAB_PAGE_MASK);
+ prev->next = join->next;
+ join->next->prev = join->prev;
+
+ join->slab = NGX_SLAB_PAGE_FREE;
+ join->next = NULL;
+ join->prev = NGX_SLAB_PAGE;
+ }
+ }
+ }
+
+ if (page > pool->pages) {
+ join = page - 1;
+ type = join->prev & NGX_SLAB_PAGE_MASK;
+
+ if (type == NGX_SLAB_PAGE) {
+
+ if (join->slab == NGX_SLAB_PAGE_FREE) {
+ join = (ngx_slab_page_t *) (join->prev & ~NGX_SLAB_PAGE_MASK);
+ }
+
+ if (join->next != NULL) {
+ pages += join->slab;
+ join->slab += page->slab;
+
+ prev = (ngx_slab_page_t *) (join->prev & ~NGX_SLAB_PAGE_MASK);
+ prev->next = join->next;
+ join->next->prev = join->prev;
+
+ page->slab = NGX_SLAB_PAGE_FREE;
+ page->next = NULL;
+ page->prev = NGX_SLAB_PAGE;
+
+ page = join;
+ }
+ }
+ }
+
+ if (pages) {
+ page[pages].prev = (uintptr_t) page;
+ }
+
page->prev = (uintptr_t) &pool->free;
page->next = pool->free.next;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/core/ngx_slab.h
^
|
| @@ -29,6 +29,7 @@
size_t min_shift;
ngx_slab_page_t *pages;
+ ngx_slab_page_t *last;
ngx_slab_page_t free;
u_char *start;
@@ -49,6 +50,8 @@
void ngx_slab_init(ngx_slab_pool_t *pool);
void *ngx_slab_alloc(ngx_slab_pool_t *pool, size_t size);
void *ngx_slab_alloc_locked(ngx_slab_pool_t *pool, size_t size);
+void *ngx_slab_calloc(ngx_slab_pool_t *pool, size_t size);
+void *ngx_slab_calloc_locked(ngx_slab_pool_t *pool, size_t size);
void ngx_slab_free(ngx_slab_pool_t *pool, void *p);
void ngx_slab_free_locked(ngx_slab_pool_t *pool, void *p);
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/event/ngx_event_openssl.c
^
|
| @@ -10,14 +10,20 @@
#include <ngx_event.h>
+#define NGX_SSL_PASSWORD_BUFFER_SIZE 4096
+
+
typedef struct {
ngx_uint_t engine; /* unsigned engine:1; */
} ngx_openssl_conf_t;
+static int ngx_ssl_password_callback(char *buf, int size, int rwflag,
+ void *userdata);
static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where,
int ret);
+static void ngx_ssl_passwords_cleanup(void *data);
static void ngx_ssl_handshake_handler(ngx_event_t *ev);
static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
static void ngx_ssl_write_handler(ngx_event_t *wev);
@@ -257,11 +263,13 @@
ngx_int_t
ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
- ngx_str_t *key)
+ ngx_str_t *key, ngx_array_t *passwords)
{
- BIO *bio;
- X509 *x509;
- u_long n;
+ BIO *bio;
+ X509 *x509;
+ u_long n;
+ ngx_str_t *pwd;
+ ngx_uint_t tries;
if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
return NGX_ERROR;
@@ -348,19 +356,76 @@
return NGX_ERROR;
}
- if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
- SSL_FILETYPE_PEM)
- == 0)
- {
+ if (passwords) {
+ tries = passwords->nelts;
+ pwd = passwords->elts;
+
+ SSL_CTX_set_default_passwd_cb(ssl->ctx, ngx_ssl_password_callback);
+ SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, pwd);
+
+ } else {
+ tries = 1;
+#if (NGX_SUPPRESS_WARN)
+ pwd = NULL;
+#endif
+ }
+
+ for ( ;; ) {
+
+ if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
+ SSL_FILETYPE_PEM)
+ != 0)
+ {
+ break;
+ }
+
+ if (--tries) {
+ n = ERR_peek_error();
+
+ if (ERR_GET_LIB(n) == ERR_LIB_EVP
+ && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT)
+ {
+ ERR_clear_error();
+ SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd);
+ continue;
+ }
+ }
+
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
return NGX_ERROR;
}
+ SSL_CTX_set_default_passwd_cb(ssl->ctx, NULL);
+
return NGX_OK;
}
+static int
+ngx_ssl_password_callback(char *buf, int size, int rwflag, void *userdata)
+{
+ ngx_str_t *pwd = userdata;
+
+ if (rwflag) {
+ ngx_log_error(NGX_LOG_ALERT, ngx_cycle->log, 0,
+ "ngx_ssl_password_callback() is called for encryption");
+ return 0;
+ }
+
+ if (pwd->len > (size_t) size) {
+ ngx_log_error(NGX_LOG_ERR, ngx_cycle->log, 0,
+ "password is truncated to %d bytes", size);
+ } else {
+ size = pwd->len;
+ }
+
+ ngx_memcpy(buf, pwd->data, size);
+
+ return size;
+}
+
+
ngx_int_t
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_int_t depth)
@@ -597,6 +662,148 @@
}
+ngx_array_t *
+ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file)
+{
+ u_char *p, *last, *end;
+ size_t len;
+ ssize_t n;
+ ngx_fd_t fd;
+ ngx_str_t *pwd;
+ ngx_array_t *passwords;
+ ngx_pool_cleanup_t *cln;
+ u_char buf[NGX_SSL_PASSWORD_BUFFER_SIZE];
+
+ if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) {
+ return NULL;
+ }
+
+ cln = ngx_pool_cleanup_add(cf->temp_pool, 0);
+ passwords = ngx_array_create(cf->temp_pool, 4, sizeof(ngx_str_t));
+
+ if (cln == NULL || passwords == NULL) {
+ return NULL;
+ }
+
+ cln->handler = ngx_ssl_passwords_cleanup;
+ cln->data = passwords;
+
+ fd = ngx_open_file(file->data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0);
+ if (fd == NGX_INVALID_FILE) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
+ ngx_open_file_n " \"%s\" failed", file->data);
+ return NULL;
+ }
+
+ len = 0;
+ last = buf;
+
+ do {
+ n = ngx_read_fd(fd, last, NGX_SSL_PASSWORD_BUFFER_SIZE - len);
+
+ if (n == -1) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno,
+ ngx_read_fd_n " \"%s\" failed", file->data);
+ passwords = NULL;
+ goto cleanup;
+ }
+
+ end = last + n;
+
+ if (len && n == 0) {
+ *end++ = LF;
+ }
+
+ p = buf;
+
+ for ( ;; ) {
+ last = ngx_strlchr(last, end, LF);
+
+ if (last == NULL) {
+ break;
+ }
+
+ len = last++ - p;
+
+ if (len && p[len - 1] == CR) {
+ len--;
+ }
+
+ if (len) {
+ pwd = ngx_array_push(passwords);
+ if (pwd == NULL) {
+ passwords = NULL;
+ goto cleanup;
+ }
+
+ pwd->len = len;
+ pwd->data = ngx_pnalloc(cf->temp_pool, len);
+
+ if (pwd->data == NULL) {
+ passwords->nelts--;
+ passwords = NULL;
+ goto cleanup;
+ }
+
+ ngx_memcpy(pwd->data, p, len);
+ }
+
+ p = last;
+ }
+
+ len = end - p;
+
+ if (len == NGX_SSL_PASSWORD_BUFFER_SIZE) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "too long line in \"%s\"", file->data);
+ passwords = NULL;
+ goto cleanup;
+ }
+
+ ngx_memmove(buf, p, len);
+ last = buf + len;
+
+ } while (n != 0);
+
+ if (passwords->nelts == 0) {
+ pwd = ngx_array_push(passwords);
+ if (pwd == NULL) {
+ passwords = NULL;
+ goto cleanup;
+ }
+
+ ngx_memzero(pwd, sizeof(ngx_str_t));
+ }
+
+cleanup:
+
+ if (ngx_close_file(fd) == NGX_FILE_ERROR) {
+ ngx_conf_log_error(NGX_LOG_ALERT, cf, ngx_errno,
+ ngx_close_file_n " \"%s\" failed", file->data);
+ }
+
+ ngx_memzero(buf, NGX_SSL_PASSWORD_BUFFER_SIZE);
+
+ return passwords;
+}
+
+
+static void
+ngx_ssl_passwords_cleanup(void *data)
+{
+ ngx_array_t *passwords = data;
+
+ ngx_str_t *pwd;
+ ngx_uint_t i;
+
+ pwd = passwords->elts;
+
+ for (i = 0; i < passwords->nelts; i++) {
+ ngx_memzero(pwd[i].data, pwd[i].len);
+ }
+}
+
+
ngx_int_t
ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
{
@@ -905,8 +1112,8 @@
c->read->eof = 1;
if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) {
- ngx_log_error(NGX_LOG_INFO, c->log, err,
- "peer closed connection in SSL handshake");
+ ngx_connection_error(c, err,
+ "peer closed connection in SSL handshake");
return NGX_ERROR;
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/event/ngx_event_openssl.h
^
|
| @@ -112,7 +112,7 @@
ngx_int_t ngx_ssl_init(ngx_log_t *log);
ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
- ngx_str_t *cert, ngx_str_t *key);
+ ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_int_t depth);
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
@@ -124,6 +124,7 @@
ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
int key_length);
+ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/event/ngx_event_pipe.c
^
|
| @@ -439,7 +439,11 @@
}
}
- if (p->cacheable && p->in) {
+ if (p->cacheable && (p->in || p->buf_to_file)) {
+
+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0,
+ "pipe write chain");
+
if (ngx_event_pipe_write_chain_to_temp_file(p) == NGX_ABORT) {
return NGX_ABORT;
}
@@ -515,15 +519,6 @@
p->in = NULL;
}
- if (p->cacheable && p->buf_to_file) {
- ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0,
- "pipe write chain");
-
- if (ngx_event_pipe_write_chain_to_temp_file(p) == NGX_ABORT) {
- return NGX_ABORT;
- }
- }
-
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0,
"pipe write downstream done");
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_addition_filter_module.c
^
|
| @@ -121,7 +121,7 @@
ngx_http_clear_content_length(r);
ngx_http_clear_accept_ranges(r);
- ngx_http_clear_etag(r);
+ ngx_http_weak_etag(r);
return ngx_http_next_header_filter(r);
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_fastcgi_module.c
^
|
| @@ -573,7 +573,7 @@
{ ngx_string("HTTP_IF_MODIFIED_SINCE"),
ngx_string("$upstream_cache_last_modified") },
{ ngx_string("HTTP_IF_UNMODIFIED_SINCE"), ngx_string("") },
- { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("") },
+ { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("$upstream_cache_etag") },
{ ngx_string("HTTP_IF_MATCH"), ngx_string("") },
{ ngx_string("HTTP_RANGE"), ngx_string("") },
{ ngx_string("HTTP_IF_RANGE"), ngx_string("") },
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_gunzip_filter_module.c
^
|
| @@ -165,7 +165,7 @@
ngx_http_clear_content_length(r);
ngx_http_clear_accept_ranges(r);
- ngx_http_clear_etag(r);
+ ngx_http_weak_etag(r);
return ngx_http_next_header_filter(r);
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_gzip_filter_module.c
^
|
| @@ -306,7 +306,7 @@
ngx_http_clear_content_length(r);
ngx_http_clear_accept_ranges(r);
- ngx_http_clear_etag(r);
+ ngx_http_weak_etag(r);
return ngx_http_next_header_filter(r);
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_log_module.c
^
|
| @@ -1109,16 +1109,13 @@
return NGX_CONF_ERROR;
}
+ ngx_memzero(log, sizeof(ngx_http_log_t));
+
log->file = ngx_conf_open_file(cf->cycle, &ngx_http_access_log);
if (log->file == NULL) {
return NGX_CONF_ERROR;
}
- log->script = NULL;
- log->disk_full_time = 0;
- log->error_log_time = 0;
- log->syslog_peer = NULL;
-
lmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_log_module);
fmt = lmcf->formats.elts;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_not_modified_filter_module.c
^
|
| @@ -13,7 +13,7 @@
static ngx_uint_t ngx_http_test_if_unmodified(ngx_http_request_t *r);
static ngx_uint_t ngx_http_test_if_modified(ngx_http_request_t *r);
static ngx_uint_t ngx_http_test_if_match(ngx_http_request_t *r,
- ngx_table_elt_t *header);
+ ngx_table_elt_t *header, ngx_uint_t weak);
static ngx_int_t ngx_http_not_modified_filter_init(ngx_conf_t *cf);
@@ -56,7 +56,7 @@
{
if (r->headers_out.status != NGX_HTTP_OK
|| r != r->main
- || r->headers_out.last_modified_time == -1)
+ || r->disable_not_modified)
{
return ngx_http_next_header_filter(r);
}
@@ -69,7 +69,7 @@
}
if (r->headers_in.if_match
- && !ngx_http_test_if_match(r, r->headers_in.if_match))
+ && !ngx_http_test_if_match(r, r->headers_in.if_match, 0))
{
return ngx_http_filter_finalize_request(r, NULL,
NGX_HTTP_PRECONDITION_FAILED);
@@ -84,7 +84,7 @@
}
if (r->headers_in.if_none_match
- && !ngx_http_test_if_match(r, r->headers_in.if_none_match))
+ && !ngx_http_test_if_match(r, r->headers_in.if_none_match, 1))
{
return ngx_http_next_header_filter(r);
}
@@ -114,11 +114,15 @@
{
time_t iums;
+ if (r->headers_out.last_modified_time == (time_t) -1) {
+ return 0;
+ }
+
iums = ngx_http_parse_time(r->headers_in.if_unmodified_since->value.data,
r->headers_in.if_unmodified_since->value.len);
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
- "http iums:%d lm:%d", iums, r->headers_out.last_modified_time);
+ "http iums:%T lm:%T", iums, r->headers_out.last_modified_time);
if (iums >= r->headers_out.last_modified_time) {
return 1;
@@ -134,6 +138,10 @@
time_t ims;
ngx_http_core_loc_conf_t *clcf;
+ if (r->headers_out.last_modified_time == (time_t) -1) {
+ return 1;
+ }
+
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
if (clcf->if_modified_since == NGX_HTTP_IMS_OFF) {
@@ -144,7 +152,7 @@
r->headers_in.if_modified_since->value.len);
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
- "http ims:%d lm:%d", ims, r->headers_out.last_modified_time);
+ "http ims:%T lm:%T", ims, r->headers_out.last_modified_time);
if (ims == r->headers_out.last_modified_time) {
return 0;
@@ -161,10 +169,11 @@
static ngx_uint_t
-ngx_http_test_if_match(ngx_http_request_t *r, ngx_table_elt_t *header)
+ngx_http_test_if_match(ngx_http_request_t *r, ngx_table_elt_t *header,
+ ngx_uint_t weak)
{
u_char *start, *end, ch;
- ngx_str_t *etag, *list;
+ ngx_str_t etag, *list;
list = &header->value;
@@ -176,25 +185,42 @@
return 0;
}
- etag = &r->headers_out.etag->value;
+ etag = r->headers_out.etag->value;
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
- "http im:\"%V\" etag:%V", list, etag);
+ "http im:\"%V\" etag:%V", list, &etag);
+
+ if (weak
+ && etag.len > 2
+ && etag.data[0] == 'W'
+ && etag.data[1] == '/')
+ {
+ etag.len -= 2;
+ etag.data += 2;
+ }
start = list->data;
end = list->data + list->len;
while (start < end) {
- if (etag->len > (size_t) (end - start)) {
+ if (weak
+ && end - start > 2
+ && start[0] == 'W'
+ && start[1] == '/')
+ {
+ start += 2;
+ }
+
+ if (etag.len > (size_t) (end - start)) {
return 0;
}
- if (ngx_strncmp(start, etag->data, etag->len) != 0) {
+ if (ngx_strncmp(start, etag.data, etag.len) != 0) {
goto skip;
}
- start += etag->len;
+ start += etag.len;
while (start < end) {
ch = *start;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_proxy_module.c
^
|
| @@ -677,7 +677,7 @@
{ ngx_string("If-Modified-Since"),
ngx_string("$upstream_cache_last_modified") },
{ ngx_string("If-Unmodified-Since"), ngx_string("") },
- { ngx_string("If-None-Match"), ngx_string("") },
+ { ngx_string("If-None-Match"), ngx_string("$upstream_cache_etag") },
{ ngx_string("If-Match"), ngx_string("") },
{ ngx_string("Range"), ngx_string("") },
{ ngx_string("If-Range"), ngx_string("") },
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_scgi_module.c
^
|
| @@ -379,7 +379,7 @@
{ ngx_string("HTTP_IF_MODIFIED_SINCE"),
ngx_string("$upstream_cache_last_modified") },
{ ngx_string("HTTP_IF_UNMODIFIED_SINCE"), ngx_string("") },
- { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("") },
+ { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("$upstream_cache_etag") },
{ ngx_string("HTTP_IF_MATCH"), ngx_string("") },
{ ngx_string("HTTP_RANGE"), ngx_string("") },
{ ngx_string("HTTP_IF_RANGE"), ngx_string("") },
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_ssi_filter_module.c
^
|
| @@ -369,10 +369,13 @@
if (r == r->main) {
ngx_http_clear_content_length(r);
ngx_http_clear_accept_ranges(r);
- ngx_http_clear_etag(r);
if (!slcf->last_modified) {
ngx_http_clear_last_modified(r);
+ ngx_http_clear_etag(r);
+
+ } else {
+ ngx_http_weak_etag(r);
}
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_ssl_module.c
^
|
| @@ -43,6 +43,8 @@
static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
@@ -91,6 +93,13 @@
offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
NULL },
+ { ngx_string("ssl_password_file"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+ ngx_http_ssl_password_file,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ 0,
+ NULL },
+
{ ngx_string("ssl_dhparam"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
@@ -514,6 +523,7 @@
sscf->buffer_size = NGX_CONF_UNSET_SIZE;
sscf->verify = NGX_CONF_UNSET_UINT;
sscf->verify_depth = NGX_CONF_UNSET_UINT;
+ sscf->passwords = NGX_CONF_UNSET_PTR;
sscf->builtin_session_cache = NGX_CONF_UNSET;
sscf->session_timeout = NGX_CONF_UNSET;
sscf->session_tickets = NGX_CONF_UNSET;
@@ -563,6 +573,8 @@
ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
+ ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
+
ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
@@ -652,7 +664,7 @@
cln->data = &conf->ssl;
if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
- &conf->certificate_key)
+ &conf->certificate_key, conf->passwords)
!= NGX_OK)
{
return NGX_CONF_ERROR;
@@ -779,6 +791,29 @@
return NGX_CONF_OK;
}
+
+
+static char *
+ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_ssl_srv_conf_t *sscf = conf;
+
+ ngx_str_t *value;
+
+ if (sscf->passwords != NGX_CONF_UNSET_PTR) {
+ return "is duplicate";
+ }
+
+ value = cf->args->elts;
+
+ sscf->passwords = ngx_ssl_read_password_file(cf, &value[1]);
+
+ if (sscf->passwords == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
static char *
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_ssl_module.h
^
|
| @@ -42,6 +42,8 @@
ngx_str_t ciphers;
+ ngx_array_t *passwords;
+
ngx_shm_zone_t *shm_zone;
ngx_flag_t session_tickets;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_sub_filter_module.c
^
|
| @@ -175,10 +175,13 @@
if (r == r->main) {
ngx_http_clear_content_length(r);
- ngx_http_clear_etag(r);
if (!slcf->last_modified) {
ngx_http_clear_last_modified(r);
+ ngx_http_clear_etag(r);
+
+ } else {
+ ngx_http_weak_etag(r);
}
}
|
|
[-]
[+]
|
Added |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_upstream_hash_module.c
^
|
| @@ -0,0 +1,631 @@
+
+/*
+ * Copyright (C) Roman Arutyunyan
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+ uint32_t hash;
+ ngx_str_t *server;
+} ngx_http_upstream_chash_point_t;
+
+
+typedef struct {
+ ngx_uint_t number;
+ ngx_http_upstream_chash_point_t point[1];
+} ngx_http_upstream_chash_points_t;
+
+
+typedef struct {
+ ngx_http_complex_value_t key;
+ ngx_http_upstream_chash_points_t *points;
+} ngx_http_upstream_hash_srv_conf_t;
+
+
+typedef struct {
+ /* the round robin data must be first */
+ ngx_http_upstream_rr_peer_data_t rrp;
+ ngx_http_upstream_hash_srv_conf_t *conf;
+ ngx_str_t key;
+ ngx_uint_t tries;
+ ngx_uint_t rehash;
+ uint32_t hash;
+ ngx_event_get_peer_pt get_rr_peer;
+} ngx_http_upstream_hash_peer_data_t;
+
+
+static ngx_int_t ngx_http_upstream_init_hash(ngx_conf_t *cf,
+ ngx_http_upstream_srv_conf_t *us);
+static ngx_int_t ngx_http_upstream_init_hash_peer(ngx_http_request_t *r,
+ ngx_http_upstream_srv_conf_t *us);
+static ngx_int_t ngx_http_upstream_get_hash_peer(ngx_peer_connection_t *pc,
+ void *data);
+
+static ngx_int_t ngx_http_upstream_init_chash(ngx_conf_t *cf,
+ ngx_http_upstream_srv_conf_t *us);
+static void ngx_http_upstream_add_chash_point(
+ ngx_http_upstream_chash_points_t *points, uint32_t hash, ngx_str_t *server);
+static ngx_uint_t ngx_http_upstream_find_chash_point(
+ ngx_http_upstream_chash_points_t *points, uint32_t hash);
+static ngx_int_t ngx_http_upstream_init_chash_peer(ngx_http_request_t *r,
+ ngx_http_upstream_srv_conf_t *us);
+static ngx_int_t ngx_http_upstream_get_chash_peer(ngx_peer_connection_t *pc,
+ void *data);
+
+static void *ngx_http_upstream_hash_create_conf(ngx_conf_t *cf);
+static char *ngx_http_upstream_hash(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+
+
+static ngx_command_t ngx_http_upstream_hash_commands[] = {
+
+ { ngx_string("hash"),
+ NGX_HTTP_UPS_CONF|NGX_CONF_TAKE12,
+ ngx_http_upstream_hash,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ 0,
+ NULL },
+
+ ngx_null_command
+};
+
+
+static ngx_http_module_t ngx_http_upstream_hash_module_ctx = {
+ NULL, /* preconfiguration */
+ NULL, /* postconfiguration */
+
+ NULL, /* create main configuration */
+ NULL, /* init main configuration */
+
+ ngx_http_upstream_hash_create_conf, /* create server configuration */
+ NULL, /* merge server configuration */
+
+ NULL, /* create location configuration */
+ NULL /* merge location configuration */
+};
+
+
+ngx_module_t ngx_http_upstream_hash_module = {
+ NGX_MODULE_V1,
+ &ngx_http_upstream_hash_module_ctx, /* module context */
+ ngx_http_upstream_hash_commands, /* module directives */
+ NGX_HTTP_MODULE, /* module type */
+ NULL, /* init master */
+ NULL, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
+
+
+static ngx_int_t
+ngx_http_upstream_init_hash(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us)
+{
+ if (ngx_http_upstream_init_round_robin(cf, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ us->peer.init = ngx_http_upstream_init_hash_peer;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_init_hash_peer(ngx_http_request_t *r,
+ ngx_http_upstream_srv_conf_t *us)
+{
+ ngx_http_upstream_hash_srv_conf_t *hcf;
+ ngx_http_upstream_hash_peer_data_t *hp;
+
+ hp = ngx_palloc(r->pool, sizeof(ngx_http_upstream_hash_peer_data_t));
+ if (hp == NULL) {
+ return NGX_ERROR;
+ }
+
+ r->upstream->peer.data = &hp->rrp;
+
+ if (ngx_http_upstream_init_round_robin_peer(r, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ r->upstream->peer.get = ngx_http_upstream_get_hash_peer;
+
+ hcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_hash_module);
+
+ if (ngx_http_complex_value(r, &hcf->key, &hp->key) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "upstream hash key:\"%V\"", &hp->key);
+
+ hp->conf = hcf;
+ hp->tries = 0;
+ hp->rehash = 0;
+ hp->hash = 0;
+ hp->get_rr_peer = ngx_http_upstream_get_round_robin_peer;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_get_hash_peer(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_http_upstream_hash_peer_data_t *hp = data;
+
+ time_t now;
+ u_char buf[NGX_INT_T_LEN];
+ size_t size;
+ uint32_t hash;
+ ngx_int_t w;
+ uintptr_t m;
+ ngx_uint_t i, n, p;
+ ngx_http_upstream_rr_peer_t *peer;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get hash peer, try: %ui", pc->tries);
+
+ if (hp->tries > 20 || hp->rrp.peers->single) {
+ return hp->get_rr_peer(pc, &hp->rrp);
+ }
+
+ now = ngx_time();
+
+ pc->cached = 0;
+ pc->connection = NULL;
+
+ for ( ;; ) {
+
+ /*
+ * Hash expression is compatible with Cache::Memcached:
+ * ((crc32([REHASH] KEY) >> 16) & 0x7fff) + PREV_HASH
+ * with REHASH omitted at the first iteration.
+ */
+
+ ngx_crc32_init(hash);
+
+ if (hp->rehash > 0) {
+ size = ngx_sprintf(buf, "%ui", hp->rehash) - buf;
+ ngx_crc32_update(&hash, buf, size);
+ }
+
+ ngx_crc32_update(&hash, hp->key.data, hp->key.len);
+ ngx_crc32_final(hash);
+
+ hash = (hash >> 16) & 0x7fff;
+
+ hp->hash += hash;
+ hp->rehash++;
+
+ if (!hp->rrp.peers->weighted) {
+ p = hp->hash % hp->rrp.peers->number;
+
+ } else {
+ w = hp->hash % hp->rrp.peers->total_weight;
+
+ for (i = 0; i < hp->rrp.peers->number; i++) {
+ w -= hp->rrp.peers->peer[i].weight;
+ if (w < 0) {
+ break;
+ }
+ }
+
+ p = i;
+ }
+
+ n = p / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << p % (8 * sizeof(uintptr_t));
+
+ if (hp->rrp.tried[n] & m) {
+ goto next;
+ }
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get hash peer, value:%uD, peer:%ui", hp->hash, p);
+
+ peer = &hp->rrp.peers->peer[p];
+
+ if (peer->down) {
+ goto next;
+ }
+
+ if (peer->max_fails
+ && peer->fails >= peer->max_fails
+ && now - peer->checked <= peer->fail_timeout)
+ {
+ goto next;
+ }
+
+ break;
+
+ next:
+
+ if (++hp->tries > 20) {
+ return hp->get_rr_peer(pc, &hp->rrp);
+ }
+ }
+
+ hp->rrp.current = p;
+
+ pc->sockaddr = peer->sockaddr;
+ pc->socklen = peer->socklen;
+ pc->name = &peer->name;
+
+ if (now - peer->checked > peer->fail_timeout) {
+ peer->checked = now;
+ }
+
+ hp->rrp.tried[n] |= m;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_init_chash(ngx_conf_t *cf, ngx_http_upstream_srv_conf_t *us)
+{
+ u_char *host, *port, c;
+ size_t host_len, port_len, size;
+ uint32_t hash, base_hash, prev_hash;
+ ngx_str_t *server;
+ ngx_uint_t npoints, i, j;
+ ngx_http_upstream_rr_peer_t *peer;
+ ngx_http_upstream_rr_peers_t *peers;
+ ngx_http_upstream_chash_points_t *points;
+ ngx_http_upstream_hash_srv_conf_t *hcf;
+
+ if (ngx_http_upstream_init_round_robin(cf, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ us->peer.init = ngx_http_upstream_init_chash_peer;
+
+ peers = us->peer.data;
+ npoints = peers->total_weight * 160;
+
+ size = sizeof(ngx_http_upstream_chash_points_t)
+ + sizeof(ngx_http_upstream_chash_point_t) * (npoints - 1);
+
+ points = ngx_palloc(cf->pool, size);
+ if (points == NULL) {
+ return NGX_ERROR;
+ }
+
+ points->number = 0;
+
+ for (i = 0; i < peers->number; i++) {
+ peer = &peers->peer[i];
+ server = &peer->server;
+
+ /*
+ * Hash expression is compatible with Cache::Memcached::Fast:
+ * crc32(HOST \0 PORT PREV_HASH).
+ */
+
+ if (server->len >= 5
+ && ngx_strncasecmp(server->data, (u_char *) "unix:", 5) == 0)
+ {
+ host = server->data + 5;
+ host_len = server->len - 5;
+ port = NULL;
+ port_len = 0;
+ goto done;
+ }
+
+ for (j = 0; j < server->len; j++) {
+ c = server->data[server->len - j - 1];
+
+ if (c == ':') {
+ host = server->data;
+ host_len = server->len - j - 1;
+ port = server->data + server->len - j;
+ port_len = j;
+ goto done;
+ }
+
+ if (c < '0' || c > '9') {
+ break;
+ }
+ }
+
+ host = server->data;
+ host_len = server->len;
+ port = NULL;
+ port_len = 0;
+
+ done:
+
+ ngx_crc32_init(base_hash);
+ ngx_crc32_update(&base_hash, host, host_len);
+ ngx_crc32_update(&base_hash, (u_char *) "", 1);
+ ngx_crc32_update(&base_hash, port, port_len);
+
+ prev_hash = 0;
+ npoints = peer->weight * 160;
+
+ for (j = 0; j < npoints; j++) {
+ hash = base_hash;
+
+ ngx_crc32_update(&hash, (u_char *) &prev_hash, sizeof(uint32_t));
+ ngx_crc32_final(hash);
+
+ ngx_http_upstream_add_chash_point(points, hash, &peer->server);
+
+ prev_hash = hash;
+ }
+ }
+
+ hcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_hash_module);
+ hcf->points = points;
+
+ return NGX_OK;
+}
+
+
+static void
+ngx_http_upstream_add_chash_point(ngx_http_upstream_chash_points_t *points,
+ uint32_t hash, ngx_str_t *server)
+{
+ size_t size;
+ ngx_uint_t i;
+ ngx_http_upstream_chash_point_t *point;
+
+ i = ngx_http_upstream_find_chash_point(points, hash);
+ point = &points->point[i];
+
+ if (point->hash == hash) {
+ return;
+ }
+
+ size = (points->number - i) * sizeof(ngx_http_upstream_chash_point_t);
+
+ ngx_memmove(point + 1, point, size);
+
+ points->number++;
+ point->hash = hash;
+ point->server = server;
+}
+
+
+static ngx_uint_t
+ngx_http_upstream_find_chash_point(ngx_http_upstream_chash_points_t *points,
+ uint32_t hash)
+{
+ ngx_uint_t i, j, k;
+ ngx_http_upstream_chash_point_t *point;
+
+ /* find first point >= hash */
+
+ point = &points->point[0];
+
+ i = 0;
+ j = points->number;
+
+ while (i < j) {
+ k = (i + j) / 2;
+
+ if (hash > point[k].hash) {
+ i = k + 1;
+
+ } else if (hash < point[k].hash) {
+ j = k;
+
+ } else {
+ return k;
+ }
+ }
+
+ return i;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_init_chash_peer(ngx_http_request_t *r,
+ ngx_http_upstream_srv_conf_t *us)
+{
+ uint32_t hash;
+ ngx_http_upstream_hash_srv_conf_t *hcf;
+ ngx_http_upstream_hash_peer_data_t *hp;
+
+ if (ngx_http_upstream_init_hash_peer(r, us) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ r->upstream->peer.get = ngx_http_upstream_get_chash_peer;
+
+ hp = r->upstream->peer.data;
+ hcf = ngx_http_conf_upstream_srv_conf(us, ngx_http_upstream_hash_module);
+
+ hash = ngx_crc32_long(hp->key.data, hp->key.len);
+ hp->hash = ngx_http_upstream_find_chash_point(hcf->points, hash);
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_upstream_get_chash_peer(ngx_peer_connection_t *pc, void *data)
+{
+ ngx_http_upstream_hash_peer_data_t *hp = data;
+
+ time_t now;
+ intptr_t m;
+ ngx_str_t *server;
+ ngx_int_t total;
+ ngx_uint_t i, n;
+ ngx_http_upstream_rr_peer_t *peer, *best;
+ ngx_http_upstream_chash_point_t *point;
+ ngx_http_upstream_chash_points_t *points;
+ ngx_http_upstream_hash_srv_conf_t *hcf;
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get consistent hash peer, try: %ui", pc->tries);
+
+ pc->cached = 0;
+ pc->connection = NULL;
+
+ now = ngx_time();
+ hcf = hp->conf;
+
+ points = hcf->points;
+ point = &points->point[0];
+
+ for ( ;; ) {
+ server = point[hp->hash % points->number].server;
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "consistent hash peer:%uD, server:\"%V\"",
+ hp->hash, server);
+
+ best = NULL;
+ total = 0;
+
+ for (i = 0; i < hp->rrp.peers->number; i++) {
+
+ n = i / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t));
+
+ if (hp->rrp.tried[n] & m) {
+ continue;
+ }
+
+ peer = &hp->rrp.peers->peer[i];
+
+ if (peer->down) {
+ continue;
+ }
+
+ if (peer->server.len != server->len
+ || ngx_strncmp(peer->server.data, server->data, server->len)
+ != 0)
+ {
+ continue;
+ }
+
+ if (peer->max_fails
+ && peer->fails >= peer->max_fails
+ && now - peer->checked <= peer->fail_timeout)
+ {
+ continue;
+ }
+
+ peer->current_weight += peer->effective_weight;
+ total += peer->effective_weight;
+
+ if (peer->effective_weight < peer->weight) {
+ peer->effective_weight++;
+ }
+
+ if (best == NULL || peer->current_weight > best->current_weight) {
+ best = peer;
+ }
+ }
+
+ if (best) {
+ best->current_weight -= total;
+
+ i = best - &hp->rrp.peers->peer[0];
+
+ hp->rrp.current = i;
+
+ n = i / (8 * sizeof(uintptr_t));
+ m = (uintptr_t) 1 << i % (8 * sizeof(uintptr_t));
+
+ hp->rrp.tried[n] |= m;
+
+ if (now - best->checked > best->fail_timeout) {
+ best->checked = now;
+ }
+
+ pc->sockaddr = best->sockaddr;
+ pc->socklen = best->socklen;
+ pc->name = &best->name;
+
+ return NGX_OK;
+ }
+
+ hp->hash++;
+ hp->tries++;
+
+ if (hp->tries >= points->number) {
+ return NGX_BUSY;
+ }
+ }
+}
+
+
+static void *
+ngx_http_upstream_hash_create_conf(ngx_conf_t *cf)
+{
+ ngx_http_upstream_hash_srv_conf_t *conf;
+
+ conf = ngx_palloc(cf->pool, sizeof(ngx_http_upstream_hash_srv_conf_t));
+ if (conf == NULL) {
+ return NULL;
+ }
+
+ conf->points = NULL;
+
+ return conf;
+}
+
+
+static char *
+ngx_http_upstream_hash(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_http_upstream_hash_srv_conf_t *hcf = conf;
+
+ ngx_str_t *value;
+ ngx_http_upstream_srv_conf_t *uscf;
+ ngx_http_compile_complex_value_t ccv;
+
+ value = cf->args->elts;
+
+ ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
+
+ ccv.cf = cf;
+ ccv.value = &value[1];
+ ccv.complex_value = &hcf->key;
+
+ if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
+ uscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_upstream_module);
+
+ if (uscf->peer.init_upstream) {
+ ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
+ "load balancing method redefined");
+ }
+
+ uscf->flags = NGX_HTTP_UPSTREAM_CREATE
+ |NGX_HTTP_UPSTREAM_WEIGHT
+ |NGX_HTTP_UPSTREAM_MAX_FAILS
+ |NGX_HTTP_UPSTREAM_FAIL_TIMEOUT
+ |NGX_HTTP_UPSTREAM_DOWN;
+
+ if (cf->args->nelts == 2) {
+ uscf->peer.init_upstream = ngx_http_upstream_init_hash;
+
+ } else if (ngx_strcmp(value[2].data, "consistent") == 0) {
+ uscf->peer.init_upstream = ngx_http_upstream_init_chash;
+
+ } else {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "invalid parameter \"%V\"", &value[2]);
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_uwsgi_module.c
^
|
| @@ -507,7 +507,7 @@
{ ngx_string("HTTP_IF_MODIFIED_SINCE"),
ngx_string("$upstream_cache_last_modified") },
{ ngx_string("HTTP_IF_UNMODIFIED_SINCE"), ngx_string("") },
- { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("") },
+ { ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("$upstream_cache_etag") },
{ ngx_string("HTTP_IF_MATCH"), ngx_string("") },
{ ngx_string("HTTP_RANGE"), ngx_string("") },
{ ngx_string("HTTP_IF_RANGE"), ngx_string("") },
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/modules/ngx_http_xslt_filter_module.c
^
|
| @@ -337,12 +337,14 @@
r->headers_out.content_length = NULL;
}
- ngx_http_clear_etag(r);
-
conf = ngx_http_get_module_loc_conf(r, ngx_http_xslt_filter_module);
if (!conf->last_modified) {
ngx_http_clear_last_modified(r);
+ ngx_http_clear_etag(r);
+
+ } else {
+ ngx_http_weak_etag(r);
}
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http.c
^
|
| @@ -742,7 +742,7 @@
if (named) {
clcfp = ngx_palloc(cf->pool,
- (n + 1) * sizeof(ngx_http_core_loc_conf_t **));
+ (n + 1) * sizeof(ngx_http_core_loc_conf_t *));
if (clcfp == NULL) {
return NGX_ERROR;
}
@@ -768,7 +768,7 @@
if (regex) {
clcfp = ngx_palloc(cf->pool,
- (r + 1) * sizeof(ngx_http_core_loc_conf_t **));
+ (r + 1) * sizeof(ngx_http_core_loc_conf_t *));
if (clcfp == NULL) {
return NGX_ERROR;
}
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_cache.h
^
|
| @@ -24,6 +24,9 @@
#define NGX_HTTP_CACHE_SCARCE 8
#define NGX_HTTP_CACHE_KEY_LEN 16
+#define NGX_HTTP_CACHE_ETAG_LEN 42
+
+#define NGX_HTTP_CACHE_VERSION 2
typedef struct {
@@ -67,6 +70,8 @@
time_t last_modified;
time_t date;
+ ngx_str_t etag;
+
size_t header_start;
size_t body_start;
off_t length;
@@ -97,6 +102,7 @@
typedef struct {
+ ngx_uint_t version;
time_t valid_sec;
time_t last_modified;
time_t date;
@@ -104,6 +110,8 @@
u_short valid_msec;
u_short header_start;
u_short body_start;
+ u_char etag_len;
+ u_char etag[NGX_HTTP_CACHE_ETAG_LEN];
} ngx_http_file_cache_header_t;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_core_module.c
^
|
| @@ -1851,6 +1851,46 @@
}
+void
+ngx_http_weak_etag(ngx_http_request_t *r)
+{
+ size_t len;
+ u_char *p;
+ ngx_table_elt_t *etag;
+
+ etag = r->headers_out.etag;
+
+ if (etag == NULL) {
+ return;
+ }
+
+ if (etag->value.len > 2
+ && etag->value.data[0] == 'W'
+ && etag->value.data[1] == '/')
+ {
+ return;
+ }
+
+ if (etag->value.len < 1 || etag->value.data[0] != '"') {
+ r->headers_out.etag->hash = 0;
+ r->headers_out.etag = NULL;
+ return;
+ }
+
+ p = ngx_pnalloc(r->pool, etag->value.len + 2);
+ if (p == NULL) {
+ r->headers_out.etag->hash = 0;
+ r->headers_out.etag = NULL;
+ return;
+ }
+
+ len = ngx_sprintf(p, "W/%V", &etag->value) - p;
+
+ etag->value.data = p;
+ etag->value.len = len;
+}
+
+
ngx_int_t
ngx_http_send_response(ngx_http_request_t *r, ngx_uint_t status,
ngx_str_t *ct, ngx_http_complex_value_t *cv)
@@ -4789,7 +4829,8 @@
tf[i].name = value[i + 1];
if (tf[i].name.len > 0
- && tf[i].name.data[tf[i].name.len - 1] == '/')
+ && tf[i].name.data[tf[i].name.len - 1] == '/'
+ && i + 2 < cf->args->nelts)
{
tf[i].test_dir = 1;
tf[i].name.len--;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_core_module.h
^
|
| @@ -501,6 +501,7 @@
ngx_int_t ngx_http_set_content_type(ngx_http_request_t *r);
void ngx_http_set_exten(ngx_http_request_t *r);
ngx_int_t ngx_http_set_etag(ngx_http_request_t *r);
+void ngx_http_weak_etag(ngx_http_request_t *r);
ngx_int_t ngx_http_send_response(ngx_http_request_t *r, ngx_uint_t status,
ngx_str_t *ct, ngx_http_complex_value_t *cv);
u_char *ngx_http_map_uri_to_path(ngx_http_request_t *r, ngx_str_t *name,
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_file_cache.c
^
|
| @@ -498,6 +498,12 @@
h = (ngx_http_file_cache_header_t *) c->buf->pos;
+ if (h->version != NGX_HTTP_CACHE_VERSION) {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "cache file \"%s\" version mismatch", c->file.name.data);
+ return NGX_DECLINED;
+ }
+
if (h->crc32 != c->crc32) {
ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0,
"cache file \"%s\" has md5 collision", c->file.name.data);
@@ -519,6 +525,8 @@
c->valid_msec = h->valid_msec;
c->header_start = h->header_start;
c->body_start = h->body_start;
+ c->etag.len = h->etag_len;
+ c->etag.data = h->etag;
r->cached = 1;
@@ -678,8 +686,8 @@
goto done;
}
- fcn = ngx_slab_alloc_locked(cache->shpool,
- sizeof(ngx_http_file_cache_node_t));
+ fcn = ngx_slab_calloc_locked(cache->shpool,
+ sizeof(ngx_http_file_cache_node_t));
if (fcn == NULL) {
ngx_shmtx_unlock(&cache->shpool->mutex);
@@ -687,8 +695,8 @@
ngx_shmtx_lock(&cache->shpool->mutex);
- fcn = ngx_slab_alloc_locked(cache->shpool,
- sizeof(ngx_http_file_cache_node_t));
+ fcn = ngx_slab_calloc_locked(cache->shpool,
+ sizeof(ngx_http_file_cache_node_t));
if (fcn == NULL) {
rc = NGX_ERROR;
goto failed;
@@ -704,8 +712,6 @@
fcn->uses = 1;
fcn->count = 1;
- fcn->updating = 0;
- fcn->deleting = 0;
renew:
@@ -877,6 +883,7 @@
ngx_memzero(h, sizeof(ngx_http_file_cache_header_t));
+ h->version = NGX_HTTP_CACHE_VERSION;
h->valid_sec = c->valid_sec;
h->last_modified = c->last_modified;
h->date = c->date;
@@ -885,6 +892,11 @@
h->header_start = (u_short) c->header_start;
h->body_start = (u_short) c->body_start;
+ if (c->etag.len <= NGX_HTTP_CACHE_ETAG_LEN) {
+ h->etag_len = (u_char) c->etag.len;
+ ngx_memcpy(h->etag, c->etag.data, c->etag.len);
+ }
+
p = buf + sizeof(ngx_http_file_cache_header_t);
p = ngx_cpymem(p, ngx_http_file_cache_key, sizeof(ngx_http_file_cache_key));
@@ -1044,7 +1056,8 @@
goto done;
}
- if (h.last_modified != c->last_modified
+ if (h.version != NGX_HTTP_CACHE_VERSION
+ || h.last_modified != c->last_modified
|| h.crc32 != c->crc32
|| h.header_start != c->header_start
|| h.body_start != c->body_start)
@@ -1062,6 +1075,7 @@
ngx_memzero(&h, sizeof(ngx_http_file_cache_header_t));
+ h.version = NGX_HTTP_CACHE_VERSION;
h.valid_sec = c->valid_sec;
h.last_modified = c->last_modified;
h.date = c->date;
@@ -1070,6 +1084,11 @@
h.header_start = (u_short) c->header_start;
h.body_start = (u_short) c->body_start;
+ if (c->etag.len <= NGX_HTTP_CACHE_ETAG_LEN) {
+ h.etag_len = (u_char) c->etag.len;
+ ngx_memcpy(h.etag, c->etag.data, c->etag.len);
+ }
+
(void) ngx_write_file(&file, (u_char *) &h,
sizeof(ngx_http_file_cache_header_t), 0);
@@ -1618,8 +1637,8 @@
if (fcn == NULL) {
- fcn = ngx_slab_alloc_locked(cache->shpool,
- sizeof(ngx_http_file_cache_node_t));
+ fcn = ngx_slab_calloc_locked(cache->shpool,
+ sizeof(ngx_http_file_cache_node_t));
if (fcn == NULL) {
ngx_shmtx_unlock(&cache->shpool->mutex);
return NGX_ERROR;
@@ -1633,15 +1652,7 @@
ngx_rbtree_insert(&cache->sh->rbtree, &fcn->node);
fcn->uses = 1;
- fcn->count = 0;
- fcn->valid_msec = 0;
- fcn->error = 0;
fcn->exists = 1;
- fcn->updating = 0;
- fcn->deleting = 0;
- fcn->uniq = 0;
- fcn->valid_sec = 0;
- fcn->body_start = 0;
fcn->fs_size = c->fs_size;
cache->sh->size += c->fs_size;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_request.h
^
|
| @@ -528,6 +528,7 @@
unsigned filter_need_temporary:1;
unsigned allow_ranges:1;
unsigned single_range:1;
+ unsigned disable_not_modified:1;
#if (NGX_STAT_STUB)
unsigned stat_reading:1;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_spdy.h
^
|
| @@ -230,13 +230,16 @@
#else
#define ngx_spdy_frame_write_uint16(p, s) \
- ((p)[0] = (u_char) (s) >> 8, (p)[1] = (u_char) (s), (p) + sizeof(uint16_t))
+ ((p)[0] = (u_char) ((s) >> 8), \
+ (p)[1] = (u_char) (s), \
+ (p) + sizeof(uint16_t))
#define ngx_spdy_frame_write_uint32(p, s) \
- ((p)[0] = (u_char) (s) >> 24, \
- (p)[1] = (u_char) (s) >> 16, \
- (p)[2] = (u_char) (s) >> 8, \
- (p)[3] = (u_char) (s), (p) + sizeof(uint32_t))
+ ((p)[0] = (u_char) ((s) >> 24), \
+ (p)[1] = (u_char) ((s) >> 16), \
+ (p)[2] = (u_char) ((s) >> 8), \
+ (p)[3] = (u_char) (s), \
+ (p) + sizeof(uint32_t))
#endif
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_upstream.c
^
|
| @@ -19,6 +19,8 @@
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_upstream_cache_last_modified(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
+static ngx_int_t ngx_http_upstream_cache_etag(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
#endif
static void ngx_http_upstream_init_request(ngx_http_request_t *r);
@@ -87,6 +89,8 @@
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_process_content_length(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
+static ngx_int_t ngx_http_upstream_process_last_modified(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t ngx_http_upstream_process_set_cookie(ngx_http_request_t *r,
ngx_table_elt_t *h, ngx_uint_t offset);
static ngx_int_t
@@ -174,8 +178,7 @@
ngx_http_upstream_copy_content_type, 0, 1 },
{ ngx_string("Content-Length"),
- ngx_http_upstream_process_content_length,
- offsetof(ngx_http_upstream_headers_in_t, content_length),
+ ngx_http_upstream_process_content_length, 0,
ngx_http_upstream_ignore_header_line, 0, 0 },
{ ngx_string("Date"),
@@ -185,8 +188,7 @@
offsetof(ngx_http_headers_out_t, date), 0 },
{ ngx_string("Last-Modified"),
- ngx_http_upstream_process_header_line,
- offsetof(ngx_http_upstream_headers_in_t, last_modified),
+ ngx_http_upstream_process_last_modified, 0,
ngx_http_upstream_copy_last_modified, 0, 0 },
{ ngx_string("ETag"),
@@ -367,6 +369,10 @@
ngx_http_upstream_cache_last_modified, 0,
NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
+ { ngx_string("upstream_cache_etag"), NULL,
+ ngx_http_upstream_cache_etag, 0,
+ NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
+
#endif
{ ngx_null_string, NULL, NULL, 0, 0, 0 }
@@ -1668,13 +1674,6 @@
c->tcp_nopush = NGX_TCP_NOPUSH_UNSET;
}
- ngx_add_timer(c->read, u->conf->read_timeout);
-
- if (c->read->ready) {
- ngx_http_upstream_process_header(r, u);
- return;
- }
-
u->write_event_handler = ngx_http_upstream_dummy_handler;
if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
@@ -1682,6 +1681,13 @@
NGX_HTTP_INTERNAL_SERVER_ERROR);
return;
}
+
+ ngx_add_timer(c->read, u->conf->read_timeout);
+
+ if (c->read->ready) {
+ ngx_http_upstream_process_header(r, u);
+ return;
+ }
}
@@ -2238,6 +2244,8 @@
r->headers_out.content_length_n = u->headers_in.content_length_n;
+ r->disable_not_modified = !u->cacheable;
+
u->length = -1;
return NGX_OK;
@@ -2349,21 +2357,17 @@
if (r->header_only) {
- if (u->cacheable || u->store) {
-
- if (ngx_shutdown_socket(c->fd, NGX_WRITE_SHUTDOWN) == -1) {
- ngx_connection_error(c, ngx_socket_errno,
- ngx_shutdown_socket_n " failed");
- }
-
- r->read_event_handler = ngx_http_request_empty_handler;
- r->write_event_handler = ngx_http_request_empty_handler;
- c->error = 1;
+ if (!u->buffering) {
+ ngx_http_upstream_finalize_request(r, u, rc);
+ return;
+ }
- } else {
+ if (!u->cacheable && !u->store) {
ngx_http_upstream_finalize_request(r, u, rc);
return;
}
+
+ u->pipe->downstream_error = 1;
}
if (r->request_body && r->request_body->temp_file) {
@@ -2492,15 +2496,18 @@
}
if (valid) {
- r->cache->last_modified = r->headers_out.last_modified_time;
+ r->cache->last_modified = u->headers_in.last_modified_time;
r->cache->date = now;
r->cache->body_start = (u_short) (u->buffer.pos - u->buffer.start);
+ if (u->headers_in.etag) {
+ r->cache->etag = u->headers_in.etag->value;
+ }
+
ngx_http_file_cache_set_header(r, u->buffer.start);
} else {
u->cacheable = 0;
- r->headers_out.last_modified_time = -1;
}
}
@@ -3730,6 +3737,29 @@
static ngx_int_t
+ngx_http_upstream_process_last_modified(ngx_http_request_t *r,
+ ngx_table_elt_t *h, ngx_uint_t offset)
+{
+ ngx_http_upstream_t *u;
+
+ u = r->upstream;
+
+ u->headers_in.last_modified = h;
+
+#if (NGX_HTTP_CACHE)
+
+ if (u->cacheable) {
+ u->headers_in.last_modified_time = ngx_http_parse_time(h->value.data,
+ h->value.len);
+ }
+
+#endif
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_upstream_process_set_cookie(ngx_http_request_t *r, ngx_table_elt_t *h,
ngx_uint_t offset)
{
@@ -4185,8 +4215,8 @@
#if (NGX_HTTP_CACHE)
if (r->upstream->cacheable) {
- r->headers_out.last_modified_time = ngx_http_parse_time(h->value.data,
- h->value.len);
+ r->headers_out.last_modified_time =
+ r->upstream->headers_in.last_modified_time;
}
#endif
@@ -4764,6 +4794,29 @@
return NGX_OK;
}
+
+static ngx_int_t
+ngx_http_upstream_cache_etag(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data)
+{
+ if (r->upstream == NULL
+ || !r->upstream->conf->cache_revalidate
+ || r->upstream->cache_status != NGX_HTTP_CACHE_EXPIRED
+ || r->cache->etag.len == 0)
+ {
+ v->not_found = 1;
+ return NGX_OK;
+ }
+
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+ v->len = r->cache->etag.len;
+ v->data = r->cache->etag.data;
+
+ return NGX_OK;
+}
+
#endif
@@ -4851,6 +4904,12 @@
}
}
+ uscf->servers = ngx_array_create(cf->pool, 4,
+ sizeof(ngx_http_upstream_server_t));
+ if (uscf->servers == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
/* parse inside upstream{} */
@@ -4866,7 +4925,7 @@
return rv;
}
- if (uscf->servers == NULL) {
+ if (uscf->servers->nelts == 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"no servers are inside upstream");
return NGX_CONF_ERROR;
@@ -4888,14 +4947,6 @@
ngx_uint_t i;
ngx_http_upstream_server_t *us;
- if (uscf->servers == NULL) {
- uscf->servers = ngx_array_create(cf->pool, 4,
- sizeof(ngx_http_upstream_server_t));
- if (uscf->servers == NULL) {
- return NGX_CONF_ERROR;
- }
- }
-
us = ngx_array_push(uscf->servers);
if (us == NULL) {
return NGX_CONF_ERROR;
@@ -4905,20 +4956,6 @@
value = cf->args->elts;
- ngx_memzero(&u, sizeof(ngx_url_t));
-
- u.url = value[1];
- u.default_port = 80;
-
- if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
- if (u.err) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "%s in upstream \"%V\"", u.err, &u.url);
- }
-
- return NGX_CONF_ERROR;
- }
-
weight = 1;
max_fails = 1;
fail_timeout = 10;
@@ -4998,6 +5035,21 @@
goto invalid;
}
+ ngx_memzero(&u, sizeof(ngx_url_t));
+
+ u.url = value[1];
+ u.default_port = 80;
+
+ if (ngx_parse_url(cf->pool, &u) != NGX_OK) {
+ if (u.err) {
+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+ "%s in upstream \"%V\"", u.err, &u.url);
+ }
+
+ return NGX_CONF_ERROR;
+ }
+
+ us->name = u.url;
us->addrs = u.addrs;
us->naddrs = u.naddrs;
us->weight = weight;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_upstream.h
^
|
| @@ -87,6 +87,7 @@
typedef struct {
+ ngx_str_t name;
ngx_addr_t *addrs;
ngx_uint_t naddrs;
ngx_uint_t weight;
@@ -245,11 +246,12 @@
ngx_table_elt_t *content_encoding;
#endif
- off_t content_length_n;
-
ngx_array_t cache_control;
ngx_array_t cookies;
+ off_t content_length_n;
+ time_t last_modified_time;
+
unsigned connection_close:1;
unsigned chunked:1;
} ngx_http_upstream_headers_in_t;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_upstream_round_robin.c
^
|
| @@ -30,6 +30,7 @@
ngx_url_t u;
ngx_uint_t i, j, n, w;
ngx_http_upstream_server_t *server;
+ ngx_http_upstream_rr_peer_t *peer;
ngx_http_upstream_rr_peers_t *peers, *backup;
us->peer.init = ngx_http_upstream_init_round_robin_peer;
@@ -69,6 +70,7 @@
peers->name = &us->host;
n = 0;
+ peer = peers->peer;
for (i = 0; i < us->servers->nelts; i++) {
if (server[i].backup) {
@@ -76,15 +78,16 @@
}
for (j = 0; j < server[i].naddrs; j++) {
- peers->peer[n].sockaddr = server[i].addrs[j].sockaddr;
- peers->peer[n].socklen = server[i].addrs[j].socklen;
- peers->peer[n].name = server[i].addrs[j].name;
- peers->peer[n].weight = server[i].weight;
- peers->peer[n].effective_weight = server[i].weight;
- peers->peer[n].current_weight = 0;
- peers->peer[n].max_fails = server[i].max_fails;
- peers->peer[n].fail_timeout = server[i].fail_timeout;
- peers->peer[n].down = server[i].down;
+ peer[n].sockaddr = server[i].addrs[j].sockaddr;
+ peer[n].socklen = server[i].addrs[j].socklen;
+ peer[n].name = server[i].addrs[j].name;
+ peer[n].weight = server[i].weight;
+ peer[n].effective_weight = server[i].weight;
+ peer[n].current_weight = 0;
+ peer[n].max_fails = server[i].max_fails;
+ peer[n].fail_timeout = server[i].fail_timeout;
+ peer[n].down = server[i].down;
+ peer[n].server = server[i].name;
n++;
}
}
@@ -123,6 +126,7 @@
backup->name = &us->host;
n = 0;
+ peer = backup->peer;
for (i = 0; i < us->servers->nelts; i++) {
if (!server[i].backup) {
@@ -130,15 +134,16 @@
}
for (j = 0; j < server[i].naddrs; j++) {
- backup->peer[n].sockaddr = server[i].addrs[j].sockaddr;
- backup->peer[n].socklen = server[i].addrs[j].socklen;
- backup->peer[n].name = server[i].addrs[j].name;
- backup->peer[n].weight = server[i].weight;
- backup->peer[n].effective_weight = server[i].weight;
- backup->peer[n].current_weight = 0;
- backup->peer[n].max_fails = server[i].max_fails;
- backup->peer[n].fail_timeout = server[i].fail_timeout;
- backup->peer[n].down = server[i].down;
+ peer[n].sockaddr = server[i].addrs[j].sockaddr;
+ peer[n].socklen = server[i].addrs[j].socklen;
+ peer[n].name = server[i].addrs[j].name;
+ peer[n].weight = server[i].weight;
+ peer[n].effective_weight = server[i].weight;
+ peer[n].current_weight = 0;
+ peer[n].max_fails = server[i].max_fails;
+ peer[n].fail_timeout = server[i].fail_timeout;
+ peer[n].down = server[i].down;
+ peer[n].server = server[i].name;
n++;
}
}
@@ -187,15 +192,17 @@
peers->total_weight = n;
peers->name = &us->host;
+ peer = peers->peer;
+
for (i = 0; i < u.naddrs; i++) {
- peers->peer[i].sockaddr = u.addrs[i].sockaddr;
- peers->peer[i].socklen = u.addrs[i].socklen;
- peers->peer[i].name = u.addrs[i].name;
- peers->peer[i].weight = 1;
- peers->peer[i].effective_weight = 1;
- peers->peer[i].current_weight = 0;
- peers->peer[i].max_fails = 1;
- peers->peer[i].fail_timeout = 10;
+ peer[i].sockaddr = u.addrs[i].sockaddr;
+ peer[i].socklen = u.addrs[i].socklen;
+ peer[i].name = u.addrs[i].name;
+ peer[i].weight = 1;
+ peer[i].effective_weight = 1;
+ peer[i].current_weight = 0;
+ peer[i].max_fails = 1;
+ peer[i].fail_timeout = 10;
}
us->peer.data = peers;
@@ -269,6 +276,7 @@
socklen_t socklen;
ngx_uint_t i, n;
struct sockaddr *sockaddr;
+ ngx_http_upstream_rr_peer_t *peer;
ngx_http_upstream_rr_peers_t *peers;
ngx_http_upstream_rr_peer_data_t *rrp;
@@ -293,15 +301,17 @@
peers->number = ur->naddrs;
peers->name = &ur->host;
+ peer = peers->peer;
+
if (ur->sockaddr) {
- peers->peer[0].sockaddr = ur->sockaddr;
- peers->peer[0].socklen = ur->socklen;
- peers->peer[0].name = ur->host;
- peers->peer[0].weight = 1;
- peers->peer[0].effective_weight = 1;
- peers->peer[0].current_weight = 0;
- peers->peer[0].max_fails = 1;
- peers->peer[0].fail_timeout = 10;
+ peer[0].sockaddr = ur->sockaddr;
+ peer[0].socklen = ur->socklen;
+ peer[0].name = ur->host;
+ peer[0].weight = 1;
+ peer[0].effective_weight = 1;
+ peer[0].current_weight = 0;
+ peer[0].max_fails = 1;
+ peer[0].fail_timeout = 10;
} else {
@@ -333,15 +343,15 @@
len = ngx_sock_ntop(sockaddr, socklen, p, NGX_SOCKADDR_STRLEN, 1);
- peers->peer[i].sockaddr = sockaddr;
- peers->peer[i].socklen = socklen;
- peers->peer[i].name.len = len;
- peers->peer[i].name.data = p;
- peers->peer[i].weight = 1;
- peers->peer[i].effective_weight = 1;
- peers->peer[i].current_weight = 0;
- peers->peer[i].max_fails = 1;
- peers->peer[i].fail_timeout = 10;
+ peer[i].sockaddr = sockaddr;
+ peer[i].socklen = socklen;
+ peer[i].name.len = len;
+ peer[i].name.data = p;
+ peer[i].weight = 1;
+ peer[i].effective_weight = 1;
+ peer[i].current_weight = 0;
+ peer[i].max_fails = 1;
+ peer[i].fail_timeout = 10;
}
}
@@ -387,13 +397,15 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
"get rr peer, try: %ui", pc->tries);
- /* ngx_lock_mutex(rrp->peers->mutex); */
-
pc->cached = 0;
pc->connection = NULL;
- if (rrp->peers->single) {
- peer = &rrp->peers->peer[0];
+ peers = rrp->peers;
+
+ /* ngx_lock_mutex(peers->mutex); */
+
+ if (peers->single) {
+ peer = &peers->peer[0];
if (peer->down) {
goto failed;
@@ -418,18 +430,16 @@
pc->socklen = peer->socklen;
pc->name = &peer->name;
- /* ngx_unlock_mutex(rrp->peers->mutex); */
+ /* ngx_unlock_mutex(peers->mutex); */
- if (pc->tries == 1 && rrp->peers->next) {
- pc->tries += rrp->peers->next->number;
+ if (pc->tries == 1 && peers->next) {
+ pc->tries += peers->next->number;
}
return NGX_OK;
failed:
- peers = rrp->peers;
-
if (peers->next) {
/* ngx_unlock_mutex(peers->mutex); */
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/http/ngx_http_upstream_round_robin.h
^
|
| @@ -18,6 +18,7 @@
struct sockaddr *sockaddr;
socklen_t socklen;
ngx_str_t name;
+ ngx_str_t server;
ngx_int_t current_weight;
ngx_int_t effective_weight;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/mail/ngx_mail_ssl_module.c
^
|
| @@ -21,6 +21,8 @@
void *conf);
static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
@@ -74,6 +76,13 @@
offsetof(ngx_mail_ssl_conf_t, certificate_key),
NULL },
+ { ngx_string("ssl_password_file"),
+ NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
+ ngx_mail_ssl_password_file,
+ NGX_MAIL_SRV_CONF_OFFSET,
+ 0,
+ NULL },
+
{ ngx_string("ssl_dhparam"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
@@ -195,6 +204,7 @@
scf->enable = NGX_CONF_UNSET;
scf->starttls = NGX_CONF_UNSET_UINT;
+ scf->passwords = NGX_CONF_UNSET_PTR;
scf->prefer_server_ciphers = NGX_CONF_UNSET;
scf->builtin_session_cache = NGX_CONF_UNSET;
scf->session_timeout = NGX_CONF_UNSET;
@@ -231,6 +241,8 @@
ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
+ ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
+
ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
@@ -302,7 +314,7 @@
cln->data = &conf->ssl;
if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
- &conf->certificate_key)
+ &conf->certificate_key, conf->passwords)
!= NGX_OK)
{
return NGX_CONF_ERROR;
@@ -419,6 +431,29 @@
return NGX_CONF_OK;
}
+
+
+static char *
+ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ ngx_mail_ssl_conf_t *scf = conf;
+
+ ngx_str_t *value;
+
+ if (scf->passwords != NGX_CONF_UNSET_PTR) {
+ return "is duplicate";
+ }
+
+ value = cf->args->elts;
+
+ scf->passwords = ngx_ssl_read_password_file(cf, &value[1]);
+
+ if (scf->passwords == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
+ return NGX_CONF_OK;
+}
static char *
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/mail/ngx_mail_ssl_module.h
^
|
| @@ -39,6 +39,8 @@
ngx_str_t ciphers;
+ ngx_array_t *passwords;
+
ngx_shm_zone_t *shm_zone;
ngx_flag_t session_tickets;
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/os/unix/ngx_darwin_config.h
^
|
| @@ -9,9 +9,6 @@
#define _NGX_DARWIN_CONFIG_H_INCLUDED_
-#define MAC_OS_X_VERSION_MIN_REQUIRED MAC_OS_X_VERSION_10_0
-
-
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/os/unix/ngx_darwin_sendfile_chain.c
^
|
| @@ -13,7 +13,7 @@
/*
* It seems that Darwin 9.4 (Mac OS X 1.5) sendfile() has the same
* old bug as early FreeBSD sendfile() syscall:
- * http://www.freebsd.org/cgi/query-pr.cgi?pr=33771
+ * http://bugs.freebsd.org/33771
*
* Besides sendfile() has another bug: if one calls sendfile()
* with both a header and a trailer, then sendfile() ignores a file part
|
|
[-]
[+]
|
Changed |
nginx-1.7.3.tar.gz/src/os/unix/ngx_freebsd_sendfile_chain.c
^
|
| @@ -265,7 +265,7 @@
/*
* the "nbytes bug" of the old sendfile() syscall:
- * http://www.freebsd.org/cgi/query-pr.cgi?pr=33771
+ * http://bugs.freebsd.org/33771
*/
if (!ngx_freebsd_sendfile_nbytes_bug) {
|
