Mercurial > hg > nginx
annotate src/stream/ngx_stream_proxy_module.c @ 9263:388a801e9bb9
Request body: discarded body now treated as no body.
Notably, proxying of such requests now uses no Content-Length instead
of "Content-Length: 0", and the $content_length variable is empty (instead
of "0").
This might be beneficial from correctness point of view, since requests
with discarded body, such as during processing of error pages, do not pretend
there is a zero-length body, but instead do not contain body at all. For
example, this might be important for PUT requests, where a zero-length
body could be incorrectly interpreted as a real request body.
This also slightly simplifies the code.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sat, 27 Apr 2024 18:23:52 +0300 |
parents | 113e2438dbd4 |
children |
rev | line source |
---|---|
6115 | 1 |
2 /* | |
3 * Copyright (C) Roman Arutyunyan | |
4 * Copyright (C) Nginx, Inc. | |
5 */ | |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_stream.h> | |
11 | |
12 | |
13 typedef struct { | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
14 ngx_addr_t *addr; |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
15 ngx_stream_complex_value_t *value; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
16 #if (NGX_HAVE_TRANSPARENT_PROXY) |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
17 ngx_uint_t transparent; /* unsigned transparent:1; */ |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
18 #endif |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
19 } ngx_stream_upstream_local_t; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
20 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
21 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
22 typedef struct { |
6115 | 23 ngx_msec_t connect_timeout; |
24 ngx_msec_t timeout; | |
25 ngx_msec_t next_upstream_timeout; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
26 size_t buffer_size; |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
27 ngx_stream_complex_value_t *upload_rate; |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
28 ngx_stream_complex_value_t *download_rate; |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
29 ngx_uint_t requests; |
6436 | 30 ngx_uint_t responses; |
6115 | 31 ngx_uint_t next_upstream_tries; |
32 ngx_flag_t next_upstream; | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
33 ngx_flag_t proxy_protocol; |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
34 ngx_flag_t half_close; |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
35 ngx_stream_upstream_local_t *local; |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
36 ngx_flag_t socket_keepalive; |
6115 | 37 |
38 #if (NGX_STREAM_SSL) | |
39 ngx_flag_t ssl_enable; | |
40 ngx_flag_t ssl_session_reuse; | |
41 ngx_uint_t ssl_protocols; | |
42 ngx_str_t ssl_ciphers; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
43 ngx_stream_complex_value_t *ssl_name; |
6115 | 44 ngx_flag_t ssl_server_name; |
45 | |
46 ngx_flag_t ssl_verify; | |
47 ngx_uint_t ssl_verify_depth; | |
48 ngx_str_t ssl_trusted_certificate; | |
49 ngx_str_t ssl_crl; | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
50 ngx_stream_complex_value_t *ssl_certificate; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
51 ngx_stream_complex_value_t *ssl_certificate_key; |
6115 | 52 ngx_array_t *ssl_passwords; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
53 ngx_array_t *ssl_conf_commands; |
6115 | 54 |
55 ngx_ssl_t *ssl; | |
56 #endif | |
57 | |
58 ngx_stream_upstream_srv_conf_t *upstream; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
59 ngx_stream_complex_value_t *upstream_value; |
6115 | 60 } ngx_stream_proxy_srv_conf_t; |
61 | |
62 | |
63 static void ngx_stream_proxy_handler(ngx_stream_session_t *s); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
64 static ngx_int_t ngx_stream_proxy_eval(ngx_stream_session_t *s, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
65 ngx_stream_proxy_srv_conf_t *pscf); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
66 static ngx_int_t ngx_stream_proxy_set_local(ngx_stream_session_t *s, |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
67 ngx_stream_upstream_t *u, ngx_stream_upstream_local_t *local); |
6115 | 68 static void ngx_stream_proxy_connect(ngx_stream_session_t *s); |
69 static void ngx_stream_proxy_init_upstream(ngx_stream_session_t *s); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
70 static void ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx); |
6115 | 71 static void ngx_stream_proxy_upstream_handler(ngx_event_t *ev); |
72 static void ngx_stream_proxy_downstream_handler(ngx_event_t *ev); | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
73 static void ngx_stream_proxy_process_connection(ngx_event_t *ev, |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
74 ngx_uint_t from_upstream); |
6115 | 75 static void ngx_stream_proxy_connect_handler(ngx_event_t *ev); |
76 static ngx_int_t ngx_stream_proxy_test_connect(ngx_connection_t *c); | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
77 static void ngx_stream_proxy_process(ngx_stream_session_t *s, |
6115 | 78 ngx_uint_t from_upstream, ngx_uint_t do_write); |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
79 static ngx_int_t ngx_stream_proxy_test_finalize(ngx_stream_session_t *s, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
80 ngx_uint_t from_upstream); |
6115 | 81 static void ngx_stream_proxy_next_upstream(ngx_stream_session_t *s); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
82 static void ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc); |
6115 | 83 static u_char *ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, |
84 size_t len); | |
85 | |
86 static void *ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf); | |
87 static char *ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, | |
88 void *child); | |
89 static char *ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, | |
90 void *conf); | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
91 static char *ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
92 void *conf); |
6115 | 93 |
94 #if (NGX_STREAM_SSL) | |
95 | |
6692 | 96 static ngx_int_t ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s); |
6115 | 97 static char *ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, |
98 ngx_command_t *cmd, void *conf); | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
99 static char *ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
100 void *data); |
6115 | 101 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); |
102 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
103 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c); |
6115 | 104 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
105 static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s); |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
106 static ngx_int_t ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
107 ngx_stream_proxy_srv_conf_t *conf, ngx_stream_proxy_srv_conf_t *prev); |
6115 | 108 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, |
109 ngx_stream_proxy_srv_conf_t *pscf); | |
110 | |
111 | |
112 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { | |
113 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
114 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
115 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
116 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
117 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
6981
08dc60979133
SSL: added support for TLSv1.3 in ssl_protocols directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6868
diff
changeset
|
118 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, |
6115 | 119 { ngx_null_string, 0 } |
120 }; | |
121 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
122 static ngx_conf_post_t ngx_stream_proxy_ssl_conf_command_post = |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
123 { ngx_stream_proxy_ssl_conf_command_check }; |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
124 |
6115 | 125 #endif |
126 | |
127 | |
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
128 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_downstream_buffer = { |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
129 ngx_conf_deprecated, "proxy_downstream_buffer", "proxy_buffer_size" |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
130 }; |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
131 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
132 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_upstream_buffer = { |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
133 ngx_conf_deprecated, "proxy_upstream_buffer", "proxy_buffer_size" |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
134 }; |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
135 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
136 |
6115 | 137 static ngx_command_t ngx_stream_proxy_commands[] = { |
138 | |
139 { ngx_string("proxy_pass"), | |
140 NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
141 ngx_stream_proxy_pass, | |
142 NGX_STREAM_SRV_CONF_OFFSET, | |
143 0, | |
144 NULL }, | |
145 | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
146 { ngx_string("proxy_bind"), |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
147 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE12, |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
148 ngx_stream_proxy_bind, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
149 NGX_STREAM_SRV_CONF_OFFSET, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
150 0, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
151 NULL }, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
152 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
153 { ngx_string("proxy_socket_keepalive"), |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
154 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
155 ngx_conf_set_flag_slot, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
156 NGX_STREAM_SRV_CONF_OFFSET, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
157 offsetof(ngx_stream_proxy_srv_conf_t, socket_keepalive), |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
158 NULL }, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
159 |
6115 | 160 { ngx_string("proxy_connect_timeout"), |
161 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
162 ngx_conf_set_msec_slot, | |
163 NGX_STREAM_SRV_CONF_OFFSET, | |
164 offsetof(ngx_stream_proxy_srv_conf_t, connect_timeout), | |
165 NULL }, | |
166 | |
167 { ngx_string("proxy_timeout"), | |
168 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
169 ngx_conf_set_msec_slot, | |
170 NGX_STREAM_SRV_CONF_OFFSET, | |
171 offsetof(ngx_stream_proxy_srv_conf_t, timeout), | |
172 NULL }, | |
173 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
174 { ngx_string("proxy_buffer_size"), |
6115 | 175 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
176 ngx_conf_set_size_slot, | |
177 NGX_STREAM_SRV_CONF_OFFSET, | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
178 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
6115 | 179 NULL }, |
180 | |
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
181 { ngx_string("proxy_downstream_buffer"), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
182 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
183 ngx_conf_set_size_slot, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
184 NGX_STREAM_SRV_CONF_OFFSET, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
185 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
186 &ngx_conf_deprecated_proxy_downstream_buffer }, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
187 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
188 { ngx_string("proxy_upstream_buffer"), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
189 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
190 ngx_conf_set_size_slot, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
191 NGX_STREAM_SRV_CONF_OFFSET, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
192 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
193 &ngx_conf_deprecated_proxy_upstream_buffer }, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
194 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
195 { ngx_string("proxy_upload_rate"), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
196 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
197 ngx_stream_set_complex_value_size_slot, |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
198 NGX_STREAM_SRV_CONF_OFFSET, |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
199 offsetof(ngx_stream_proxy_srv_conf_t, upload_rate), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
200 NULL }, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
201 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
202 { ngx_string("proxy_download_rate"), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
203 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
204 ngx_stream_set_complex_value_size_slot, |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
205 NGX_STREAM_SRV_CONF_OFFSET, |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
206 offsetof(ngx_stream_proxy_srv_conf_t, download_rate), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
207 NULL }, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
208 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
209 { ngx_string("proxy_requests"), |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
210 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
211 ngx_conf_set_num_slot, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
212 NGX_STREAM_SRV_CONF_OFFSET, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
213 offsetof(ngx_stream_proxy_srv_conf_t, requests), |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
214 NULL }, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
215 |
6436 | 216 { ngx_string("proxy_responses"), |
217 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
218 ngx_conf_set_num_slot, | |
219 NGX_STREAM_SRV_CONF_OFFSET, | |
220 offsetof(ngx_stream_proxy_srv_conf_t, responses), | |
221 NULL }, | |
222 | |
6115 | 223 { ngx_string("proxy_next_upstream"), |
224 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
225 ngx_conf_set_flag_slot, | |
226 NGX_STREAM_SRV_CONF_OFFSET, | |
227 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream), | |
228 NULL }, | |
229 | |
230 { ngx_string("proxy_next_upstream_tries"), | |
231 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
232 ngx_conf_set_num_slot, | |
233 NGX_STREAM_SRV_CONF_OFFSET, | |
234 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_tries), | |
235 NULL }, | |
236 | |
237 { ngx_string("proxy_next_upstream_timeout"), | |
238 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
239 ngx_conf_set_msec_slot, | |
240 NGX_STREAM_SRV_CONF_OFFSET, | |
241 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_timeout), | |
242 NULL }, | |
243 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
244 { ngx_string("proxy_protocol"), |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
245 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
246 ngx_conf_set_flag_slot, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
247 NGX_STREAM_SRV_CONF_OFFSET, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
248 offsetof(ngx_stream_proxy_srv_conf_t, proxy_protocol), |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
249 NULL }, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
250 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
251 { ngx_string("proxy_half_close"), |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
252 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
253 ngx_conf_set_flag_slot, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
254 NGX_STREAM_SRV_CONF_OFFSET, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
255 offsetof(ngx_stream_proxy_srv_conf_t, half_close), |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
256 NULL }, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
257 |
6115 | 258 #if (NGX_STREAM_SSL) |
259 | |
260 { ngx_string("proxy_ssl"), | |
261 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
262 ngx_conf_set_flag_slot, | |
263 NGX_STREAM_SRV_CONF_OFFSET, | |
264 offsetof(ngx_stream_proxy_srv_conf_t, ssl_enable), | |
265 NULL }, | |
266 | |
267 { ngx_string("proxy_ssl_session_reuse"), | |
268 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
269 ngx_conf_set_flag_slot, | |
270 NGX_STREAM_SRV_CONF_OFFSET, | |
271 offsetof(ngx_stream_proxy_srv_conf_t, ssl_session_reuse), | |
272 NULL }, | |
273 | |
274 { ngx_string("proxy_ssl_protocols"), | |
275 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_1MORE, | |
276 ngx_conf_set_bitmask_slot, | |
277 NGX_STREAM_SRV_CONF_OFFSET, | |
278 offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols), | |
279 &ngx_stream_proxy_ssl_protocols }, | |
280 | |
281 { ngx_string("proxy_ssl_ciphers"), | |
282 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
283 ngx_conf_set_str_slot, | |
284 NGX_STREAM_SRV_CONF_OFFSET, | |
285 offsetof(ngx_stream_proxy_srv_conf_t, ssl_ciphers), | |
286 NULL }, | |
287 | |
288 { ngx_string("proxy_ssl_name"), | |
289 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
290 ngx_stream_set_complex_value_slot, |
6115 | 291 NGX_STREAM_SRV_CONF_OFFSET, |
292 offsetof(ngx_stream_proxy_srv_conf_t, ssl_name), | |
293 NULL }, | |
294 | |
295 { ngx_string("proxy_ssl_server_name"), | |
296 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
297 ngx_conf_set_flag_slot, | |
298 NGX_STREAM_SRV_CONF_OFFSET, | |
299 offsetof(ngx_stream_proxy_srv_conf_t, ssl_server_name), | |
300 NULL }, | |
301 | |
302 { ngx_string("proxy_ssl_verify"), | |
303 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
304 ngx_conf_set_flag_slot, | |
305 NGX_STREAM_SRV_CONF_OFFSET, | |
306 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify), | |
307 NULL }, | |
308 | |
309 { ngx_string("proxy_ssl_verify_depth"), | |
310 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
311 ngx_conf_set_num_slot, | |
312 NGX_STREAM_SRV_CONF_OFFSET, | |
313 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify_depth), | |
314 NULL }, | |
315 | |
316 { ngx_string("proxy_ssl_trusted_certificate"), | |
317 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
318 ngx_conf_set_str_slot, | |
319 NGX_STREAM_SRV_CONF_OFFSET, | |
320 offsetof(ngx_stream_proxy_srv_conf_t, ssl_trusted_certificate), | |
321 NULL }, | |
322 | |
323 { ngx_string("proxy_ssl_crl"), | |
324 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
325 ngx_conf_set_str_slot, | |
326 NGX_STREAM_SRV_CONF_OFFSET, | |
327 offsetof(ngx_stream_proxy_srv_conf_t, ssl_crl), | |
328 NULL }, | |
329 | |
330 { ngx_string("proxy_ssl_certificate"), | |
331 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
332 ngx_stream_set_complex_value_zero_slot, |
6115 | 333 NGX_STREAM_SRV_CONF_OFFSET, |
334 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate), | |
335 NULL }, | |
336 | |
337 { ngx_string("proxy_ssl_certificate_key"), | |
338 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
339 ngx_stream_set_complex_value_zero_slot, |
6115 | 340 NGX_STREAM_SRV_CONF_OFFSET, |
341 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate_key), | |
342 NULL }, | |
343 | |
344 { ngx_string("proxy_ssl_password_file"), | |
345 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
346 ngx_stream_proxy_ssl_password_file, | |
347 NGX_STREAM_SRV_CONF_OFFSET, | |
348 0, | |
349 NULL }, | |
350 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
351 { ngx_string("proxy_ssl_conf_command"), |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
352 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE2, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
353 ngx_conf_set_keyval_slot, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
354 NGX_STREAM_SRV_CONF_OFFSET, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
355 offsetof(ngx_stream_proxy_srv_conf_t, ssl_conf_commands), |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
356 &ngx_stream_proxy_ssl_conf_command_post }, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
357 |
6115 | 358 #endif |
359 | |
360 ngx_null_command | |
361 }; | |
362 | |
363 | |
364 static ngx_stream_module_t ngx_stream_proxy_module_ctx = { | |
6606
2f41d383c9c7
Stream: added preconfiguration step.
Vladimir Homutov <vl@nginx.com>
parents:
6599
diff
changeset
|
365 NULL, /* preconfiguration */ |
6174
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
366 NULL, /* postconfiguration */ |
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
367 |
6115 | 368 NULL, /* create main configuration */ |
369 NULL, /* init main configuration */ | |
370 | |
371 ngx_stream_proxy_create_srv_conf, /* create server configuration */ | |
372 ngx_stream_proxy_merge_srv_conf /* merge server configuration */ | |
373 }; | |
374 | |
375 | |
376 ngx_module_t ngx_stream_proxy_module = { | |
377 NGX_MODULE_V1, | |
378 &ngx_stream_proxy_module_ctx, /* module context */ | |
379 ngx_stream_proxy_commands, /* module directives */ | |
380 NGX_STREAM_MODULE, /* module type */ | |
381 NULL, /* init master */ | |
382 NULL, /* init module */ | |
383 NULL, /* init process */ | |
384 NULL, /* init thread */ | |
385 NULL, /* exit thread */ | |
386 NULL, /* exit process */ | |
387 NULL, /* exit master */ | |
388 NGX_MODULE_V1_PADDING | |
389 }; | |
390 | |
391 | |
392 static void | |
393 ngx_stream_proxy_handler(ngx_stream_session_t *s) | |
394 { | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
395 u_char *p; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
396 ngx_str_t *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
397 ngx_uint_t i; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
398 ngx_connection_t *c; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
399 ngx_resolver_ctx_t *ctx, temp; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
400 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
401 ngx_stream_core_srv_conf_t *cscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
402 ngx_stream_proxy_srv_conf_t *pscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
403 ngx_stream_upstream_srv_conf_t *uscf, **uscfp; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
404 ngx_stream_upstream_main_conf_t *umcf; |
6115 | 405 |
406 c = s->connection; | |
407 | |
408 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
409 | |
410 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
411 "proxy connection handler"); | |
412 | |
413 u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t)); | |
414 if (u == NULL) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
415 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 416 return; |
417 } | |
418 | |
419 s->upstream = u; | |
420 | |
421 s->log_handler = ngx_stream_proxy_log_error; | |
422 | |
7286 | 423 u->requests = 1; |
424 | |
6115 | 425 u->peer.log = c->log; |
426 u->peer.log_error = NGX_ERROR_ERR; | |
427 | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
428 if (ngx_stream_proxy_set_local(s, u, pscf->local) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
429 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
430 return; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
431 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
432 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
433 if (pscf->socket_keepalive) { |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
434 u->peer.so_keepalive = 1; |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
435 } |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
436 |
6436 | 437 u->peer.type = c->type; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
438 u->start_sec = ngx_time(); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
439 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
440 c->write->handler = ngx_stream_proxy_downstream_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
441 c->read->handler = ngx_stream_proxy_downstream_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
442 |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
443 s->upstream_states = ngx_array_create(c->pool, 1, |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
444 sizeof(ngx_stream_upstream_state_t)); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
445 if (s->upstream_states == NULL) { |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
446 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
447 return; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
448 } |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
449 |
7286 | 450 p = ngx_pnalloc(c->pool, pscf->buffer_size); |
451 if (p == NULL) { | |
452 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
453 return; | |
454 } | |
455 | |
456 u->downstream_buf.start = p; | |
457 u->downstream_buf.end = p + pscf->buffer_size; | |
458 u->downstream_buf.pos = p; | |
459 u->downstream_buf.last = p; | |
460 | |
461 if (c->read->ready) { | |
462 ngx_post_event(c->read, &ngx_posted_events); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
463 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
464 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
465 if (pscf->upstream_value) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
466 if (ngx_stream_proxy_eval(s, pscf) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
467 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
468 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
469 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
470 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
471 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
472 if (u->resolved == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
473 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
474 uscf = pscf->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
475 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
476 } else { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
477 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
478 #if (NGX_STREAM_SSL) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
479 u->ssl_name = u->resolved->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
480 #endif |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
481 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
482 host = &u->resolved->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
483 |
6786
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
484 umcf = ngx_stream_get_module_main_conf(s, ngx_stream_upstream_module); |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
485 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
486 uscfp = umcf->upstreams.elts; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
487 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
488 for (i = 0; i < umcf->upstreams.nelts; i++) { |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
489 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
490 uscf = uscfp[i]; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
491 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
492 if (uscf->host.len == host->len |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
493 && ((uscf->port == 0 && u->resolved->no_port) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
494 || uscf->port == u->resolved->port) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
495 && ngx_strncasecmp(uscf->host.data, host->data, host->len) == 0) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
496 { |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
497 goto found; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
498 } |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
499 } |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
500 |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
501 if (u->resolved->sockaddr) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
502 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
503 if (u->resolved->port == 0 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
504 && u->resolved->sockaddr->sa_family != AF_UNIX) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
505 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
506 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
507 "no port in upstream \"%V\"", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
508 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
509 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
510 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
511 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
512 if (ngx_stream_upstream_create_round_robin_peer(s, u->resolved) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
513 != NGX_OK) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
514 { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
515 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
516 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
517 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
518 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
519 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
520 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
521 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
522 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
523 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
524 if (u->resolved->port == 0) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
525 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
526 "no port in upstream \"%V\"", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
527 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
528 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
529 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
530 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
531 temp.name = *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
532 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
533 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
534 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
535 ctx = ngx_resolve_start(cscf->resolver, &temp); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
536 if (ctx == NULL) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
537 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
538 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
539 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
540 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
541 if (ctx == NGX_NO_RESOLVER) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
542 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
543 "no resolver defined to resolve %V", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
544 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
545 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
546 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
547 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
548 ctx->name = *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
549 ctx->handler = ngx_stream_proxy_resolve_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
550 ctx->data = s; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
551 ctx->timeout = cscf->resolver_timeout; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
552 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
553 u->resolved->ctx = ctx; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
554 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
555 if (ngx_resolve_name(ctx) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
556 u->resolved->ctx = NULL; |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
557 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
558 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
559 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
560 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
561 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
562 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
563 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
564 found: |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
565 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
566 if (uscf == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
567 ngx_log_error(NGX_LOG_ALERT, c->log, 0, "no upstream configuration"); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
568 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
569 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
570 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
571 |
6703
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
572 u->upstream = uscf; |
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
573 |
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
574 #if (NGX_STREAM_SSL) |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
575 u->ssl_name = uscf->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
576 #endif |
6115 | 577 |
578 if (uscf->peer.init(s, uscf) != NGX_OK) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
579 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 580 return; |
581 } | |
582 | |
583 u->peer.start_time = ngx_current_msec; | |
584 | |
585 if (pscf->next_upstream_tries | |
586 && u->peer.tries > pscf->next_upstream_tries) | |
587 { | |
588 u->peer.tries = pscf->next_upstream_tries; | |
589 } | |
590 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
591 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
592 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
593 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
594 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
595 static ngx_int_t |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
596 ngx_stream_proxy_eval(ngx_stream_session_t *s, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
597 ngx_stream_proxy_srv_conf_t *pscf) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
598 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
599 ngx_str_t host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
600 ngx_url_t url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
601 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
602 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
603 if (ngx_stream_complex_value(s, pscf->upstream_value, &host) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
604 return NGX_ERROR; |
6115 | 605 } |
606 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
607 ngx_memzero(&url, sizeof(ngx_url_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
608 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
609 url.url = host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
610 url.no_resolve = 1; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
611 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
612 if (ngx_parse_url(s->connection->pool, &url) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
613 if (url.err) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
614 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
615 "%s in upstream \"%V\"", url.err, &url.url); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
616 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
617 |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
618 return NGX_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
619 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
620 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
621 u = s->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
622 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
623 u->resolved = ngx_pcalloc(s->connection->pool, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
624 sizeof(ngx_stream_upstream_resolved_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
625 if (u->resolved == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
626 return NGX_ERROR; |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
627 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
628 |
6784
1af120241cde
Upstream: removed unnecessary condition in proxy_eval() and friends.
Ruslan Ermilov <ru@nginx.com>
parents:
6777
diff
changeset
|
629 if (url.addrs) { |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
630 u->resolved->sockaddr = url.addrs[0].sockaddr; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
631 u->resolved->socklen = url.addrs[0].socklen; |
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
632 u->resolved->name = url.addrs[0].name; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
633 u->resolved->naddrs = 1; |
6115 | 634 } |
635 | |
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
636 u->resolved->host = url.host; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
637 u->resolved->port = url.port; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
638 u->resolved->no_port = url.no_port; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
639 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
640 return NGX_OK; |
6115 | 641 } |
642 | |
643 | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
644 static ngx_int_t |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
645 ngx_stream_proxy_set_local(ngx_stream_session_t *s, ngx_stream_upstream_t *u, |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
646 ngx_stream_upstream_local_t *local) |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
647 { |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
648 ngx_int_t rc; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
649 ngx_str_t val; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
650 ngx_addr_t *addr; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
651 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
652 if (local == NULL) { |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
653 u->peer.local = NULL; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
654 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
655 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
656 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
657 #if (NGX_HAVE_TRANSPARENT_PROXY) |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
658 u->peer.transparent = local->transparent; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
659 #endif |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
660 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
661 if (local->value == NULL) { |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
662 u->peer.local = local->addr; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
663 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
664 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
665 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
666 if (ngx_stream_complex_value(s, local->value, &val) != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
667 return NGX_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
668 } |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
669 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
670 if (val.len == 0) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
671 return NGX_OK; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
672 } |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
673 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
674 addr = ngx_palloc(s->connection->pool, sizeof(ngx_addr_t)); |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
675 if (addr == NULL) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
676 return NGX_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
677 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
678 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
679 rc = ngx_parse_addr_port(s->connection->pool, addr, val.data, val.len); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
680 if (rc == NGX_ERROR) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
681 return NGX_ERROR; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
682 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
683 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
684 if (rc != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
685 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
686 "invalid local address \"%V\"", &val); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
687 return NGX_OK; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
688 } |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
689 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
690 addr->name = val; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
691 u->peer.local = addr; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
692 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
693 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
694 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
695 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
696 |
6115 | 697 static void |
698 ngx_stream_proxy_connect(ngx_stream_session_t *s) | |
699 { | |
700 ngx_int_t rc; | |
701 ngx_connection_t *c, *pc; | |
702 ngx_stream_upstream_t *u; | |
703 ngx_stream_proxy_srv_conf_t *pscf; | |
704 | |
705 c = s->connection; | |
706 | |
707 c->log->action = "connecting to upstream"; | |
708 | |
6692 | 709 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
710 | |
6115 | 711 u = s->upstream; |
712 | |
6692 | 713 u->connected = 0; |
714 u->proxy_protocol = pscf->proxy_protocol; | |
715 | |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
716 if (u->state) { |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
717 u->state->response_time = ngx_current_msec - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
718 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
719 |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
720 u->state = ngx_array_push(s->upstream_states); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
721 if (u->state == NULL) { |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
722 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
723 return; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
724 } |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
725 |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
726 ngx_memzero(u->state, sizeof(ngx_stream_upstream_state_t)); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
727 |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
728 u->start_time = ngx_current_msec; |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
729 |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
730 u->state->connect_time = (ngx_msec_t) -1; |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
731 u->state->first_byte_time = (ngx_msec_t) -1; |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
732 u->state->response_time = (ngx_msec_t) -1; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
733 |
6115 | 734 rc = ngx_event_connect_peer(&u->peer); |
735 | |
736 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, "proxy connect: %i", rc); | |
737 | |
738 if (rc == NGX_ERROR) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
739 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 740 return; |
741 } | |
742 | |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
743 u->state->peer = u->peer.name; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
744 |
6115 | 745 if (rc == NGX_BUSY) { |
746 ngx_log_error(NGX_LOG_ERR, c->log, 0, "no live upstreams"); | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
747 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
6115 | 748 return; |
749 } | |
750 | |
751 if (rc == NGX_DECLINED) { | |
752 ngx_stream_proxy_next_upstream(s); | |
753 return; | |
754 } | |
755 | |
756 /* rc == NGX_OK || rc == NGX_AGAIN || rc == NGX_DONE */ | |
757 | |
758 pc = u->peer.connection; | |
759 | |
760 pc->data = s; | |
761 pc->log = c->log; | |
762 pc->pool = c->pool; | |
763 pc->read->log = c->log; | |
764 pc->write->log = c->log; | |
765 | |
766 if (rc != NGX_AGAIN) { | |
767 ngx_stream_proxy_init_upstream(s); | |
768 return; | |
769 } | |
770 | |
771 pc->read->handler = ngx_stream_proxy_connect_handler; | |
772 pc->write->handler = ngx_stream_proxy_connect_handler; | |
773 | |
774 ngx_add_timer(pc->write, pscf->connect_timeout); | |
775 } | |
776 | |
777 | |
778 static void | |
779 ngx_stream_proxy_init_upstream(ngx_stream_session_t *s) | |
780 { | |
781 u_char *p; | |
6692 | 782 ngx_chain_t *cl; |
6115 | 783 ngx_connection_t *c, *pc; |
784 ngx_log_handler_pt handler; | |
785 ngx_stream_upstream_t *u; | |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
786 ngx_stream_core_srv_conf_t *cscf; |
6115 | 787 ngx_stream_proxy_srv_conf_t *pscf; |
788 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
789 u = s->upstream; |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
790 pc = u->peer.connection; |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
791 |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
792 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
793 |
6436 | 794 if (pc->type == SOCK_STREAM |
795 && cscf->tcp_nodelay | |
7007
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
796 && ngx_tcp_nodelay(pc) != NGX_OK) |
6436 | 797 { |
7007
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
798 ngx_stream_proxy_next_upstream(s); |
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
799 return; |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
800 } |
6115 | 801 |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
802 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
6115 | 803 |
804 #if (NGX_STREAM_SSL) | |
6692 | 805 |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
806 if (pc->type == SOCK_STREAM && pscf->ssl_enable) { |
6692 | 807 |
808 if (u->proxy_protocol) { | |
809 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { | |
810 return; | |
811 } | |
812 | |
813 u->proxy_protocol = 0; | |
814 } | |
815 | |
816 if (pc->ssl == NULL) { | |
817 ngx_stream_proxy_ssl_init_connection(s); | |
818 return; | |
819 } | |
6115 | 820 } |
6692 | 821 |
6115 | 822 #endif |
823 | |
824 c = s->connection; | |
825 | |
826 if (c->log->log_level >= NGX_LOG_INFO) { | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
827 ngx_str_t str; |
6115 | 828 u_char addr[NGX_SOCKADDR_STRLEN]; |
829 | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
830 str.len = NGX_SOCKADDR_STRLEN; |
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
831 str.data = addr; |
6115 | 832 |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
833 if (ngx_connection_local_sockaddr(pc, &str, 1) == NGX_OK) { |
6115 | 834 handler = c->log->handler; |
835 c->log->handler = NULL; | |
836 | |
6461
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
837 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
838 "%sproxy %V connected to %V", |
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
839 pc->type == SOCK_DGRAM ? "udp " : "", |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
840 &str, u->peer.name); |
6115 | 841 |
842 c->log->handler = handler; | |
843 } | |
844 } | |
845 | |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
846 u->state->connect_time = ngx_current_msec - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
847 |
6863
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
848 if (u->peer.notify) { |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
849 u->peer.notify(&u->peer, u->peer.data, |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
850 NGX_STREAM_UPSTREAM_NOTIFY_CONNECT); |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
851 } |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
852 |
6436 | 853 if (u->upstream_buf.start == NULL) { |
854 p = ngx_pnalloc(c->pool, pscf->buffer_size); | |
855 if (p == NULL) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
856 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6436 | 857 return; |
858 } | |
859 | |
860 u->upstream_buf.start = p; | |
861 u->upstream_buf.end = p + pscf->buffer_size; | |
862 u->upstream_buf.pos = p; | |
863 u->upstream_buf.last = p; | |
6115 | 864 } |
865 | |
7665
d127837c714f
Stream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov <vl@nginx.com>
parents:
7505
diff
changeset
|
866 if (c->buffer && c->buffer->pos <= c->buffer->last) { |
6692 | 867 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
868 "stream proxy add preread buffer: %uz", | |
869 c->buffer->last - c->buffer->pos); | |
870 | |
871 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
872 if (cl == NULL) { | |
873 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
874 return; | |
875 } | |
876 | |
877 *cl->buf = *c->buffer; | |
878 | |
879 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
7665
d127837c714f
Stream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov <vl@nginx.com>
parents:
7505
diff
changeset
|
880 cl->buf->temporary = (cl->buf->pos == cl->buf->last) ? 0 : 1; |
6692 | 881 cl->buf->flush = 1; |
882 | |
883 cl->next = u->upstream_out; | |
884 u->upstream_out = cl; | |
885 } | |
886 | |
887 if (u->proxy_protocol) { | |
888 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
889 "stream proxy add PROXY protocol header"); | |
890 | |
891 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
892 if (cl == NULL) { | |
893 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
894 return; | |
6436 | 895 } |
6692 | 896 |
8099
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
897 p = ngx_pnalloc(c->pool, NGX_PROXY_PROTOCOL_V1_MAX_HEADER); |
6692 | 898 if (p == NULL) { |
899 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
900 return; | |
901 } | |
902 | |
903 cl->buf->pos = p; | |
904 | |
8099
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
905 p = ngx_proxy_protocol_write(c, p, |
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
906 p + NGX_PROXY_PROTOCOL_V1_MAX_HEADER); |
6692 | 907 if (p == NULL) { |
908 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
909 return; | |
910 } | |
911 | |
912 cl->buf->last = p; | |
913 cl->buf->temporary = 1; | |
914 cl->buf->flush = 0; | |
915 cl->buf->last_buf = 0; | |
916 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
917 | |
918 cl->next = u->upstream_out; | |
919 u->upstream_out = cl; | |
920 | |
921 u->proxy_protocol = 0; | |
922 } | |
923 | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
924 u->upload_rate = ngx_stream_complex_value_size(s, pscf->upload_rate, 0); |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
925 u->download_rate = ngx_stream_complex_value_size(s, pscf->download_rate, 0); |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
926 |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
927 u->connected = 1; |
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
928 |
6115 | 929 pc->read->handler = ngx_stream_proxy_upstream_handler; |
930 pc->write->handler = ngx_stream_proxy_upstream_handler; | |
931 | |
7286 | 932 if (pc->read->ready) { |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
933 ngx_post_event(pc->read, &ngx_posted_events); |
6115 | 934 } |
935 | |
936 ngx_stream_proxy_process(s, 0, 1); | |
937 } | |
938 | |
939 | |
6692 | 940 #if (NGX_STREAM_SSL) |
941 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
942 static ngx_int_t |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
943 ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
944 { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
945 u_char *p; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
946 ssize_t n, size; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
947 ngx_connection_t *c, *pc; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
948 ngx_stream_upstream_t *u; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
949 ngx_stream_proxy_srv_conf_t *pscf; |
8099
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
950 u_char buf[NGX_PROXY_PROTOCOL_V1_MAX_HEADER]; |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
951 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
952 c = s->connection; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
953 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
954 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
955 "stream proxy send PROXY protocol header"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
956 |
8099
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
957 p = ngx_proxy_protocol_write(c, buf, |
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
958 buf + NGX_PROXY_PROTOCOL_V1_MAX_HEADER); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
959 if (p == NULL) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
960 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
961 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
962 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
963 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
964 u = s->upstream; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
965 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
966 pc = u->peer.connection; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
967 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
968 size = p - buf; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
969 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
970 n = pc->send(pc, buf, size); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
971 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
972 if (n == NGX_AGAIN) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
973 if (ngx_handle_write_event(pc->write, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
974 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
975 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
976 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
977 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
978 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
979 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
980 ngx_add_timer(pc->write, pscf->timeout); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
981 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
982 pc->write->handler = ngx_stream_proxy_connect_handler; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
983 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
984 return NGX_AGAIN; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
985 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
986 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
987 if (n == NGX_ERROR) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
988 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
989 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
990 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
991 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
992 if (n != size) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
993 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
994 /* |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
995 * PROXY protocol specification: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
996 * The sender must always ensure that the header |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
997 * is sent at once, so that the transport layer |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
998 * maintains atomicity along the path to the receiver. |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
999 */ |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1000 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1001 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1002 "could not send PROXY protocol header at once"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1003 |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1004 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1005 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1006 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1007 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1008 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1009 return NGX_OK; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1010 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1011 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1012 |
6115 | 1013 static char * |
1014 ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
1015 void *conf) | |
1016 { | |
1017 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
1018 | |
1019 ngx_str_t *value; | |
1020 | |
1021 if (pscf->ssl_passwords != NGX_CONF_UNSET_PTR) { | |
1022 return "is duplicate"; | |
1023 } | |
1024 | |
1025 value = cf->args->elts; | |
1026 | |
1027 pscf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
1028 | |
1029 if (pscf->ssl_passwords == NULL) { | |
1030 return NGX_CONF_ERROR; | |
1031 } | |
1032 | |
1033 return NGX_CONF_OK; | |
1034 } | |
1035 | |
1036 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1037 static char * |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1038 ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1039 { |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1040 #ifndef SSL_CONF_FLAG_FILE |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1041 return "is not supported on this platform"; |
7787
7ce28b4cc57e
SSL: fixed build by Sun C with old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7731
diff
changeset
|
1042 #else |
7ce28b4cc57e
SSL: fixed build by Sun C with old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7731
diff
changeset
|
1043 return NGX_CONF_OK; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1044 #endif |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1045 } |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1046 |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1047 |
6115 | 1048 static void |
1049 ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) | |
1050 { | |
1051 ngx_int_t rc; | |
1052 ngx_connection_t *pc; | |
1053 ngx_stream_upstream_t *u; | |
1054 ngx_stream_proxy_srv_conf_t *pscf; | |
1055 | |
1056 u = s->upstream; | |
1057 | |
1058 pc = u->peer.connection; | |
1059 | |
1060 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1061 | |
1062 if (ngx_ssl_create_connection(pscf->ssl, pc, NGX_SSL_BUFFER|NGX_SSL_CLIENT) | |
1063 != NGX_OK) | |
1064 { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1065 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1066 return; |
1067 } | |
1068 | |
1069 if (pscf->ssl_server_name || pscf->ssl_verify) { | |
1070 if (ngx_stream_proxy_ssl_name(s) != NGX_OK) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1071 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1072 return; |
1073 } | |
1074 } | |
1075 | |
8042
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1076 if (pscf->ssl_certificate |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1077 && pscf->ssl_certificate->value.len |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1078 && (pscf->ssl_certificate->lengths |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1079 || pscf->ssl_certificate_key->lengths)) |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1080 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1081 if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1082 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1083 return; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1084 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1085 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1086 |
6115 | 1087 if (pscf->ssl_session_reuse) { |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1088 pc->ssl->save_session = ngx_stream_proxy_ssl_save_session; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1089 |
6115 | 1090 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1091 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1092 return; |
1093 } | |
1094 } | |
1095 | |
1096 s->connection->log->action = "SSL handshaking to upstream"; | |
1097 | |
1098 rc = ngx_ssl_handshake(pc); | |
1099 | |
1100 if (rc == NGX_AGAIN) { | |
1101 | |
1102 if (!pc->write->timer_set) { | |
1103 ngx_add_timer(pc->write, pscf->connect_timeout); | |
1104 } | |
1105 | |
1106 pc->ssl->handler = ngx_stream_proxy_ssl_handshake; | |
1107 return; | |
1108 } | |
1109 | |
1110 ngx_stream_proxy_ssl_handshake(pc); | |
1111 } | |
1112 | |
1113 | |
1114 static void | |
1115 ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc) | |
1116 { | |
1117 long rc; | |
1118 ngx_stream_session_t *s; | |
1119 ngx_stream_upstream_t *u; | |
1120 ngx_stream_proxy_srv_conf_t *pscf; | |
1121 | |
1122 s = pc->data; | |
1123 | |
1124 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1125 | |
1126 if (pc->ssl->handshaked) { | |
1127 | |
1128 if (pscf->ssl_verify) { | |
1129 rc = SSL_get_verify_result(pc->ssl->connection); | |
1130 | |
1131 if (rc != X509_V_OK) { | |
1132 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
1133 "upstream SSL certificate verify error: (%l:%s)", | |
1134 rc, X509_verify_cert_error_string(rc)); | |
1135 goto failed; | |
1136 } | |
1137 | |
1138 u = s->upstream; | |
1139 | |
1140 if (ngx_ssl_check_host(pc, &u->ssl_name) != NGX_OK) { | |
1141 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
1142 "upstream SSL certificate does not match \"%V\"", | |
1143 &u->ssl_name); | |
1144 goto failed; | |
1145 } | |
1146 } | |
1147 | |
6258
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1148 if (pc->write->timer_set) { |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1149 ngx_del_timer(pc->write); |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1150 } |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1151 |
6115 | 1152 ngx_stream_proxy_init_upstream(s); |
1153 | |
1154 return; | |
1155 } | |
1156 | |
1157 failed: | |
1158 | |
1159 ngx_stream_proxy_next_upstream(s); | |
1160 } | |
1161 | |
1162 | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1163 static void |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1164 ngx_stream_proxy_ssl_save_session(ngx_connection_t *c) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1165 { |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1166 ngx_stream_session_t *s; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1167 ngx_stream_upstream_t *u; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1168 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1169 s = c->data; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1170 u = s->upstream; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1171 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1172 u->peer.save_session(&u->peer, u->peer.data); |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1173 } |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1174 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1175 |
6115 | 1176 static ngx_int_t |
1177 ngx_stream_proxy_ssl_name(ngx_stream_session_t *s) | |
1178 { | |
1179 u_char *p, *last; | |
1180 ngx_str_t name; | |
1181 ngx_stream_upstream_t *u; | |
1182 ngx_stream_proxy_srv_conf_t *pscf; | |
1183 | |
1184 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1185 | |
1186 u = s->upstream; | |
1187 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1188 if (pscf->ssl_name) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1189 if (ngx_stream_complex_value(s, pscf->ssl_name, &name) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1190 return NGX_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1191 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1192 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1193 } else { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1194 name = u->ssl_name; |
6115 | 1195 } |
1196 | |
1197 if (name.len == 0) { | |
1198 goto done; | |
1199 } | |
1200 | |
1201 /* | |
1202 * ssl name here may contain port, strip it for compatibility | |
1203 * with the http module | |
1204 */ | |
1205 | |
1206 p = name.data; | |
1207 last = name.data + name.len; | |
1208 | |
1209 if (*p == '[') { | |
1210 p = ngx_strlchr(p, last, ']'); | |
1211 | |
1212 if (p == NULL) { | |
1213 p = name.data; | |
1214 } | |
1215 } | |
1216 | |
1217 p = ngx_strlchr(p, last, ':'); | |
1218 | |
1219 if (p != NULL) { | |
1220 name.len = p - name.data; | |
1221 } | |
1222 | |
1223 if (!pscf->ssl_server_name) { | |
1224 goto done; | |
1225 } | |
1226 | |
1227 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | |
1228 | |
1229 /* as per RFC 6066, literal IPv4 and IPv6 addresses are not permitted */ | |
1230 | |
1231 if (name.len == 0 || *name.data == '[') { | |
1232 goto done; | |
1233 } | |
1234 | |
1235 if (ngx_inet_addr(name.data, name.len) != INADDR_NONE) { | |
1236 goto done; | |
1237 } | |
1238 | |
1239 /* | |
1240 * SSL_set_tlsext_host_name() needs a null-terminated string, | |
1241 * hence we explicitly null-terminate name here | |
1242 */ | |
1243 | |
1244 p = ngx_pnalloc(s->connection->pool, name.len + 1); | |
1245 if (p == NULL) { | |
1246 return NGX_ERROR; | |
1247 } | |
1248 | |
1249 (void) ngx_cpystrn(p, name.data, name.len + 1); | |
1250 | |
1251 name.data = p; | |
1252 | |
1253 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1254 "upstream SSL server name: \"%s\"", name.data); | |
1255 | |
6777
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1256 if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, |
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1257 (char *) name.data) |
6115 | 1258 == 0) |
1259 { | |
1260 ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0, | |
1261 "SSL_set_tlsext_host_name(\"%s\") failed", name.data); | |
1262 return NGX_ERROR; | |
1263 } | |
1264 | |
1265 #endif | |
1266 | |
1267 done: | |
1268 | |
1269 u->ssl_name = name; | |
1270 | |
1271 return NGX_OK; | |
1272 } | |
1273 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1274 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1275 static ngx_int_t |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1276 ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1277 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1278 ngx_str_t cert, key; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1279 ngx_connection_t *c; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1280 ngx_stream_proxy_srv_conf_t *pscf; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1281 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1282 c = s->upstream->peer.connection; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1283 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1284 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1285 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1286 if (ngx_stream_complex_value(s, pscf->ssl_certificate, &cert) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1287 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1288 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1289 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1290 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1291 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1292 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1293 "stream upstream ssl cert: \"%s\"", cert.data); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1294 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1295 if (*cert.data == '\0') { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1296 return NGX_OK; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1297 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1298 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1299 if (ngx_stream_complex_value(s, pscf->ssl_certificate_key, &key) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1300 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1301 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1302 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1303 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1304 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1305 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1306 "stream upstream ssl key: \"%s\"", key.data); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1307 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1308 if (ngx_ssl_connection_certificate(c, c->pool, &cert, &key, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1309 pscf->ssl_passwords) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1310 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1311 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1312 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1313 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1314 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1315 return NGX_OK; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1316 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1317 |
6115 | 1318 #endif |
1319 | |
1320 | |
1321 static void | |
1322 ngx_stream_proxy_downstream_handler(ngx_event_t *ev) | |
1323 { | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1324 ngx_stream_proxy_process_connection(ev, ev->write); |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1325 } |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1326 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1327 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1328 static void |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1329 ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1330 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1331 ngx_stream_session_t *s; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1332 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1333 ngx_stream_proxy_srv_conf_t *pscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1334 ngx_stream_upstream_resolved_t *ur; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1335 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1336 s = ctx->data; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1337 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1338 u = s->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1339 ur = u->resolved; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1340 |
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
1341 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1342 "stream upstream resolve"); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1343 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1344 if (ctx->state) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1345 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1346 "%V could not be resolved (%i: %s)", |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1347 &ctx->name, ctx->state, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1348 ngx_resolver_strerror(ctx->state)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1349 |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1350 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1351 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1352 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1353 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1354 ur->naddrs = ctx->naddrs; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1355 ur->addrs = ctx->addrs; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1356 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1357 #if (NGX_DEBUG) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1358 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1359 u_char text[NGX_SOCKADDR_STRLEN]; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1360 ngx_str_t addr; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1361 ngx_uint_t i; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1362 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1363 addr.data = text; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1364 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1365 for (i = 0; i < ctx->naddrs; i++) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1366 addr.len = ngx_sock_ntop(ur->addrs[i].sockaddr, ur->addrs[i].socklen, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1367 text, NGX_SOCKADDR_STRLEN, 0); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1368 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1369 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1370 "name was resolved to %V", &addr); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1371 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1372 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1373 #endif |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1374 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1375 if (ngx_stream_upstream_create_round_robin_peer(s, ur) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1376 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1377 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1378 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1379 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1380 ngx_resolve_name_done(ctx); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1381 ur->ctx = NULL; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1382 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1383 u->peer.start_time = ngx_current_msec; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1384 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1385 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1386 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1387 if (pscf->next_upstream_tries |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1388 && u->peer.tries > pscf->next_upstream_tries) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1389 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1390 u->peer.tries = pscf->next_upstream_tries; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1391 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1392 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1393 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1394 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1395 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1396 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1397 static void |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1398 ngx_stream_proxy_upstream_handler(ngx_event_t *ev) |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1399 { |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1400 ngx_stream_proxy_process_connection(ev, !ev->write); |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1401 } |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1402 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1403 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1404 static void |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1405 ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream) |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1406 { |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1407 ngx_connection_t *c, *pc; |
7286 | 1408 ngx_log_handler_pt handler; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1409 ngx_stream_session_t *s; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1410 ngx_stream_upstream_t *u; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1411 ngx_stream_proxy_srv_conf_t *pscf; |
6115 | 1412 |
1413 c = ev->data; | |
1414 s = c->data; | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1415 u = s->upstream; |
6115 | 1416 |
7156
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1417 if (c->close) { |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1418 ngx_log_error(NGX_LOG_INFO, c->log, 0, "shutdown timeout"); |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1419 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1420 return; |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1421 } |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1422 |
6436 | 1423 c = s->connection; |
1424 pc = u->peer.connection; | |
1425 | |
1426 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1427 | |
6115 | 1428 if (ev->timedout) { |
6436 | 1429 ev->timedout = 0; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1430 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1431 if (ev->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1432 ev->delayed = 0; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1433 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1434 if (!ev->ready) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1435 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1436 ngx_stream_proxy_finalize(s, |
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1437 NGX_STREAM_INTERNAL_SERVER_ERROR); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1438 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1439 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1440 |
6436 | 1441 if (u->connected && !c->read->delayed && !pc->read->delayed) { |
1442 ngx_add_timer(c->write, pscf->timeout); | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1443 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1444 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1445 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1446 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1447 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1448 } else { |
6436 | 1449 if (s->connection->type == SOCK_DGRAM) { |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1450 |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1451 if (pscf->responses == NGX_MAX_INT32_VALUE |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1452 || (u->responses >= pscf->responses * u->requests)) |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1453 { |
6436 | 1454 |
1455 /* | |
1456 * successfully terminate timed out UDP session | |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1457 * if expected number of responses was received |
6436 | 1458 */ |
1459 | |
7286 | 1460 handler = c->log->handler; |
1461 c->log->handler = NULL; | |
1462 | |
1463 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1464 "udp timed out" | |
1465 ", packets from/to client:%ui/%ui" | |
1466 ", bytes from/to client:%O/%O" | |
1467 ", bytes from/to upstream:%O/%O", | |
1468 u->requests, u->responses, | |
1469 s->received, c->sent, u->received, | |
1470 pc ? pc->sent : 0); | |
1471 | |
1472 c->log->handler = handler; | |
1473 | |
1474 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); | |
6436 | 1475 return; |
1476 } | |
1477 | |
7105
0846dd76a487
Stream: fixed logging UDP upstream timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7098
diff
changeset
|
1478 ngx_connection_error(pc, NGX_ETIMEDOUT, "upstream timed out"); |
0846dd76a487
Stream: fixed logging UDP upstream timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7098
diff
changeset
|
1479 |
7286 | 1480 pc->read->error = 1; |
1481 | |
1482 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); | |
1483 | |
1484 return; | |
6436 | 1485 } |
1486 | |
7286 | 1487 ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out"); |
1488 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1489 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
7286 | 1490 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1491 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1492 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1493 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1494 } else if (ev->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1495 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1496 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1497 "stream connection delayed"); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1498 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1499 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1500 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1501 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1502 |
6115 | 1503 return; |
1504 } | |
1505 | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1506 if (from_upstream && !u->connected) { |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1507 return; |
6115 | 1508 } |
1509 | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1510 ngx_stream_proxy_process(s, from_upstream, ev->write); |
6115 | 1511 } |
1512 | |
1513 | |
1514 static void | |
1515 ngx_stream_proxy_connect_handler(ngx_event_t *ev) | |
1516 { | |
1517 ngx_connection_t *c; | |
1518 ngx_stream_session_t *s; | |
1519 | |
1520 c = ev->data; | |
1521 s = c->data; | |
1522 | |
1523 if (ev->timedout) { | |
1524 ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out"); | |
1525 ngx_stream_proxy_next_upstream(s); | |
1526 return; | |
1527 } | |
1528 | |
1529 ngx_del_timer(c->write); | |
1530 | |
1531 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
1532 "stream proxy connect upstream"); | |
1533 | |
1534 if (ngx_stream_proxy_test_connect(c) != NGX_OK) { | |
1535 ngx_stream_proxy_next_upstream(s); | |
1536 return; | |
1537 } | |
1538 | |
1539 ngx_stream_proxy_init_upstream(s); | |
1540 } | |
1541 | |
1542 | |
1543 static ngx_int_t | |
1544 ngx_stream_proxy_test_connect(ngx_connection_t *c) | |
1545 { | |
1546 int err; | |
1547 socklen_t len; | |
1548 | |
1549 #if (NGX_HAVE_KQUEUE) | |
1550 | |
1551 if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { | |
1552 err = c->write->kq_errno ? c->write->kq_errno : c->read->kq_errno; | |
1553 | |
1554 if (err) { | |
1555 (void) ngx_connection_error(c, err, | |
1556 "kevent() reported that connect() failed"); | |
1557 return NGX_ERROR; | |
1558 } | |
1559 | |
1560 } else | |
1561 #endif | |
1562 { | |
1563 err = 0; | |
1564 len = sizeof(int); | |
1565 | |
1566 /* | |
1567 * BSDs and Linux return 0 and set a pending error in err | |
1568 * Solaris returns -1 and sets errno | |
1569 */ | |
1570 | |
1571 if (getsockopt(c->fd, SOL_SOCKET, SO_ERROR, (void *) &err, &len) | |
1572 == -1) | |
1573 { | |
1574 err = ngx_socket_errno; | |
1575 } | |
1576 | |
1577 if (err) { | |
1578 (void) ngx_connection_error(c, err, "connect() failed"); | |
1579 return NGX_ERROR; | |
1580 } | |
1581 } | |
1582 | |
1583 return NGX_OK; | |
1584 } | |
1585 | |
1586 | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1587 static void |
6115 | 1588 ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, |
1589 ngx_uint_t do_write) | |
1590 { | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1591 char *recv_action, *send_action; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1592 off_t *received, limit; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1593 size_t size, limit_rate; |
6115 | 1594 ssize_t n; |
1595 ngx_buf_t *b; | |
6692 | 1596 ngx_int_t rc; |
7286 | 1597 ngx_uint_t flags, *packets; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1598 ngx_msec_t delay; |
6692 | 1599 ngx_chain_t *cl, **ll, **out, **busy; |
6115 | 1600 ngx_connection_t *c, *pc, *src, *dst; |
1601 ngx_log_handler_pt handler; | |
1602 ngx_stream_upstream_t *u; | |
1603 ngx_stream_proxy_srv_conf_t *pscf; | |
1604 | |
1605 u = s->upstream; | |
1606 | |
1607 c = s->connection; | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1608 pc = u->connected ? u->peer.connection : NULL; |
6115 | 1609 |
6436 | 1610 if (c->type == SOCK_DGRAM && (ngx_terminate || ngx_exiting)) { |
1611 | |
1612 /* socket is already closed on worker shutdown */ | |
1613 | |
1614 handler = c->log->handler; | |
1615 c->log->handler = NULL; | |
1616 | |
1617 ngx_log_error(NGX_LOG_INFO, c->log, 0, "disconnected on shutdown"); | |
1618 | |
1619 c->log->handler = handler; | |
1620 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1621 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6436 | 1622 return; |
1623 } | |
1624 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1625 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1626 |
6115 | 1627 if (from_upstream) { |
1628 src = pc; | |
1629 dst = c; | |
1630 b = &u->upstream_buf; | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
1631 limit_rate = u->download_rate; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1632 received = &u->received; |
7286 | 1633 packets = &u->responses; |
6692 | 1634 out = &u->downstream_out; |
1635 busy = &u->downstream_busy; | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1636 recv_action = "proxying and reading from upstream"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1637 send_action = "proxying and sending to client"; |
6115 | 1638 |
1639 } else { | |
1640 src = c; | |
1641 dst = pc; | |
1642 b = &u->downstream_buf; | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
1643 limit_rate = u->upload_rate; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1644 received = &s->received; |
7286 | 1645 packets = &u->requests; |
6692 | 1646 out = &u->upstream_out; |
1647 busy = &u->upstream_busy; | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1648 recv_action = "proxying and reading from client"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1649 send_action = "proxying and sending to upstream"; |
6115 | 1650 } |
1651 | |
1652 for ( ;; ) { | |
1653 | |
6692 | 1654 if (do_write && dst) { |
1655 | |
1656 if (*out || *busy || dst->buffered) { | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1657 c->log->action = send_action; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1658 |
6692 | 1659 rc = ngx_stream_top_filter(s, *out, from_upstream); |
1660 | |
1661 if (rc == NGX_ERROR) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1662 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1663 return; |
6115 | 1664 } |
1665 | |
6692 | 1666 ngx_chain_update_chains(c->pool, &u->free, busy, out, |
1667 (ngx_buf_tag_t) &ngx_stream_proxy_module); | |
1668 | |
1669 if (*busy == NULL) { | |
1670 b->pos = b->start; | |
1671 b->last = b->start; | |
6115 | 1672 } |
1673 } | |
1674 } | |
1675 | |
1676 size = b->end - b->last; | |
1677 | |
8110
06c7d84cafdb
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8099
diff
changeset
|
1678 if (size && src->read->ready && !src->read->delayed) { |
06c7d84cafdb
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8099
diff
changeset
|
1679 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1680 if (limit_rate) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1681 limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1) |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1682 - *received; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1683 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1684 if (limit <= 0) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1685 src->read->delayed = 1; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1686 delay = (ngx_msec_t) (- limit * 1000 / limit_rate + 1); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1687 ngx_add_timer(src->read, delay); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1688 break; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1689 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1690 |
7441
8acaa1161783
Stream: do not split datagrams when limiting proxy rate.
Roman Arutyunyan <arut@nginx.com>
parents:
7440
diff
changeset
|
1691 if (c->type == SOCK_STREAM && (off_t) size > limit) { |
6203
fdfdcad62875
Stream: fixed MSVC compilation warning.
Roman Arutyunyan <arut@nginx.com>
parents:
6202
diff
changeset
|
1692 size = (size_t) limit; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1693 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1694 } |
6115 | 1695 |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1696 c->log->action = recv_action; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1697 |
6115 | 1698 n = src->recv(src, b->last, size); |
1699 | |
6692 | 1700 if (n == NGX_AGAIN) { |
6115 | 1701 break; |
1702 } | |
1703 | |
6692 | 1704 if (n == NGX_ERROR) { |
1705 src->read->eof = 1; | |
1706 n = 0; | |
1707 } | |
1708 | |
1709 if (n >= 0) { | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1710 if (limit_rate) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1711 delay = (ngx_msec_t) (n * 1000 / limit_rate); |
6115 | 1712 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1713 if (delay > 0) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1714 src->read->delayed = 1; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1715 ngx_add_timer(src->read, delay); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1716 } |
6115 | 1717 } |
1718 | |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1719 if (from_upstream) { |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1720 if (u->state->first_byte_time == (ngx_msec_t) -1) { |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1721 u->state->first_byte_time = ngx_current_msec |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1722 - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1723 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1724 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1725 |
6692 | 1726 for (ll = out; *ll; ll = &(*ll)->next) { /* void */ } |
1727 | |
1728 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
1729 if (cl == NULL) { | |
1730 ngx_stream_proxy_finalize(s, | |
1731 NGX_STREAM_INTERNAL_SERVER_ERROR); | |
1732 return; | |
1733 } | |
1734 | |
1735 *ll = cl; | |
1736 | |
1737 cl->buf->pos = b->last; | |
1738 cl->buf->last = b->last + n; | |
1739 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
1740 | |
1741 cl->buf->temporary = (n ? 1 : 0); | |
1742 cl->buf->last_buf = src->read->eof; | |
8044
457afc332c67
Stream: don't flush empty buffers created for read errors.
Aleksei Bavshin <a.bavshin@f5.com>
parents:
8042
diff
changeset
|
1743 cl->buf->flush = !src->read->eof; |
6692 | 1744 |
7286 | 1745 (*packets)++; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1746 *received += n; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1747 b->last += n; |
6115 | 1748 do_write = 1; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1749 |
6115 | 1750 continue; |
1751 } | |
1752 } | |
1753 | |
1754 break; | |
1755 } | |
1756 | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1757 c->log->action = "proxying connection"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1758 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1759 if (ngx_stream_proxy_test_finalize(s, from_upstream) == NGX_OK) { |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1760 return; |
6115 | 1761 } |
1762 | |
6124
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1763 flags = src->read->eof ? NGX_CLOSE_EVENT : 0; |
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1764 |
7440
6d4bc025c5a7
Prevented scheduling events on a shared connection.
Roman Arutyunyan <arut@nginx.com>
parents:
7397
diff
changeset
|
1765 if (ngx_handle_read_event(src->read, flags) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1766 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1767 return; |
6115 | 1768 } |
1769 | |
1770 if (dst) { | |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1771 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1772 if (dst->type == SOCK_STREAM && pscf->half_close |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1773 && src->read->eof && !u->half_closed && !dst->buffered) |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1774 { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1775 if (ngx_shutdown_socket(dst->fd, NGX_WRITE_SHUTDOWN) == -1) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1776 ngx_connection_error(c, ngx_socket_errno, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1777 ngx_shutdown_socket_n " failed"); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1778 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1779 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1780 return; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1781 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1782 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1783 u->half_closed = 1; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1784 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1785 "stream proxy %s socket shutdown", |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1786 from_upstream ? "client" : "upstream"); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1787 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1788 |
7440
6d4bc025c5a7
Prevented scheduling events on a shared connection.
Roman Arutyunyan <arut@nginx.com>
parents:
7397
diff
changeset
|
1789 if (ngx_handle_write_event(dst->write, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1790 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1791 return; |
6115 | 1792 } |
1793 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1794 if (!c->read->delayed && !pc->read->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1795 ngx_add_timer(c->write, pscf->timeout); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1796 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1797 } else if (c->write->timer_set) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1798 ngx_del_timer(c->write); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1799 } |
6115 | 1800 } |
1801 } | |
1802 | |
1803 | |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1804 static ngx_int_t |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1805 ngx_stream_proxy_test_finalize(ngx_stream_session_t *s, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1806 ngx_uint_t from_upstream) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1807 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1808 ngx_connection_t *c, *pc; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1809 ngx_log_handler_pt handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1810 ngx_stream_upstream_t *u; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1811 ngx_stream_proxy_srv_conf_t *pscf; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1812 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1813 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1814 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1815 c = s->connection; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1816 u = s->upstream; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1817 pc = u->connected ? u->peer.connection : NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1818 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1819 if (c->type == SOCK_DGRAM) { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1820 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1821 if (pscf->requests && u->requests < pscf->requests) { |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1822 return NGX_DECLINED; |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1823 } |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1824 |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1825 if (pscf->requests) { |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1826 ngx_delete_udp_connection(c); |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1827 } |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1828 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1829 if (pscf->responses == NGX_MAX_INT32_VALUE |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1830 || u->responses < pscf->responses * u->requests) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1831 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1832 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1833 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1834 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1835 if (pc == NULL || c->buffered || pc->buffered) { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1836 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1837 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1838 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1839 handler = c->log->handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1840 c->log->handler = NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1841 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1842 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1843 "udp done" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1844 ", packets from/to client:%ui/%ui" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1845 ", bytes from/to client:%O/%O" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1846 ", bytes from/to upstream:%O/%O", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1847 u->requests, u->responses, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1848 s->received, c->sent, u->received, pc ? pc->sent : 0); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1849 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1850 c->log->handler = handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1851 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1852 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1853 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1854 return NGX_OK; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1855 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1856 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1857 /* c->type == SOCK_STREAM */ |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1858 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1859 if (pc == NULL |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1860 || (!c->read->eof && !pc->read->eof) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1861 || (!c->read->eof && c->buffered) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1862 || (!pc->read->eof && pc->buffered)) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1863 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1864 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1865 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1866 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1867 if (pscf->half_close) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1868 /* avoid closing live connections until both read ends get EOF */ |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1869 if (!(c->read->eof && pc->read->eof && !c->buffered && !pc->buffered)) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1870 return NGX_DECLINED; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1871 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1872 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1873 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1874 handler = c->log->handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1875 c->log->handler = NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1876 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1877 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1878 "%s disconnected" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1879 ", bytes from/to client:%O/%O" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1880 ", bytes from/to upstream:%O/%O", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1881 from_upstream ? "upstream" : "client", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1882 s->received, c->sent, u->received, pc ? pc->sent : 0); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1883 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1884 c->log->handler = handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1885 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1886 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1887 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1888 return NGX_OK; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1889 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1890 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1891 |
6115 | 1892 static void |
1893 ngx_stream_proxy_next_upstream(ngx_stream_session_t *s) | |
1894 { | |
1895 ngx_msec_t timeout; | |
1896 ngx_connection_t *pc; | |
1897 ngx_stream_upstream_t *u; | |
1898 ngx_stream_proxy_srv_conf_t *pscf; | |
1899 | |
1900 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1901 "stream proxy next upstream"); | |
1902 | |
1903 u = s->upstream; | |
6692 | 1904 pc = u->peer.connection; |
1905 | |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1906 if (pc && pc->buffered) { |
6692 | 1907 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1908 "buffered data on next upstream"); |
6692 | 1909 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
1910 return; | |
1911 } | |
6115 | 1912 |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1913 if (s->connection->type == SOCK_DGRAM) { |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1914 u->upstream_out = NULL; |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1915 } |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1916 |
6115 | 1917 if (u->peer.sockaddr) { |
1918 u->peer.free(&u->peer, u->peer.data, NGX_PEER_FAILED); | |
1919 u->peer.sockaddr = NULL; | |
1920 } | |
1921 | |
1922 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1923 | |
1924 timeout = pscf->next_upstream_timeout; | |
1925 | |
1926 if (u->peer.tries == 0 | |
1927 || !pscf->next_upstream | |
1928 || (timeout && ngx_current_msec - u->peer.start_time >= timeout)) | |
1929 { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1930 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
6115 | 1931 return; |
1932 } | |
1933 | |
1934 if (pc) { | |
1935 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1936 "close proxy upstream connection: %d", pc->fd); | |
1937 | |
1938 #if (NGX_STREAM_SSL) | |
1939 if (pc->ssl) { | |
1940 pc->ssl->no_wait_shutdown = 1; | |
1941 pc->ssl->no_send_shutdown = 1; | |
1942 | |
1943 (void) ngx_ssl_shutdown(pc); | |
1944 } | |
1945 #endif | |
1946 | |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1947 u->state->bytes_received = u->received; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1948 u->state->bytes_sent = pc->sent; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1949 |
6115 | 1950 ngx_close_connection(pc); |
1951 u->peer.connection = NULL; | |
1952 } | |
1953 | |
1954 ngx_stream_proxy_connect(s); | |
1955 } | |
1956 | |
1957 | |
1958 static void | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1959 ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc) |
6115 | 1960 { |
7286 | 1961 ngx_uint_t state; |
6115 | 1962 ngx_connection_t *pc; |
1963 ngx_stream_upstream_t *u; | |
1964 | |
1965 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1966 "finalize stream proxy: %i", rc); | |
1967 | |
1968 u = s->upstream; | |
1969 | |
1970 if (u == NULL) { | |
1971 goto noupstream; | |
1972 } | |
1973 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1974 if (u->resolved && u->resolved->ctx) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1975 ngx_resolve_name_done(u->resolved->ctx); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1976 u->resolved->ctx = NULL; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1977 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1978 |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1979 pc = u->peer.connection; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1980 |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1981 if (u->state) { |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1982 if (u->state->response_time == (ngx_msec_t) -1) { |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1983 u->state->response_time = ngx_current_msec - u->start_time; |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1984 } |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1985 |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1986 if (pc) { |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1987 u->state->bytes_received = u->received; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1988 u->state->bytes_sent = pc->sent; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1989 } |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1990 } |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1991 |
6115 | 1992 if (u->peer.free && u->peer.sockaddr) { |
7286 | 1993 state = 0; |
1994 | |
1995 if (pc && pc->type == SOCK_DGRAM | |
1996 && (pc->read->error || pc->write->error)) | |
1997 { | |
1998 state = NGX_PEER_FAILED; | |
1999 } | |
2000 | |
2001 u->peer.free(&u->peer, u->peer.data, state); | |
6115 | 2002 u->peer.sockaddr = NULL; |
2003 } | |
2004 | |
2005 if (pc) { | |
2006 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
2007 "close stream proxy upstream connection: %d", pc->fd); | |
2008 | |
2009 #if (NGX_STREAM_SSL) | |
2010 if (pc->ssl) { | |
2011 pc->ssl->no_wait_shutdown = 1; | |
2012 (void) ngx_ssl_shutdown(pc); | |
2013 } | |
2014 #endif | |
2015 | |
2016 ngx_close_connection(pc); | |
2017 u->peer.connection = NULL; | |
2018 } | |
2019 | |
2020 noupstream: | |
2021 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
2022 ngx_stream_finalize_session(s, rc); |
6115 | 2023 } |
2024 | |
2025 | |
2026 static u_char * | |
2027 ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, size_t len) | |
2028 { | |
2029 u_char *p; | |
2030 ngx_connection_t *pc; | |
2031 ngx_stream_session_t *s; | |
2032 ngx_stream_upstream_t *u; | |
2033 | |
2034 s = log->data; | |
2035 | |
2036 u = s->upstream; | |
2037 | |
2038 p = buf; | |
2039 | |
2040 if (u->peer.name) { | |
2041 p = ngx_snprintf(p, len, ", upstream: \"%V\"", u->peer.name); | |
2042 len -= p - buf; | |
2043 } | |
2044 | |
2045 pc = u->peer.connection; | |
2046 | |
2047 p = ngx_snprintf(p, len, | |
2048 ", bytes from/to client:%O/%O" | |
2049 ", bytes from/to upstream:%O/%O", | |
2050 s->received, s->connection->sent, | |
2051 u->received, pc ? pc->sent : 0); | |
2052 | |
2053 return p; | |
2054 } | |
2055 | |
2056 | |
2057 static void * | |
2058 ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf) | |
2059 { | |
2060 ngx_stream_proxy_srv_conf_t *conf; | |
2061 | |
2062 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_proxy_srv_conf_t)); | |
2063 if (conf == NULL) { | |
2064 return NULL; | |
2065 } | |
2066 | |
2067 /* | |
2068 * set by ngx_pcalloc(): | |
2069 * | |
2070 * conf->ssl_protocols = 0; | |
2071 * conf->ssl_ciphers = { 0, NULL }; | |
2072 * conf->ssl_trusted_certificate = { 0, NULL }; | |
2073 * conf->ssl_crl = { 0, NULL }; | |
2074 * | |
2075 * conf->ssl = NULL; | |
2076 * conf->upstream = NULL; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2077 * conf->upstream_value = NULL; |
6115 | 2078 */ |
2079 | |
2080 conf->connect_timeout = NGX_CONF_UNSET_MSEC; | |
2081 conf->timeout = NGX_CONF_UNSET_MSEC; | |
2082 conf->next_upstream_timeout = NGX_CONF_UNSET_MSEC; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2083 conf->buffer_size = NGX_CONF_UNSET_SIZE; |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2084 conf->upload_rate = NGX_CONF_UNSET_PTR; |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2085 conf->download_rate = NGX_CONF_UNSET_PTR; |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2086 conf->requests = NGX_CONF_UNSET_UINT; |
6436 | 2087 conf->responses = NGX_CONF_UNSET_UINT; |
6115 | 2088 conf->next_upstream_tries = NGX_CONF_UNSET_UINT; |
2089 conf->next_upstream = NGX_CONF_UNSET; | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2090 conf->proxy_protocol = NGX_CONF_UNSET; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2091 conf->local = NGX_CONF_UNSET_PTR; |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2092 conf->socket_keepalive = NGX_CONF_UNSET; |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2093 conf->half_close = NGX_CONF_UNSET; |
6115 | 2094 |
2095 #if (NGX_STREAM_SSL) | |
2096 conf->ssl_enable = NGX_CONF_UNSET; | |
2097 conf->ssl_session_reuse = NGX_CONF_UNSET; | |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2098 conf->ssl_name = NGX_CONF_UNSET_PTR; |
6115 | 2099 conf->ssl_server_name = NGX_CONF_UNSET; |
2100 conf->ssl_verify = NGX_CONF_UNSET; | |
2101 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2102 conf->ssl_certificate = NGX_CONF_UNSET_PTR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2103 conf->ssl_certificate_key = NGX_CONF_UNSET_PTR; |
6115 | 2104 conf->ssl_passwords = NGX_CONF_UNSET_PTR; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2105 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; |
6115 | 2106 #endif |
2107 | |
2108 return conf; | |
2109 } | |
2110 | |
2111 | |
2112 static char * | |
2113 ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
2114 { | |
2115 ngx_stream_proxy_srv_conf_t *prev = parent; | |
2116 ngx_stream_proxy_srv_conf_t *conf = child; | |
2117 | |
2118 ngx_conf_merge_msec_value(conf->connect_timeout, | |
2119 prev->connect_timeout, 60000); | |
2120 | |
2121 ngx_conf_merge_msec_value(conf->timeout, | |
2122 prev->timeout, 10 * 60000); | |
2123 | |
2124 ngx_conf_merge_msec_value(conf->next_upstream_timeout, | |
2125 prev->next_upstream_timeout, 0); | |
2126 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2127 ngx_conf_merge_size_value(conf->buffer_size, |
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2128 prev->buffer_size, 16384); |
6115 | 2129 |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2130 ngx_conf_merge_ptr_value(conf->upload_rate, prev->upload_rate, NULL); |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2131 |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2132 ngx_conf_merge_ptr_value(conf->download_rate, prev->download_rate, NULL); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
2133 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2134 ngx_conf_merge_uint_value(conf->requests, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2135 prev->requests, 0); |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2136 |
6436 | 2137 ngx_conf_merge_uint_value(conf->responses, |
2138 prev->responses, NGX_MAX_INT32_VALUE); | |
2139 | |
6115 | 2140 ngx_conf_merge_uint_value(conf->next_upstream_tries, |
2141 prev->next_upstream_tries, 0); | |
2142 | |
2143 ngx_conf_merge_value(conf->next_upstream, prev->next_upstream, 1); | |
2144 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2145 ngx_conf_merge_value(conf->proxy_protocol, prev->proxy_protocol, 0); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2146 |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2147 ngx_conf_merge_ptr_value(conf->local, prev->local, NULL); |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2148 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2149 ngx_conf_merge_value(conf->socket_keepalive, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2150 prev->socket_keepalive, 0); |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2151 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2152 ngx_conf_merge_value(conf->half_close, prev->half_close, 0); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2153 |
6115 | 2154 #if (NGX_STREAM_SSL) |
2155 | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2156 if (ngx_stream_proxy_merge_ssl(cf, conf, prev) != NGX_OK) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2157 return NGX_CONF_ERROR; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2158 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2159 |
6115 | 2160 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); |
2161 | |
2162 ngx_conf_merge_value(conf->ssl_session_reuse, | |
2163 prev->ssl_session_reuse, 1); | |
2164 | |
2165 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | |
8152
d1cf09451ae8
SSL: enabled TLSv1.3 by default.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8110
diff
changeset
|
2166 (NGX_CONF_BITMASK_SET |
d1cf09451ae8
SSL: enabled TLSv1.3 by default.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8110
diff
changeset
|
2167 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 |
d1cf09451ae8
SSL: enabled TLSv1.3 by default.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8110
diff
changeset
|
2168 |NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3)); |
6115 | 2169 |
2170 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT"); | |
2171 | |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2172 ngx_conf_merge_ptr_value(conf->ssl_name, prev->ssl_name, NULL); |
6115 | 2173 |
2174 ngx_conf_merge_value(conf->ssl_server_name, prev->ssl_server_name, 0); | |
2175 | |
2176 ngx_conf_merge_value(conf->ssl_verify, prev->ssl_verify, 0); | |
2177 | |
2178 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
2179 prev->ssl_verify_depth, 1); | |
2180 | |
2181 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
2182 prev->ssl_trusted_certificate, ""); | |
2183 | |
2184 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
2185 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2186 ngx_conf_merge_ptr_value(conf->ssl_certificate, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2187 prev->ssl_certificate, NULL); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2188 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2189 ngx_conf_merge_ptr_value(conf->ssl_certificate_key, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2190 prev->ssl_certificate_key, NULL); |
6115 | 2191 |
2192 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | |
2193 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2194 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2195 prev->ssl_conf_commands, NULL); |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2196 |
6115 | 2197 if (conf->ssl_enable && ngx_stream_proxy_set_ssl(cf, conf) != NGX_OK) { |
2198 return NGX_CONF_ERROR; | |
2199 } | |
2200 | |
2201 #endif | |
2202 | |
2203 return NGX_CONF_OK; | |
2204 } | |
2205 | |
2206 | |
2207 #if (NGX_STREAM_SSL) | |
2208 | |
2209 static ngx_int_t | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2210 ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *conf, |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2211 ngx_stream_proxy_srv_conf_t *prev) |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2212 { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2213 ngx_uint_t preserve; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2214 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2215 if (conf->ssl_protocols == 0 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2216 && conf->ssl_ciphers.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2217 && conf->ssl_certificate == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2218 && conf->ssl_certificate_key == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2219 && conf->ssl_passwords == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2220 && conf->ssl_verify == NGX_CONF_UNSET |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2221 && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2222 && conf->ssl_trusted_certificate.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2223 && conf->ssl_crl.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2224 && conf->ssl_session_reuse == NGX_CONF_UNSET |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2225 && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR) |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2226 { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2227 if (prev->ssl) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2228 conf->ssl = prev->ssl; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2229 return NGX_OK; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2230 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2231 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2232 preserve = 1; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2233 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2234 } else { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2235 preserve = 0; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2236 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2237 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2238 conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2239 if (conf->ssl == NULL) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2240 return NGX_ERROR; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2241 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2242 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2243 conf->ssl->log = cf->log; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2244 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2245 /* |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2246 * special handling to preserve conf->ssl |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2247 * in the "stream" section to inherit it to all servers |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2248 */ |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2249 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2250 if (preserve) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2251 prev->ssl = conf->ssl; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2252 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2253 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2254 return NGX_OK; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2255 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2256 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2257 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2258 static ngx_int_t |
6115 | 2259 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) |
2260 { | |
2261 ngx_pool_cleanup_t *cln; | |
2262 | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2263 if (pscf->ssl->ctx) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2264 return NGX_OK; |
6115 | 2265 } |
2266 | |
2267 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { | |
2268 return NGX_ERROR; | |
2269 } | |
2270 | |
2271 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
2272 if (cln == NULL) { | |
7473
8981dbb12254
SSL: fixed potential leak on memory allocation errors.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7441
diff
changeset
|
2273 ngx_ssl_cleanup_ctx(pscf->ssl); |
6115 | 2274 return NGX_ERROR; |
2275 } | |
2276 | |
2277 cln->handler = ngx_ssl_cleanup_ctx; | |
2278 cln->data = pscf->ssl; | |
2279 | |
7904
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2280 if (ngx_ssl_ciphers(cf, pscf->ssl, &pscf->ssl_ciphers, 0) != NGX_OK) { |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2281 return NGX_ERROR; |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2282 } |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2283 |
8042
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2284 if (pscf->ssl_certificate |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2285 && pscf->ssl_certificate->value.len) |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2286 { |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2287 if (pscf->ssl_certificate_key == NULL) { |
6115 | 2288 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
2289 "no \"proxy_ssl_certificate_key\" is defined " | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2290 "for certificate \"%V\"", |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2291 &pscf->ssl_certificate->value); |
6115 | 2292 return NGX_ERROR; |
2293 } | |
2294 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2295 if (pscf->ssl_certificate->lengths |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2296 || pscf->ssl_certificate_key->lengths) |
6115 | 2297 { |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2298 pscf->ssl_passwords = |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2299 ngx_ssl_preserve_passwords(cf, pscf->ssl_passwords); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2300 if (pscf->ssl_passwords == NULL) { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2301 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2302 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2303 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2304 } else { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2305 if (ngx_ssl_certificate(cf, pscf->ssl, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2306 &pscf->ssl_certificate->value, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2307 &pscf->ssl_certificate_key->value, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2308 pscf->ssl_passwords) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2309 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2310 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2311 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2312 } |
6115 | 2313 } |
2314 } | |
2315 | |
2316 if (pscf->ssl_verify) { | |
2317 if (pscf->ssl_trusted_certificate.len == 0) { | |
2318 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
2319 "no proxy_ssl_trusted_certificate for proxy_ssl_verify"); | |
2320 return NGX_ERROR; | |
2321 } | |
2322 | |
2323 if (ngx_ssl_trusted_certificate(cf, pscf->ssl, | |
2324 &pscf->ssl_trusted_certificate, | |
2325 pscf->ssl_verify_depth) | |
2326 != NGX_OK) | |
2327 { | |
2328 return NGX_ERROR; | |
2329 } | |
2330 | |
2331 if (ngx_ssl_crl(cf, pscf->ssl, &pscf->ssl_crl) != NGX_OK) { | |
2332 return NGX_ERROR; | |
2333 } | |
2334 } | |
2335 | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2336 if (ngx_ssl_client_session_cache(cf, pscf->ssl, pscf->ssl_session_reuse) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2337 != NGX_OK) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2338 { |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2339 return NGX_ERROR; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2340 } |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2341 |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2342 if (ngx_ssl_conf_commands(cf, pscf->ssl, pscf->ssl_conf_commands) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2343 != NGX_OK) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2344 { |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2345 return NGX_ERROR; |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2346 } |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2347 |
6115 | 2348 return NGX_OK; |
2349 } | |
2350 | |
2351 #endif | |
2352 | |
2353 | |
2354 static char * | |
2355 ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
2356 { | |
2357 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
2358 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2359 ngx_url_t u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2360 ngx_str_t *value, *url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2361 ngx_stream_complex_value_t cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2362 ngx_stream_core_srv_conf_t *cscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2363 ngx_stream_compile_complex_value_t ccv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2364 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2365 if (pscf->upstream || pscf->upstream_value) { |
6115 | 2366 return "is duplicate"; |
2367 } | |
2368 | |
2369 cscf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_core_module); | |
2370 | |
2371 cscf->handler = ngx_stream_proxy_handler; | |
2372 | |
2373 value = cf->args->elts; | |
2374 | |
2375 url = &value[1]; | |
2376 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2377 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2378 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2379 ccv.cf = cf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2380 ccv.value = url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2381 ccv.complex_value = &cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2382 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2383 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2384 return NGX_CONF_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2385 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2386 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2387 if (cv.lengths) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2388 pscf->upstream_value = ngx_palloc(cf->pool, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2389 sizeof(ngx_stream_complex_value_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2390 if (pscf->upstream_value == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2391 return NGX_CONF_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2392 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2393 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2394 *pscf->upstream_value = cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2395 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2396 return NGX_CONF_OK; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2397 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2398 |
6115 | 2399 ngx_memzero(&u, sizeof(ngx_url_t)); |
2400 | |
2401 u.url = *url; | |
2402 u.no_resolve = 1; | |
2403 | |
2404 pscf->upstream = ngx_stream_upstream_add(cf, &u, 0); | |
2405 if (pscf->upstream == NULL) { | |
2406 return NGX_CONF_ERROR; | |
2407 } | |
2408 | |
2409 return NGX_CONF_OK; | |
2410 } | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2411 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2412 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2413 static char * |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2414 ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2415 { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2416 ngx_stream_proxy_srv_conf_t *pscf = conf; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2417 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2418 ngx_int_t rc; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2419 ngx_str_t *value; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2420 ngx_stream_complex_value_t cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2421 ngx_stream_upstream_local_t *local; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2422 ngx_stream_compile_complex_value_t ccv; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2423 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2424 if (pscf->local != NGX_CONF_UNSET_PTR) { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2425 return "is duplicate"; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2426 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2427 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2428 value = cf->args->elts; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2429 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2430 if (cf->args->nelts == 2 && ngx_strcmp(value[1].data, "off") == 0) { |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2431 pscf->local = NULL; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2432 return NGX_CONF_OK; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2433 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2434 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2435 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2436 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2437 ccv.cf = cf; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2438 ccv.value = &value[1]; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2439 ccv.complex_value = &cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2440 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2441 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2442 return NGX_CONF_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2443 } |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2444 |
6598
4a724d6006ee
Stream: use ngx_pcalloc() in ngx_stream_proxy_bind().
Roman Arutyunyan <arut@nginx.com>
parents:
6595
diff
changeset
|
2445 local = ngx_pcalloc(cf->pool, sizeof(ngx_stream_upstream_local_t)); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2446 if (local == NULL) { |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2447 return NGX_CONF_ERROR; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2448 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2449 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2450 pscf->local = local; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2451 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2452 if (cv.lengths) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2453 local->value = ngx_palloc(cf->pool, sizeof(ngx_stream_complex_value_t)); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2454 if (local->value == NULL) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2455 return NGX_CONF_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2456 } |
6595
0c98c4092440
Stream: support for $remote_port in proxy_bind.
Roman Arutyunyan <arut@nginx.com>
parents:
6594
diff
changeset
|
2457 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2458 *local->value = cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2459 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2460 } else { |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2461 local->addr = ngx_palloc(cf->pool, sizeof(ngx_addr_t)); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2462 if (local->addr == NULL) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2463 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2464 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2465 |
6594
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2466 rc = ngx_parse_addr_port(cf->pool, local->addr, value[1].data, |
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2467 value[1].len); |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2468 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2469 switch (rc) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2470 case NGX_OK: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2471 local->addr->name = value[1]; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2472 break; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2473 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2474 case NGX_DECLINED: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2475 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2476 "invalid address \"%V\"", &value[1]); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2477 /* fall through */ |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2478 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2479 default: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2480 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2481 } |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2482 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2483 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2484 if (cf->args->nelts > 2) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2485 if (ngx_strcmp(value[2].data, "transparent") == 0) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2486 #if (NGX_HAVE_TRANSPARENT_PROXY) |
7174
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2487 ngx_core_conf_t *ccf; |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2488 |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2489 ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx, |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2490 ngx_core_module); |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2491 |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2492 ccf->transparent = 1; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2493 local->transparent = 1; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2494 #else |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2495 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2496 "transparent proxying is not supported " |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2497 "on this platform, ignored"); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2498 #endif |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2499 } else { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2500 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2501 "invalid parameter \"%V\"", &value[2]); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2502 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2503 } |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2504 } |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2505 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2506 return NGX_CONF_OK; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2507 } |