Mercurial > hg > nginx
annotate src/stream/ngx_stream_proxy_module.c @ 6435:d1c791479bbb
Stream: post first read events from client and upstream.
The main proxy function ngx_stream_proxy_process() can terminate the stream
session. The code, following it, should check its return code to make sure the
session still exists. This happens in client and upstream initialization
functions. Swapping ngx_stream_proxy_process() call with the code, that
follows it, leaves the same problem vice versa.
In future ngx_stream_proxy_process() will call ngx_stream_proxy_next_upstream()
making it too complicated to know if stream session still exists after this
call.
Now ngx_stream_proxy_process() is called from posted event handlers in both
places with no code following it. The posted event is automatically removed
once session is terminated.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 15 Mar 2016 15:55:23 +0300 |
parents | 70e6e1f12dee |
children | 8f038068f4bc |
rev | line source |
---|---|
6115 | 1 |
2 /* | |
3 * Copyright (C) Roman Arutyunyan | |
4 * Copyright (C) Nginx, Inc. | |
5 */ | |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_stream.h> | |
11 | |
12 | |
13 typedef struct { | |
14 ngx_msec_t connect_timeout; | |
15 ngx_msec_t timeout; | |
16 ngx_msec_t next_upstream_timeout; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
17 size_t buffer_size; |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
18 size_t upload_rate; |
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
19 size_t download_rate; |
6115 | 20 ngx_uint_t next_upstream_tries; |
21 ngx_flag_t next_upstream; | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
22 ngx_flag_t proxy_protocol; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
23 ngx_addr_t *local; |
6115 | 24 |
25 #if (NGX_STREAM_SSL) | |
26 ngx_flag_t ssl_enable; | |
27 ngx_flag_t ssl_session_reuse; | |
28 ngx_uint_t ssl_protocols; | |
29 ngx_str_t ssl_ciphers; | |
30 ngx_str_t ssl_name; | |
31 ngx_flag_t ssl_server_name; | |
32 | |
33 ngx_flag_t ssl_verify; | |
34 ngx_uint_t ssl_verify_depth; | |
35 ngx_str_t ssl_trusted_certificate; | |
36 ngx_str_t ssl_crl; | |
37 ngx_str_t ssl_certificate; | |
38 ngx_str_t ssl_certificate_key; | |
39 ngx_array_t *ssl_passwords; | |
40 | |
41 ngx_ssl_t *ssl; | |
42 #endif | |
43 | |
44 ngx_stream_upstream_srv_conf_t *upstream; | |
45 } ngx_stream_proxy_srv_conf_t; | |
46 | |
47 | |
48 static void ngx_stream_proxy_handler(ngx_stream_session_t *s); | |
49 static void ngx_stream_proxy_connect(ngx_stream_session_t *s); | |
50 static void ngx_stream_proxy_init_upstream(ngx_stream_session_t *s); | |
51 static void ngx_stream_proxy_upstream_handler(ngx_event_t *ev); | |
52 static void ngx_stream_proxy_downstream_handler(ngx_event_t *ev); | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
53 static void ngx_stream_proxy_process_connection(ngx_event_t *ev, |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
54 ngx_uint_t from_upstream); |
6115 | 55 static void ngx_stream_proxy_connect_handler(ngx_event_t *ev); |
56 static ngx_int_t ngx_stream_proxy_test_connect(ngx_connection_t *c); | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
57 static void ngx_stream_proxy_process(ngx_stream_session_t *s, |
6115 | 58 ngx_uint_t from_upstream, ngx_uint_t do_write); |
59 static void ngx_stream_proxy_next_upstream(ngx_stream_session_t *s); | |
60 static void ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_int_t rc); | |
61 static u_char *ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, | |
62 size_t len); | |
63 | |
64 static void *ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf); | |
65 static char *ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, | |
66 void *child); | |
67 static char *ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, | |
68 void *conf); | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
69 static char *ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
70 void *conf); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
71 static ngx_int_t ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s); |
6115 | 72 |
73 #if (NGX_STREAM_SSL) | |
74 | |
75 static char *ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, | |
76 ngx_command_t *cmd, void *conf); | |
77 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); | |
78 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); | |
79 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); | |
80 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, | |
81 ngx_stream_proxy_srv_conf_t *pscf); | |
82 | |
83 | |
84 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { | |
85 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
86 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
87 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
88 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
89 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
90 { ngx_null_string, 0 } | |
91 }; | |
92 | |
93 #endif | |
94 | |
95 | |
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
96 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_downstream_buffer = { |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
97 ngx_conf_deprecated, "proxy_downstream_buffer", "proxy_buffer_size" |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
98 }; |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
99 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
100 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_upstream_buffer = { |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
101 ngx_conf_deprecated, "proxy_upstream_buffer", "proxy_buffer_size" |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
102 }; |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
103 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
104 |
6115 | 105 static ngx_command_t ngx_stream_proxy_commands[] = { |
106 | |
107 { ngx_string("proxy_pass"), | |
108 NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
109 ngx_stream_proxy_pass, | |
110 NGX_STREAM_SRV_CONF_OFFSET, | |
111 0, | |
112 NULL }, | |
113 | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
114 { ngx_string("proxy_bind"), |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
115 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
116 ngx_stream_proxy_bind, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
117 NGX_STREAM_SRV_CONF_OFFSET, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
118 0, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
119 NULL }, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
120 |
6115 | 121 { ngx_string("proxy_connect_timeout"), |
122 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
123 ngx_conf_set_msec_slot, | |
124 NGX_STREAM_SRV_CONF_OFFSET, | |
125 offsetof(ngx_stream_proxy_srv_conf_t, connect_timeout), | |
126 NULL }, | |
127 | |
128 { ngx_string("proxy_timeout"), | |
129 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
130 ngx_conf_set_msec_slot, | |
131 NGX_STREAM_SRV_CONF_OFFSET, | |
132 offsetof(ngx_stream_proxy_srv_conf_t, timeout), | |
133 NULL }, | |
134 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
135 { ngx_string("proxy_buffer_size"), |
6115 | 136 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
137 ngx_conf_set_size_slot, | |
138 NGX_STREAM_SRV_CONF_OFFSET, | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
139 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
6115 | 140 NULL }, |
141 | |
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
142 { ngx_string("proxy_downstream_buffer"), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
143 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
144 ngx_conf_set_size_slot, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
145 NGX_STREAM_SRV_CONF_OFFSET, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
146 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
147 &ngx_conf_deprecated_proxy_downstream_buffer }, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
148 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
149 { ngx_string("proxy_upstream_buffer"), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
150 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
151 ngx_conf_set_size_slot, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
152 NGX_STREAM_SRV_CONF_OFFSET, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
153 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
154 &ngx_conf_deprecated_proxy_upstream_buffer }, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
155 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
156 { ngx_string("proxy_upload_rate"), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
157 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
158 ngx_conf_set_size_slot, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
159 NGX_STREAM_SRV_CONF_OFFSET, |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
160 offsetof(ngx_stream_proxy_srv_conf_t, upload_rate), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
161 NULL }, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
162 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
163 { ngx_string("proxy_download_rate"), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
164 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
165 ngx_conf_set_size_slot, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
166 NGX_STREAM_SRV_CONF_OFFSET, |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
167 offsetof(ngx_stream_proxy_srv_conf_t, download_rate), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
168 NULL }, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
169 |
6115 | 170 { ngx_string("proxy_next_upstream"), |
171 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
172 ngx_conf_set_flag_slot, | |
173 NGX_STREAM_SRV_CONF_OFFSET, | |
174 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream), | |
175 NULL }, | |
176 | |
177 { ngx_string("proxy_next_upstream_tries"), | |
178 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
179 ngx_conf_set_num_slot, | |
180 NGX_STREAM_SRV_CONF_OFFSET, | |
181 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_tries), | |
182 NULL }, | |
183 | |
184 { ngx_string("proxy_next_upstream_timeout"), | |
185 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
186 ngx_conf_set_msec_slot, | |
187 NGX_STREAM_SRV_CONF_OFFSET, | |
188 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_timeout), | |
189 NULL }, | |
190 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
191 { ngx_string("proxy_protocol"), |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
192 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
193 ngx_conf_set_flag_slot, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
194 NGX_STREAM_SRV_CONF_OFFSET, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
195 offsetof(ngx_stream_proxy_srv_conf_t, proxy_protocol), |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
196 NULL }, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
197 |
6115 | 198 #if (NGX_STREAM_SSL) |
199 | |
200 { ngx_string("proxy_ssl"), | |
201 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
202 ngx_conf_set_flag_slot, | |
203 NGX_STREAM_SRV_CONF_OFFSET, | |
204 offsetof(ngx_stream_proxy_srv_conf_t, ssl_enable), | |
205 NULL }, | |
206 | |
207 { ngx_string("proxy_ssl_session_reuse"), | |
208 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
209 ngx_conf_set_flag_slot, | |
210 NGX_STREAM_SRV_CONF_OFFSET, | |
211 offsetof(ngx_stream_proxy_srv_conf_t, ssl_session_reuse), | |
212 NULL }, | |
213 | |
214 { ngx_string("proxy_ssl_protocols"), | |
215 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_1MORE, | |
216 ngx_conf_set_bitmask_slot, | |
217 NGX_STREAM_SRV_CONF_OFFSET, | |
218 offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols), | |
219 &ngx_stream_proxy_ssl_protocols }, | |
220 | |
221 { ngx_string("proxy_ssl_ciphers"), | |
222 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
223 ngx_conf_set_str_slot, | |
224 NGX_STREAM_SRV_CONF_OFFSET, | |
225 offsetof(ngx_stream_proxy_srv_conf_t, ssl_ciphers), | |
226 NULL }, | |
227 | |
228 { ngx_string("proxy_ssl_name"), | |
229 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
230 ngx_conf_set_str_slot, | |
231 NGX_STREAM_SRV_CONF_OFFSET, | |
232 offsetof(ngx_stream_proxy_srv_conf_t, ssl_name), | |
233 NULL }, | |
234 | |
235 { ngx_string("proxy_ssl_server_name"), | |
236 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
237 ngx_conf_set_flag_slot, | |
238 NGX_STREAM_SRV_CONF_OFFSET, | |
239 offsetof(ngx_stream_proxy_srv_conf_t, ssl_server_name), | |
240 NULL }, | |
241 | |
242 { ngx_string("proxy_ssl_verify"), | |
243 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
244 ngx_conf_set_flag_slot, | |
245 NGX_STREAM_SRV_CONF_OFFSET, | |
246 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify), | |
247 NULL }, | |
248 | |
249 { ngx_string("proxy_ssl_verify_depth"), | |
250 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
251 ngx_conf_set_num_slot, | |
252 NGX_STREAM_SRV_CONF_OFFSET, | |
253 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify_depth), | |
254 NULL }, | |
255 | |
256 { ngx_string("proxy_ssl_trusted_certificate"), | |
257 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
258 ngx_conf_set_str_slot, | |
259 NGX_STREAM_SRV_CONF_OFFSET, | |
260 offsetof(ngx_stream_proxy_srv_conf_t, ssl_trusted_certificate), | |
261 NULL }, | |
262 | |
263 { ngx_string("proxy_ssl_crl"), | |
264 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
265 ngx_conf_set_str_slot, | |
266 NGX_STREAM_SRV_CONF_OFFSET, | |
267 offsetof(ngx_stream_proxy_srv_conf_t, ssl_crl), | |
268 NULL }, | |
269 | |
270 { ngx_string("proxy_ssl_certificate"), | |
271 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
272 ngx_conf_set_str_slot, | |
273 NGX_STREAM_SRV_CONF_OFFSET, | |
274 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate), | |
275 NULL }, | |
276 | |
277 { ngx_string("proxy_ssl_certificate_key"), | |
278 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
279 ngx_conf_set_str_slot, | |
280 NGX_STREAM_SRV_CONF_OFFSET, | |
281 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate_key), | |
282 NULL }, | |
283 | |
284 { ngx_string("proxy_ssl_password_file"), | |
285 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
286 ngx_stream_proxy_ssl_password_file, | |
287 NGX_STREAM_SRV_CONF_OFFSET, | |
288 0, | |
289 NULL }, | |
290 | |
291 #endif | |
292 | |
293 ngx_null_command | |
294 }; | |
295 | |
296 | |
297 static ngx_stream_module_t ngx_stream_proxy_module_ctx = { | |
6174
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
298 NULL, /* postconfiguration */ |
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
299 |
6115 | 300 NULL, /* create main configuration */ |
301 NULL, /* init main configuration */ | |
302 | |
303 ngx_stream_proxy_create_srv_conf, /* create server configuration */ | |
304 ngx_stream_proxy_merge_srv_conf /* merge server configuration */ | |
305 }; | |
306 | |
307 | |
308 ngx_module_t ngx_stream_proxy_module = { | |
309 NGX_MODULE_V1, | |
310 &ngx_stream_proxy_module_ctx, /* module context */ | |
311 ngx_stream_proxy_commands, /* module directives */ | |
312 NGX_STREAM_MODULE, /* module type */ | |
313 NULL, /* init master */ | |
314 NULL, /* init module */ | |
315 NULL, /* init process */ | |
316 NULL, /* init thread */ | |
317 NULL, /* exit thread */ | |
318 NULL, /* exit process */ | |
319 NULL, /* exit master */ | |
320 NGX_MODULE_V1_PADDING | |
321 }; | |
322 | |
323 | |
324 static void | |
325 ngx_stream_proxy_handler(ngx_stream_session_t *s) | |
326 { | |
327 u_char *p; | |
328 ngx_connection_t *c; | |
329 ngx_stream_upstream_t *u; | |
330 ngx_stream_proxy_srv_conf_t *pscf; | |
331 ngx_stream_upstream_srv_conf_t *uscf; | |
332 | |
333 c = s->connection; | |
334 | |
335 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
336 | |
337 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
338 "proxy connection handler"); | |
339 | |
340 u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t)); | |
341 if (u == NULL) { | |
342 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
343 return; | |
344 } | |
345 | |
346 s->upstream = u; | |
347 | |
348 s->log_handler = ngx_stream_proxy_log_error; | |
349 | |
350 u->peer.log = c->log; | |
351 u->peer.log_error = NGX_ERROR_ERR; | |
352 | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
353 u->peer.local = pscf->local; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
354 |
6115 | 355 uscf = pscf->upstream; |
356 | |
357 if (uscf->peer.init(s, uscf) != NGX_OK) { | |
358 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
359 return; | |
360 } | |
361 | |
362 u->peer.start_time = ngx_current_msec; | |
363 | |
364 if (pscf->next_upstream_tries | |
365 && u->peer.tries > pscf->next_upstream_tries) | |
366 { | |
367 u->peer.tries = pscf->next_upstream_tries; | |
368 } | |
369 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
370 u->proxy_protocol = pscf->proxy_protocol; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
371 u->start_sec = ngx_time(); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
372 |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
373 p = ngx_pnalloc(c->pool, pscf->buffer_size); |
6115 | 374 if (p == NULL) { |
375 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
376 return; | |
377 } | |
378 | |
379 u->downstream_buf.start = p; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
380 u->downstream_buf.end = p + pscf->buffer_size; |
6115 | 381 u->downstream_buf.pos = p; |
382 u->downstream_buf.last = p; | |
383 | |
384 c->write->handler = ngx_stream_proxy_downstream_handler; | |
385 c->read->handler = ngx_stream_proxy_downstream_handler; | |
386 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
387 if (u->proxy_protocol |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
388 #if (NGX_STREAM_SSL) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
389 && pscf->ssl == NULL |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
390 #endif |
6216 | 391 && pscf->buffer_size >= NGX_PROXY_PROTOCOL_MAX_HEADER) |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
392 { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
393 /* optimization for a typical case */ |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
394 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
395 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
396 "stream proxy send PROXY protocol header"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
397 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
398 p = ngx_proxy_protocol_write(c, u->downstream_buf.last, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
399 u->downstream_buf.end); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
400 if (p == NULL) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
401 ngx_stream_proxy_finalize(s, NGX_ERROR); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
402 return; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
403 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
404 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
405 u->downstream_buf.last = p; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
406 u->proxy_protocol = 0; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
407 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
408 |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
409 if (c->read->ready) { |
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
410 ngx_post_event(c->read, &ngx_posted_events); |
6115 | 411 } |
412 | |
413 ngx_stream_proxy_connect(s); | |
414 } | |
415 | |
416 | |
417 static void | |
418 ngx_stream_proxy_connect(ngx_stream_session_t *s) | |
419 { | |
420 ngx_int_t rc; | |
421 ngx_connection_t *c, *pc; | |
422 ngx_stream_upstream_t *u; | |
423 ngx_stream_proxy_srv_conf_t *pscf; | |
424 | |
425 c = s->connection; | |
426 | |
427 c->log->action = "connecting to upstream"; | |
428 | |
429 u = s->upstream; | |
430 | |
431 rc = ngx_event_connect_peer(&u->peer); | |
432 | |
433 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, "proxy connect: %i", rc); | |
434 | |
435 if (rc == NGX_ERROR) { | |
436 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
437 return; | |
438 } | |
439 | |
440 if (rc == NGX_BUSY) { | |
441 ngx_log_error(NGX_LOG_ERR, c->log, 0, "no live upstreams"); | |
442 ngx_stream_proxy_finalize(s, NGX_DECLINED); | |
443 return; | |
444 } | |
445 | |
446 if (rc == NGX_DECLINED) { | |
447 ngx_stream_proxy_next_upstream(s); | |
448 return; | |
449 } | |
450 | |
451 /* rc == NGX_OK || rc == NGX_AGAIN || rc == NGX_DONE */ | |
452 | |
453 pc = u->peer.connection; | |
454 | |
455 pc->data = s; | |
456 pc->log = c->log; | |
457 pc->pool = c->pool; | |
458 pc->read->log = c->log; | |
459 pc->write->log = c->log; | |
460 | |
461 if (rc != NGX_AGAIN) { | |
462 ngx_stream_proxy_init_upstream(s); | |
463 return; | |
464 } | |
465 | |
466 pc->read->handler = ngx_stream_proxy_connect_handler; | |
467 pc->write->handler = ngx_stream_proxy_connect_handler; | |
468 | |
6393
70e6e1f12dee
Stream: initialize variable right before using it.
Roman Arutyunyan <arut@nginx.com>
parents:
6392
diff
changeset
|
469 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
70e6e1f12dee
Stream: initialize variable right before using it.
Roman Arutyunyan <arut@nginx.com>
parents:
6392
diff
changeset
|
470 |
6115 | 471 ngx_add_timer(pc->write, pscf->connect_timeout); |
472 } | |
473 | |
474 | |
475 static void | |
476 ngx_stream_proxy_init_upstream(ngx_stream_session_t *s) | |
477 { | |
6222 | 478 int tcp_nodelay; |
6115 | 479 u_char *p; |
480 ngx_connection_t *c, *pc; | |
481 ngx_log_handler_pt handler; | |
482 ngx_stream_upstream_t *u; | |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
483 ngx_stream_core_srv_conf_t *cscf; |
6115 | 484 ngx_stream_proxy_srv_conf_t *pscf; |
485 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
486 u = s->upstream; |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
487 pc = u->peer.connection; |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
488 |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
489 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
490 |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
491 if (cscf->tcp_nodelay && pc->tcp_nodelay == NGX_TCP_NODELAY_UNSET) { |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
492 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, pc->log, 0, "tcp_nodelay"); |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
493 |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
494 tcp_nodelay = 1; |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
495 |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
496 if (setsockopt(pc->fd, IPPROTO_TCP, TCP_NODELAY, |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
497 (const void *) &tcp_nodelay, sizeof(int)) == -1) |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
498 { |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
499 ngx_connection_error(pc, ngx_socket_errno, |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
500 "setsockopt(TCP_NODELAY) failed"); |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
501 ngx_stream_proxy_next_upstream(s); |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
502 return; |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
503 } |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
504 |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
505 pc->tcp_nodelay = NGX_TCP_NODELAY_SET; |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
506 } |
6115 | 507 |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
508 if (u->proxy_protocol) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
509 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
510 return; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
511 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
512 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
513 u->proxy_protocol = 0; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
514 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
515 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
516 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
6115 | 517 |
518 #if (NGX_STREAM_SSL) | |
519 if (pscf->ssl && pc->ssl == NULL) { | |
520 ngx_stream_proxy_ssl_init_connection(s); | |
521 return; | |
522 } | |
523 #endif | |
524 | |
525 c = s->connection; | |
526 | |
527 if (c->log->log_level >= NGX_LOG_INFO) { | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
528 ngx_str_t str; |
6115 | 529 u_char addr[NGX_SOCKADDR_STRLEN]; |
530 | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
531 str.len = NGX_SOCKADDR_STRLEN; |
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
532 str.data = addr; |
6115 | 533 |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
534 if (ngx_connection_local_sockaddr(pc, &str, 1) == NGX_OK) { |
6115 | 535 handler = c->log->handler; |
536 c->log->handler = NULL; | |
537 | |
538 ngx_log_error(NGX_LOG_INFO, c->log, 0, "proxy %V connected to %V", | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
539 &str, u->peer.name); |
6115 | 540 |
541 c->log->handler = handler; | |
542 } | |
543 } | |
544 | |
545 c->log->action = "proxying connection"; | |
546 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
547 p = ngx_pnalloc(c->pool, pscf->buffer_size); |
6115 | 548 if (p == NULL) { |
549 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
550 return; | |
551 } | |
552 | |
553 u->upstream_buf.start = p; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
554 u->upstream_buf.end = p + pscf->buffer_size; |
6115 | 555 u->upstream_buf.pos = p; |
556 u->upstream_buf.last = p; | |
557 | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
558 u->connected = 1; |
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
559 |
6115 | 560 pc->read->handler = ngx_stream_proxy_upstream_handler; |
561 pc->write->handler = ngx_stream_proxy_upstream_handler; | |
562 | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
563 if (pc->read->ready) { |
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
564 ngx_post_event(pc->read, &ngx_posted_events); |
6115 | 565 } |
566 | |
567 ngx_stream_proxy_process(s, 0, 1); | |
568 } | |
569 | |
570 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
571 static ngx_int_t |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
572 ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
573 { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
574 u_char *p; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
575 ssize_t n, size; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
576 ngx_connection_t *c, *pc; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
577 ngx_stream_upstream_t *u; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
578 ngx_stream_proxy_srv_conf_t *pscf; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
579 u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER]; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
580 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
581 c = s->connection; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
582 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
583 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
584 "stream proxy send PROXY protocol header"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
585 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
586 p = ngx_proxy_protocol_write(c, buf, buf + NGX_PROXY_PROTOCOL_MAX_HEADER); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
587 if (p == NULL) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
588 ngx_stream_proxy_finalize(s, NGX_ERROR); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
589 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
590 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
591 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
592 u = s->upstream; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
593 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
594 pc = u->peer.connection; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
595 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
596 size = p - buf; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
597 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
598 n = pc->send(pc, buf, size); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
599 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
600 if (n == NGX_AGAIN) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
601 if (ngx_handle_write_event(pc->write, 0) != NGX_OK) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
602 ngx_stream_proxy_finalize(s, NGX_ERROR); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
603 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
604 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
605 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
606 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
607 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
608 ngx_add_timer(pc->write, pscf->timeout); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
609 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
610 pc->write->handler = ngx_stream_proxy_connect_handler; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
611 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
612 return NGX_AGAIN; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
613 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
614 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
615 if (n == NGX_ERROR) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
616 ngx_stream_proxy_finalize(s, NGX_DECLINED); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
617 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
618 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
619 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
620 if (n != size) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
621 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
622 /* |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
623 * PROXY protocol specification: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
624 * The sender must always ensure that the header |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
625 * is sent at once, so that the transport layer |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
626 * maintains atomicity along the path to the receiver. |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
627 */ |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
628 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
629 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
630 "could not send PROXY protocol header at once"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
631 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
632 ngx_stream_proxy_finalize(s, NGX_DECLINED); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
633 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
634 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
635 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
636 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
637 return NGX_OK; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
638 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
639 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
640 |
6115 | 641 #if (NGX_STREAM_SSL) |
642 | |
643 static char * | |
644 ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
645 void *conf) | |
646 { | |
647 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
648 | |
649 ngx_str_t *value; | |
650 | |
651 if (pscf->ssl_passwords != NGX_CONF_UNSET_PTR) { | |
652 return "is duplicate"; | |
653 } | |
654 | |
655 value = cf->args->elts; | |
656 | |
657 pscf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
658 | |
659 if (pscf->ssl_passwords == NULL) { | |
660 return NGX_CONF_ERROR; | |
661 } | |
662 | |
663 return NGX_CONF_OK; | |
664 } | |
665 | |
666 | |
667 static void | |
668 ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) | |
669 { | |
670 ngx_int_t rc; | |
671 ngx_connection_t *pc; | |
672 ngx_stream_upstream_t *u; | |
673 ngx_stream_proxy_srv_conf_t *pscf; | |
674 | |
675 u = s->upstream; | |
676 | |
677 pc = u->peer.connection; | |
678 | |
679 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
680 | |
681 if (ngx_ssl_create_connection(pscf->ssl, pc, NGX_SSL_BUFFER|NGX_SSL_CLIENT) | |
682 != NGX_OK) | |
683 { | |
684 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
685 return; | |
686 } | |
687 | |
688 if (pscf->ssl_server_name || pscf->ssl_verify) { | |
689 if (ngx_stream_proxy_ssl_name(s) != NGX_OK) { | |
690 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
691 return; | |
692 } | |
693 } | |
694 | |
695 if (pscf->ssl_session_reuse) { | |
696 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { | |
697 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
698 return; | |
699 } | |
700 } | |
701 | |
702 s->connection->log->action = "SSL handshaking to upstream"; | |
703 | |
704 rc = ngx_ssl_handshake(pc); | |
705 | |
706 if (rc == NGX_AGAIN) { | |
707 | |
708 if (!pc->write->timer_set) { | |
709 ngx_add_timer(pc->write, pscf->connect_timeout); | |
710 } | |
711 | |
712 pc->ssl->handler = ngx_stream_proxy_ssl_handshake; | |
713 return; | |
714 } | |
715 | |
716 ngx_stream_proxy_ssl_handshake(pc); | |
717 } | |
718 | |
719 | |
720 static void | |
721 ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc) | |
722 { | |
723 long rc; | |
724 ngx_stream_session_t *s; | |
725 ngx_stream_upstream_t *u; | |
726 ngx_stream_proxy_srv_conf_t *pscf; | |
727 | |
728 s = pc->data; | |
729 | |
730 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
731 | |
732 if (pc->ssl->handshaked) { | |
733 | |
734 if (pscf->ssl_verify) { | |
735 rc = SSL_get_verify_result(pc->ssl->connection); | |
736 | |
737 if (rc != X509_V_OK) { | |
738 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
739 "upstream SSL certificate verify error: (%l:%s)", | |
740 rc, X509_verify_cert_error_string(rc)); | |
741 goto failed; | |
742 } | |
743 | |
744 u = s->upstream; | |
745 | |
746 if (ngx_ssl_check_host(pc, &u->ssl_name) != NGX_OK) { | |
747 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
748 "upstream SSL certificate does not match \"%V\"", | |
749 &u->ssl_name); | |
750 goto failed; | |
751 } | |
752 } | |
753 | |
754 if (pscf->ssl_session_reuse) { | |
755 u = s->upstream; | |
756 u->peer.save_session(&u->peer, u->peer.data); | |
757 } | |
758 | |
6258
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
759 if (pc->write->timer_set) { |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
760 ngx_del_timer(pc->write); |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
761 } |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
762 |
6115 | 763 ngx_stream_proxy_init_upstream(s); |
764 | |
765 return; | |
766 } | |
767 | |
768 failed: | |
769 | |
770 ngx_stream_proxy_next_upstream(s); | |
771 } | |
772 | |
773 | |
774 static ngx_int_t | |
775 ngx_stream_proxy_ssl_name(ngx_stream_session_t *s) | |
776 { | |
777 u_char *p, *last; | |
778 ngx_str_t name; | |
779 ngx_stream_upstream_t *u; | |
780 ngx_stream_proxy_srv_conf_t *pscf; | |
781 | |
782 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
783 | |
784 u = s->upstream; | |
785 | |
786 name = pscf->ssl_name; | |
787 | |
788 if (name.len == 0) { | |
789 name = pscf->upstream->host; | |
790 } | |
791 | |
792 if (name.len == 0) { | |
793 goto done; | |
794 } | |
795 | |
796 /* | |
797 * ssl name here may contain port, strip it for compatibility | |
798 * with the http module | |
799 */ | |
800 | |
801 p = name.data; | |
802 last = name.data + name.len; | |
803 | |
804 if (*p == '[') { | |
805 p = ngx_strlchr(p, last, ']'); | |
806 | |
807 if (p == NULL) { | |
808 p = name.data; | |
809 } | |
810 } | |
811 | |
812 p = ngx_strlchr(p, last, ':'); | |
813 | |
814 if (p != NULL) { | |
815 name.len = p - name.data; | |
816 } | |
817 | |
818 if (!pscf->ssl_server_name) { | |
819 goto done; | |
820 } | |
821 | |
822 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | |
823 | |
824 /* as per RFC 6066, literal IPv4 and IPv6 addresses are not permitted */ | |
825 | |
826 if (name.len == 0 || *name.data == '[') { | |
827 goto done; | |
828 } | |
829 | |
830 if (ngx_inet_addr(name.data, name.len) != INADDR_NONE) { | |
831 goto done; | |
832 } | |
833 | |
834 /* | |
835 * SSL_set_tlsext_host_name() needs a null-terminated string, | |
836 * hence we explicitly null-terminate name here | |
837 */ | |
838 | |
839 p = ngx_pnalloc(s->connection->pool, name.len + 1); | |
840 if (p == NULL) { | |
841 return NGX_ERROR; | |
842 } | |
843 | |
844 (void) ngx_cpystrn(p, name.data, name.len + 1); | |
845 | |
846 name.data = p; | |
847 | |
848 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
849 "upstream SSL server name: \"%s\"", name.data); | |
850 | |
851 if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, name.data) | |
852 == 0) | |
853 { | |
854 ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0, | |
855 "SSL_set_tlsext_host_name(\"%s\") failed", name.data); | |
856 return NGX_ERROR; | |
857 } | |
858 | |
859 #endif | |
860 | |
861 done: | |
862 | |
863 u->ssl_name = name; | |
864 | |
865 return NGX_OK; | |
866 } | |
867 | |
868 #endif | |
869 | |
870 | |
871 static void | |
872 ngx_stream_proxy_downstream_handler(ngx_event_t *ev) | |
873 { | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
874 ngx_stream_proxy_process_connection(ev, ev->write); |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
875 } |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
876 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
877 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
878 static void |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
879 ngx_stream_proxy_upstream_handler(ngx_event_t *ev) |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
880 { |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
881 ngx_stream_proxy_process_connection(ev, !ev->write); |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
882 } |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
883 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
884 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
885 static void |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
886 ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream) |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
887 { |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
888 ngx_connection_t *c, *pc; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
889 ngx_stream_session_t *s; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
890 ngx_stream_upstream_t *u; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
891 ngx_stream_proxy_srv_conf_t *pscf; |
6115 | 892 |
893 c = ev->data; | |
894 s = c->data; | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
895 u = s->upstream; |
6115 | 896 |
897 if (ev->timedout) { | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
898 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
899 if (ev->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
900 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
901 ev->timedout = 0; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
902 ev->delayed = 0; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
903 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
904 if (!ev->ready) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
905 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
906 ngx_stream_proxy_finalize(s, NGX_ERROR); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
907 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
908 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
909 |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
910 if (u->connected) { |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
911 pc = u->peer.connection; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
912 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
913 if (!c->read->delayed && !pc->read->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
914 pscf = ngx_stream_get_module_srv_conf(s, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
915 ngx_stream_proxy_module); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
916 ngx_add_timer(c->write, pscf->timeout); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
917 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
918 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
919 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
920 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
921 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
922 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
923 } else { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
924 ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out"); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
925 ngx_stream_proxy_finalize(s, NGX_DECLINED); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
926 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
927 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
928 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
929 } else if (ev->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
930 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
931 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
932 "stream connection delayed"); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
933 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
934 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
935 ngx_stream_proxy_finalize(s, NGX_ERROR); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
936 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
937 |
6115 | 938 return; |
939 } | |
940 | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
941 if (from_upstream && !u->connected) { |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
942 return; |
6115 | 943 } |
944 | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
945 ngx_stream_proxy_process(s, from_upstream, ev->write); |
6115 | 946 } |
947 | |
948 | |
949 static void | |
950 ngx_stream_proxy_connect_handler(ngx_event_t *ev) | |
951 { | |
952 ngx_connection_t *c; | |
953 ngx_stream_session_t *s; | |
954 | |
955 c = ev->data; | |
956 s = c->data; | |
957 | |
958 if (ev->timedout) { | |
959 ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out"); | |
960 ngx_stream_proxy_next_upstream(s); | |
961 return; | |
962 } | |
963 | |
964 ngx_del_timer(c->write); | |
965 | |
966 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
967 "stream proxy connect upstream"); | |
968 | |
969 if (ngx_stream_proxy_test_connect(c) != NGX_OK) { | |
970 ngx_stream_proxy_next_upstream(s); | |
971 return; | |
972 } | |
973 | |
974 ngx_stream_proxy_init_upstream(s); | |
975 } | |
976 | |
977 | |
978 static ngx_int_t | |
979 ngx_stream_proxy_test_connect(ngx_connection_t *c) | |
980 { | |
981 int err; | |
982 socklen_t len; | |
983 | |
984 #if (NGX_HAVE_KQUEUE) | |
985 | |
986 if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { | |
987 err = c->write->kq_errno ? c->write->kq_errno : c->read->kq_errno; | |
988 | |
989 if (err) { | |
990 (void) ngx_connection_error(c, err, | |
991 "kevent() reported that connect() failed"); | |
992 return NGX_ERROR; | |
993 } | |
994 | |
995 } else | |
996 #endif | |
997 { | |
998 err = 0; | |
999 len = sizeof(int); | |
1000 | |
1001 /* | |
1002 * BSDs and Linux return 0 and set a pending error in err | |
1003 * Solaris returns -1 and sets errno | |
1004 */ | |
1005 | |
1006 if (getsockopt(c->fd, SOL_SOCKET, SO_ERROR, (void *) &err, &len) | |
1007 == -1) | |
1008 { | |
1009 err = ngx_socket_errno; | |
1010 } | |
1011 | |
1012 if (err) { | |
1013 (void) ngx_connection_error(c, err, "connect() failed"); | |
1014 return NGX_ERROR; | |
1015 } | |
1016 } | |
1017 | |
1018 return NGX_OK; | |
1019 } | |
1020 | |
1021 | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1022 static void |
6115 | 1023 ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, |
1024 ngx_uint_t do_write) | |
1025 { | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1026 off_t *received, limit; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1027 size_t size, limit_rate; |
6115 | 1028 ssize_t n; |
1029 ngx_buf_t *b; | |
6124
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1030 ngx_uint_t flags; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1031 ngx_msec_t delay; |
6115 | 1032 ngx_connection_t *c, *pc, *src, *dst; |
1033 ngx_log_handler_pt handler; | |
1034 ngx_stream_upstream_t *u; | |
1035 ngx_stream_proxy_srv_conf_t *pscf; | |
1036 | |
1037 u = s->upstream; | |
1038 | |
1039 c = s->connection; | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1040 pc = u->connected ? u->peer.connection : NULL; |
6115 | 1041 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1042 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1043 |
6115 | 1044 if (from_upstream) { |
1045 src = pc; | |
1046 dst = c; | |
1047 b = &u->upstream_buf; | |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1048 limit_rate = pscf->download_rate; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1049 received = &u->received; |
6115 | 1050 |
1051 } else { | |
1052 src = c; | |
1053 dst = pc; | |
1054 b = &u->downstream_buf; | |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1055 limit_rate = pscf->upload_rate; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1056 received = &s->received; |
6115 | 1057 } |
1058 | |
1059 for ( ;; ) { | |
1060 | |
1061 if (do_write) { | |
1062 | |
1063 size = b->last - b->pos; | |
1064 | |
1065 if (size && dst && dst->write->ready) { | |
1066 | |
1067 n = dst->send(dst, b->pos, size); | |
1068 | |
1069 if (n == NGX_ERROR) { | |
1070 ngx_stream_proxy_finalize(s, NGX_DECLINED); | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1071 return; |
6115 | 1072 } |
1073 | |
1074 if (n > 0) { | |
1075 b->pos += n; | |
1076 | |
1077 if (b->pos == b->last) { | |
1078 b->pos = b->start; | |
1079 b->last = b->start; | |
1080 } | |
1081 } | |
1082 } | |
1083 } | |
1084 | |
1085 size = b->end - b->last; | |
1086 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1087 if (size && src->read->ready && !src->read->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1088 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1089 if (limit_rate) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1090 limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1) |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1091 - *received; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1092 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1093 if (limit <= 0) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1094 src->read->delayed = 1; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1095 delay = (ngx_msec_t) (- limit * 1000 / limit_rate + 1); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1096 ngx_add_timer(src->read, delay); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1097 break; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1098 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1099 |
6204
114d1f8cdcab
Stream: fixed possible integer overflow in rate limiting.
Valentin Bartenev <vbart@nginx.com>
parents:
6203
diff
changeset
|
1100 if ((off_t) size > limit) { |
6203
fdfdcad62875
Stream: fixed MSVC compilation warning.
Roman Arutyunyan <arut@nginx.com>
parents:
6202
diff
changeset
|
1101 size = (size_t) limit; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1102 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1103 } |
6115 | 1104 |
1105 n = src->recv(src, b->last, size); | |
1106 | |
1107 if (n == NGX_AGAIN || n == 0) { | |
1108 break; | |
1109 } | |
1110 | |
1111 if (n > 0) { | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1112 if (limit_rate) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1113 delay = (ngx_msec_t) (n * 1000 / limit_rate); |
6115 | 1114 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1115 if (delay > 0) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1116 src->read->delayed = 1; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1117 ngx_add_timer(src->read, delay); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1118 } |
6115 | 1119 } |
1120 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1121 *received += n; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1122 b->last += n; |
6115 | 1123 do_write = 1; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1124 |
6115 | 1125 continue; |
1126 } | |
1127 | |
1128 if (n == NGX_ERROR) { | |
1129 src->read->eof = 1; | |
1130 } | |
1131 } | |
1132 | |
1133 break; | |
1134 } | |
1135 | |
1136 if (src->read->eof && (b->pos == b->last || (dst && dst->read->eof))) { | |
1137 handler = c->log->handler; | |
1138 c->log->handler = NULL; | |
1139 | |
1140 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1141 "%s disconnected" | |
1142 ", bytes from/to client:%O/%O" | |
1143 ", bytes from/to upstream:%O/%O", | |
1144 from_upstream ? "upstream" : "client", | |
1145 s->received, c->sent, u->received, pc ? pc->sent : 0); | |
1146 | |
1147 c->log->handler = handler; | |
1148 | |
1149 ngx_stream_proxy_finalize(s, NGX_OK); | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1150 return; |
6115 | 1151 } |
1152 | |
6124
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1153 flags = src->read->eof ? NGX_CLOSE_EVENT : 0; |
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1154 |
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1155 if (ngx_handle_read_event(src->read, flags) != NGX_OK) { |
6115 | 1156 ngx_stream_proxy_finalize(s, NGX_ERROR); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1157 return; |
6115 | 1158 } |
1159 | |
1160 if (dst) { | |
1161 if (ngx_handle_write_event(dst->write, 0) != NGX_OK) { | |
1162 ngx_stream_proxy_finalize(s, NGX_ERROR); | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1163 return; |
6115 | 1164 } |
1165 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1166 if (!c->read->delayed && !pc->read->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1167 ngx_add_timer(c->write, pscf->timeout); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1168 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1169 } else if (c->write->timer_set) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1170 ngx_del_timer(c->write); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1171 } |
6115 | 1172 } |
1173 } | |
1174 | |
1175 | |
1176 static void | |
1177 ngx_stream_proxy_next_upstream(ngx_stream_session_t *s) | |
1178 { | |
1179 ngx_msec_t timeout; | |
1180 ngx_connection_t *pc; | |
1181 ngx_stream_upstream_t *u; | |
1182 ngx_stream_proxy_srv_conf_t *pscf; | |
1183 | |
1184 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1185 "stream proxy next upstream"); | |
1186 | |
1187 u = s->upstream; | |
1188 | |
1189 if (u->peer.sockaddr) { | |
1190 u->peer.free(&u->peer, u->peer.data, NGX_PEER_FAILED); | |
1191 u->peer.sockaddr = NULL; | |
1192 } | |
1193 | |
1194 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1195 | |
1196 timeout = pscf->next_upstream_timeout; | |
1197 | |
1198 if (u->peer.tries == 0 | |
1199 || !pscf->next_upstream | |
1200 || (timeout && ngx_current_msec - u->peer.start_time >= timeout)) | |
1201 { | |
1202 ngx_stream_proxy_finalize(s, NGX_DECLINED); | |
1203 return; | |
1204 } | |
1205 | |
1206 pc = u->peer.connection; | |
1207 | |
1208 if (pc) { | |
1209 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1210 "close proxy upstream connection: %d", pc->fd); | |
1211 | |
1212 #if (NGX_STREAM_SSL) | |
1213 if (pc->ssl) { | |
1214 pc->ssl->no_wait_shutdown = 1; | |
1215 pc->ssl->no_send_shutdown = 1; | |
1216 | |
1217 (void) ngx_ssl_shutdown(pc); | |
1218 } | |
1219 #endif | |
1220 | |
1221 ngx_close_connection(pc); | |
1222 u->peer.connection = NULL; | |
1223 } | |
1224 | |
1225 ngx_stream_proxy_connect(s); | |
1226 } | |
1227 | |
1228 | |
1229 static void | |
1230 ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_int_t rc) | |
1231 { | |
1232 ngx_connection_t *pc; | |
1233 ngx_stream_upstream_t *u; | |
1234 | |
1235 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1236 "finalize stream proxy: %i", rc); | |
1237 | |
1238 u = s->upstream; | |
1239 | |
1240 if (u == NULL) { | |
1241 goto noupstream; | |
1242 } | |
1243 | |
1244 if (u->peer.free && u->peer.sockaddr) { | |
1245 u->peer.free(&u->peer, u->peer.data, 0); | |
1246 u->peer.sockaddr = NULL; | |
1247 } | |
1248 | |
1249 pc = u->peer.connection; | |
1250 | |
1251 if (pc) { | |
1252 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1253 "close stream proxy upstream connection: %d", pc->fd); | |
1254 | |
1255 #if (NGX_STREAM_SSL) | |
1256 if (pc->ssl) { | |
1257 pc->ssl->no_wait_shutdown = 1; | |
1258 (void) ngx_ssl_shutdown(pc); | |
1259 } | |
1260 #endif | |
1261 | |
1262 ngx_close_connection(pc); | |
1263 u->peer.connection = NULL; | |
1264 } | |
1265 | |
1266 noupstream: | |
1267 | |
1268 ngx_stream_close_connection(s->connection); | |
1269 } | |
1270 | |
1271 | |
1272 static u_char * | |
1273 ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, size_t len) | |
1274 { | |
1275 u_char *p; | |
1276 ngx_connection_t *pc; | |
1277 ngx_stream_session_t *s; | |
1278 ngx_stream_upstream_t *u; | |
1279 | |
1280 s = log->data; | |
1281 | |
1282 u = s->upstream; | |
1283 | |
1284 p = buf; | |
1285 | |
1286 if (u->peer.name) { | |
1287 p = ngx_snprintf(p, len, ", upstream: \"%V\"", u->peer.name); | |
1288 len -= p - buf; | |
1289 } | |
1290 | |
1291 pc = u->peer.connection; | |
1292 | |
1293 p = ngx_snprintf(p, len, | |
1294 ", bytes from/to client:%O/%O" | |
1295 ", bytes from/to upstream:%O/%O", | |
1296 s->received, s->connection->sent, | |
1297 u->received, pc ? pc->sent : 0); | |
1298 | |
1299 return p; | |
1300 } | |
1301 | |
1302 | |
1303 static void * | |
1304 ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf) | |
1305 { | |
1306 ngx_stream_proxy_srv_conf_t *conf; | |
1307 | |
1308 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_proxy_srv_conf_t)); | |
1309 if (conf == NULL) { | |
1310 return NULL; | |
1311 } | |
1312 | |
1313 /* | |
1314 * set by ngx_pcalloc(): | |
1315 * | |
1316 * conf->ssl_protocols = 0; | |
1317 * conf->ssl_ciphers = { 0, NULL }; | |
1318 * conf->ssl_name = { 0, NULL }; | |
1319 * conf->ssl_trusted_certificate = { 0, NULL }; | |
1320 * conf->ssl_crl = { 0, NULL }; | |
1321 * conf->ssl_certificate = { 0, NULL }; | |
1322 * conf->ssl_certificate_key = { 0, NULL }; | |
1323 * | |
1324 * conf->ssl = NULL; | |
1325 * conf->upstream = NULL; | |
1326 */ | |
1327 | |
1328 conf->connect_timeout = NGX_CONF_UNSET_MSEC; | |
1329 conf->timeout = NGX_CONF_UNSET_MSEC; | |
1330 conf->next_upstream_timeout = NGX_CONF_UNSET_MSEC; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
1331 conf->buffer_size = NGX_CONF_UNSET_SIZE; |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1332 conf->upload_rate = NGX_CONF_UNSET_SIZE; |
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1333 conf->download_rate = NGX_CONF_UNSET_SIZE; |
6115 | 1334 conf->next_upstream_tries = NGX_CONF_UNSET_UINT; |
1335 conf->next_upstream = NGX_CONF_UNSET; | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1336 conf->proxy_protocol = NGX_CONF_UNSET; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1337 conf->local = NGX_CONF_UNSET_PTR; |
6115 | 1338 |
1339 #if (NGX_STREAM_SSL) | |
1340 conf->ssl_enable = NGX_CONF_UNSET; | |
1341 conf->ssl_session_reuse = NGX_CONF_UNSET; | |
1342 conf->ssl_server_name = NGX_CONF_UNSET; | |
1343 conf->ssl_verify = NGX_CONF_UNSET; | |
1344 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
1345 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | |
1346 #endif | |
1347 | |
1348 return conf; | |
1349 } | |
1350 | |
1351 | |
1352 static char * | |
1353 ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
1354 { | |
1355 ngx_stream_proxy_srv_conf_t *prev = parent; | |
1356 ngx_stream_proxy_srv_conf_t *conf = child; | |
1357 | |
1358 ngx_conf_merge_msec_value(conf->connect_timeout, | |
1359 prev->connect_timeout, 60000); | |
1360 | |
1361 ngx_conf_merge_msec_value(conf->timeout, | |
1362 prev->timeout, 10 * 60000); | |
1363 | |
1364 ngx_conf_merge_msec_value(conf->next_upstream_timeout, | |
1365 prev->next_upstream_timeout, 0); | |
1366 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
1367 ngx_conf_merge_size_value(conf->buffer_size, |
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
1368 prev->buffer_size, 16384); |
6115 | 1369 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1370 ngx_conf_merge_size_value(conf->upload_rate, |
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1371 prev->upload_rate, 0); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1372 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1373 ngx_conf_merge_size_value(conf->download_rate, |
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1374 prev->download_rate, 0); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1375 |
6115 | 1376 ngx_conf_merge_uint_value(conf->next_upstream_tries, |
1377 prev->next_upstream_tries, 0); | |
1378 | |
1379 ngx_conf_merge_value(conf->next_upstream, prev->next_upstream, 1); | |
1380 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1381 ngx_conf_merge_value(conf->proxy_protocol, prev->proxy_protocol, 0); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1382 |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1383 ngx_conf_merge_ptr_value(conf->local, prev->local, NULL); |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1384 |
6115 | 1385 #if (NGX_STREAM_SSL) |
1386 | |
1387 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); | |
1388 | |
1389 ngx_conf_merge_value(conf->ssl_session_reuse, | |
1390 prev->ssl_session_reuse, 1); | |
1391 | |
1392 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | |
6157
b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6124
diff
changeset
|
1393 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |
b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6124
diff
changeset
|
1394 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
6115 | 1395 |
1396 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT"); | |
1397 | |
1398 ngx_conf_merge_str_value(conf->ssl_name, prev->ssl_name, ""); | |
1399 | |
1400 ngx_conf_merge_value(conf->ssl_server_name, prev->ssl_server_name, 0); | |
1401 | |
1402 ngx_conf_merge_value(conf->ssl_verify, prev->ssl_verify, 0); | |
1403 | |
1404 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
1405 prev->ssl_verify_depth, 1); | |
1406 | |
1407 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
1408 prev->ssl_trusted_certificate, ""); | |
1409 | |
1410 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
1411 | |
1412 ngx_conf_merge_str_value(conf->ssl_certificate, | |
1413 prev->ssl_certificate, ""); | |
1414 | |
1415 ngx_conf_merge_str_value(conf->ssl_certificate_key, | |
1416 prev->ssl_certificate_key, ""); | |
1417 | |
1418 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | |
1419 | |
1420 if (conf->ssl_enable && ngx_stream_proxy_set_ssl(cf, conf) != NGX_OK) { | |
1421 return NGX_CONF_ERROR; | |
1422 } | |
1423 | |
1424 #endif | |
1425 | |
1426 return NGX_CONF_OK; | |
1427 } | |
1428 | |
1429 | |
1430 #if (NGX_STREAM_SSL) | |
1431 | |
1432 static ngx_int_t | |
1433 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) | |
1434 { | |
1435 ngx_pool_cleanup_t *cln; | |
1436 | |
1437 pscf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); | |
1438 if (pscf->ssl == NULL) { | |
1439 return NGX_ERROR; | |
1440 } | |
1441 | |
1442 pscf->ssl->log = cf->log; | |
1443 | |
1444 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { | |
1445 return NGX_ERROR; | |
1446 } | |
1447 | |
1448 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
1449 if (cln == NULL) { | |
1450 return NGX_ERROR; | |
1451 } | |
1452 | |
1453 cln->handler = ngx_ssl_cleanup_ctx; | |
1454 cln->data = pscf->ssl; | |
1455 | |
1456 if (pscf->ssl_certificate.len) { | |
1457 | |
1458 if (pscf->ssl_certificate_key.len == 0) { | |
1459 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
1460 "no \"proxy_ssl_certificate_key\" is defined " | |
1461 "for certificate \"%V\"", &pscf->ssl_certificate); | |
1462 return NGX_ERROR; | |
1463 } | |
1464 | |
1465 if (ngx_ssl_certificate(cf, pscf->ssl, &pscf->ssl_certificate, | |
1466 &pscf->ssl_certificate_key, pscf->ssl_passwords) | |
1467 != NGX_OK) | |
1468 { | |
1469 return NGX_ERROR; | |
1470 } | |
1471 } | |
1472 | |
1473 if (SSL_CTX_set_cipher_list(pscf->ssl->ctx, | |
1474 (const char *) pscf->ssl_ciphers.data) | |
1475 == 0) | |
1476 { | |
1477 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
1478 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
1479 &pscf->ssl_ciphers); | |
1480 return NGX_ERROR; | |
1481 } | |
1482 | |
1483 if (pscf->ssl_verify) { | |
1484 if (pscf->ssl_trusted_certificate.len == 0) { | |
1485 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
1486 "no proxy_ssl_trusted_certificate for proxy_ssl_verify"); | |
1487 return NGX_ERROR; | |
1488 } | |
1489 | |
1490 if (ngx_ssl_trusted_certificate(cf, pscf->ssl, | |
1491 &pscf->ssl_trusted_certificate, | |
1492 pscf->ssl_verify_depth) | |
1493 != NGX_OK) | |
1494 { | |
1495 return NGX_ERROR; | |
1496 } | |
1497 | |
1498 if (ngx_ssl_crl(cf, pscf->ssl, &pscf->ssl_crl) != NGX_OK) { | |
1499 return NGX_ERROR; | |
1500 } | |
1501 } | |
1502 | |
1503 return NGX_OK; | |
1504 } | |
1505 | |
1506 #endif | |
1507 | |
1508 | |
1509 static char * | |
1510 ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
1511 { | |
1512 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
1513 | |
1514 ngx_url_t u; | |
1515 ngx_str_t *value, *url; | |
1516 ngx_stream_core_srv_conf_t *cscf; | |
1517 | |
1518 if (pscf->upstream) { | |
1519 return "is duplicate"; | |
1520 } | |
1521 | |
1522 cscf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_core_module); | |
1523 | |
1524 cscf->handler = ngx_stream_proxy_handler; | |
1525 | |
1526 value = cf->args->elts; | |
1527 | |
1528 url = &value[1]; | |
1529 | |
1530 ngx_memzero(&u, sizeof(ngx_url_t)); | |
1531 | |
1532 u.url = *url; | |
1533 u.no_resolve = 1; | |
1534 | |
1535 pscf->upstream = ngx_stream_upstream_add(cf, &u, 0); | |
1536 if (pscf->upstream == NULL) { | |
1537 return NGX_CONF_ERROR; | |
1538 } | |
1539 | |
1540 return NGX_CONF_OK; | |
1541 } | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1542 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1543 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1544 static char * |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1545 ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1546 { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1547 ngx_stream_proxy_srv_conf_t *pscf = conf; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1548 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1549 ngx_int_t rc; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1550 ngx_str_t *value; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1551 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1552 if (pscf->local != NGX_CONF_UNSET_PTR) { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1553 return "is duplicate"; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1554 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1555 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1556 value = cf->args->elts; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1557 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1558 if (ngx_strcmp(value[1].data, "off") == 0) { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1559 pscf->local = NULL; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1560 return NGX_CONF_OK; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1561 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1562 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1563 pscf->local = ngx_palloc(cf->pool, sizeof(ngx_addr_t)); |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1564 if (pscf->local == NULL) { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1565 return NGX_CONF_ERROR; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1566 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1567 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1568 rc = ngx_parse_addr(cf->pool, pscf->local, value[1].data, value[1].len); |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1569 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1570 switch (rc) { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1571 case NGX_OK: |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1572 pscf->local->name = value[1]; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1573 return NGX_CONF_OK; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1574 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1575 case NGX_DECLINED: |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1576 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1577 "invalid address \"%V\"", &value[1]); |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1578 /* fall through */ |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1579 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1580 default: |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1581 return NGX_CONF_ERROR; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1582 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1583 } |