Mercurial > hg > nginx
annotate src/stream/ngx_stream_proxy_module.c @ 9331:dbf76fdd109f default tip
release-1.27.4 tag
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 03 Sep 2024 13:11:25 +0300 |
parents | 113e2438dbd4 |
children |
rev | line source |
---|---|
6115 | 1 |
2 /* | |
3 * Copyright (C) Roman Arutyunyan | |
4 * Copyright (C) Nginx, Inc. | |
5 */ | |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_stream.h> | |
11 | |
12 | |
13 typedef struct { | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
14 ngx_addr_t *addr; |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
15 ngx_stream_complex_value_t *value; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
16 #if (NGX_HAVE_TRANSPARENT_PROXY) |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
17 ngx_uint_t transparent; /* unsigned transparent:1; */ |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
18 #endif |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
19 } ngx_stream_upstream_local_t; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
20 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
21 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
22 typedef struct { |
6115 | 23 ngx_msec_t connect_timeout; |
24 ngx_msec_t timeout; | |
25 ngx_msec_t next_upstream_timeout; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
26 size_t buffer_size; |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
27 ngx_stream_complex_value_t *upload_rate; |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
28 ngx_stream_complex_value_t *download_rate; |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
29 ngx_uint_t requests; |
6436 | 30 ngx_uint_t responses; |
6115 | 31 ngx_uint_t next_upstream_tries; |
32 ngx_flag_t next_upstream; | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
33 ngx_flag_t proxy_protocol; |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
34 ngx_flag_t half_close; |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
35 ngx_stream_upstream_local_t *local; |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
36 ngx_flag_t socket_keepalive; |
6115 | 37 |
38 #if (NGX_STREAM_SSL) | |
39 ngx_flag_t ssl_enable; | |
40 ngx_flag_t ssl_session_reuse; | |
41 ngx_uint_t ssl_protocols; | |
42 ngx_str_t ssl_ciphers; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
43 ngx_stream_complex_value_t *ssl_name; |
6115 | 44 ngx_flag_t ssl_server_name; |
45 | |
46 ngx_flag_t ssl_verify; | |
47 ngx_uint_t ssl_verify_depth; | |
48 ngx_str_t ssl_trusted_certificate; | |
49 ngx_str_t ssl_crl; | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
50 ngx_stream_complex_value_t *ssl_certificate; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
51 ngx_stream_complex_value_t *ssl_certificate_key; |
6115 | 52 ngx_array_t *ssl_passwords; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
53 ngx_array_t *ssl_conf_commands; |
6115 | 54 |
55 ngx_ssl_t *ssl; | |
56 #endif | |
57 | |
58 ngx_stream_upstream_srv_conf_t *upstream; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
59 ngx_stream_complex_value_t *upstream_value; |
6115 | 60 } ngx_stream_proxy_srv_conf_t; |
61 | |
62 | |
63 static void ngx_stream_proxy_handler(ngx_stream_session_t *s); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
64 static ngx_int_t ngx_stream_proxy_eval(ngx_stream_session_t *s, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
65 ngx_stream_proxy_srv_conf_t *pscf); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
66 static ngx_int_t ngx_stream_proxy_set_local(ngx_stream_session_t *s, |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
67 ngx_stream_upstream_t *u, ngx_stream_upstream_local_t *local); |
6115 | 68 static void ngx_stream_proxy_connect(ngx_stream_session_t *s); |
69 static void ngx_stream_proxy_init_upstream(ngx_stream_session_t *s); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
70 static void ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx); |
6115 | 71 static void ngx_stream_proxy_upstream_handler(ngx_event_t *ev); |
72 static void ngx_stream_proxy_downstream_handler(ngx_event_t *ev); | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
73 static void ngx_stream_proxy_process_connection(ngx_event_t *ev, |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
74 ngx_uint_t from_upstream); |
6115 | 75 static void ngx_stream_proxy_connect_handler(ngx_event_t *ev); |
76 static ngx_int_t ngx_stream_proxy_test_connect(ngx_connection_t *c); | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
77 static void ngx_stream_proxy_process(ngx_stream_session_t *s, |
6115 | 78 ngx_uint_t from_upstream, ngx_uint_t do_write); |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
79 static ngx_int_t ngx_stream_proxy_test_finalize(ngx_stream_session_t *s, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
80 ngx_uint_t from_upstream); |
6115 | 81 static void ngx_stream_proxy_next_upstream(ngx_stream_session_t *s); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
82 static void ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc); |
6115 | 83 static u_char *ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, |
84 size_t len); | |
85 | |
86 static void *ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf); | |
87 static char *ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, | |
88 void *child); | |
89 static char *ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, | |
90 void *conf); | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
91 static char *ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
92 void *conf); |
6115 | 93 |
94 #if (NGX_STREAM_SSL) | |
95 | |
6692 | 96 static ngx_int_t ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s); |
6115 | 97 static char *ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, |
98 ngx_command_t *cmd, void *conf); | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
99 static char *ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
100 void *data); |
6115 | 101 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); |
102 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
103 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c); |
6115 | 104 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
105 static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s); |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
106 static ngx_int_t ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
107 ngx_stream_proxy_srv_conf_t *conf, ngx_stream_proxy_srv_conf_t *prev); |
6115 | 108 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, |
109 ngx_stream_proxy_srv_conf_t *pscf); | |
110 | |
111 | |
112 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { | |
113 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
114 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
115 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
116 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
117 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
6981
08dc60979133
SSL: added support for TLSv1.3 in ssl_protocols directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6868
diff
changeset
|
118 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, |
6115 | 119 { ngx_null_string, 0 } |
120 }; | |
121 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
122 static ngx_conf_post_t ngx_stream_proxy_ssl_conf_command_post = |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
123 { ngx_stream_proxy_ssl_conf_command_check }; |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
124 |
6115 | 125 #endif |
126 | |
127 | |
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
128 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_downstream_buffer = { |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
129 ngx_conf_deprecated, "proxy_downstream_buffer", "proxy_buffer_size" |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
130 }; |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
131 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
132 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_upstream_buffer = { |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
133 ngx_conf_deprecated, "proxy_upstream_buffer", "proxy_buffer_size" |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
134 }; |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
135 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
136 |
6115 | 137 static ngx_command_t ngx_stream_proxy_commands[] = { |
138 | |
139 { ngx_string("proxy_pass"), | |
140 NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
141 ngx_stream_proxy_pass, | |
142 NGX_STREAM_SRV_CONF_OFFSET, | |
143 0, | |
144 NULL }, | |
145 | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
146 { ngx_string("proxy_bind"), |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
147 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE12, |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
148 ngx_stream_proxy_bind, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
149 NGX_STREAM_SRV_CONF_OFFSET, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
150 0, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
151 NULL }, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
152 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
153 { ngx_string("proxy_socket_keepalive"), |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
154 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
155 ngx_conf_set_flag_slot, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
156 NGX_STREAM_SRV_CONF_OFFSET, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
157 offsetof(ngx_stream_proxy_srv_conf_t, socket_keepalive), |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
158 NULL }, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
159 |
6115 | 160 { ngx_string("proxy_connect_timeout"), |
161 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
162 ngx_conf_set_msec_slot, | |
163 NGX_STREAM_SRV_CONF_OFFSET, | |
164 offsetof(ngx_stream_proxy_srv_conf_t, connect_timeout), | |
165 NULL }, | |
166 | |
167 { ngx_string("proxy_timeout"), | |
168 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
169 ngx_conf_set_msec_slot, | |
170 NGX_STREAM_SRV_CONF_OFFSET, | |
171 offsetof(ngx_stream_proxy_srv_conf_t, timeout), | |
172 NULL }, | |
173 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
174 { ngx_string("proxy_buffer_size"), |
6115 | 175 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
176 ngx_conf_set_size_slot, | |
177 NGX_STREAM_SRV_CONF_OFFSET, | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
178 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
6115 | 179 NULL }, |
180 | |
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
181 { ngx_string("proxy_downstream_buffer"), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
182 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
183 ngx_conf_set_size_slot, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
184 NGX_STREAM_SRV_CONF_OFFSET, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
185 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
186 &ngx_conf_deprecated_proxy_downstream_buffer }, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
187 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
188 { ngx_string("proxy_upstream_buffer"), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
189 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
190 ngx_conf_set_size_slot, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
191 NGX_STREAM_SRV_CONF_OFFSET, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
192 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
193 &ngx_conf_deprecated_proxy_upstream_buffer }, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
194 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
195 { ngx_string("proxy_upload_rate"), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
196 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
197 ngx_stream_set_complex_value_size_slot, |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
198 NGX_STREAM_SRV_CONF_OFFSET, |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
199 offsetof(ngx_stream_proxy_srv_conf_t, upload_rate), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
200 NULL }, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
201 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
202 { ngx_string("proxy_download_rate"), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
203 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
204 ngx_stream_set_complex_value_size_slot, |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
205 NGX_STREAM_SRV_CONF_OFFSET, |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
206 offsetof(ngx_stream_proxy_srv_conf_t, download_rate), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
207 NULL }, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
208 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
209 { ngx_string("proxy_requests"), |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
210 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
211 ngx_conf_set_num_slot, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
212 NGX_STREAM_SRV_CONF_OFFSET, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
213 offsetof(ngx_stream_proxy_srv_conf_t, requests), |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
214 NULL }, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
215 |
6436 | 216 { ngx_string("proxy_responses"), |
217 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
218 ngx_conf_set_num_slot, | |
219 NGX_STREAM_SRV_CONF_OFFSET, | |
220 offsetof(ngx_stream_proxy_srv_conf_t, responses), | |
221 NULL }, | |
222 | |
6115 | 223 { ngx_string("proxy_next_upstream"), |
224 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
225 ngx_conf_set_flag_slot, | |
226 NGX_STREAM_SRV_CONF_OFFSET, | |
227 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream), | |
228 NULL }, | |
229 | |
230 { ngx_string("proxy_next_upstream_tries"), | |
231 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
232 ngx_conf_set_num_slot, | |
233 NGX_STREAM_SRV_CONF_OFFSET, | |
234 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_tries), | |
235 NULL }, | |
236 | |
237 { ngx_string("proxy_next_upstream_timeout"), | |
238 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
239 ngx_conf_set_msec_slot, | |
240 NGX_STREAM_SRV_CONF_OFFSET, | |
241 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_timeout), | |
242 NULL }, | |
243 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
244 { ngx_string("proxy_protocol"), |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
245 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
246 ngx_conf_set_flag_slot, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
247 NGX_STREAM_SRV_CONF_OFFSET, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
248 offsetof(ngx_stream_proxy_srv_conf_t, proxy_protocol), |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
249 NULL }, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
250 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
251 { ngx_string("proxy_half_close"), |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
252 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
253 ngx_conf_set_flag_slot, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
254 NGX_STREAM_SRV_CONF_OFFSET, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
255 offsetof(ngx_stream_proxy_srv_conf_t, half_close), |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
256 NULL }, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
257 |
6115 | 258 #if (NGX_STREAM_SSL) |
259 | |
260 { ngx_string("proxy_ssl"), | |
261 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
262 ngx_conf_set_flag_slot, | |
263 NGX_STREAM_SRV_CONF_OFFSET, | |
264 offsetof(ngx_stream_proxy_srv_conf_t, ssl_enable), | |
265 NULL }, | |
266 | |
267 { ngx_string("proxy_ssl_session_reuse"), | |
268 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
269 ngx_conf_set_flag_slot, | |
270 NGX_STREAM_SRV_CONF_OFFSET, | |
271 offsetof(ngx_stream_proxy_srv_conf_t, ssl_session_reuse), | |
272 NULL }, | |
273 | |
274 { ngx_string("proxy_ssl_protocols"), | |
275 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_1MORE, | |
276 ngx_conf_set_bitmask_slot, | |
277 NGX_STREAM_SRV_CONF_OFFSET, | |
278 offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols), | |
279 &ngx_stream_proxy_ssl_protocols }, | |
280 | |
281 { ngx_string("proxy_ssl_ciphers"), | |
282 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
283 ngx_conf_set_str_slot, | |
284 NGX_STREAM_SRV_CONF_OFFSET, | |
285 offsetof(ngx_stream_proxy_srv_conf_t, ssl_ciphers), | |
286 NULL }, | |
287 | |
288 { ngx_string("proxy_ssl_name"), | |
289 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
290 ngx_stream_set_complex_value_slot, |
6115 | 291 NGX_STREAM_SRV_CONF_OFFSET, |
292 offsetof(ngx_stream_proxy_srv_conf_t, ssl_name), | |
293 NULL }, | |
294 | |
295 { ngx_string("proxy_ssl_server_name"), | |
296 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
297 ngx_conf_set_flag_slot, | |
298 NGX_STREAM_SRV_CONF_OFFSET, | |
299 offsetof(ngx_stream_proxy_srv_conf_t, ssl_server_name), | |
300 NULL }, | |
301 | |
302 { ngx_string("proxy_ssl_verify"), | |
303 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
304 ngx_conf_set_flag_slot, | |
305 NGX_STREAM_SRV_CONF_OFFSET, | |
306 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify), | |
307 NULL }, | |
308 | |
309 { ngx_string("proxy_ssl_verify_depth"), | |
310 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
311 ngx_conf_set_num_slot, | |
312 NGX_STREAM_SRV_CONF_OFFSET, | |
313 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify_depth), | |
314 NULL }, | |
315 | |
316 { ngx_string("proxy_ssl_trusted_certificate"), | |
317 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
318 ngx_conf_set_str_slot, | |
319 NGX_STREAM_SRV_CONF_OFFSET, | |
320 offsetof(ngx_stream_proxy_srv_conf_t, ssl_trusted_certificate), | |
321 NULL }, | |
322 | |
323 { ngx_string("proxy_ssl_crl"), | |
324 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
325 ngx_conf_set_str_slot, | |
326 NGX_STREAM_SRV_CONF_OFFSET, | |
327 offsetof(ngx_stream_proxy_srv_conf_t, ssl_crl), | |
328 NULL }, | |
329 | |
330 { ngx_string("proxy_ssl_certificate"), | |
331 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
332 ngx_stream_set_complex_value_zero_slot, |
6115 | 333 NGX_STREAM_SRV_CONF_OFFSET, |
334 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate), | |
335 NULL }, | |
336 | |
337 { ngx_string("proxy_ssl_certificate_key"), | |
338 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
339 ngx_stream_set_complex_value_zero_slot, |
6115 | 340 NGX_STREAM_SRV_CONF_OFFSET, |
341 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate_key), | |
342 NULL }, | |
343 | |
344 { ngx_string("proxy_ssl_password_file"), | |
345 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
346 ngx_stream_proxy_ssl_password_file, | |
347 NGX_STREAM_SRV_CONF_OFFSET, | |
348 0, | |
349 NULL }, | |
350 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
351 { ngx_string("proxy_ssl_conf_command"), |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
352 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE2, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
353 ngx_conf_set_keyval_slot, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
354 NGX_STREAM_SRV_CONF_OFFSET, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
355 offsetof(ngx_stream_proxy_srv_conf_t, ssl_conf_commands), |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
356 &ngx_stream_proxy_ssl_conf_command_post }, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
357 |
6115 | 358 #endif |
359 | |
360 ngx_null_command | |
361 }; | |
362 | |
363 | |
364 static ngx_stream_module_t ngx_stream_proxy_module_ctx = { | |
6606
2f41d383c9c7
Stream: added preconfiguration step.
Vladimir Homutov <vl@nginx.com>
parents:
6599
diff
changeset
|
365 NULL, /* preconfiguration */ |
6174
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
366 NULL, /* postconfiguration */ |
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
367 |
6115 | 368 NULL, /* create main configuration */ |
369 NULL, /* init main configuration */ | |
370 | |
371 ngx_stream_proxy_create_srv_conf, /* create server configuration */ | |
372 ngx_stream_proxy_merge_srv_conf /* merge server configuration */ | |
373 }; | |
374 | |
375 | |
376 ngx_module_t ngx_stream_proxy_module = { | |
377 NGX_MODULE_V1, | |
378 &ngx_stream_proxy_module_ctx, /* module context */ | |
379 ngx_stream_proxy_commands, /* module directives */ | |
380 NGX_STREAM_MODULE, /* module type */ | |
381 NULL, /* init master */ | |
382 NULL, /* init module */ | |
383 NULL, /* init process */ | |
384 NULL, /* init thread */ | |
385 NULL, /* exit thread */ | |
386 NULL, /* exit process */ | |
387 NULL, /* exit master */ | |
388 NGX_MODULE_V1_PADDING | |
389 }; | |
390 | |
391 | |
392 static void | |
393 ngx_stream_proxy_handler(ngx_stream_session_t *s) | |
394 { | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
395 u_char *p; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
396 ngx_str_t *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
397 ngx_uint_t i; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
398 ngx_connection_t *c; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
399 ngx_resolver_ctx_t *ctx, temp; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
400 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
401 ngx_stream_core_srv_conf_t *cscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
402 ngx_stream_proxy_srv_conf_t *pscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
403 ngx_stream_upstream_srv_conf_t *uscf, **uscfp; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
404 ngx_stream_upstream_main_conf_t *umcf; |
6115 | 405 |
406 c = s->connection; | |
407 | |
408 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
409 | |
410 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
411 "proxy connection handler"); | |
412 | |
413 u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t)); | |
414 if (u == NULL) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
415 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 416 return; |
417 } | |
418 | |
419 s->upstream = u; | |
420 | |
421 s->log_handler = ngx_stream_proxy_log_error; | |
422 | |
7286 | 423 u->requests = 1; |
424 | |
6115 | 425 u->peer.log = c->log; |
426 u->peer.log_error = NGX_ERROR_ERR; | |
427 | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
428 if (ngx_stream_proxy_set_local(s, u, pscf->local) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
429 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
430 return; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
431 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
432 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
433 if (pscf->socket_keepalive) { |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
434 u->peer.so_keepalive = 1; |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
435 } |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
436 |
6436 | 437 u->peer.type = c->type; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
438 u->start_sec = ngx_time(); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
439 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
440 c->write->handler = ngx_stream_proxy_downstream_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
441 c->read->handler = ngx_stream_proxy_downstream_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
442 |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
443 s->upstream_states = ngx_array_create(c->pool, 1, |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
444 sizeof(ngx_stream_upstream_state_t)); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
445 if (s->upstream_states == NULL) { |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
446 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
447 return; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
448 } |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
449 |
7286 | 450 p = ngx_pnalloc(c->pool, pscf->buffer_size); |
451 if (p == NULL) { | |
452 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
453 return; | |
454 } | |
455 | |
456 u->downstream_buf.start = p; | |
457 u->downstream_buf.end = p + pscf->buffer_size; | |
458 u->downstream_buf.pos = p; | |
459 u->downstream_buf.last = p; | |
460 | |
461 if (c->read->ready) { | |
462 ngx_post_event(c->read, &ngx_posted_events); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
463 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
464 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
465 if (pscf->upstream_value) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
466 if (ngx_stream_proxy_eval(s, pscf) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
467 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
468 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
469 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
470 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
471 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
472 if (u->resolved == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
473 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
474 uscf = pscf->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
475 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
476 } else { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
477 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
478 #if (NGX_STREAM_SSL) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
479 u->ssl_name = u->resolved->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
480 #endif |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
481 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
482 host = &u->resolved->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
483 |
6786
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
484 umcf = ngx_stream_get_module_main_conf(s, ngx_stream_upstream_module); |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
485 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
486 uscfp = umcf->upstreams.elts; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
487 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
488 for (i = 0; i < umcf->upstreams.nelts; i++) { |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
489 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
490 uscf = uscfp[i]; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
491 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
492 if (uscf->host.len == host->len |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
493 && ((uscf->port == 0 && u->resolved->no_port) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
494 || uscf->port == u->resolved->port) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
495 && ngx_strncasecmp(uscf->host.data, host->data, host->len) == 0) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
496 { |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
497 goto found; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
498 } |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
499 } |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
500 |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
501 if (u->resolved->sockaddr) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
502 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
503 if (u->resolved->port == 0 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
504 && u->resolved->sockaddr->sa_family != AF_UNIX) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
505 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
506 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
507 "no port in upstream \"%V\"", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
508 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
509 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
510 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
511 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
512 if (ngx_stream_upstream_create_round_robin_peer(s, u->resolved) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
513 != NGX_OK) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
514 { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
515 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
516 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
517 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
518 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
519 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
520 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
521 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
522 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
523 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
524 if (u->resolved->port == 0) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
525 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
526 "no port in upstream \"%V\"", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
527 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
528 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
529 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
530 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
531 temp.name = *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
532 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
533 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
534 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
535 ctx = ngx_resolve_start(cscf->resolver, &temp); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
536 if (ctx == NULL) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
537 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
538 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
539 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
540 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
541 if (ctx == NGX_NO_RESOLVER) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
542 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
543 "no resolver defined to resolve %V", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
544 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
545 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
546 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
547 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
548 ctx->name = *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
549 ctx->handler = ngx_stream_proxy_resolve_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
550 ctx->data = s; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
551 ctx->timeout = cscf->resolver_timeout; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
552 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
553 u->resolved->ctx = ctx; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
554 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
555 if (ngx_resolve_name(ctx) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
556 u->resolved->ctx = NULL; |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
557 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
558 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
559 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
560 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
561 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
562 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
563 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
564 found: |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
565 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
566 if (uscf == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
567 ngx_log_error(NGX_LOG_ALERT, c->log, 0, "no upstream configuration"); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
568 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
569 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
570 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
571 |
6703
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
572 u->upstream = uscf; |
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
573 |
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
574 #if (NGX_STREAM_SSL) |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
575 u->ssl_name = uscf->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
576 #endif |
6115 | 577 |
578 if (uscf->peer.init(s, uscf) != NGX_OK) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
579 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 580 return; |
581 } | |
582 | |
583 u->peer.start_time = ngx_current_msec; | |
584 | |
585 if (pscf->next_upstream_tries | |
586 && u->peer.tries > pscf->next_upstream_tries) | |
587 { | |
588 u->peer.tries = pscf->next_upstream_tries; | |
589 } | |
590 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
591 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
592 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
593 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
594 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
595 static ngx_int_t |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
596 ngx_stream_proxy_eval(ngx_stream_session_t *s, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
597 ngx_stream_proxy_srv_conf_t *pscf) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
598 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
599 ngx_str_t host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
600 ngx_url_t url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
601 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
602 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
603 if (ngx_stream_complex_value(s, pscf->upstream_value, &host) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
604 return NGX_ERROR; |
6115 | 605 } |
606 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
607 ngx_memzero(&url, sizeof(ngx_url_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
608 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
609 url.url = host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
610 url.no_resolve = 1; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
611 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
612 if (ngx_parse_url(s->connection->pool, &url) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
613 if (url.err) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
614 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
615 "%s in upstream \"%V\"", url.err, &url.url); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
616 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
617 |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
618 return NGX_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
619 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
620 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
621 u = s->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
622 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
623 u->resolved = ngx_pcalloc(s->connection->pool, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
624 sizeof(ngx_stream_upstream_resolved_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
625 if (u->resolved == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
626 return NGX_ERROR; |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
627 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
628 |
6784
1af120241cde
Upstream: removed unnecessary condition in proxy_eval() and friends.
Ruslan Ermilov <ru@nginx.com>
parents:
6777
diff
changeset
|
629 if (url.addrs) { |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
630 u->resolved->sockaddr = url.addrs[0].sockaddr; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
631 u->resolved->socklen = url.addrs[0].socklen; |
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
632 u->resolved->name = url.addrs[0].name; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
633 u->resolved->naddrs = 1; |
6115 | 634 } |
635 | |
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
636 u->resolved->host = url.host; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
637 u->resolved->port = url.port; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
638 u->resolved->no_port = url.no_port; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
639 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
640 return NGX_OK; |
6115 | 641 } |
642 | |
643 | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
644 static ngx_int_t |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
645 ngx_stream_proxy_set_local(ngx_stream_session_t *s, ngx_stream_upstream_t *u, |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
646 ngx_stream_upstream_local_t *local) |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
647 { |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
648 ngx_int_t rc; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
649 ngx_str_t val; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
650 ngx_addr_t *addr; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
651 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
652 if (local == NULL) { |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
653 u->peer.local = NULL; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
654 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
655 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
656 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
657 #if (NGX_HAVE_TRANSPARENT_PROXY) |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
658 u->peer.transparent = local->transparent; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
659 #endif |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
660 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
661 if (local->value == NULL) { |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
662 u->peer.local = local->addr; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
663 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
664 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
665 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
666 if (ngx_stream_complex_value(s, local->value, &val) != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
667 return NGX_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
668 } |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
669 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
670 if (val.len == 0) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
671 return NGX_OK; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
672 } |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
673 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
674 addr = ngx_palloc(s->connection->pool, sizeof(ngx_addr_t)); |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
675 if (addr == NULL) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
676 return NGX_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
677 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
678 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
679 rc = ngx_parse_addr_port(s->connection->pool, addr, val.data, val.len); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
680 if (rc == NGX_ERROR) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
681 return NGX_ERROR; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
682 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
683 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
684 if (rc != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
685 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
686 "invalid local address \"%V\"", &val); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
687 return NGX_OK; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
688 } |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
689 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
690 addr->name = val; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
691 u->peer.local = addr; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
692 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
693 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
694 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
695 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
696 |
6115 | 697 static void |
698 ngx_stream_proxy_connect(ngx_stream_session_t *s) | |
699 { | |
700 ngx_int_t rc; | |
701 ngx_connection_t *c, *pc; | |
702 ngx_stream_upstream_t *u; | |
703 ngx_stream_proxy_srv_conf_t *pscf; | |
704 | |
705 c = s->connection; | |
706 | |
707 c->log->action = "connecting to upstream"; | |
708 | |
6692 | 709 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
710 | |
6115 | 711 u = s->upstream; |
712 | |
6692 | 713 u->connected = 0; |
714 u->proxy_protocol = pscf->proxy_protocol; | |
715 | |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
716 if (u->state) { |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
717 u->state->response_time = ngx_current_msec - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
718 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
719 |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
720 u->state = ngx_array_push(s->upstream_states); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
721 if (u->state == NULL) { |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
722 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
723 return; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
724 } |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
725 |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
726 ngx_memzero(u->state, sizeof(ngx_stream_upstream_state_t)); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
727 |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
728 u->start_time = ngx_current_msec; |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
729 |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
730 u->state->connect_time = (ngx_msec_t) -1; |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
731 u->state->first_byte_time = (ngx_msec_t) -1; |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
732 u->state->response_time = (ngx_msec_t) -1; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
733 |
6115 | 734 rc = ngx_event_connect_peer(&u->peer); |
735 | |
736 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, "proxy connect: %i", rc); | |
737 | |
738 if (rc == NGX_ERROR) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
739 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 740 return; |
741 } | |
742 | |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
743 u->state->peer = u->peer.name; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
744 |
6115 | 745 if (rc == NGX_BUSY) { |
746 ngx_log_error(NGX_LOG_ERR, c->log, 0, "no live upstreams"); | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
747 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
6115 | 748 return; |
749 } | |
750 | |
751 if (rc == NGX_DECLINED) { | |
752 ngx_stream_proxy_next_upstream(s); | |
753 return; | |
754 } | |
755 | |
756 /* rc == NGX_OK || rc == NGX_AGAIN || rc == NGX_DONE */ | |
757 | |
758 pc = u->peer.connection; | |
759 | |
760 pc->data = s; | |
761 pc->log = c->log; | |
762 pc->pool = c->pool; | |
763 pc->read->log = c->log; | |
764 pc->write->log = c->log; | |
765 | |
766 if (rc != NGX_AGAIN) { | |
767 ngx_stream_proxy_init_upstream(s); | |
768 return; | |
769 } | |
770 | |
771 pc->read->handler = ngx_stream_proxy_connect_handler; | |
772 pc->write->handler = ngx_stream_proxy_connect_handler; | |
773 | |
774 ngx_add_timer(pc->write, pscf->connect_timeout); | |
775 } | |
776 | |
777 | |
778 static void | |
779 ngx_stream_proxy_init_upstream(ngx_stream_session_t *s) | |
780 { | |
781 u_char *p; | |
6692 | 782 ngx_chain_t *cl; |
6115 | 783 ngx_connection_t *c, *pc; |
784 ngx_log_handler_pt handler; | |
785 ngx_stream_upstream_t *u; | |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
786 ngx_stream_core_srv_conf_t *cscf; |
6115 | 787 ngx_stream_proxy_srv_conf_t *pscf; |
788 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
789 u = s->upstream; |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
790 pc = u->peer.connection; |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
791 |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
792 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
793 |
6436 | 794 if (pc->type == SOCK_STREAM |
795 && cscf->tcp_nodelay | |
7007
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
796 && ngx_tcp_nodelay(pc) != NGX_OK) |
6436 | 797 { |
7007
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
798 ngx_stream_proxy_next_upstream(s); |
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
799 return; |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
800 } |
6115 | 801 |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
802 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
6115 | 803 |
804 #if (NGX_STREAM_SSL) | |
6692 | 805 |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
806 if (pc->type == SOCK_STREAM && pscf->ssl_enable) { |
6692 | 807 |
808 if (u->proxy_protocol) { | |
809 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { | |
810 return; | |
811 } | |
812 | |
813 u->proxy_protocol = 0; | |
814 } | |
815 | |
816 if (pc->ssl == NULL) { | |
817 ngx_stream_proxy_ssl_init_connection(s); | |
818 return; | |
819 } | |
6115 | 820 } |
6692 | 821 |
6115 | 822 #endif |
823 | |
824 c = s->connection; | |
825 | |
826 if (c->log->log_level >= NGX_LOG_INFO) { | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
827 ngx_str_t str; |
6115 | 828 u_char addr[NGX_SOCKADDR_STRLEN]; |
829 | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
830 str.len = NGX_SOCKADDR_STRLEN; |
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
831 str.data = addr; |
6115 | 832 |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
833 if (ngx_connection_local_sockaddr(pc, &str, 1) == NGX_OK) { |
6115 | 834 handler = c->log->handler; |
835 c->log->handler = NULL; | |
836 | |
6461
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
837 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
838 "%sproxy %V connected to %V", |
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
839 pc->type == SOCK_DGRAM ? "udp " : "", |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
840 &str, u->peer.name); |
6115 | 841 |
842 c->log->handler = handler; | |
843 } | |
844 } | |
845 | |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
846 u->state->connect_time = ngx_current_msec - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
847 |
6863
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
848 if (u->peer.notify) { |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
849 u->peer.notify(&u->peer, u->peer.data, |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
850 NGX_STREAM_UPSTREAM_NOTIFY_CONNECT); |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
851 } |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
852 |
6436 | 853 if (u->upstream_buf.start == NULL) { |
854 p = ngx_pnalloc(c->pool, pscf->buffer_size); | |
855 if (p == NULL) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
856 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6436 | 857 return; |
858 } | |
859 | |
860 u->upstream_buf.start = p; | |
861 u->upstream_buf.end = p + pscf->buffer_size; | |
862 u->upstream_buf.pos = p; | |
863 u->upstream_buf.last = p; | |
6115 | 864 } |
865 | |
7665
d127837c714f
Stream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov <vl@nginx.com>
parents:
7505
diff
changeset
|
866 if (c->buffer && c->buffer->pos <= c->buffer->last) { |
6692 | 867 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
868 "stream proxy add preread buffer: %uz", | |
869 c->buffer->last - c->buffer->pos); | |
870 | |
871 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
872 if (cl == NULL) { | |
873 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
874 return; | |
875 } | |
876 | |
877 *cl->buf = *c->buffer; | |
878 | |
879 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
7665
d127837c714f
Stream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov <vl@nginx.com>
parents:
7505
diff
changeset
|
880 cl->buf->temporary = (cl->buf->pos == cl->buf->last) ? 0 : 1; |
6692 | 881 cl->buf->flush = 1; |
882 | |
883 cl->next = u->upstream_out; | |
884 u->upstream_out = cl; | |
885 } | |
886 | |
887 if (u->proxy_protocol) { | |
888 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
889 "stream proxy add PROXY protocol header"); | |
890 | |
891 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
892 if (cl == NULL) { | |
893 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
894 return; | |
6436 | 895 } |
6692 | 896 |
8099
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
897 p = ngx_pnalloc(c->pool, NGX_PROXY_PROTOCOL_V1_MAX_HEADER); |
6692 | 898 if (p == NULL) { |
899 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
900 return; | |
901 } | |
902 | |
903 cl->buf->pos = p; | |
904 | |
8099
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
905 p = ngx_proxy_protocol_write(c, p, |
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
906 p + NGX_PROXY_PROTOCOL_V1_MAX_HEADER); |
6692 | 907 if (p == NULL) { |
908 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
909 return; | |
910 } | |
911 | |
912 cl->buf->last = p; | |
913 cl->buf->temporary = 1; | |
914 cl->buf->flush = 0; | |
915 cl->buf->last_buf = 0; | |
916 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
917 | |
918 cl->next = u->upstream_out; | |
919 u->upstream_out = cl; | |
920 | |
921 u->proxy_protocol = 0; | |
922 } | |
923 | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
924 u->upload_rate = ngx_stream_complex_value_size(s, pscf->upload_rate, 0); |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
925 u->download_rate = ngx_stream_complex_value_size(s, pscf->download_rate, 0); |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
926 |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
927 u->connected = 1; |
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
928 |
6115 | 929 pc->read->handler = ngx_stream_proxy_upstream_handler; |
930 pc->write->handler = ngx_stream_proxy_upstream_handler; | |
931 | |
7286 | 932 if (pc->read->ready) { |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
933 ngx_post_event(pc->read, &ngx_posted_events); |
6115 | 934 } |
935 | |
936 ngx_stream_proxy_process(s, 0, 1); | |
937 } | |
938 | |
939 | |
6692 | 940 #if (NGX_STREAM_SSL) |
941 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
942 static ngx_int_t |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
943 ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
944 { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
945 u_char *p; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
946 ssize_t n, size; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
947 ngx_connection_t *c, *pc; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
948 ngx_stream_upstream_t *u; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
949 ngx_stream_proxy_srv_conf_t *pscf; |
8099
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
950 u_char buf[NGX_PROXY_PROTOCOL_V1_MAX_HEADER]; |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
951 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
952 c = s->connection; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
953 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
954 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
955 "stream proxy send PROXY protocol header"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
956 |
8099
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
957 p = ngx_proxy_protocol_write(c, buf, |
17d6a537fb1b
Increased maximum read PROXY protocol header size.
Roman Arutyunyan <arut@nginx.com>
parents:
8053
diff
changeset
|
958 buf + NGX_PROXY_PROTOCOL_V1_MAX_HEADER); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
959 if (p == NULL) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
960 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
961 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
962 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
963 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
964 u = s->upstream; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
965 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
966 pc = u->peer.connection; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
967 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
968 size = p - buf; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
969 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
970 n = pc->send(pc, buf, size); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
971 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
972 if (n == NGX_AGAIN) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
973 if (ngx_handle_write_event(pc->write, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
974 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
975 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
976 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
977 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
978 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
979 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
980 ngx_add_timer(pc->write, pscf->timeout); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
981 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
982 pc->write->handler = ngx_stream_proxy_connect_handler; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
983 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
984 return NGX_AGAIN; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
985 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
986 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
987 if (n == NGX_ERROR) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
988 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
989 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
990 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
991 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
992 if (n != size) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
993 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
994 /* |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
995 * PROXY protocol specification: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
996 * The sender must always ensure that the header |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
997 * is sent at once, so that the transport layer |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
998 * maintains atomicity along the path to the receiver. |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
999 */ |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1000 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1001 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1002 "could not send PROXY protocol header at once"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1003 |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1004 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1005 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1006 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1007 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1008 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1009 return NGX_OK; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1010 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1011 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1012 |
6115 | 1013 static char * |
1014 ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
1015 void *conf) | |
1016 { | |
1017 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
1018 | |
1019 ngx_str_t *value; | |
1020 | |
1021 if (pscf->ssl_passwords != NGX_CONF_UNSET_PTR) { | |
1022 return "is duplicate"; | |
1023 } | |
1024 | |
1025 value = cf->args->elts; | |
1026 | |
1027 pscf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
1028 | |
1029 if (pscf->ssl_passwords == NULL) { | |
1030 return NGX_CONF_ERROR; | |
1031 } | |
1032 | |
1033 return NGX_CONF_OK; | |
1034 } | |
1035 | |
1036 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1037 static char * |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1038 ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1039 { |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1040 #ifndef SSL_CONF_FLAG_FILE |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1041 return "is not supported on this platform"; |
7787
7ce28b4cc57e
SSL: fixed build by Sun C with old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7731
diff
changeset
|
1042 #else |
7ce28b4cc57e
SSL: fixed build by Sun C with old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7731
diff
changeset
|
1043 return NGX_CONF_OK; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1044 #endif |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1045 } |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1046 |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1047 |
6115 | 1048 static void |
1049 ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) | |
1050 { | |
1051 ngx_int_t rc; | |
1052 ngx_connection_t *pc; | |
1053 ngx_stream_upstream_t *u; | |
1054 ngx_stream_proxy_srv_conf_t *pscf; | |
1055 | |
1056 u = s->upstream; | |
1057 | |
1058 pc = u->peer.connection; | |
1059 | |
1060 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1061 | |
1062 if (ngx_ssl_create_connection(pscf->ssl, pc, NGX_SSL_BUFFER|NGX_SSL_CLIENT) | |
1063 != NGX_OK) | |
1064 { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1065 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1066 return; |
1067 } | |
1068 | |
1069 if (pscf->ssl_server_name || pscf->ssl_verify) { | |
1070 if (ngx_stream_proxy_ssl_name(s) != NGX_OK) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1071 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1072 return; |
1073 } | |
1074 } | |
1075 | |
8042
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1076 if (pscf->ssl_certificate |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1077 && pscf->ssl_certificate->value.len |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1078 && (pscf->ssl_certificate->lengths |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1079 || pscf->ssl_certificate_key->lengths)) |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1080 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1081 if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1082 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1083 return; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1084 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1085 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1086 |
6115 | 1087 if (pscf->ssl_session_reuse) { |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1088 pc->ssl->save_session = ngx_stream_proxy_ssl_save_session; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1089 |
6115 | 1090 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1091 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1092 return; |
1093 } | |
1094 } | |
1095 | |
1096 s->connection->log->action = "SSL handshaking to upstream"; | |
1097 | |
1098 rc = ngx_ssl_handshake(pc); | |
1099 | |
1100 if (rc == NGX_AGAIN) { | |
1101 | |
1102 if (!pc->write->timer_set) { | |
1103 ngx_add_timer(pc->write, pscf->connect_timeout); | |
1104 } | |
1105 | |
1106 pc->ssl->handler = ngx_stream_proxy_ssl_handshake; | |
1107 return; | |
1108 } | |
1109 | |
1110 ngx_stream_proxy_ssl_handshake(pc); | |
1111 } | |
1112 | |
1113 | |
1114 static void | |
1115 ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc) | |
1116 { | |
1117 long rc; | |
1118 ngx_stream_session_t *s; | |
1119 ngx_stream_upstream_t *u; | |
1120 ngx_stream_proxy_srv_conf_t *pscf; | |
1121 | |
1122 s = pc->data; | |
1123 | |
1124 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1125 | |
1126 if (pc->ssl->handshaked) { | |
1127 | |
1128 if (pscf->ssl_verify) { | |
1129 rc = SSL_get_verify_result(pc->ssl->connection); | |
1130 | |
1131 if (rc != X509_V_OK) { | |
1132 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
1133 "upstream SSL certificate verify error: (%l:%s)", | |
1134 rc, X509_verify_cert_error_string(rc)); | |
1135 goto failed; | |
1136 } | |
1137 | |
1138 u = s->upstream; | |
1139 | |
1140 if (ngx_ssl_check_host(pc, &u->ssl_name) != NGX_OK) { | |
1141 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
1142 "upstream SSL certificate does not match \"%V\"", | |
1143 &u->ssl_name); | |
1144 goto failed; | |
1145 } | |
1146 } | |
1147 | |
6258
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1148 if (pc->write->timer_set) { |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1149 ngx_del_timer(pc->write); |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1150 } |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1151 |
6115 | 1152 ngx_stream_proxy_init_upstream(s); |
1153 | |
1154 return; | |
1155 } | |
1156 | |
1157 failed: | |
1158 | |
1159 ngx_stream_proxy_next_upstream(s); | |
1160 } | |
1161 | |
1162 | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1163 static void |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1164 ngx_stream_proxy_ssl_save_session(ngx_connection_t *c) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1165 { |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1166 ngx_stream_session_t *s; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1167 ngx_stream_upstream_t *u; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1168 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1169 s = c->data; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1170 u = s->upstream; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1171 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1172 u->peer.save_session(&u->peer, u->peer.data); |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1173 } |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1174 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1175 |
6115 | 1176 static ngx_int_t |
1177 ngx_stream_proxy_ssl_name(ngx_stream_session_t *s) | |
1178 { | |
1179 u_char *p, *last; | |
1180 ngx_str_t name; | |
1181 ngx_stream_upstream_t *u; | |
1182 ngx_stream_proxy_srv_conf_t *pscf; | |
1183 | |
1184 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1185 | |
1186 u = s->upstream; | |
1187 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1188 if (pscf->ssl_name) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1189 if (ngx_stream_complex_value(s, pscf->ssl_name, &name) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1190 return NGX_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1191 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1192 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1193 } else { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1194 name = u->ssl_name; |
6115 | 1195 } |
1196 | |
1197 if (name.len == 0) { | |
1198 goto done; | |
1199 } | |
1200 | |
1201 /* | |
1202 * ssl name here may contain port, strip it for compatibility | |
1203 * with the http module | |
1204 */ | |
1205 | |
1206 p = name.data; | |
1207 last = name.data + name.len; | |
1208 | |
1209 if (*p == '[') { | |
1210 p = ngx_strlchr(p, last, ']'); | |
1211 | |
1212 if (p == NULL) { | |
1213 p = name.data; | |
1214 } | |
1215 } | |
1216 | |
1217 p = ngx_strlchr(p, last, ':'); | |
1218 | |
1219 if (p != NULL) { | |
1220 name.len = p - name.data; | |
1221 } | |
1222 | |
1223 if (!pscf->ssl_server_name) { | |
1224 goto done; | |
1225 } | |
1226 | |
1227 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | |
1228 | |
1229 /* as per RFC 6066, literal IPv4 and IPv6 addresses are not permitted */ | |
1230 | |
1231 if (name.len == 0 || *name.data == '[') { | |
1232 goto done; | |
1233 } | |
1234 | |
1235 if (ngx_inet_addr(name.data, name.len) != INADDR_NONE) { | |
1236 goto done; | |
1237 } | |
1238 | |
1239 /* | |
1240 * SSL_set_tlsext_host_name() needs a null-terminated string, | |
1241 * hence we explicitly null-terminate name here | |
1242 */ | |
1243 | |
1244 p = ngx_pnalloc(s->connection->pool, name.len + 1); | |
1245 if (p == NULL) { | |
1246 return NGX_ERROR; | |
1247 } | |
1248 | |
1249 (void) ngx_cpystrn(p, name.data, name.len + 1); | |
1250 | |
1251 name.data = p; | |
1252 | |
1253 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1254 "upstream SSL server name: \"%s\"", name.data); | |
1255 | |
6777
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1256 if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, |
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1257 (char *) name.data) |
6115 | 1258 == 0) |
1259 { | |
1260 ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0, | |
1261 "SSL_set_tlsext_host_name(\"%s\") failed", name.data); | |
1262 return NGX_ERROR; | |
1263 } | |
1264 | |
1265 #endif | |
1266 | |
1267 done: | |
1268 | |
1269 u->ssl_name = name; | |
1270 | |
1271 return NGX_OK; | |
1272 } | |
1273 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1274 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1275 static ngx_int_t |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1276 ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1277 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1278 ngx_str_t cert, key; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1279 ngx_connection_t *c; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1280 ngx_stream_proxy_srv_conf_t *pscf; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1281 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1282 c = s->upstream->peer.connection; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1283 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1284 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1285 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1286 if (ngx_stream_complex_value(s, pscf->ssl_certificate, &cert) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1287 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1288 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1289 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1290 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1291 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1292 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1293 "stream upstream ssl cert: \"%s\"", cert.data); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1294 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1295 if (*cert.data == '\0') { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1296 return NGX_OK; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1297 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1298 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1299 if (ngx_stream_complex_value(s, pscf->ssl_certificate_key, &key) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1300 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1301 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1302 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1303 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1304 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1305 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1306 "stream upstream ssl key: \"%s\"", key.data); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1307 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1308 if (ngx_ssl_connection_certificate(c, c->pool, &cert, &key, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1309 pscf->ssl_passwords) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1310 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1311 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1312 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1313 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1314 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1315 return NGX_OK; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1316 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1317 |
6115 | 1318 #endif |
1319 | |
1320 | |
1321 static void | |
1322 ngx_stream_proxy_downstream_handler(ngx_event_t *ev) | |
1323 { | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1324 ngx_stream_proxy_process_connection(ev, ev->write); |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1325 } |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1326 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1327 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1328 static void |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1329 ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1330 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1331 ngx_stream_session_t *s; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1332 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1333 ngx_stream_proxy_srv_conf_t *pscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1334 ngx_stream_upstream_resolved_t *ur; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1335 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1336 s = ctx->data; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1337 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1338 u = s->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1339 ur = u->resolved; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1340 |
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
1341 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1342 "stream upstream resolve"); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1343 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1344 if (ctx->state) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1345 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1346 "%V could not be resolved (%i: %s)", |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1347 &ctx->name, ctx->state, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1348 ngx_resolver_strerror(ctx->state)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1349 |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1350 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1351 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1352 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1353 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1354 ur->naddrs = ctx->naddrs; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1355 ur->addrs = ctx->addrs; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1356 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1357 #if (NGX_DEBUG) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1358 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1359 u_char text[NGX_SOCKADDR_STRLEN]; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1360 ngx_str_t addr; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1361 ngx_uint_t i; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1362 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1363 addr.data = text; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1364 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1365 for (i = 0; i < ctx->naddrs; i++) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1366 addr.len = ngx_sock_ntop(ur->addrs[i].sockaddr, ur->addrs[i].socklen, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1367 text, NGX_SOCKADDR_STRLEN, 0); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1368 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1369 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1370 "name was resolved to %V", &addr); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1371 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1372 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1373 #endif |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1374 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1375 if (ngx_stream_upstream_create_round_robin_peer(s, ur) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1376 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1377 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1378 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1379 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1380 ngx_resolve_name_done(ctx); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1381 ur->ctx = NULL; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1382 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1383 u->peer.start_time = ngx_current_msec; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1384 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1385 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1386 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1387 if (pscf->next_upstream_tries |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1388 && u->peer.tries > pscf->next_upstream_tries) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1389 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1390 u->peer.tries = pscf->next_upstream_tries; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1391 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1392 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1393 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1394 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1395 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1396 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1397 static void |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1398 ngx_stream_proxy_upstream_handler(ngx_event_t *ev) |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1399 { |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1400 ngx_stream_proxy_process_connection(ev, !ev->write); |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1401 } |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1402 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1403 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1404 static void |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1405 ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream) |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1406 { |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1407 ngx_connection_t *c, *pc; |
7286 | 1408 ngx_log_handler_pt handler; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1409 ngx_stream_session_t *s; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1410 ngx_stream_upstream_t *u; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1411 ngx_stream_proxy_srv_conf_t *pscf; |
6115 | 1412 |
1413 c = ev->data; | |
1414 s = c->data; | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1415 u = s->upstream; |
6115 | 1416 |
7156
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1417 if (c->close) { |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1418 ngx_log_error(NGX_LOG_INFO, c->log, 0, "shutdown timeout"); |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1419 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1420 return; |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1421 } |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1422 |
6436 | 1423 c = s->connection; |
1424 pc = u->peer.connection; | |
1425 | |
1426 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1427 | |
6115 | 1428 if (ev->timedout) { |
6436 | 1429 ev->timedout = 0; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1430 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1431 if (ev->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1432 ev->delayed = 0; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1433 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1434 if (!ev->ready) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1435 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1436 ngx_stream_proxy_finalize(s, |
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1437 NGX_STREAM_INTERNAL_SERVER_ERROR); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1438 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1439 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1440 |
6436 | 1441 if (u->connected && !c->read->delayed && !pc->read->delayed) { |
1442 ngx_add_timer(c->write, pscf->timeout); | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1443 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1444 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1445 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1446 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1447 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1448 } else { |
6436 | 1449 if (s->connection->type == SOCK_DGRAM) { |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1450 |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1451 if (pscf->responses == NGX_MAX_INT32_VALUE |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1452 || (u->responses >= pscf->responses * u->requests)) |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1453 { |
6436 | 1454 |
1455 /* | |
1456 * successfully terminate timed out UDP session | |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1457 * if expected number of responses was received |
6436 | 1458 */ |
1459 | |
7286 | 1460 handler = c->log->handler; |
1461 c->log->handler = NULL; | |
1462 | |
1463 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1464 "udp timed out" | |
1465 ", packets from/to client:%ui/%ui" | |
1466 ", bytes from/to client:%O/%O" | |
1467 ", bytes from/to upstream:%O/%O", | |
1468 u->requests, u->responses, | |
1469 s->received, c->sent, u->received, | |
1470 pc ? pc->sent : 0); | |
1471 | |
1472 c->log->handler = handler; | |
1473 | |
1474 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); | |
6436 | 1475 return; |
1476 } | |
1477 | |
7105
0846dd76a487
Stream: fixed logging UDP upstream timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7098
diff
changeset
|
1478 ngx_connection_error(pc, NGX_ETIMEDOUT, "upstream timed out"); |
0846dd76a487
Stream: fixed logging UDP upstream timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7098
diff
changeset
|
1479 |
7286 | 1480 pc->read->error = 1; |
1481 | |
1482 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); | |
1483 | |
1484 return; | |
6436 | 1485 } |
1486 | |
7286 | 1487 ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out"); |
1488 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1489 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
7286 | 1490 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1491 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1492 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1493 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1494 } else if (ev->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1495 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1496 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1497 "stream connection delayed"); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1498 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1499 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1500 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1501 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1502 |
6115 | 1503 return; |
1504 } | |
1505 | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1506 if (from_upstream && !u->connected) { |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1507 return; |
6115 | 1508 } |
1509 | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1510 ngx_stream_proxy_process(s, from_upstream, ev->write); |
6115 | 1511 } |
1512 | |
1513 | |
1514 static void | |
1515 ngx_stream_proxy_connect_handler(ngx_event_t *ev) | |
1516 { | |
1517 ngx_connection_t *c; | |
1518 ngx_stream_session_t *s; | |
1519 | |
1520 c = ev->data; | |
1521 s = c->data; | |
1522 | |
1523 if (ev->timedout) { | |
1524 ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out"); | |
1525 ngx_stream_proxy_next_upstream(s); | |
1526 return; | |
1527 } | |
1528 | |
1529 ngx_del_timer(c->write); | |
1530 | |
1531 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
1532 "stream proxy connect upstream"); | |
1533 | |
1534 if (ngx_stream_proxy_test_connect(c) != NGX_OK) { | |
1535 ngx_stream_proxy_next_upstream(s); | |
1536 return; | |
1537 } | |
1538 | |
1539 ngx_stream_proxy_init_upstream(s); | |
1540 } | |
1541 | |
1542 | |
1543 static ngx_int_t | |
1544 ngx_stream_proxy_test_connect(ngx_connection_t *c) | |
1545 { | |
1546 int err; | |
1547 socklen_t len; | |
1548 | |
1549 #if (NGX_HAVE_KQUEUE) | |
1550 | |
1551 if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { | |
1552 err = c->write->kq_errno ? c->write->kq_errno : c->read->kq_errno; | |
1553 | |
1554 if (err) { | |
1555 (void) ngx_connection_error(c, err, | |
1556 "kevent() reported that connect() failed"); | |
1557 return NGX_ERROR; | |
1558 } | |
1559 | |
1560 } else | |
1561 #endif | |
1562 { | |
1563 err = 0; | |
1564 len = sizeof(int); | |
1565 | |
1566 /* | |
1567 * BSDs and Linux return 0 and set a pending error in err | |
1568 * Solaris returns -1 and sets errno | |
1569 */ | |
1570 | |
1571 if (getsockopt(c->fd, SOL_SOCKET, SO_ERROR, (void *) &err, &len) | |
1572 == -1) | |
1573 { | |
1574 err = ngx_socket_errno; | |
1575 } | |
1576 | |
1577 if (err) { | |
1578 (void) ngx_connection_error(c, err, "connect() failed"); | |
1579 return NGX_ERROR; | |
1580 } | |
1581 } | |
1582 | |
1583 return NGX_OK; | |
1584 } | |
1585 | |
1586 | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1587 static void |
6115 | 1588 ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, |
1589 ngx_uint_t do_write) | |
1590 { | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1591 char *recv_action, *send_action; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1592 off_t *received, limit; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1593 size_t size, limit_rate; |
6115 | 1594 ssize_t n; |
1595 ngx_buf_t *b; | |
6692 | 1596 ngx_int_t rc; |
7286 | 1597 ngx_uint_t flags, *packets; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1598 ngx_msec_t delay; |
6692 | 1599 ngx_chain_t *cl, **ll, **out, **busy; |
6115 | 1600 ngx_connection_t *c, *pc, *src, *dst; |
1601 ngx_log_handler_pt handler; | |
1602 ngx_stream_upstream_t *u; | |
1603 ngx_stream_proxy_srv_conf_t *pscf; | |
1604 | |
1605 u = s->upstream; | |
1606 | |
1607 c = s->connection; | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1608 pc = u->connected ? u->peer.connection : NULL; |
6115 | 1609 |
6436 | 1610 if (c->type == SOCK_DGRAM && (ngx_terminate || ngx_exiting)) { |
1611 | |
1612 /* socket is already closed on worker shutdown */ | |
1613 | |
1614 handler = c->log->handler; | |
1615 c->log->handler = NULL; | |
1616 | |
1617 ngx_log_error(NGX_LOG_INFO, c->log, 0, "disconnected on shutdown"); | |
1618 | |
1619 c->log->handler = handler; | |
1620 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1621 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6436 | 1622 return; |
1623 } | |
1624 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1625 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1626 |
6115 | 1627 if (from_upstream) { |
1628 src = pc; | |
1629 dst = c; | |
1630 b = &u->upstream_buf; | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
1631 limit_rate = u->download_rate; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1632 received = &u->received; |
7286 | 1633 packets = &u->responses; |
6692 | 1634 out = &u->downstream_out; |
1635 busy = &u->downstream_busy; | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1636 recv_action = "proxying and reading from upstream"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1637 send_action = "proxying and sending to client"; |
6115 | 1638 |
1639 } else { | |
1640 src = c; | |
1641 dst = pc; | |
1642 b = &u->downstream_buf; | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
1643 limit_rate = u->upload_rate; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1644 received = &s->received; |
7286 | 1645 packets = &u->requests; |
6692 | 1646 out = &u->upstream_out; |
1647 busy = &u->upstream_busy; | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1648 recv_action = "proxying and reading from client"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1649 send_action = "proxying and sending to upstream"; |
6115 | 1650 } |
1651 | |
1652 for ( ;; ) { | |
1653 | |
6692 | 1654 if (do_write && dst) { |
1655 | |
1656 if (*out || *busy || dst->buffered) { | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1657 c->log->action = send_action; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1658 |
6692 | 1659 rc = ngx_stream_top_filter(s, *out, from_upstream); |
1660 | |
1661 if (rc == NGX_ERROR) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1662 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1663 return; |
6115 | 1664 } |
1665 | |
6692 | 1666 ngx_chain_update_chains(c->pool, &u->free, busy, out, |
1667 (ngx_buf_tag_t) &ngx_stream_proxy_module); | |
1668 | |
1669 if (*busy == NULL) { | |
1670 b->pos = b->start; | |
1671 b->last = b->start; | |
6115 | 1672 } |
1673 } | |
1674 } | |
1675 | |
1676 size = b->end - b->last; | |
1677 | |
8110
06c7d84cafdb
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8099
diff
changeset
|
1678 if (size && src->read->ready && !src->read->delayed) { |
06c7d84cafdb
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8099
diff
changeset
|
1679 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1680 if (limit_rate) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1681 limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1) |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1682 - *received; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1683 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1684 if (limit <= 0) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1685 src->read->delayed = 1; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1686 delay = (ngx_msec_t) (- limit * 1000 / limit_rate + 1); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1687 ngx_add_timer(src->read, delay); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1688 break; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1689 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1690 |
7441
8acaa1161783
Stream: do not split datagrams when limiting proxy rate.
Roman Arutyunyan <arut@nginx.com>
parents:
7440
diff
changeset
|
1691 if (c->type == SOCK_STREAM && (off_t) size > limit) { |
6203
fdfdcad62875
Stream: fixed MSVC compilation warning.
Roman Arutyunyan <arut@nginx.com>
parents:
6202
diff
changeset
|
1692 size = (size_t) limit; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1693 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1694 } |
6115 | 1695 |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1696 c->log->action = recv_action; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1697 |
6115 | 1698 n = src->recv(src, b->last, size); |
1699 | |
6692 | 1700 if (n == NGX_AGAIN) { |
6115 | 1701 break; |
1702 } | |
1703 | |
6692 | 1704 if (n == NGX_ERROR) { |
1705 src->read->eof = 1; | |
1706 n = 0; | |
1707 } | |
1708 | |
1709 if (n >= 0) { | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1710 if (limit_rate) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1711 delay = (ngx_msec_t) (n * 1000 / limit_rate); |
6115 | 1712 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1713 if (delay > 0) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1714 src->read->delayed = 1; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1715 ngx_add_timer(src->read, delay); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1716 } |
6115 | 1717 } |
1718 | |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1719 if (from_upstream) { |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1720 if (u->state->first_byte_time == (ngx_msec_t) -1) { |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1721 u->state->first_byte_time = ngx_current_msec |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1722 - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1723 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1724 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1725 |
6692 | 1726 for (ll = out; *ll; ll = &(*ll)->next) { /* void */ } |
1727 | |
1728 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
1729 if (cl == NULL) { | |
1730 ngx_stream_proxy_finalize(s, | |
1731 NGX_STREAM_INTERNAL_SERVER_ERROR); | |
1732 return; | |
1733 } | |
1734 | |
1735 *ll = cl; | |
1736 | |
1737 cl->buf->pos = b->last; | |
1738 cl->buf->last = b->last + n; | |
1739 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
1740 | |
1741 cl->buf->temporary = (n ? 1 : 0); | |
1742 cl->buf->last_buf = src->read->eof; | |
8044
457afc332c67
Stream: don't flush empty buffers created for read errors.
Aleksei Bavshin <a.bavshin@f5.com>
parents:
8042
diff
changeset
|
1743 cl->buf->flush = !src->read->eof; |
6692 | 1744 |
7286 | 1745 (*packets)++; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1746 *received += n; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1747 b->last += n; |
6115 | 1748 do_write = 1; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1749 |
6115 | 1750 continue; |
1751 } | |
1752 } | |
1753 | |
1754 break; | |
1755 } | |
1756 | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1757 c->log->action = "proxying connection"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1758 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1759 if (ngx_stream_proxy_test_finalize(s, from_upstream) == NGX_OK) { |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1760 return; |
6115 | 1761 } |
1762 | |
6124
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1763 flags = src->read->eof ? NGX_CLOSE_EVENT : 0; |
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1764 |
7440
6d4bc025c5a7
Prevented scheduling events on a shared connection.
Roman Arutyunyan <arut@nginx.com>
parents:
7397
diff
changeset
|
1765 if (ngx_handle_read_event(src->read, flags) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1766 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1767 return; |
6115 | 1768 } |
1769 | |
1770 if (dst) { | |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1771 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1772 if (dst->type == SOCK_STREAM && pscf->half_close |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1773 && src->read->eof && !u->half_closed && !dst->buffered) |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1774 { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1775 if (ngx_shutdown_socket(dst->fd, NGX_WRITE_SHUTDOWN) == -1) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1776 ngx_connection_error(c, ngx_socket_errno, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1777 ngx_shutdown_socket_n " failed"); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1778 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1779 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1780 return; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1781 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1782 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1783 u->half_closed = 1; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1784 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1785 "stream proxy %s socket shutdown", |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1786 from_upstream ? "client" : "upstream"); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1787 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1788 |
7440
6d4bc025c5a7
Prevented scheduling events on a shared connection.
Roman Arutyunyan <arut@nginx.com>
parents:
7397
diff
changeset
|
1789 if (ngx_handle_write_event(dst->write, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1790 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1791 return; |
6115 | 1792 } |
1793 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1794 if (!c->read->delayed && !pc->read->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1795 ngx_add_timer(c->write, pscf->timeout); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1796 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1797 } else if (c->write->timer_set) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1798 ngx_del_timer(c->write); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1799 } |
6115 | 1800 } |
1801 } | |
1802 | |
1803 | |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1804 static ngx_int_t |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1805 ngx_stream_proxy_test_finalize(ngx_stream_session_t *s, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1806 ngx_uint_t from_upstream) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1807 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1808 ngx_connection_t *c, *pc; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1809 ngx_log_handler_pt handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1810 ngx_stream_upstream_t *u; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1811 ngx_stream_proxy_srv_conf_t *pscf; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1812 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1813 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1814 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1815 c = s->connection; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1816 u = s->upstream; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1817 pc = u->connected ? u->peer.connection : NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1818 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1819 if (c->type == SOCK_DGRAM) { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1820 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1821 if (pscf->requests && u->requests < pscf->requests) { |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1822 return NGX_DECLINED; |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1823 } |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1824 |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1825 if (pscf->requests) { |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1826 ngx_delete_udp_connection(c); |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1827 } |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1828 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1829 if (pscf->responses == NGX_MAX_INT32_VALUE |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1830 || u->responses < pscf->responses * u->requests) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1831 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1832 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1833 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1834 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1835 if (pc == NULL || c->buffered || pc->buffered) { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1836 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1837 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1838 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1839 handler = c->log->handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1840 c->log->handler = NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1841 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1842 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1843 "udp done" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1844 ", packets from/to client:%ui/%ui" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1845 ", bytes from/to client:%O/%O" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1846 ", bytes from/to upstream:%O/%O", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1847 u->requests, u->responses, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1848 s->received, c->sent, u->received, pc ? pc->sent : 0); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1849 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1850 c->log->handler = handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1851 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1852 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1853 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1854 return NGX_OK; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1855 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1856 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1857 /* c->type == SOCK_STREAM */ |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1858 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1859 if (pc == NULL |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1860 || (!c->read->eof && !pc->read->eof) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1861 || (!c->read->eof && c->buffered) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1862 || (!pc->read->eof && pc->buffered)) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1863 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1864 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1865 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1866 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1867 if (pscf->half_close) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1868 /* avoid closing live connections until both read ends get EOF */ |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1869 if (!(c->read->eof && pc->read->eof && !c->buffered && !pc->buffered)) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1870 return NGX_DECLINED; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1871 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1872 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1873 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1874 handler = c->log->handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1875 c->log->handler = NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1876 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1877 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1878 "%s disconnected" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1879 ", bytes from/to client:%O/%O" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1880 ", bytes from/to upstream:%O/%O", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1881 from_upstream ? "upstream" : "client", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1882 s->received, c->sent, u->received, pc ? pc->sent : 0); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1883 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1884 c->log->handler = handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1885 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1886 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1887 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1888 return NGX_OK; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1889 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1890 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1891 |
6115 | 1892 static void |
1893 ngx_stream_proxy_next_upstream(ngx_stream_session_t *s) | |
1894 { | |
1895 ngx_msec_t timeout; | |
1896 ngx_connection_t *pc; | |
1897 ngx_stream_upstream_t *u; | |
1898 ngx_stream_proxy_srv_conf_t *pscf; | |
1899 | |
1900 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1901 "stream proxy next upstream"); | |
1902 | |
1903 u = s->upstream; | |
6692 | 1904 pc = u->peer.connection; |
1905 | |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1906 if (pc && pc->buffered) { |
6692 | 1907 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1908 "buffered data on next upstream"); |
6692 | 1909 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
1910 return; | |
1911 } | |
6115 | 1912 |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1913 if (s->connection->type == SOCK_DGRAM) { |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1914 u->upstream_out = NULL; |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1915 } |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1916 |
6115 | 1917 if (u->peer.sockaddr) { |
1918 u->peer.free(&u->peer, u->peer.data, NGX_PEER_FAILED); | |
1919 u->peer.sockaddr = NULL; | |
1920 } | |
1921 | |
1922 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1923 | |
1924 timeout = pscf->next_upstream_timeout; | |
1925 | |
1926 if (u->peer.tries == 0 | |
1927 || !pscf->next_upstream | |
1928 || (timeout && ngx_current_msec - u->peer.start_time >= timeout)) | |
1929 { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1930 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
6115 | 1931 return; |
1932 } | |
1933 | |
1934 if (pc) { | |
1935 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1936 "close proxy upstream connection: %d", pc->fd); | |
1937 | |
1938 #if (NGX_STREAM_SSL) | |
1939 if (pc->ssl) { | |
1940 pc->ssl->no_wait_shutdown = 1; | |
1941 pc->ssl->no_send_shutdown = 1; | |
1942 | |
1943 (void) ngx_ssl_shutdown(pc); | |
1944 } | |
1945 #endif | |
1946 | |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1947 u->state->bytes_received = u->received; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1948 u->state->bytes_sent = pc->sent; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1949 |
6115 | 1950 ngx_close_connection(pc); |
1951 u->peer.connection = NULL; | |
1952 } | |
1953 | |
1954 ngx_stream_proxy_connect(s); | |
1955 } | |
1956 | |
1957 | |
1958 static void | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1959 ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc) |
6115 | 1960 { |
7286 | 1961 ngx_uint_t state; |
6115 | 1962 ngx_connection_t *pc; |
1963 ngx_stream_upstream_t *u; | |
1964 | |
1965 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1966 "finalize stream proxy: %i", rc); | |
1967 | |
1968 u = s->upstream; | |
1969 | |
1970 if (u == NULL) { | |
1971 goto noupstream; | |
1972 } | |
1973 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1974 if (u->resolved && u->resolved->ctx) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1975 ngx_resolve_name_done(u->resolved->ctx); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1976 u->resolved->ctx = NULL; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1977 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1978 |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1979 pc = u->peer.connection; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1980 |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1981 if (u->state) { |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1982 if (u->state->response_time == (ngx_msec_t) -1) { |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1983 u->state->response_time = ngx_current_msec - u->start_time; |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1984 } |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1985 |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1986 if (pc) { |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1987 u->state->bytes_received = u->received; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1988 u->state->bytes_sent = pc->sent; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1989 } |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1990 } |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1991 |
6115 | 1992 if (u->peer.free && u->peer.sockaddr) { |
7286 | 1993 state = 0; |
1994 | |
1995 if (pc && pc->type == SOCK_DGRAM | |
1996 && (pc->read->error || pc->write->error)) | |
1997 { | |
1998 state = NGX_PEER_FAILED; | |
1999 } | |
2000 | |
2001 u->peer.free(&u->peer, u->peer.data, state); | |
6115 | 2002 u->peer.sockaddr = NULL; |
2003 } | |
2004 | |
2005 if (pc) { | |
2006 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
2007 "close stream proxy upstream connection: %d", pc->fd); | |
2008 | |
2009 #if (NGX_STREAM_SSL) | |
2010 if (pc->ssl) { | |
2011 pc->ssl->no_wait_shutdown = 1; | |
2012 (void) ngx_ssl_shutdown(pc); | |
2013 } | |
2014 #endif | |
2015 | |
2016 ngx_close_connection(pc); | |
2017 u->peer.connection = NULL; | |
2018 } | |
2019 | |
2020 noupstream: | |
2021 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
2022 ngx_stream_finalize_session(s, rc); |
6115 | 2023 } |
2024 | |
2025 | |
2026 static u_char * | |
2027 ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, size_t len) | |
2028 { | |
2029 u_char *p; | |
2030 ngx_connection_t *pc; | |
2031 ngx_stream_session_t *s; | |
2032 ngx_stream_upstream_t *u; | |
2033 | |
2034 s = log->data; | |
2035 | |
2036 u = s->upstream; | |
2037 | |
2038 p = buf; | |
2039 | |
2040 if (u->peer.name) { | |
2041 p = ngx_snprintf(p, len, ", upstream: \"%V\"", u->peer.name); | |
2042 len -= p - buf; | |
2043 } | |
2044 | |
2045 pc = u->peer.connection; | |
2046 | |
2047 p = ngx_snprintf(p, len, | |
2048 ", bytes from/to client:%O/%O" | |
2049 ", bytes from/to upstream:%O/%O", | |
2050 s->received, s->connection->sent, | |
2051 u->received, pc ? pc->sent : 0); | |
2052 | |
2053 return p; | |
2054 } | |
2055 | |
2056 | |
2057 static void * | |
2058 ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf) | |
2059 { | |
2060 ngx_stream_proxy_srv_conf_t *conf; | |
2061 | |
2062 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_proxy_srv_conf_t)); | |
2063 if (conf == NULL) { | |
2064 return NULL; | |
2065 } | |
2066 | |
2067 /* | |
2068 * set by ngx_pcalloc(): | |
2069 * | |
2070 * conf->ssl_protocols = 0; | |
2071 * conf->ssl_ciphers = { 0, NULL }; | |
2072 * conf->ssl_trusted_certificate = { 0, NULL }; | |
2073 * conf->ssl_crl = { 0, NULL }; | |
2074 * | |
2075 * conf->ssl = NULL; | |
2076 * conf->upstream = NULL; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2077 * conf->upstream_value = NULL; |
6115 | 2078 */ |
2079 | |
2080 conf->connect_timeout = NGX_CONF_UNSET_MSEC; | |
2081 conf->timeout = NGX_CONF_UNSET_MSEC; | |
2082 conf->next_upstream_timeout = NGX_CONF_UNSET_MSEC; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2083 conf->buffer_size = NGX_CONF_UNSET_SIZE; |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2084 conf->upload_rate = NGX_CONF_UNSET_PTR; |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2085 conf->download_rate = NGX_CONF_UNSET_PTR; |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2086 conf->requests = NGX_CONF_UNSET_UINT; |
6436 | 2087 conf->responses = NGX_CONF_UNSET_UINT; |
6115 | 2088 conf->next_upstream_tries = NGX_CONF_UNSET_UINT; |
2089 conf->next_upstream = NGX_CONF_UNSET; | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2090 conf->proxy_protocol = NGX_CONF_UNSET; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2091 conf->local = NGX_CONF_UNSET_PTR; |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2092 conf->socket_keepalive = NGX_CONF_UNSET; |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2093 conf->half_close = NGX_CONF_UNSET; |
6115 | 2094 |
2095 #if (NGX_STREAM_SSL) | |
2096 conf->ssl_enable = NGX_CONF_UNSET; | |
2097 conf->ssl_session_reuse = NGX_CONF_UNSET; | |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2098 conf->ssl_name = NGX_CONF_UNSET_PTR; |
6115 | 2099 conf->ssl_server_name = NGX_CONF_UNSET; |
2100 conf->ssl_verify = NGX_CONF_UNSET; | |
2101 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2102 conf->ssl_certificate = NGX_CONF_UNSET_PTR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2103 conf->ssl_certificate_key = NGX_CONF_UNSET_PTR; |
6115 | 2104 conf->ssl_passwords = NGX_CONF_UNSET_PTR; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2105 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; |
6115 | 2106 #endif |
2107 | |
2108 return conf; | |
2109 } | |
2110 | |
2111 | |
2112 static char * | |
2113 ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
2114 { | |
2115 ngx_stream_proxy_srv_conf_t *prev = parent; | |
2116 ngx_stream_proxy_srv_conf_t *conf = child; | |
2117 | |
2118 ngx_conf_merge_msec_value(conf->connect_timeout, | |
2119 prev->connect_timeout, 60000); | |
2120 | |
2121 ngx_conf_merge_msec_value(conf->timeout, | |
2122 prev->timeout, 10 * 60000); | |
2123 | |
2124 ngx_conf_merge_msec_value(conf->next_upstream_timeout, | |
2125 prev->next_upstream_timeout, 0); | |
2126 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2127 ngx_conf_merge_size_value(conf->buffer_size, |
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2128 prev->buffer_size, 16384); |
6115 | 2129 |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2130 ngx_conf_merge_ptr_value(conf->upload_rate, prev->upload_rate, NULL); |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2131 |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2132 ngx_conf_merge_ptr_value(conf->download_rate, prev->download_rate, NULL); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
2133 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2134 ngx_conf_merge_uint_value(conf->requests, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2135 prev->requests, 0); |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2136 |
6436 | 2137 ngx_conf_merge_uint_value(conf->responses, |
2138 prev->responses, NGX_MAX_INT32_VALUE); | |
2139 | |
6115 | 2140 ngx_conf_merge_uint_value(conf->next_upstream_tries, |
2141 prev->next_upstream_tries, 0); | |
2142 | |
2143 ngx_conf_merge_value(conf->next_upstream, prev->next_upstream, 1); | |
2144 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2145 ngx_conf_merge_value(conf->proxy_protocol, prev->proxy_protocol, 0); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2146 |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2147 ngx_conf_merge_ptr_value(conf->local, prev->local, NULL); |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2148 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2149 ngx_conf_merge_value(conf->socket_keepalive, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2150 prev->socket_keepalive, 0); |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2151 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2152 ngx_conf_merge_value(conf->half_close, prev->half_close, 0); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2153 |
6115 | 2154 #if (NGX_STREAM_SSL) |
2155 | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2156 if (ngx_stream_proxy_merge_ssl(cf, conf, prev) != NGX_OK) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2157 return NGX_CONF_ERROR; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2158 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2159 |
6115 | 2160 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); |
2161 | |
2162 ngx_conf_merge_value(conf->ssl_session_reuse, | |
2163 prev->ssl_session_reuse, 1); | |
2164 | |
2165 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | |
8152
d1cf09451ae8
SSL: enabled TLSv1.3 by default.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8110
diff
changeset
|
2166 (NGX_CONF_BITMASK_SET |
d1cf09451ae8
SSL: enabled TLSv1.3 by default.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8110
diff
changeset
|
2167 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 |
d1cf09451ae8
SSL: enabled TLSv1.3 by default.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8110
diff
changeset
|
2168 |NGX_SSL_TLSv1_2|NGX_SSL_TLSv1_3)); |
6115 | 2169 |
2170 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT"); | |
2171 | |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2172 ngx_conf_merge_ptr_value(conf->ssl_name, prev->ssl_name, NULL); |
6115 | 2173 |
2174 ngx_conf_merge_value(conf->ssl_server_name, prev->ssl_server_name, 0); | |
2175 | |
2176 ngx_conf_merge_value(conf->ssl_verify, prev->ssl_verify, 0); | |
2177 | |
2178 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
2179 prev->ssl_verify_depth, 1); | |
2180 | |
2181 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
2182 prev->ssl_trusted_certificate, ""); | |
2183 | |
2184 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
2185 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2186 ngx_conf_merge_ptr_value(conf->ssl_certificate, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2187 prev->ssl_certificate, NULL); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2188 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2189 ngx_conf_merge_ptr_value(conf->ssl_certificate_key, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2190 prev->ssl_certificate_key, NULL); |
6115 | 2191 |
2192 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | |
2193 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2194 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2195 prev->ssl_conf_commands, NULL); |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2196 |
6115 | 2197 if (conf->ssl_enable && ngx_stream_proxy_set_ssl(cf, conf) != NGX_OK) { |
2198 return NGX_CONF_ERROR; | |
2199 } | |
2200 | |
2201 #endif | |
2202 | |
2203 return NGX_CONF_OK; | |
2204 } | |
2205 | |
2206 | |
2207 #if (NGX_STREAM_SSL) | |
2208 | |
2209 static ngx_int_t | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2210 ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *conf, |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2211 ngx_stream_proxy_srv_conf_t *prev) |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2212 { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2213 ngx_uint_t preserve; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2214 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2215 if (conf->ssl_protocols == 0 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2216 && conf->ssl_ciphers.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2217 && conf->ssl_certificate == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2218 && conf->ssl_certificate_key == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2219 && conf->ssl_passwords == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2220 && conf->ssl_verify == NGX_CONF_UNSET |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2221 && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2222 && conf->ssl_trusted_certificate.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2223 && conf->ssl_crl.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2224 && conf->ssl_session_reuse == NGX_CONF_UNSET |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2225 && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR) |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2226 { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2227 if (prev->ssl) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2228 conf->ssl = prev->ssl; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2229 return NGX_OK; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2230 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2231 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2232 preserve = 1; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2233 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2234 } else { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2235 preserve = 0; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2236 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2237 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2238 conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2239 if (conf->ssl == NULL) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2240 return NGX_ERROR; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2241 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2242 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2243 conf->ssl->log = cf->log; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2244 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2245 /* |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2246 * special handling to preserve conf->ssl |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2247 * in the "stream" section to inherit it to all servers |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2248 */ |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2249 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2250 if (preserve) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2251 prev->ssl = conf->ssl; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2252 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2253 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2254 return NGX_OK; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2255 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2256 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2257 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2258 static ngx_int_t |
6115 | 2259 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) |
2260 { | |
2261 ngx_pool_cleanup_t *cln; | |
2262 | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2263 if (pscf->ssl->ctx) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2264 return NGX_OK; |
6115 | 2265 } |
2266 | |
2267 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { | |
2268 return NGX_ERROR; | |
2269 } | |
2270 | |
2271 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
2272 if (cln == NULL) { | |
7473
8981dbb12254
SSL: fixed potential leak on memory allocation errors.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7441
diff
changeset
|
2273 ngx_ssl_cleanup_ctx(pscf->ssl); |
6115 | 2274 return NGX_ERROR; |
2275 } | |
2276 | |
2277 cln->handler = ngx_ssl_cleanup_ctx; | |
2278 cln->data = pscf->ssl; | |
2279 | |
7904
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2280 if (ngx_ssl_ciphers(cf, pscf->ssl, &pscf->ssl_ciphers, 0) != NGX_OK) { |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2281 return NGX_ERROR; |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2282 } |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2283 |
8042
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2284 if (pscf->ssl_certificate |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2285 && pscf->ssl_certificate->value.len) |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2286 { |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2287 if (pscf->ssl_certificate_key == NULL) { |
6115 | 2288 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
2289 "no \"proxy_ssl_certificate_key\" is defined " | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2290 "for certificate \"%V\"", |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2291 &pscf->ssl_certificate->value); |
6115 | 2292 return NGX_ERROR; |
2293 } | |
2294 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2295 if (pscf->ssl_certificate->lengths |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2296 || pscf->ssl_certificate_key->lengths) |
6115 | 2297 { |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2298 pscf->ssl_passwords = |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2299 ngx_ssl_preserve_passwords(cf, pscf->ssl_passwords); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2300 if (pscf->ssl_passwords == NULL) { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2301 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2302 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2303 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2304 } else { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2305 if (ngx_ssl_certificate(cf, pscf->ssl, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2306 &pscf->ssl_certificate->value, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2307 &pscf->ssl_certificate_key->value, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2308 pscf->ssl_passwords) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2309 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2310 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2311 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2312 } |
6115 | 2313 } |
2314 } | |
2315 | |
2316 if (pscf->ssl_verify) { | |
2317 if (pscf->ssl_trusted_certificate.len == 0) { | |
2318 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
2319 "no proxy_ssl_trusted_certificate for proxy_ssl_verify"); | |
2320 return NGX_ERROR; | |
2321 } | |
2322 | |
2323 if (ngx_ssl_trusted_certificate(cf, pscf->ssl, | |
2324 &pscf->ssl_trusted_certificate, | |
2325 pscf->ssl_verify_depth) | |
2326 != NGX_OK) | |
2327 { | |
2328 return NGX_ERROR; | |
2329 } | |
2330 | |
2331 if (ngx_ssl_crl(cf, pscf->ssl, &pscf->ssl_crl) != NGX_OK) { | |
2332 return NGX_ERROR; | |
2333 } | |
2334 } | |
2335 | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2336 if (ngx_ssl_client_session_cache(cf, pscf->ssl, pscf->ssl_session_reuse) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2337 != NGX_OK) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2338 { |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2339 return NGX_ERROR; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2340 } |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2341 |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2342 if (ngx_ssl_conf_commands(cf, pscf->ssl, pscf->ssl_conf_commands) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2343 != NGX_OK) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2344 { |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2345 return NGX_ERROR; |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2346 } |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2347 |
6115 | 2348 return NGX_OK; |
2349 } | |
2350 | |
2351 #endif | |
2352 | |
2353 | |
2354 static char * | |
2355 ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
2356 { | |
2357 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
2358 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2359 ngx_url_t u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2360 ngx_str_t *value, *url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2361 ngx_stream_complex_value_t cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2362 ngx_stream_core_srv_conf_t *cscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2363 ngx_stream_compile_complex_value_t ccv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2364 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2365 if (pscf->upstream || pscf->upstream_value) { |
6115 | 2366 return "is duplicate"; |
2367 } | |
2368 | |
2369 cscf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_core_module); | |
2370 | |
2371 cscf->handler = ngx_stream_proxy_handler; | |
2372 | |
2373 value = cf->args->elts; | |
2374 | |
2375 url = &value[1]; | |
2376 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2377 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2378 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2379 ccv.cf = cf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2380 ccv.value = url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2381 ccv.complex_value = &cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2382 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2383 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2384 return NGX_CONF_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2385 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2386 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2387 if (cv.lengths) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2388 pscf->upstream_value = ngx_palloc(cf->pool, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2389 sizeof(ngx_stream_complex_value_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2390 if (pscf->upstream_value == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2391 return NGX_CONF_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2392 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2393 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2394 *pscf->upstream_value = cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2395 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2396 return NGX_CONF_OK; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2397 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2398 |
6115 | 2399 ngx_memzero(&u, sizeof(ngx_url_t)); |
2400 | |
2401 u.url = *url; | |
2402 u.no_resolve = 1; | |
2403 | |
2404 pscf->upstream = ngx_stream_upstream_add(cf, &u, 0); | |
2405 if (pscf->upstream == NULL) { | |
2406 return NGX_CONF_ERROR; | |
2407 } | |
2408 | |
2409 return NGX_CONF_OK; | |
2410 } | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2411 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2412 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2413 static char * |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2414 ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2415 { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2416 ngx_stream_proxy_srv_conf_t *pscf = conf; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2417 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2418 ngx_int_t rc; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2419 ngx_str_t *value; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2420 ngx_stream_complex_value_t cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2421 ngx_stream_upstream_local_t *local; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2422 ngx_stream_compile_complex_value_t ccv; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2423 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2424 if (pscf->local != NGX_CONF_UNSET_PTR) { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2425 return "is duplicate"; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2426 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2427 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2428 value = cf->args->elts; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2429 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2430 if (cf->args->nelts == 2 && ngx_strcmp(value[1].data, "off") == 0) { |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2431 pscf->local = NULL; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2432 return NGX_CONF_OK; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2433 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2434 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2435 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2436 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2437 ccv.cf = cf; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2438 ccv.value = &value[1]; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2439 ccv.complex_value = &cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2440 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2441 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2442 return NGX_CONF_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2443 } |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2444 |
6598
4a724d6006ee
Stream: use ngx_pcalloc() in ngx_stream_proxy_bind().
Roman Arutyunyan <arut@nginx.com>
parents:
6595
diff
changeset
|
2445 local = ngx_pcalloc(cf->pool, sizeof(ngx_stream_upstream_local_t)); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2446 if (local == NULL) { |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2447 return NGX_CONF_ERROR; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2448 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2449 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2450 pscf->local = local; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2451 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2452 if (cv.lengths) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2453 local->value = ngx_palloc(cf->pool, sizeof(ngx_stream_complex_value_t)); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2454 if (local->value == NULL) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2455 return NGX_CONF_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2456 } |
6595
0c98c4092440
Stream: support for $remote_port in proxy_bind.
Roman Arutyunyan <arut@nginx.com>
parents:
6594
diff
changeset
|
2457 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2458 *local->value = cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2459 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2460 } else { |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2461 local->addr = ngx_palloc(cf->pool, sizeof(ngx_addr_t)); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2462 if (local->addr == NULL) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2463 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2464 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2465 |
6594
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2466 rc = ngx_parse_addr_port(cf->pool, local->addr, value[1].data, |
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2467 value[1].len); |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2468 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2469 switch (rc) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2470 case NGX_OK: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2471 local->addr->name = value[1]; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2472 break; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2473 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2474 case NGX_DECLINED: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2475 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2476 "invalid address \"%V\"", &value[1]); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2477 /* fall through */ |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2478 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2479 default: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2480 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2481 } |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2482 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2483 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2484 if (cf->args->nelts > 2) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2485 if (ngx_strcmp(value[2].data, "transparent") == 0) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2486 #if (NGX_HAVE_TRANSPARENT_PROXY) |
7174
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2487 ngx_core_conf_t *ccf; |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2488 |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2489 ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx, |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2490 ngx_core_module); |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2491 |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2492 ccf->transparent = 1; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2493 local->transparent = 1; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2494 #else |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2495 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2496 "transparent proxying is not supported " |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2497 "on this platform, ignored"); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2498 #endif |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2499 } else { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2500 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2501 "invalid parameter \"%V\"", &value[2]); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2502 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2503 } |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2504 } |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2505 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2506 return NGX_CONF_OK; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2507 } |