Mercurial > hg > nginx-quic
annotate src/stream/ngx_stream_proxy_module.c @ 6982:ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
CVE-2009-3555 is no longer relevant and mitigated by the renegotiation
info extension (secure renegotiation). On the other hand, unexpected
renegotiation still introduces potential security risks, and hence we do
not allow renegotiation on the server side, as we never request renegotiation.
On the client side the situation is different though. There are backends
which explicitly request renegotiation, and disabled renegotiation
introduces interoperability problems. This change allows renegotiation
on the client side, and fixes interoperability problems as observed with
such backends (ticket #872).
Additionally, with TLSv1.3 the SSL_CB_HANDSHAKE_START flag is currently set
by OpenSSL when receiving a NewSessionTicket message, and was detected by
nginx as a renegotiation attempt. This looks like a bug in OpenSSL, though
this change also allows better interoperability till the problem is fixed.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 18 Apr 2017 16:08:44 +0300 |
| parents | 08dc60979133 |
| children | ed1101bbf19f |
| rev | line source |
|---|---|
| 6115 | 1 |
| 2 /* | |
| 3 * Copyright (C) Roman Arutyunyan | |
| 4 * Copyright (C) Nginx, Inc. | |
| 5 */ | |
| 6 | |
| 7 | |
| 8 #include <ngx_config.h> | |
| 9 #include <ngx_core.h> | |
| 10 #include <ngx_stream.h> | |
| 11 | |
| 12 | |
| 13 typedef struct { | |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
14 ngx_addr_t *addr; |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
15 ngx_stream_complex_value_t *value; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
16 #if (NGX_HAVE_TRANSPARENT_PROXY) |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
17 ngx_uint_t transparent; /* unsigned transparent:1; */ |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
18 #endif |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
19 } ngx_stream_upstream_local_t; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
20 |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
21 |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
22 typedef struct { |
| 6115 | 23 ngx_msec_t connect_timeout; |
| 24 ngx_msec_t timeout; | |
| 25 ngx_msec_t next_upstream_timeout; | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
26 size_t buffer_size; |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
27 size_t upload_rate; |
|
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
28 size_t download_rate; |
| 6436 | 29 ngx_uint_t responses; |
| 6115 | 30 ngx_uint_t next_upstream_tries; |
| 31 ngx_flag_t next_upstream; | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
32 ngx_flag_t proxy_protocol; |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
33 ngx_stream_upstream_local_t *local; |
| 6115 | 34 |
| 35 #if (NGX_STREAM_SSL) | |
| 36 ngx_flag_t ssl_enable; | |
| 37 ngx_flag_t ssl_session_reuse; | |
| 38 ngx_uint_t ssl_protocols; | |
| 39 ngx_str_t ssl_ciphers; | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
40 ngx_stream_complex_value_t *ssl_name; |
| 6115 | 41 ngx_flag_t ssl_server_name; |
| 42 | |
| 43 ngx_flag_t ssl_verify; | |
| 44 ngx_uint_t ssl_verify_depth; | |
| 45 ngx_str_t ssl_trusted_certificate; | |
| 46 ngx_str_t ssl_crl; | |
| 47 ngx_str_t ssl_certificate; | |
| 48 ngx_str_t ssl_certificate_key; | |
| 49 ngx_array_t *ssl_passwords; | |
| 50 | |
| 51 ngx_ssl_t *ssl; | |
| 52 #endif | |
| 53 | |
| 54 ngx_stream_upstream_srv_conf_t *upstream; | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
55 ngx_stream_complex_value_t *upstream_value; |
| 6115 | 56 } ngx_stream_proxy_srv_conf_t; |
| 57 | |
| 58 | |
| 59 static void ngx_stream_proxy_handler(ngx_stream_session_t *s); | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
60 static ngx_int_t ngx_stream_proxy_eval(ngx_stream_session_t *s, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
61 ngx_stream_proxy_srv_conf_t *pscf); |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
62 static ngx_int_t ngx_stream_proxy_set_local(ngx_stream_session_t *s, |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
63 ngx_stream_upstream_t *u, ngx_stream_upstream_local_t *local); |
| 6115 | 64 static void ngx_stream_proxy_connect(ngx_stream_session_t *s); |
| 65 static void ngx_stream_proxy_init_upstream(ngx_stream_session_t *s); | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
66 static void ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx); |
| 6115 | 67 static void ngx_stream_proxy_upstream_handler(ngx_event_t *ev); |
| 68 static void ngx_stream_proxy_downstream_handler(ngx_event_t *ev); | |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
69 static void ngx_stream_proxy_process_connection(ngx_event_t *ev, |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
70 ngx_uint_t from_upstream); |
| 6115 | 71 static void ngx_stream_proxy_connect_handler(ngx_event_t *ev); |
| 72 static ngx_int_t ngx_stream_proxy_test_connect(ngx_connection_t *c); | |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
73 static void ngx_stream_proxy_process(ngx_stream_session_t *s, |
| 6115 | 74 ngx_uint_t from_upstream, ngx_uint_t do_write); |
| 75 static void ngx_stream_proxy_next_upstream(ngx_stream_session_t *s); | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
76 static void ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc); |
| 6115 | 77 static u_char *ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, |
| 78 size_t len); | |
| 79 | |
| 80 static void *ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf); | |
| 81 static char *ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, | |
| 82 void *child); | |
| 83 static char *ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 84 void *conf); | |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
85 static char *ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
86 void *conf); |
| 6115 | 87 |
| 88 #if (NGX_STREAM_SSL) | |
| 89 | |
| 6692 | 90 static ngx_int_t ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s); |
| 6115 | 91 static char *ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, |
| 92 ngx_command_t *cmd, void *conf); | |
| 93 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); | |
| 94 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); | |
| 95 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); | |
| 96 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, | |
| 97 ngx_stream_proxy_srv_conf_t *pscf); | |
| 98 | |
| 99 | |
| 100 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { | |
| 101 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
| 102 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
| 103 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
| 104 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
| 105 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
|
6981
08dc60979133
SSL: added support for TLSv1.3 in ssl_protocols directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6868
diff
changeset
|
106 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, |
| 6115 | 107 { ngx_null_string, 0 } |
| 108 }; | |
| 109 | |
| 110 #endif | |
| 111 | |
| 112 | |
|
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
113 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_downstream_buffer = { |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
114 ngx_conf_deprecated, "proxy_downstream_buffer", "proxy_buffer_size" |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
115 }; |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
116 |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
117 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_upstream_buffer = { |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
118 ngx_conf_deprecated, "proxy_upstream_buffer", "proxy_buffer_size" |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
119 }; |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
120 |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
121 |
| 6115 | 122 static ngx_command_t ngx_stream_proxy_commands[] = { |
| 123 | |
| 124 { ngx_string("proxy_pass"), | |
| 125 NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 126 ngx_stream_proxy_pass, | |
| 127 NGX_STREAM_SRV_CONF_OFFSET, | |
| 128 0, | |
| 129 NULL }, | |
| 130 | |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
131 { ngx_string("proxy_bind"), |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
132 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE12, |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
133 ngx_stream_proxy_bind, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
134 NGX_STREAM_SRV_CONF_OFFSET, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
135 0, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
136 NULL }, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
137 |
| 6115 | 138 { ngx_string("proxy_connect_timeout"), |
| 139 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 140 ngx_conf_set_msec_slot, | |
| 141 NGX_STREAM_SRV_CONF_OFFSET, | |
| 142 offsetof(ngx_stream_proxy_srv_conf_t, connect_timeout), | |
| 143 NULL }, | |
| 144 | |
| 145 { ngx_string("proxy_timeout"), | |
| 146 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 147 ngx_conf_set_msec_slot, | |
| 148 NGX_STREAM_SRV_CONF_OFFSET, | |
| 149 offsetof(ngx_stream_proxy_srv_conf_t, timeout), | |
| 150 NULL }, | |
| 151 | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
152 { ngx_string("proxy_buffer_size"), |
| 6115 | 153 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
| 154 ngx_conf_set_size_slot, | |
| 155 NGX_STREAM_SRV_CONF_OFFSET, | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
156 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
| 6115 | 157 NULL }, |
| 158 | |
|
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
159 { ngx_string("proxy_downstream_buffer"), |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
160 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
161 ngx_conf_set_size_slot, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
162 NGX_STREAM_SRV_CONF_OFFSET, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
163 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
164 &ngx_conf_deprecated_proxy_downstream_buffer }, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
165 |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
166 { ngx_string("proxy_upstream_buffer"), |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
167 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
168 ngx_conf_set_size_slot, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
169 NGX_STREAM_SRV_CONF_OFFSET, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
170 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
171 &ngx_conf_deprecated_proxy_upstream_buffer }, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
172 |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
173 { ngx_string("proxy_upload_rate"), |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
174 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
175 ngx_conf_set_size_slot, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
176 NGX_STREAM_SRV_CONF_OFFSET, |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
177 offsetof(ngx_stream_proxy_srv_conf_t, upload_rate), |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
178 NULL }, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
179 |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
180 { ngx_string("proxy_download_rate"), |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
181 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
182 ngx_conf_set_size_slot, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
183 NGX_STREAM_SRV_CONF_OFFSET, |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
184 offsetof(ngx_stream_proxy_srv_conf_t, download_rate), |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
185 NULL }, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
186 |
| 6436 | 187 { ngx_string("proxy_responses"), |
| 188 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 189 ngx_conf_set_num_slot, | |
| 190 NGX_STREAM_SRV_CONF_OFFSET, | |
| 191 offsetof(ngx_stream_proxy_srv_conf_t, responses), | |
| 192 NULL }, | |
| 193 | |
| 6115 | 194 { ngx_string("proxy_next_upstream"), |
| 195 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 196 ngx_conf_set_flag_slot, | |
| 197 NGX_STREAM_SRV_CONF_OFFSET, | |
| 198 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream), | |
| 199 NULL }, | |
| 200 | |
| 201 { ngx_string("proxy_next_upstream_tries"), | |
| 202 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 203 ngx_conf_set_num_slot, | |
| 204 NGX_STREAM_SRV_CONF_OFFSET, | |
| 205 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_tries), | |
| 206 NULL }, | |
| 207 | |
| 208 { ngx_string("proxy_next_upstream_timeout"), | |
| 209 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 210 ngx_conf_set_msec_slot, | |
| 211 NGX_STREAM_SRV_CONF_OFFSET, | |
| 212 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_timeout), | |
| 213 NULL }, | |
| 214 | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
215 { ngx_string("proxy_protocol"), |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
216 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
217 ngx_conf_set_flag_slot, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
218 NGX_STREAM_SRV_CONF_OFFSET, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
219 offsetof(ngx_stream_proxy_srv_conf_t, proxy_protocol), |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
220 NULL }, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
221 |
| 6115 | 222 #if (NGX_STREAM_SSL) |
| 223 | |
| 224 { ngx_string("proxy_ssl"), | |
| 225 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 226 ngx_conf_set_flag_slot, | |
| 227 NGX_STREAM_SRV_CONF_OFFSET, | |
| 228 offsetof(ngx_stream_proxy_srv_conf_t, ssl_enable), | |
| 229 NULL }, | |
| 230 | |
| 231 { ngx_string("proxy_ssl_session_reuse"), | |
| 232 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 233 ngx_conf_set_flag_slot, | |
| 234 NGX_STREAM_SRV_CONF_OFFSET, | |
| 235 offsetof(ngx_stream_proxy_srv_conf_t, ssl_session_reuse), | |
| 236 NULL }, | |
| 237 | |
| 238 { ngx_string("proxy_ssl_protocols"), | |
| 239 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_1MORE, | |
| 240 ngx_conf_set_bitmask_slot, | |
| 241 NGX_STREAM_SRV_CONF_OFFSET, | |
| 242 offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols), | |
| 243 &ngx_stream_proxy_ssl_protocols }, | |
| 244 | |
| 245 { ngx_string("proxy_ssl_ciphers"), | |
| 246 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 247 ngx_conf_set_str_slot, | |
| 248 NGX_STREAM_SRV_CONF_OFFSET, | |
| 249 offsetof(ngx_stream_proxy_srv_conf_t, ssl_ciphers), | |
| 250 NULL }, | |
| 251 | |
| 252 { ngx_string("proxy_ssl_name"), | |
| 253 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
254 ngx_stream_set_complex_value_slot, |
| 6115 | 255 NGX_STREAM_SRV_CONF_OFFSET, |
| 256 offsetof(ngx_stream_proxy_srv_conf_t, ssl_name), | |
| 257 NULL }, | |
| 258 | |
| 259 { ngx_string("proxy_ssl_server_name"), | |
| 260 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 261 ngx_conf_set_flag_slot, | |
| 262 NGX_STREAM_SRV_CONF_OFFSET, | |
| 263 offsetof(ngx_stream_proxy_srv_conf_t, ssl_server_name), | |
| 264 NULL }, | |
| 265 | |
| 266 { ngx_string("proxy_ssl_verify"), | |
| 267 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 268 ngx_conf_set_flag_slot, | |
| 269 NGX_STREAM_SRV_CONF_OFFSET, | |
| 270 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify), | |
| 271 NULL }, | |
| 272 | |
| 273 { ngx_string("proxy_ssl_verify_depth"), | |
| 274 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 275 ngx_conf_set_num_slot, | |
| 276 NGX_STREAM_SRV_CONF_OFFSET, | |
| 277 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify_depth), | |
| 278 NULL }, | |
| 279 | |
| 280 { ngx_string("proxy_ssl_trusted_certificate"), | |
| 281 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 282 ngx_conf_set_str_slot, | |
| 283 NGX_STREAM_SRV_CONF_OFFSET, | |
| 284 offsetof(ngx_stream_proxy_srv_conf_t, ssl_trusted_certificate), | |
| 285 NULL }, | |
| 286 | |
| 287 { ngx_string("proxy_ssl_crl"), | |
| 288 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 289 ngx_conf_set_str_slot, | |
| 290 NGX_STREAM_SRV_CONF_OFFSET, | |
| 291 offsetof(ngx_stream_proxy_srv_conf_t, ssl_crl), | |
| 292 NULL }, | |
| 293 | |
| 294 { ngx_string("proxy_ssl_certificate"), | |
| 295 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 296 ngx_conf_set_str_slot, | |
| 297 NGX_STREAM_SRV_CONF_OFFSET, | |
| 298 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate), | |
| 299 NULL }, | |
| 300 | |
| 301 { ngx_string("proxy_ssl_certificate_key"), | |
| 302 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 303 ngx_conf_set_str_slot, | |
| 304 NGX_STREAM_SRV_CONF_OFFSET, | |
| 305 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate_key), | |
| 306 NULL }, | |
| 307 | |
| 308 { ngx_string("proxy_ssl_password_file"), | |
| 309 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 310 ngx_stream_proxy_ssl_password_file, | |
| 311 NGX_STREAM_SRV_CONF_OFFSET, | |
| 312 0, | |
| 313 NULL }, | |
| 314 | |
| 315 #endif | |
| 316 | |
| 317 ngx_null_command | |
| 318 }; | |
| 319 | |
| 320 | |
| 321 static ngx_stream_module_t ngx_stream_proxy_module_ctx = { | |
|
6606
2f41d383c9c7
Stream: added preconfiguration step.
Vladimir Homutov <vl@nginx.com>
parents:
6599
diff
changeset
|
322 NULL, /* preconfiguration */ |
|
6174
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
323 NULL, /* postconfiguration */ |
|
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
324 |
| 6115 | 325 NULL, /* create main configuration */ |
| 326 NULL, /* init main configuration */ | |
| 327 | |
| 328 ngx_stream_proxy_create_srv_conf, /* create server configuration */ | |
| 329 ngx_stream_proxy_merge_srv_conf /* merge server configuration */ | |
| 330 }; | |
| 331 | |
| 332 | |
| 333 ngx_module_t ngx_stream_proxy_module = { | |
| 334 NGX_MODULE_V1, | |
| 335 &ngx_stream_proxy_module_ctx, /* module context */ | |
| 336 ngx_stream_proxy_commands, /* module directives */ | |
| 337 NGX_STREAM_MODULE, /* module type */ | |
| 338 NULL, /* init master */ | |
| 339 NULL, /* init module */ | |
| 340 NULL, /* init process */ | |
| 341 NULL, /* init thread */ | |
| 342 NULL, /* exit thread */ | |
| 343 NULL, /* exit process */ | |
| 344 NULL, /* exit master */ | |
| 345 NGX_MODULE_V1_PADDING | |
| 346 }; | |
| 347 | |
| 348 | |
| 349 static void | |
| 350 ngx_stream_proxy_handler(ngx_stream_session_t *s) | |
| 351 { | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
352 u_char *p; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
353 ngx_str_t *host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
354 ngx_uint_t i; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
355 ngx_connection_t *c; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
356 ngx_resolver_ctx_t *ctx, temp; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
357 ngx_stream_upstream_t *u; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
358 ngx_stream_core_srv_conf_t *cscf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
359 ngx_stream_proxy_srv_conf_t *pscf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
360 ngx_stream_upstream_srv_conf_t *uscf, **uscfp; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
361 ngx_stream_upstream_main_conf_t *umcf; |
| 6115 | 362 |
| 363 c = s->connection; | |
| 364 | |
| 365 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 366 | |
| 367 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
| 368 "proxy connection handler"); | |
| 369 | |
| 370 u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t)); | |
| 371 if (u == NULL) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
372 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 373 return; |
| 374 } | |
| 375 | |
| 376 s->upstream = u; | |
| 377 | |
| 378 s->log_handler = ngx_stream_proxy_log_error; | |
| 379 | |
| 380 u->peer.log = c->log; | |
| 381 u->peer.log_error = NGX_ERROR_ERR; | |
| 382 | |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
383 if (ngx_stream_proxy_set_local(s, u, pscf->local) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
384 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
385 return; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
386 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
387 |
| 6436 | 388 u->peer.type = c->type; |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
389 u->start_sec = ngx_time(); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
390 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
391 c->write->handler = ngx_stream_proxy_downstream_handler; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
392 c->read->handler = ngx_stream_proxy_downstream_handler; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
393 |
|
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
394 s->upstream_states = ngx_array_create(c->pool, 1, |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
395 sizeof(ngx_stream_upstream_state_t)); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
396 if (s->upstream_states == NULL) { |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
397 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
398 return; |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
399 } |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
400 |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
401 if (c->type == SOCK_STREAM) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
402 p = ngx_pnalloc(c->pool, pscf->buffer_size); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
403 if (p == NULL) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
404 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
405 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
406 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
407 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
408 u->downstream_buf.start = p; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
409 u->downstream_buf.end = p + pscf->buffer_size; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
410 u->downstream_buf.pos = p; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
411 u->downstream_buf.last = p; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
412 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
413 if (c->read->ready) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
414 ngx_post_event(c->read, &ngx_posted_events); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
415 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
416 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
417 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
418 if (pscf->upstream_value) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
419 if (ngx_stream_proxy_eval(s, pscf) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
420 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
421 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
422 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
423 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
424 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
425 if (u->resolved == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
426 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
427 uscf = pscf->upstream; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
428 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
429 } else { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
430 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
431 #if (NGX_STREAM_SSL) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
432 u->ssl_name = u->resolved->host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
433 #endif |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
434 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
435 host = &u->resolved->host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
436 |
|
6786
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
437 umcf = ngx_stream_get_module_main_conf(s, ngx_stream_upstream_module); |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
438 |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
439 uscfp = umcf->upstreams.elts; |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
440 |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
441 for (i = 0; i < umcf->upstreams.nelts; i++) { |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
442 |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
443 uscf = uscfp[i]; |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
444 |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
445 if (uscf->host.len == host->len |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
446 && ((uscf->port == 0 && u->resolved->no_port) |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
447 || uscf->port == u->resolved->port) |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
448 && ngx_strncasecmp(uscf->host.data, host->data, host->len) == 0) |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
449 { |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
450 goto found; |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
451 } |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
452 } |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
453 |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
454 if (u->resolved->sockaddr) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
455 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
456 if (u->resolved->port == 0 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
457 && u->resolved->sockaddr->sa_family != AF_UNIX) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
458 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
459 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
460 "no port in upstream \"%V\"", host); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
461 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
462 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
463 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
464 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
465 if (ngx_stream_upstream_create_round_robin_peer(s, u->resolved) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
466 != NGX_OK) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
467 { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
468 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
469 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
470 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
471 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
472 ngx_stream_proxy_connect(s); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
473 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
474 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
475 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
476 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
477 if (u->resolved->port == 0) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
478 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
479 "no port in upstream \"%V\"", host); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
480 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
481 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
482 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
483 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
484 temp.name = *host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
485 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
486 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
487 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
488 ctx = ngx_resolve_start(cscf->resolver, &temp); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
489 if (ctx == NULL) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
490 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
491 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
492 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
493 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
494 if (ctx == NGX_NO_RESOLVER) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
495 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
496 "no resolver defined to resolve %V", host); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
497 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
498 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
499 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
500 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
501 ctx->name = *host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
502 ctx->handler = ngx_stream_proxy_resolve_handler; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
503 ctx->data = s; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
504 ctx->timeout = cscf->resolver_timeout; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
505 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
506 u->resolved->ctx = ctx; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
507 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
508 if (ngx_resolve_name(ctx) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
509 u->resolved->ctx = NULL; |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
510 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
511 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
512 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
513 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
514 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
515 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
516 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
517 found: |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
518 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
519 if (uscf == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
520 ngx_log_error(NGX_LOG_ALERT, c->log, 0, "no upstream configuration"); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
521 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
522 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
523 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
524 |
|
6703
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
525 u->upstream = uscf; |
|
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
526 |
|
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
527 #if (NGX_STREAM_SSL) |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
528 u->ssl_name = uscf->host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
529 #endif |
| 6115 | 530 |
| 531 if (uscf->peer.init(s, uscf) != NGX_OK) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
532 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 533 return; |
| 534 } | |
| 535 | |
| 536 u->peer.start_time = ngx_current_msec; | |
| 537 | |
| 538 if (pscf->next_upstream_tries | |
| 539 && u->peer.tries > pscf->next_upstream_tries) | |
| 540 { | |
| 541 u->peer.tries = pscf->next_upstream_tries; | |
| 542 } | |
| 543 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
544 ngx_stream_proxy_connect(s); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
545 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
546 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
547 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
548 static ngx_int_t |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
549 ngx_stream_proxy_eval(ngx_stream_session_t *s, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
550 ngx_stream_proxy_srv_conf_t *pscf) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
551 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
552 ngx_str_t host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
553 ngx_url_t url; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
554 ngx_stream_upstream_t *u; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
555 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
556 if (ngx_stream_complex_value(s, pscf->upstream_value, &host) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
557 return NGX_ERROR; |
| 6115 | 558 } |
| 559 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
560 ngx_memzero(&url, sizeof(ngx_url_t)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
561 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
562 url.url = host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
563 url.no_resolve = 1; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
564 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
565 if (ngx_parse_url(s->connection->pool, &url) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
566 if (url.err) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
567 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
568 "%s in upstream \"%V\"", url.err, &url.url); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
569 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
570 |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
571 return NGX_ERROR; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
572 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
573 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
574 u = s->upstream; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
575 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
576 u->resolved = ngx_pcalloc(s->connection->pool, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
577 sizeof(ngx_stream_upstream_resolved_t)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
578 if (u->resolved == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
579 return NGX_ERROR; |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
580 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
581 |
|
6784
1af120241cde
Upstream: removed unnecessary condition in proxy_eval() and friends.
Ruslan Ermilov <ru@nginx.com>
parents:
6777
diff
changeset
|
582 if (url.addrs) { |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
583 u->resolved->sockaddr = url.addrs[0].sockaddr; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
584 u->resolved->socklen = url.addrs[0].socklen; |
|
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
585 u->resolved->name = url.addrs[0].name; |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
586 u->resolved->naddrs = 1; |
| 6115 | 587 } |
| 588 | |
|
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
589 u->resolved->host = url.host; |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
590 u->resolved->port = url.port; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
591 u->resolved->no_port = url.no_port; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
592 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
593 return NGX_OK; |
| 6115 | 594 } |
| 595 | |
| 596 | |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
597 static ngx_int_t |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
598 ngx_stream_proxy_set_local(ngx_stream_session_t *s, ngx_stream_upstream_t *u, |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
599 ngx_stream_upstream_local_t *local) |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
600 { |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
601 ngx_int_t rc; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
602 ngx_str_t val; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
603 ngx_addr_t *addr; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
604 |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
605 if (local == NULL) { |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
606 u->peer.local = NULL; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
607 return NGX_OK; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
608 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
609 |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
610 #if (NGX_HAVE_TRANSPARENT_PROXY) |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
611 u->peer.transparent = local->transparent; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
612 #endif |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
613 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
614 if (local->value == NULL) { |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
615 u->peer.local = local->addr; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
616 return NGX_OK; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
617 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
618 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
619 if (ngx_stream_complex_value(s, local->value, &val) != NGX_OK) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
620 return NGX_ERROR; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
621 } |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
622 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
623 if (val.len == 0) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
624 return NGX_OK; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
625 } |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
626 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
627 addr = ngx_palloc(s->connection->pool, sizeof(ngx_addr_t)); |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
628 if (addr == NULL) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
629 return NGX_ERROR; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
630 } |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
631 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
632 rc = ngx_parse_addr_port(s->connection->pool, addr, val.data, val.len); |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
633 if (rc == NGX_ERROR) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
634 return NGX_ERROR; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
635 } |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
636 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
637 if (rc != NGX_OK) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
638 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
639 "invalid local address \"%V\"", &val); |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
640 return NGX_OK; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
641 } |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
642 |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
643 addr->name = val; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
644 u->peer.local = addr; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
645 |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
646 return NGX_OK; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
647 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
648 |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
649 |
| 6115 | 650 static void |
| 651 ngx_stream_proxy_connect(ngx_stream_session_t *s) | |
| 652 { | |
| 653 ngx_int_t rc; | |
| 654 ngx_connection_t *c, *pc; | |
| 655 ngx_stream_upstream_t *u; | |
| 656 ngx_stream_proxy_srv_conf_t *pscf; | |
| 657 | |
| 658 c = s->connection; | |
| 659 | |
| 660 c->log->action = "connecting to upstream"; | |
| 661 | |
| 6692 | 662 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
| 663 | |
| 6115 | 664 u = s->upstream; |
| 665 | |
| 6692 | 666 u->connected = 0; |
| 667 u->proxy_protocol = pscf->proxy_protocol; | |
| 668 | |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
669 if (u->state) { |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
670 u->state->response_time = ngx_current_msec - u->state->response_time; |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
671 } |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
672 |
|
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
673 u->state = ngx_array_push(s->upstream_states); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
674 if (u->state == NULL) { |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
675 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
676 return; |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
677 } |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
678 |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
679 ngx_memzero(u->state, sizeof(ngx_stream_upstream_state_t)); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
680 |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
681 u->state->connect_time = (ngx_msec_t) -1; |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
682 u->state->first_byte_time = (ngx_msec_t) -1; |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
683 u->state->response_time = ngx_current_msec; |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
684 |
| 6115 | 685 rc = ngx_event_connect_peer(&u->peer); |
| 686 | |
| 687 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, "proxy connect: %i", rc); | |
| 688 | |
| 689 if (rc == NGX_ERROR) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
690 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 691 return; |
| 692 } | |
| 693 | |
|
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
694 u->state->peer = u->peer.name; |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
695 |
| 6115 | 696 if (rc == NGX_BUSY) { |
| 697 ngx_log_error(NGX_LOG_ERR, c->log, 0, "no live upstreams"); | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
698 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
| 6115 | 699 return; |
| 700 } | |
| 701 | |
| 702 if (rc == NGX_DECLINED) { | |
| 703 ngx_stream_proxy_next_upstream(s); | |
| 704 return; | |
| 705 } | |
| 706 | |
| 707 /* rc == NGX_OK || rc == NGX_AGAIN || rc == NGX_DONE */ | |
| 708 | |
| 709 pc = u->peer.connection; | |
| 710 | |
| 711 pc->data = s; | |
| 712 pc->log = c->log; | |
| 713 pc->pool = c->pool; | |
| 714 pc->read->log = c->log; | |
| 715 pc->write->log = c->log; | |
| 716 | |
| 717 if (rc != NGX_AGAIN) { | |
| 718 ngx_stream_proxy_init_upstream(s); | |
| 719 return; | |
| 720 } | |
| 721 | |
| 722 pc->read->handler = ngx_stream_proxy_connect_handler; | |
| 723 pc->write->handler = ngx_stream_proxy_connect_handler; | |
| 724 | |
| 725 ngx_add_timer(pc->write, pscf->connect_timeout); | |
| 726 } | |
| 727 | |
| 728 | |
| 729 static void | |
| 730 ngx_stream_proxy_init_upstream(ngx_stream_session_t *s) | |
| 731 { | |
| 6222 | 732 int tcp_nodelay; |
| 6115 | 733 u_char *p; |
| 6692 | 734 ngx_chain_t *cl; |
| 6115 | 735 ngx_connection_t *c, *pc; |
| 736 ngx_log_handler_pt handler; | |
| 737 ngx_stream_upstream_t *u; | |
|
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
738 ngx_stream_core_srv_conf_t *cscf; |
| 6115 | 739 ngx_stream_proxy_srv_conf_t *pscf; |
| 740 | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
741 u = s->upstream; |
|
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
742 pc = u->peer.connection; |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
743 |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
744 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
745 |
| 6436 | 746 if (pc->type == SOCK_STREAM |
| 747 && cscf->tcp_nodelay | |
| 748 && pc->tcp_nodelay == NGX_TCP_NODELAY_UNSET) | |
| 749 { | |
|
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
750 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, pc->log, 0, "tcp_nodelay"); |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
751 |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
752 tcp_nodelay = 1; |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
753 |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
754 if (setsockopt(pc->fd, IPPROTO_TCP, TCP_NODELAY, |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
755 (const void *) &tcp_nodelay, sizeof(int)) == -1) |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
756 { |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
757 ngx_connection_error(pc, ngx_socket_errno, |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
758 "setsockopt(TCP_NODELAY) failed"); |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
759 ngx_stream_proxy_next_upstream(s); |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
760 return; |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
761 } |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
762 |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
763 pc->tcp_nodelay = NGX_TCP_NODELAY_SET; |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
764 } |
| 6115 | 765 |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
766 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
| 6115 | 767 |
| 768 #if (NGX_STREAM_SSL) | |
| 6692 | 769 |
| 770 if (pc->type == SOCK_STREAM && pscf->ssl) { | |
| 771 | |
| 772 if (u->proxy_protocol) { | |
| 773 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { | |
| 774 return; | |
| 775 } | |
| 776 | |
| 777 u->proxy_protocol = 0; | |
| 778 } | |
| 779 | |
| 780 if (pc->ssl == NULL) { | |
| 781 ngx_stream_proxy_ssl_init_connection(s); | |
| 782 return; | |
| 783 } | |
| 6115 | 784 } |
| 6692 | 785 |
| 6115 | 786 #endif |
| 787 | |
| 788 c = s->connection; | |
| 789 | |
| 790 if (c->log->log_level >= NGX_LOG_INFO) { | |
|
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
791 ngx_str_t str; |
| 6115 | 792 u_char addr[NGX_SOCKADDR_STRLEN]; |
| 793 | |
|
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
794 str.len = NGX_SOCKADDR_STRLEN; |
|
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
795 str.data = addr; |
| 6115 | 796 |
|
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
797 if (ngx_connection_local_sockaddr(pc, &str, 1) == NGX_OK) { |
| 6115 | 798 handler = c->log->handler; |
| 799 c->log->handler = NULL; | |
| 800 | |
|
6461
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
801 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
802 "%sproxy %V connected to %V", |
|
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
803 pc->type == SOCK_DGRAM ? "udp " : "", |
|
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
804 &str, u->peer.name); |
| 6115 | 805 |
| 806 c->log->handler = handler; | |
| 807 } | |
| 808 } | |
| 809 | |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
810 u->state->connect_time = ngx_current_msec - u->state->response_time; |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
811 |
|
6863
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
812 if (u->peer.notify) { |
|
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
813 u->peer.notify(&u->peer, u->peer.data, |
|
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
814 NGX_STREAM_UPSTREAM_NOTIFY_CONNECT); |
|
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
815 } |
|
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
816 |
| 6115 | 817 c->log->action = "proxying connection"; |
| 818 | |
| 6436 | 819 if (u->upstream_buf.start == NULL) { |
| 820 p = ngx_pnalloc(c->pool, pscf->buffer_size); | |
| 821 if (p == NULL) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
822 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6436 | 823 return; |
| 824 } | |
| 825 | |
| 826 u->upstream_buf.start = p; | |
| 827 u->upstream_buf.end = p + pscf->buffer_size; | |
| 828 u->upstream_buf.pos = p; | |
| 829 u->upstream_buf.last = p; | |
| 6115 | 830 } |
| 831 | |
| 6692 | 832 if (c->buffer && c->buffer->pos < c->buffer->last) { |
| 833 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
| 834 "stream proxy add preread buffer: %uz", | |
| 835 c->buffer->last - c->buffer->pos); | |
| 836 | |
| 837 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
| 838 if (cl == NULL) { | |
| 839 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 840 return; | |
| 841 } | |
| 842 | |
| 843 *cl->buf = *c->buffer; | |
| 844 | |
| 845 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
| 846 cl->buf->flush = 1; | |
| 847 cl->buf->last_buf = (c->type == SOCK_DGRAM); | |
| 848 | |
| 849 cl->next = u->upstream_out; | |
| 850 u->upstream_out = cl; | |
| 851 } | |
| 852 | |
| 853 if (u->proxy_protocol) { | |
| 854 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
| 855 "stream proxy add PROXY protocol header"); | |
| 856 | |
| 857 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
| 858 if (cl == NULL) { | |
| 859 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 860 return; | |
| 6436 | 861 } |
| 6692 | 862 |
| 863 p = ngx_pnalloc(c->pool, NGX_PROXY_PROTOCOL_MAX_HEADER); | |
| 864 if (p == NULL) { | |
| 865 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 866 return; | |
| 867 } | |
| 868 | |
| 869 cl->buf->pos = p; | |
| 870 | |
| 871 p = ngx_proxy_protocol_write(c, p, p + NGX_PROXY_PROTOCOL_MAX_HEADER); | |
| 872 if (p == NULL) { | |
| 873 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 874 return; | |
| 875 } | |
| 876 | |
| 877 cl->buf->last = p; | |
| 878 cl->buf->temporary = 1; | |
| 879 cl->buf->flush = 0; | |
| 880 cl->buf->last_buf = 0; | |
| 881 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
| 882 | |
| 883 cl->next = u->upstream_out; | |
| 884 u->upstream_out = cl; | |
| 885 | |
| 886 u->proxy_protocol = 0; | |
| 887 } | |
| 888 | |
| 889 if (c->type == SOCK_DGRAM && pscf->responses == 0) { | |
| 890 pc->read->ready = 0; | |
| 891 pc->read->eof = 1; | |
| 6436 | 892 } |
| 6115 | 893 |
|
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
894 u->connected = 1; |
|
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
895 |
| 6115 | 896 pc->read->handler = ngx_stream_proxy_upstream_handler; |
| 897 pc->write->handler = ngx_stream_proxy_upstream_handler; | |
| 898 | |
| 6436 | 899 if (pc->read->ready || pc->read->eof) { |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
900 ngx_post_event(pc->read, &ngx_posted_events); |
| 6115 | 901 } |
| 902 | |
| 903 ngx_stream_proxy_process(s, 0, 1); | |
| 904 } | |
| 905 | |
| 906 | |
| 6692 | 907 #if (NGX_STREAM_SSL) |
| 908 | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
909 static ngx_int_t |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
910 ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s) |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
911 { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
912 u_char *p; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
913 ssize_t n, size; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
914 ngx_connection_t *c, *pc; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
915 ngx_stream_upstream_t *u; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
916 ngx_stream_proxy_srv_conf_t *pscf; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
917 u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER]; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
918 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
919 c = s->connection; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
920 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
921 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
922 "stream proxy send PROXY protocol header"); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
923 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
924 p = ngx_proxy_protocol_write(c, buf, buf + NGX_PROXY_PROTOCOL_MAX_HEADER); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
925 if (p == NULL) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
926 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
927 return NGX_ERROR; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
928 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
929 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
930 u = s->upstream; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
931 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
932 pc = u->peer.connection; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
933 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
934 size = p - buf; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
935 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
936 n = pc->send(pc, buf, size); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
937 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
938 if (n == NGX_AGAIN) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
939 if (ngx_handle_write_event(pc->write, 0) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
940 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
941 return NGX_ERROR; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
942 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
943 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
944 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
945 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
946 ngx_add_timer(pc->write, pscf->timeout); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
947 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
948 pc->write->handler = ngx_stream_proxy_connect_handler; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
949 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
950 return NGX_AGAIN; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
951 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
952 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
953 if (n == NGX_ERROR) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
954 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
955 return NGX_ERROR; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
956 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
957 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
958 if (n != size) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
959 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
960 /* |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
961 * PROXY protocol specification: |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
962 * The sender must always ensure that the header |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
963 * is sent at once, so that the transport layer |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
964 * maintains atomicity along the path to the receiver. |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
965 */ |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
966 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
967 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
968 "could not send PROXY protocol header at once"); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
969 |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
970 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
971 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
972 return NGX_ERROR; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
973 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
974 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
975 return NGX_OK; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
976 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
977 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
978 |
| 6115 | 979 static char * |
| 980 ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 981 void *conf) | |
| 982 { | |
| 983 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
| 984 | |
| 985 ngx_str_t *value; | |
| 986 | |
| 987 if (pscf->ssl_passwords != NGX_CONF_UNSET_PTR) { | |
| 988 return "is duplicate"; | |
| 989 } | |
| 990 | |
| 991 value = cf->args->elts; | |
| 992 | |
| 993 pscf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
| 994 | |
| 995 if (pscf->ssl_passwords == NULL) { | |
| 996 return NGX_CONF_ERROR; | |
| 997 } | |
| 998 | |
| 999 return NGX_CONF_OK; | |
| 1000 } | |
| 1001 | |
| 1002 | |
| 1003 static void | |
| 1004 ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) | |
| 1005 { | |
| 1006 ngx_int_t rc; | |
| 1007 ngx_connection_t *pc; | |
| 1008 ngx_stream_upstream_t *u; | |
| 1009 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1010 | |
| 1011 u = s->upstream; | |
| 1012 | |
| 1013 pc = u->peer.connection; | |
| 1014 | |
| 1015 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1016 | |
| 1017 if (ngx_ssl_create_connection(pscf->ssl, pc, NGX_SSL_BUFFER|NGX_SSL_CLIENT) | |
| 1018 != NGX_OK) | |
| 1019 { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1020 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 1021 return; |
| 1022 } | |
| 1023 | |
| 1024 if (pscf->ssl_server_name || pscf->ssl_verify) { | |
| 1025 if (ngx_stream_proxy_ssl_name(s) != NGX_OK) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1026 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 1027 return; |
| 1028 } | |
| 1029 } | |
| 1030 | |
| 1031 if (pscf->ssl_session_reuse) { | |
| 1032 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1033 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 1034 return; |
| 1035 } | |
| 1036 } | |
| 1037 | |
| 1038 s->connection->log->action = "SSL handshaking to upstream"; | |
| 1039 | |
| 1040 rc = ngx_ssl_handshake(pc); | |
| 1041 | |
| 1042 if (rc == NGX_AGAIN) { | |
| 1043 | |
| 1044 if (!pc->write->timer_set) { | |
| 1045 ngx_add_timer(pc->write, pscf->connect_timeout); | |
| 1046 } | |
| 1047 | |
| 1048 pc->ssl->handler = ngx_stream_proxy_ssl_handshake; | |
| 1049 return; | |
| 1050 } | |
| 1051 | |
| 1052 ngx_stream_proxy_ssl_handshake(pc); | |
| 1053 } | |
| 1054 | |
| 1055 | |
| 1056 static void | |
| 1057 ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc) | |
| 1058 { | |
| 1059 long rc; | |
| 1060 ngx_stream_session_t *s; | |
| 1061 ngx_stream_upstream_t *u; | |
| 1062 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1063 | |
| 1064 s = pc->data; | |
| 1065 | |
| 1066 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1067 | |
| 1068 if (pc->ssl->handshaked) { | |
| 1069 | |
| 1070 if (pscf->ssl_verify) { | |
| 1071 rc = SSL_get_verify_result(pc->ssl->connection); | |
| 1072 | |
| 1073 if (rc != X509_V_OK) { | |
| 1074 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
| 1075 "upstream SSL certificate verify error: (%l:%s)", | |
| 1076 rc, X509_verify_cert_error_string(rc)); | |
| 1077 goto failed; | |
| 1078 } | |
| 1079 | |
| 1080 u = s->upstream; | |
| 1081 | |
| 1082 if (ngx_ssl_check_host(pc, &u->ssl_name) != NGX_OK) { | |
| 1083 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
| 1084 "upstream SSL certificate does not match \"%V\"", | |
| 1085 &u->ssl_name); | |
| 1086 goto failed; | |
| 1087 } | |
| 1088 } | |
| 1089 | |
| 1090 if (pscf->ssl_session_reuse) { | |
| 1091 u = s->upstream; | |
| 1092 u->peer.save_session(&u->peer, u->peer.data); | |
| 1093 } | |
| 1094 | |
|
6258
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1095 if (pc->write->timer_set) { |
|
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1096 ngx_del_timer(pc->write); |
|
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1097 } |
|
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1098 |
| 6115 | 1099 ngx_stream_proxy_init_upstream(s); |
| 1100 | |
| 1101 return; | |
| 1102 } | |
| 1103 | |
| 1104 failed: | |
| 1105 | |
| 1106 ngx_stream_proxy_next_upstream(s); | |
| 1107 } | |
| 1108 | |
| 1109 | |
| 1110 static ngx_int_t | |
| 1111 ngx_stream_proxy_ssl_name(ngx_stream_session_t *s) | |
| 1112 { | |
| 1113 u_char *p, *last; | |
| 1114 ngx_str_t name; | |
| 1115 ngx_stream_upstream_t *u; | |
| 1116 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1117 | |
| 1118 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1119 | |
| 1120 u = s->upstream; | |
| 1121 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1122 if (pscf->ssl_name) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1123 if (ngx_stream_complex_value(s, pscf->ssl_name, &name) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1124 return NGX_ERROR; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1125 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1126 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1127 } else { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1128 name = u->ssl_name; |
| 6115 | 1129 } |
| 1130 | |
| 1131 if (name.len == 0) { | |
| 1132 goto done; | |
| 1133 } | |
| 1134 | |
| 1135 /* | |
| 1136 * ssl name here may contain port, strip it for compatibility | |
| 1137 * with the http module | |
| 1138 */ | |
| 1139 | |
| 1140 p = name.data; | |
| 1141 last = name.data + name.len; | |
| 1142 | |
| 1143 if (*p == '[') { | |
| 1144 p = ngx_strlchr(p, last, ']'); | |
| 1145 | |
| 1146 if (p == NULL) { | |
| 1147 p = name.data; | |
| 1148 } | |
| 1149 } | |
| 1150 | |
| 1151 p = ngx_strlchr(p, last, ':'); | |
| 1152 | |
| 1153 if (p != NULL) { | |
| 1154 name.len = p - name.data; | |
| 1155 } | |
| 1156 | |
| 1157 if (!pscf->ssl_server_name) { | |
| 1158 goto done; | |
| 1159 } | |
| 1160 | |
| 1161 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | |
| 1162 | |
| 1163 /* as per RFC 6066, literal IPv4 and IPv6 addresses are not permitted */ | |
| 1164 | |
| 1165 if (name.len == 0 || *name.data == '[') { | |
| 1166 goto done; | |
| 1167 } | |
| 1168 | |
| 1169 if (ngx_inet_addr(name.data, name.len) != INADDR_NONE) { | |
| 1170 goto done; | |
| 1171 } | |
| 1172 | |
| 1173 /* | |
| 1174 * SSL_set_tlsext_host_name() needs a null-terminated string, | |
| 1175 * hence we explicitly null-terminate name here | |
| 1176 */ | |
| 1177 | |
| 1178 p = ngx_pnalloc(s->connection->pool, name.len + 1); | |
| 1179 if (p == NULL) { | |
| 1180 return NGX_ERROR; | |
| 1181 } | |
| 1182 | |
| 1183 (void) ngx_cpystrn(p, name.data, name.len + 1); | |
| 1184 | |
| 1185 name.data = p; | |
| 1186 | |
| 1187 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1188 "upstream SSL server name: \"%s\"", name.data); | |
| 1189 | |
|
6777
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1190 if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, |
|
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1191 (char *) name.data) |
| 6115 | 1192 == 0) |
| 1193 { | |
| 1194 ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0, | |
| 1195 "SSL_set_tlsext_host_name(\"%s\") failed", name.data); | |
| 1196 return NGX_ERROR; | |
| 1197 } | |
| 1198 | |
| 1199 #endif | |
| 1200 | |
| 1201 done: | |
| 1202 | |
| 1203 u->ssl_name = name; | |
| 1204 | |
| 1205 return NGX_OK; | |
| 1206 } | |
| 1207 | |
| 1208 #endif | |
| 1209 | |
| 1210 | |
| 1211 static void | |
| 1212 ngx_stream_proxy_downstream_handler(ngx_event_t *ev) | |
| 1213 { | |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1214 ngx_stream_proxy_process_connection(ev, ev->write); |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1215 } |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1216 |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1217 |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1218 static void |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1219 ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1220 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1221 ngx_stream_session_t *s; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1222 ngx_stream_upstream_t *u; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1223 ngx_stream_proxy_srv_conf_t *pscf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1224 ngx_stream_upstream_resolved_t *ur; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1225 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1226 s = ctx->data; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1227 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1228 u = s->upstream; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1229 ur = u->resolved; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1230 |
|
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
1231 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1232 "stream upstream resolve"); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1233 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1234 if (ctx->state) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1235 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1236 "%V could not be resolved (%i: %s)", |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1237 &ctx->name, ctx->state, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1238 ngx_resolver_strerror(ctx->state)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1239 |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1240 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1241 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1242 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1243 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1244 ur->naddrs = ctx->naddrs; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1245 ur->addrs = ctx->addrs; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1246 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1247 #if (NGX_DEBUG) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1248 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1249 u_char text[NGX_SOCKADDR_STRLEN]; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1250 ngx_str_t addr; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1251 ngx_uint_t i; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1252 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1253 addr.data = text; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1254 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1255 for (i = 0; i < ctx->naddrs; i++) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1256 addr.len = ngx_sock_ntop(ur->addrs[i].sockaddr, ur->addrs[i].socklen, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1257 text, NGX_SOCKADDR_STRLEN, 0); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1258 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1259 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1260 "name was resolved to %V", &addr); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1261 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1262 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1263 #endif |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1264 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1265 if (ngx_stream_upstream_create_round_robin_peer(s, ur) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1266 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1267 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1268 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1269 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1270 ngx_resolve_name_done(ctx); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1271 ur->ctx = NULL; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1272 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1273 u->peer.start_time = ngx_current_msec; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1274 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1275 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1276 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1277 if (pscf->next_upstream_tries |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1278 && u->peer.tries > pscf->next_upstream_tries) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1279 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1280 u->peer.tries = pscf->next_upstream_tries; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1281 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1282 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1283 ngx_stream_proxy_connect(s); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1284 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1285 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1286 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1287 static void |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1288 ngx_stream_proxy_upstream_handler(ngx_event_t *ev) |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1289 { |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1290 ngx_stream_proxy_process_connection(ev, !ev->write); |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1291 } |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1292 |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1293 |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1294 static void |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1295 ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream) |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1296 { |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1297 ngx_connection_t *c, *pc; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1298 ngx_stream_session_t *s; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1299 ngx_stream_upstream_t *u; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1300 ngx_stream_proxy_srv_conf_t *pscf; |
| 6115 | 1301 |
| 1302 c = ev->data; | |
| 1303 s = c->data; | |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1304 u = s->upstream; |
| 6115 | 1305 |
| 6436 | 1306 c = s->connection; |
| 1307 pc = u->peer.connection; | |
| 1308 | |
| 1309 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1310 | |
| 6115 | 1311 if (ev->timedout) { |
| 6436 | 1312 ev->timedout = 0; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1313 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1314 if (ev->delayed) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1315 ev->delayed = 0; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1316 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1317 if (!ev->ready) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1318 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1319 ngx_stream_proxy_finalize(s, |
|
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1320 NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1321 return; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1322 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1323 |
| 6436 | 1324 if (u->connected && !c->read->delayed && !pc->read->delayed) { |
| 1325 ngx_add_timer(c->write, pscf->timeout); | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1326 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1327 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1328 return; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1329 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1330 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1331 } else { |
| 6436 | 1332 if (s->connection->type == SOCK_DGRAM) { |
| 1333 if (pscf->responses == NGX_MAX_INT32_VALUE) { | |
| 1334 | |
| 1335 /* | |
| 1336 * successfully terminate timed out UDP session | |
| 1337 * with unspecified number of responses | |
| 1338 */ | |
| 1339 | |
| 1340 pc->read->ready = 0; | |
| 1341 pc->read->eof = 1; | |
| 1342 | |
| 1343 ngx_stream_proxy_process(s, 1, 0); | |
| 1344 return; | |
| 1345 } | |
| 1346 | |
| 1347 if (u->received == 0) { | |
| 1348 ngx_stream_proxy_next_upstream(s); | |
| 1349 return; | |
| 1350 } | |
| 1351 } | |
| 1352 | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1353 ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out"); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1354 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1355 return; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1356 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1357 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1358 } else if (ev->delayed) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1359 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1360 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1361 "stream connection delayed"); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1362 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1363 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1364 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1365 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1366 |
| 6115 | 1367 return; |
| 1368 } | |
| 1369 | |
|
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1370 if (from_upstream && !u->connected) { |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1371 return; |
| 6115 | 1372 } |
| 1373 | |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1374 ngx_stream_proxy_process(s, from_upstream, ev->write); |
| 6115 | 1375 } |
| 1376 | |
| 1377 | |
| 1378 static void | |
| 1379 ngx_stream_proxy_connect_handler(ngx_event_t *ev) | |
| 1380 { | |
| 1381 ngx_connection_t *c; | |
| 1382 ngx_stream_session_t *s; | |
| 1383 | |
| 1384 c = ev->data; | |
| 1385 s = c->data; | |
| 1386 | |
| 1387 if (ev->timedout) { | |
| 1388 ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out"); | |
| 1389 ngx_stream_proxy_next_upstream(s); | |
| 1390 return; | |
| 1391 } | |
| 1392 | |
| 1393 ngx_del_timer(c->write); | |
| 1394 | |
| 1395 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
| 1396 "stream proxy connect upstream"); | |
| 1397 | |
| 1398 if (ngx_stream_proxy_test_connect(c) != NGX_OK) { | |
| 1399 ngx_stream_proxy_next_upstream(s); | |
| 1400 return; | |
| 1401 } | |
| 1402 | |
| 1403 ngx_stream_proxy_init_upstream(s); | |
| 1404 } | |
| 1405 | |
| 1406 | |
| 1407 static ngx_int_t | |
| 1408 ngx_stream_proxy_test_connect(ngx_connection_t *c) | |
| 1409 { | |
| 1410 int err; | |
| 1411 socklen_t len; | |
| 1412 | |
| 1413 #if (NGX_HAVE_KQUEUE) | |
| 1414 | |
| 1415 if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { | |
| 1416 err = c->write->kq_errno ? c->write->kq_errno : c->read->kq_errno; | |
| 1417 | |
| 1418 if (err) { | |
| 1419 (void) ngx_connection_error(c, err, | |
| 1420 "kevent() reported that connect() failed"); | |
| 1421 return NGX_ERROR; | |
| 1422 } | |
| 1423 | |
| 1424 } else | |
| 1425 #endif | |
| 1426 { | |
| 1427 err = 0; | |
| 1428 len = sizeof(int); | |
| 1429 | |
| 1430 /* | |
| 1431 * BSDs and Linux return 0 and set a pending error in err | |
| 1432 * Solaris returns -1 and sets errno | |
| 1433 */ | |
| 1434 | |
| 1435 if (getsockopt(c->fd, SOL_SOCKET, SO_ERROR, (void *) &err, &len) | |
| 1436 == -1) | |
| 1437 { | |
| 1438 err = ngx_socket_errno; | |
| 1439 } | |
| 1440 | |
| 1441 if (err) { | |
| 1442 (void) ngx_connection_error(c, err, "connect() failed"); | |
| 1443 return NGX_ERROR; | |
| 1444 } | |
| 1445 } | |
| 1446 | |
| 1447 return NGX_OK; | |
| 1448 } | |
| 1449 | |
| 1450 | |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1451 static void |
| 6115 | 1452 ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, |
| 1453 ngx_uint_t do_write) | |
| 1454 { | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1455 off_t *received, limit; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1456 size_t size, limit_rate; |
| 6115 | 1457 ssize_t n; |
| 1458 ngx_buf_t *b; | |
| 6692 | 1459 ngx_int_t rc; |
|
6124
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1460 ngx_uint_t flags; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1461 ngx_msec_t delay; |
| 6692 | 1462 ngx_chain_t *cl, **ll, **out, **busy; |
| 6115 | 1463 ngx_connection_t *c, *pc, *src, *dst; |
| 1464 ngx_log_handler_pt handler; | |
| 1465 ngx_stream_upstream_t *u; | |
| 1466 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1467 | |
| 1468 u = s->upstream; | |
| 1469 | |
| 1470 c = s->connection; | |
|
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1471 pc = u->connected ? u->peer.connection : NULL; |
| 6115 | 1472 |
| 6436 | 1473 if (c->type == SOCK_DGRAM && (ngx_terminate || ngx_exiting)) { |
| 1474 | |
| 1475 /* socket is already closed on worker shutdown */ | |
| 1476 | |
| 1477 handler = c->log->handler; | |
| 1478 c->log->handler = NULL; | |
| 1479 | |
| 1480 ngx_log_error(NGX_LOG_INFO, c->log, 0, "disconnected on shutdown"); | |
| 1481 | |
| 1482 c->log->handler = handler; | |
| 1483 | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1484 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
| 6436 | 1485 return; |
| 1486 } | |
| 1487 | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1488 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1489 |
| 6115 | 1490 if (from_upstream) { |
| 1491 src = pc; | |
| 1492 dst = c; | |
| 1493 b = &u->upstream_buf; | |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1494 limit_rate = pscf->download_rate; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1495 received = &u->received; |
| 6692 | 1496 out = &u->downstream_out; |
| 1497 busy = &u->downstream_busy; | |
| 6115 | 1498 |
| 1499 } else { | |
| 1500 src = c; | |
| 1501 dst = pc; | |
| 1502 b = &u->downstream_buf; | |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1503 limit_rate = pscf->upload_rate; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1504 received = &s->received; |
| 6692 | 1505 out = &u->upstream_out; |
| 1506 busy = &u->upstream_busy; | |
| 6115 | 1507 } |
| 1508 | |
| 1509 for ( ;; ) { | |
| 1510 | |
| 6692 | 1511 if (do_write && dst) { |
| 1512 | |
| 1513 if (*out || *busy || dst->buffered) { | |
| 1514 rc = ngx_stream_top_filter(s, *out, from_upstream); | |
| 1515 | |
| 1516 if (rc == NGX_ERROR) { | |
| 6436 | 1517 if (c->type == SOCK_DGRAM && !from_upstream) { |
| 1518 ngx_stream_proxy_next_upstream(s); | |
| 1519 return; | |
| 1520 } | |
| 1521 | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1522 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1523 return; |
| 6115 | 1524 } |
| 1525 | |
| 6692 | 1526 ngx_chain_update_chains(c->pool, &u->free, busy, out, |
| 1527 (ngx_buf_tag_t) &ngx_stream_proxy_module); | |
| 1528 | |
| 1529 if (*busy == NULL) { | |
| 1530 b->pos = b->start; | |
| 1531 b->last = b->start; | |
| 6115 | 1532 } |
| 1533 } | |
| 1534 } | |
| 1535 | |
| 1536 size = b->end - b->last; | |
| 1537 | |
|
6868
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1538 if (size && src->read->ready && !src->read->delayed |
|
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1539 && !src->read->error) |
|
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1540 { |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1541 if (limit_rate) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1542 limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1) |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1543 - *received; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1544 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1545 if (limit <= 0) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1546 src->read->delayed = 1; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1547 delay = (ngx_msec_t) (- limit * 1000 / limit_rate + 1); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1548 ngx_add_timer(src->read, delay); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1549 break; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1550 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1551 |
|
6204
114d1f8cdcab
Stream: fixed possible integer overflow in rate limiting.
Valentin Bartenev <vbart@nginx.com>
parents:
6203
diff
changeset
|
1552 if ((off_t) size > limit) { |
|
6203
fdfdcad62875
Stream: fixed MSVC compilation warning.
Roman Arutyunyan <arut@nginx.com>
parents:
6202
diff
changeset
|
1553 size = (size_t) limit; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1554 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1555 } |
| 6115 | 1556 |
| 1557 n = src->recv(src, b->last, size); | |
| 1558 | |
| 6692 | 1559 if (n == NGX_AGAIN) { |
| 6115 | 1560 break; |
| 1561 } | |
| 1562 | |
| 6692 | 1563 if (n == NGX_ERROR) { |
| 1564 if (c->type == SOCK_DGRAM && u->received == 0) { | |
| 1565 ngx_stream_proxy_next_upstream(s); | |
| 1566 return; | |
| 1567 } | |
| 1568 | |
| 1569 src->read->eof = 1; | |
| 1570 n = 0; | |
| 1571 } | |
| 1572 | |
| 1573 if (n >= 0) { | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1574 if (limit_rate) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1575 delay = (ngx_msec_t) (n * 1000 / limit_rate); |
| 6115 | 1576 |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1577 if (delay > 0) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1578 src->read->delayed = 1; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1579 ngx_add_timer(src->read, delay); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1580 } |
| 6115 | 1581 } |
| 1582 | |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1583 if (from_upstream) { |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1584 if (u->state->first_byte_time == (ngx_msec_t) -1) { |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1585 u->state->first_byte_time = ngx_current_msec |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1586 - u->state->response_time; |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1587 } |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1588 } |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1589 |
| 6436 | 1590 if (c->type == SOCK_DGRAM && ++u->responses == pscf->responses) |
| 1591 { | |
| 1592 src->read->ready = 0; | |
| 1593 src->read->eof = 1; | |
| 1594 } | |
| 1595 | |
| 6692 | 1596 for (ll = out; *ll; ll = &(*ll)->next) { /* void */ } |
| 1597 | |
| 1598 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
| 1599 if (cl == NULL) { | |
| 1600 ngx_stream_proxy_finalize(s, | |
| 1601 NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 1602 return; | |
| 1603 } | |
| 1604 | |
| 1605 *ll = cl; | |
| 1606 | |
| 1607 cl->buf->pos = b->last; | |
| 1608 cl->buf->last = b->last + n; | |
| 1609 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
| 1610 | |
| 1611 cl->buf->temporary = (n ? 1 : 0); | |
| 1612 cl->buf->last_buf = src->read->eof; | |
| 1613 cl->buf->flush = 1; | |
| 1614 | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1615 *received += n; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1616 b->last += n; |
| 6115 | 1617 do_write = 1; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1618 |
| 6115 | 1619 continue; |
| 1620 } | |
| 1621 } | |
| 1622 | |
| 1623 break; | |
| 1624 } | |
| 1625 | |
| 6692 | 1626 if (src->read->eof && dst && (dst->read->eof || !dst->buffered)) { |
| 6115 | 1627 handler = c->log->handler; |
| 1628 c->log->handler = NULL; | |
| 1629 | |
| 1630 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
|
6461
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
1631 "%s%s disconnected" |
| 6115 | 1632 ", bytes from/to client:%O/%O" |
| 1633 ", bytes from/to upstream:%O/%O", | |
|
6461
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
1634 src->type == SOCK_DGRAM ? "udp " : "", |
| 6115 | 1635 from_upstream ? "upstream" : "client", |
| 1636 s->received, c->sent, u->received, pc ? pc->sent : 0); | |
| 1637 | |
| 1638 c->log->handler = handler; | |
| 1639 | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1640 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1641 return; |
| 6115 | 1642 } |
| 1643 | |
|
6124
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1644 flags = src->read->eof ? NGX_CLOSE_EVENT : 0; |
|
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1645 |
| 6436 | 1646 if (!src->shared && ngx_handle_read_event(src->read, flags) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1647 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1648 return; |
| 6115 | 1649 } |
| 1650 | |
| 1651 if (dst) { | |
| 6436 | 1652 if (!dst->shared && ngx_handle_write_event(dst->write, 0) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1653 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1654 return; |
| 6115 | 1655 } |
| 1656 | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1657 if (!c->read->delayed && !pc->read->delayed) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1658 ngx_add_timer(c->write, pscf->timeout); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1659 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1660 } else if (c->write->timer_set) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1661 ngx_del_timer(c->write); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1662 } |
| 6115 | 1663 } |
| 1664 } | |
| 1665 | |
| 1666 | |
| 1667 static void | |
| 1668 ngx_stream_proxy_next_upstream(ngx_stream_session_t *s) | |
| 1669 { | |
| 1670 ngx_msec_t timeout; | |
| 1671 ngx_connection_t *pc; | |
| 1672 ngx_stream_upstream_t *u; | |
| 1673 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1674 | |
| 1675 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1676 "stream proxy next upstream"); | |
| 1677 | |
| 1678 u = s->upstream; | |
| 6692 | 1679 pc = u->peer.connection; |
| 1680 | |
| 1681 if (u->upstream_out || u->upstream_busy || (pc && pc->buffered)) { | |
| 1682 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, | |
| 1683 "pending buffers on next upstream"); | |
| 1684 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 1685 return; | |
| 1686 } | |
| 6115 | 1687 |
| 1688 if (u->peer.sockaddr) { | |
| 1689 u->peer.free(&u->peer, u->peer.data, NGX_PEER_FAILED); | |
| 1690 u->peer.sockaddr = NULL; | |
| 1691 } | |
| 1692 | |
| 1693 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1694 | |
| 1695 timeout = pscf->next_upstream_timeout; | |
| 1696 | |
| 1697 if (u->peer.tries == 0 | |
| 1698 || !pscf->next_upstream | |
| 1699 || (timeout && ngx_current_msec - u->peer.start_time >= timeout)) | |
| 1700 { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1701 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
| 6115 | 1702 return; |
| 1703 } | |
| 1704 | |
| 1705 if (pc) { | |
| 1706 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1707 "close proxy upstream connection: %d", pc->fd); | |
| 1708 | |
| 1709 #if (NGX_STREAM_SSL) | |
| 1710 if (pc->ssl) { | |
| 1711 pc->ssl->no_wait_shutdown = 1; | |
| 1712 pc->ssl->no_send_shutdown = 1; | |
| 1713 | |
| 1714 (void) ngx_ssl_shutdown(pc); | |
| 1715 } | |
| 1716 #endif | |
| 1717 | |
|
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1718 u->state->bytes_received = u->received; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1719 u->state->bytes_sent = pc->sent; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1720 |
| 6115 | 1721 ngx_close_connection(pc); |
| 1722 u->peer.connection = NULL; | |
| 1723 } | |
| 1724 | |
| 1725 ngx_stream_proxy_connect(s); | |
| 1726 } | |
| 1727 | |
| 1728 | |
| 1729 static void | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1730 ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc) |
| 6115 | 1731 { |
| 1732 ngx_connection_t *pc; | |
| 1733 ngx_stream_upstream_t *u; | |
| 1734 | |
| 1735 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1736 "finalize stream proxy: %i", rc); | |
| 1737 | |
| 1738 u = s->upstream; | |
| 1739 | |
| 1740 if (u == NULL) { | |
| 1741 goto noupstream; | |
| 1742 } | |
| 1743 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1744 if (u->resolved && u->resolved->ctx) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1745 ngx_resolve_name_done(u->resolved->ctx); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1746 u->resolved->ctx = NULL; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1747 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1748 |
|
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1749 pc = u->peer.connection; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1750 |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1751 if (u->state) { |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1752 u->state->response_time = ngx_current_msec - u->state->response_time; |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1753 |
|
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1754 if (pc) { |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1755 u->state->bytes_received = u->received; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1756 u->state->bytes_sent = pc->sent; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1757 } |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1758 } |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1759 |
| 6115 | 1760 if (u->peer.free && u->peer.sockaddr) { |
| 1761 u->peer.free(&u->peer, u->peer.data, 0); | |
| 1762 u->peer.sockaddr = NULL; | |
| 1763 } | |
| 1764 | |
| 1765 if (pc) { | |
| 1766 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1767 "close stream proxy upstream connection: %d", pc->fd); | |
| 1768 | |
| 1769 #if (NGX_STREAM_SSL) | |
| 1770 if (pc->ssl) { | |
| 1771 pc->ssl->no_wait_shutdown = 1; | |
| 1772 (void) ngx_ssl_shutdown(pc); | |
| 1773 } | |
| 1774 #endif | |
| 1775 | |
| 1776 ngx_close_connection(pc); | |
| 1777 u->peer.connection = NULL; | |
| 1778 } | |
| 1779 | |
| 1780 noupstream: | |
| 1781 | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1782 ngx_stream_finalize_session(s, rc); |
| 6115 | 1783 } |
| 1784 | |
| 1785 | |
| 1786 static u_char * | |
| 1787 ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, size_t len) | |
| 1788 { | |
| 1789 u_char *p; | |
| 1790 ngx_connection_t *pc; | |
| 1791 ngx_stream_session_t *s; | |
| 1792 ngx_stream_upstream_t *u; | |
| 1793 | |
| 1794 s = log->data; | |
| 1795 | |
| 1796 u = s->upstream; | |
| 1797 | |
| 1798 p = buf; | |
| 1799 | |
| 1800 if (u->peer.name) { | |
| 1801 p = ngx_snprintf(p, len, ", upstream: \"%V\"", u->peer.name); | |
| 1802 len -= p - buf; | |
| 1803 } | |
| 1804 | |
| 1805 pc = u->peer.connection; | |
| 1806 | |
| 1807 p = ngx_snprintf(p, len, | |
| 1808 ", bytes from/to client:%O/%O" | |
| 1809 ", bytes from/to upstream:%O/%O", | |
| 1810 s->received, s->connection->sent, | |
| 1811 u->received, pc ? pc->sent : 0); | |
| 1812 | |
| 1813 return p; | |
| 1814 } | |
| 1815 | |
| 1816 | |
| 1817 static void * | |
| 1818 ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf) | |
| 1819 { | |
| 1820 ngx_stream_proxy_srv_conf_t *conf; | |
| 1821 | |
| 1822 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_proxy_srv_conf_t)); | |
| 1823 if (conf == NULL) { | |
| 1824 return NULL; | |
| 1825 } | |
| 1826 | |
| 1827 /* | |
| 1828 * set by ngx_pcalloc(): | |
| 1829 * | |
| 1830 * conf->ssl_protocols = 0; | |
| 1831 * conf->ssl_ciphers = { 0, NULL }; | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1832 * conf->ssl_name = NULL; |
| 6115 | 1833 * conf->ssl_trusted_certificate = { 0, NULL }; |
| 1834 * conf->ssl_crl = { 0, NULL }; | |
| 1835 * conf->ssl_certificate = { 0, NULL }; | |
| 1836 * conf->ssl_certificate_key = { 0, NULL }; | |
| 1837 * | |
| 1838 * conf->ssl = NULL; | |
| 1839 * conf->upstream = NULL; | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1840 * conf->upstream_value = NULL; |
| 6115 | 1841 */ |
| 1842 | |
| 1843 conf->connect_timeout = NGX_CONF_UNSET_MSEC; | |
| 1844 conf->timeout = NGX_CONF_UNSET_MSEC; | |
| 1845 conf->next_upstream_timeout = NGX_CONF_UNSET_MSEC; | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
1846 conf->buffer_size = NGX_CONF_UNSET_SIZE; |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1847 conf->upload_rate = NGX_CONF_UNSET_SIZE; |
|
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1848 conf->download_rate = NGX_CONF_UNSET_SIZE; |
| 6436 | 1849 conf->responses = NGX_CONF_UNSET_UINT; |
| 6115 | 1850 conf->next_upstream_tries = NGX_CONF_UNSET_UINT; |
| 1851 conf->next_upstream = NGX_CONF_UNSET; | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1852 conf->proxy_protocol = NGX_CONF_UNSET; |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1853 conf->local = NGX_CONF_UNSET_PTR; |
| 6115 | 1854 |
| 1855 #if (NGX_STREAM_SSL) | |
| 1856 conf->ssl_enable = NGX_CONF_UNSET; | |
| 1857 conf->ssl_session_reuse = NGX_CONF_UNSET; | |
| 1858 conf->ssl_server_name = NGX_CONF_UNSET; | |
| 1859 conf->ssl_verify = NGX_CONF_UNSET; | |
| 1860 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
| 1861 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | |
| 1862 #endif | |
| 1863 | |
| 1864 return conf; | |
| 1865 } | |
| 1866 | |
| 1867 | |
| 1868 static char * | |
| 1869 ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
| 1870 { | |
| 1871 ngx_stream_proxy_srv_conf_t *prev = parent; | |
| 1872 ngx_stream_proxy_srv_conf_t *conf = child; | |
| 1873 | |
| 1874 ngx_conf_merge_msec_value(conf->connect_timeout, | |
| 1875 prev->connect_timeout, 60000); | |
| 1876 | |
| 1877 ngx_conf_merge_msec_value(conf->timeout, | |
| 1878 prev->timeout, 10 * 60000); | |
| 1879 | |
| 1880 ngx_conf_merge_msec_value(conf->next_upstream_timeout, | |
| 1881 prev->next_upstream_timeout, 0); | |
| 1882 | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
1883 ngx_conf_merge_size_value(conf->buffer_size, |
|
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
1884 prev->buffer_size, 16384); |
| 6115 | 1885 |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1886 ngx_conf_merge_size_value(conf->upload_rate, |
|
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1887 prev->upload_rate, 0); |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1888 |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1889 ngx_conf_merge_size_value(conf->download_rate, |
|
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
1890 prev->download_rate, 0); |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1891 |
| 6436 | 1892 ngx_conf_merge_uint_value(conf->responses, |
| 1893 prev->responses, NGX_MAX_INT32_VALUE); | |
| 1894 | |
| 6115 | 1895 ngx_conf_merge_uint_value(conf->next_upstream_tries, |
| 1896 prev->next_upstream_tries, 0); | |
| 1897 | |
| 1898 ngx_conf_merge_value(conf->next_upstream, prev->next_upstream, 1); | |
| 1899 | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1900 ngx_conf_merge_value(conf->proxy_protocol, prev->proxy_protocol, 0); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1901 |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1902 ngx_conf_merge_ptr_value(conf->local, prev->local, NULL); |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
1903 |
| 6115 | 1904 #if (NGX_STREAM_SSL) |
| 1905 | |
| 1906 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); | |
| 1907 | |
| 1908 ngx_conf_merge_value(conf->ssl_session_reuse, | |
| 1909 prev->ssl_session_reuse, 1); | |
| 1910 | |
| 1911 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | |
|
6157
b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6124
diff
changeset
|
1912 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |
|
b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6124
diff
changeset
|
1913 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
| 6115 | 1914 |
| 1915 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT"); | |
| 1916 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1917 if (conf->ssl_name == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1918 conf->ssl_name = prev->ssl_name; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1919 } |
| 6115 | 1920 |
| 1921 ngx_conf_merge_value(conf->ssl_server_name, prev->ssl_server_name, 0); | |
| 1922 | |
| 1923 ngx_conf_merge_value(conf->ssl_verify, prev->ssl_verify, 0); | |
| 1924 | |
| 1925 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
| 1926 prev->ssl_verify_depth, 1); | |
| 1927 | |
| 1928 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
| 1929 prev->ssl_trusted_certificate, ""); | |
| 1930 | |
| 1931 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
| 1932 | |
| 1933 ngx_conf_merge_str_value(conf->ssl_certificate, | |
| 1934 prev->ssl_certificate, ""); | |
| 1935 | |
| 1936 ngx_conf_merge_str_value(conf->ssl_certificate_key, | |
| 1937 prev->ssl_certificate_key, ""); | |
| 1938 | |
| 1939 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | |
| 1940 | |
| 1941 if (conf->ssl_enable && ngx_stream_proxy_set_ssl(cf, conf) != NGX_OK) { | |
| 1942 return NGX_CONF_ERROR; | |
| 1943 } | |
| 1944 | |
| 1945 #endif | |
| 1946 | |
| 1947 return NGX_CONF_OK; | |
| 1948 } | |
| 1949 | |
| 1950 | |
| 1951 #if (NGX_STREAM_SSL) | |
| 1952 | |
| 1953 static ngx_int_t | |
| 1954 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) | |
| 1955 { | |
| 1956 ngx_pool_cleanup_t *cln; | |
| 1957 | |
| 1958 pscf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); | |
| 1959 if (pscf->ssl == NULL) { | |
| 1960 return NGX_ERROR; | |
| 1961 } | |
| 1962 | |
| 1963 pscf->ssl->log = cf->log; | |
| 1964 | |
| 1965 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { | |
| 1966 return NGX_ERROR; | |
| 1967 } | |
| 1968 | |
| 1969 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
| 1970 if (cln == NULL) { | |
| 1971 return NGX_ERROR; | |
| 1972 } | |
| 1973 | |
| 1974 cln->handler = ngx_ssl_cleanup_ctx; | |
| 1975 cln->data = pscf->ssl; | |
| 1976 | |
| 1977 if (pscf->ssl_certificate.len) { | |
| 1978 | |
| 1979 if (pscf->ssl_certificate_key.len == 0) { | |
| 1980 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 1981 "no \"proxy_ssl_certificate_key\" is defined " | |
| 1982 "for certificate \"%V\"", &pscf->ssl_certificate); | |
| 1983 return NGX_ERROR; | |
| 1984 } | |
| 1985 | |
| 1986 if (ngx_ssl_certificate(cf, pscf->ssl, &pscf->ssl_certificate, | |
| 1987 &pscf->ssl_certificate_key, pscf->ssl_passwords) | |
| 1988 != NGX_OK) | |
| 1989 { | |
| 1990 return NGX_ERROR; | |
| 1991 } | |
| 1992 } | |
| 1993 | |
|
6591
04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
Tim Taubert <tim@timtaubert.de>
parents:
6530
diff
changeset
|
1994 if (ngx_ssl_ciphers(cf, pscf->ssl, &pscf->ssl_ciphers, 0) != NGX_OK) { |
| 6115 | 1995 return NGX_ERROR; |
| 1996 } | |
| 1997 | |
| 1998 if (pscf->ssl_verify) { | |
| 1999 if (pscf->ssl_trusted_certificate.len == 0) { | |
| 2000 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 2001 "no proxy_ssl_trusted_certificate for proxy_ssl_verify"); | |
| 2002 return NGX_ERROR; | |
| 2003 } | |
| 2004 | |
| 2005 if (ngx_ssl_trusted_certificate(cf, pscf->ssl, | |
| 2006 &pscf->ssl_trusted_certificate, | |
| 2007 pscf->ssl_verify_depth) | |
| 2008 != NGX_OK) | |
| 2009 { | |
| 2010 return NGX_ERROR; | |
| 2011 } | |
| 2012 | |
| 2013 if (ngx_ssl_crl(cf, pscf->ssl, &pscf->ssl_crl) != NGX_OK) { | |
| 2014 return NGX_ERROR; | |
| 2015 } | |
| 2016 } | |
| 2017 | |
| 2018 return NGX_OK; | |
| 2019 } | |
| 2020 | |
| 2021 #endif | |
| 2022 | |
| 2023 | |
| 2024 static char * | |
| 2025 ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 2026 { | |
| 2027 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
| 2028 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2029 ngx_url_t u; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2030 ngx_str_t *value, *url; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2031 ngx_stream_complex_value_t cv; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2032 ngx_stream_core_srv_conf_t *cscf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2033 ngx_stream_compile_complex_value_t ccv; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2034 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2035 if (pscf->upstream || pscf->upstream_value) { |
| 6115 | 2036 return "is duplicate"; |
| 2037 } | |
| 2038 | |
| 2039 cscf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_core_module); | |
| 2040 | |
| 2041 cscf->handler = ngx_stream_proxy_handler; | |
| 2042 | |
| 2043 value = cf->args->elts; | |
| 2044 | |
| 2045 url = &value[1]; | |
| 2046 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2047 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2048 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2049 ccv.cf = cf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2050 ccv.value = url; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2051 ccv.complex_value = &cv; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2052 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2053 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2054 return NGX_CONF_ERROR; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2055 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2056 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2057 if (cv.lengths) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2058 pscf->upstream_value = ngx_palloc(cf->pool, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2059 sizeof(ngx_stream_complex_value_t)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2060 if (pscf->upstream_value == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2061 return NGX_CONF_ERROR; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2062 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2063 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2064 *pscf->upstream_value = cv; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2065 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2066 return NGX_CONF_OK; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2067 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2068 |
| 6115 | 2069 ngx_memzero(&u, sizeof(ngx_url_t)); |
| 2070 | |
| 2071 u.url = *url; | |
| 2072 u.no_resolve = 1; | |
| 2073 | |
| 2074 pscf->upstream = ngx_stream_upstream_add(cf, &u, 0); | |
| 2075 if (pscf->upstream == NULL) { | |
| 2076 return NGX_CONF_ERROR; | |
| 2077 } | |
| 2078 | |
| 2079 return NGX_CONF_OK; | |
| 2080 } | |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2081 |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2082 |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2083 static char * |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2084 ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2085 { |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2086 ngx_stream_proxy_srv_conf_t *pscf = conf; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2087 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2088 ngx_int_t rc; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2089 ngx_str_t *value; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2090 ngx_stream_complex_value_t cv; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2091 ngx_stream_upstream_local_t *local; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2092 ngx_stream_compile_complex_value_t ccv; |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2093 |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2094 if (pscf->local != NGX_CONF_UNSET_PTR) { |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2095 return "is duplicate"; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2096 } |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2097 |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2098 value = cf->args->elts; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2099 |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2100 if (cf->args->nelts == 2 && ngx_strcmp(value[1].data, "off") == 0) { |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2101 pscf->local = NULL; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2102 return NGX_CONF_OK; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2103 } |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2104 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2105 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2106 |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2107 ccv.cf = cf; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2108 ccv.value = &value[1]; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2109 ccv.complex_value = &cv; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2110 |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2111 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2112 return NGX_CONF_ERROR; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2113 } |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2114 |
|
6598
4a724d6006ee
Stream: use ngx_pcalloc() in ngx_stream_proxy_bind().
Roman Arutyunyan <arut@nginx.com>
parents:
6595
diff
changeset
|
2115 local = ngx_pcalloc(cf->pool, sizeof(ngx_stream_upstream_local_t)); |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2116 if (local == NULL) { |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2117 return NGX_CONF_ERROR; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2118 } |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2119 |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2120 pscf->local = local; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2121 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2122 if (cv.lengths) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2123 local->value = ngx_palloc(cf->pool, sizeof(ngx_stream_complex_value_t)); |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2124 if (local->value == NULL) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2125 return NGX_CONF_ERROR; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2126 } |
|
6595
0c98c4092440
Stream: support for $remote_port in proxy_bind.
Roman Arutyunyan <arut@nginx.com>
parents:
6594
diff
changeset
|
2127 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2128 *local->value = cv; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2129 |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2130 } else { |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2131 local->addr = ngx_palloc(cf->pool, sizeof(ngx_addr_t)); |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2132 if (local->addr == NULL) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2133 return NGX_CONF_ERROR; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2134 } |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2135 |
|
6594
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2136 rc = ngx_parse_addr_port(cf->pool, local->addr, value[1].data, |
|
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2137 value[1].len); |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2138 |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2139 switch (rc) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2140 case NGX_OK: |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2141 local->addr->name = value[1]; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2142 break; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2143 |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2144 case NGX_DECLINED: |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2145 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2146 "invalid address \"%V\"", &value[1]); |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2147 /* fall through */ |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2148 |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2149 default: |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2150 return NGX_CONF_ERROR; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2151 } |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2152 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2153 |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2154 if (cf->args->nelts > 2) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2155 if (ngx_strcmp(value[2].data, "transparent") == 0) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2156 #if (NGX_HAVE_TRANSPARENT_PROXY) |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2157 local->transparent = 1; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2158 #else |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2159 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2160 "transparent proxying is not supported " |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2161 "on this platform, ignored"); |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2162 #endif |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2163 } else { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2164 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2165 "invalid parameter \"%V\"", &value[2]); |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2166 return NGX_CONF_ERROR; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2167 } |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2168 } |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2169 |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2170 return NGX_CONF_OK; |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2171 } |