Mercurial > hg > nginx

comparison src/http/modules/ngx_http_uwsgi_module.c @ 8053:9d98d524bd02

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Upstream: optimized use of SSL contexts (ticket #1234). To ensure optimal use of memory, SSL contexts for proxying are now inherited from previous levels as long as relevant proxy_ssl_* directives are not redefined. Further, when no proxy_ssl_* directives are redefined in a server block, we now preserve plcf->upstream.ssl in the "http" section configuration to inherit it to all servers. Similar changes made in uwsgi, grpc, and stream proxy.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 29 Jun 2022 02:47:45 +0300
parents c7e25324be11
children d1cf09451ae8
comparison
equal deleted inserted replaced
8052:e210c8942a54 8053:9d98d524bd02
94 #if (NGX_HTTP_SSL) 94 #if (NGX_HTTP_SSL)
95 static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, 95 static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf,
96 ngx_command_t *cmd, void *conf); 96 ngx_command_t *cmd, void *conf);
97 static char *ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post, 97 static char *ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post,
98 void *data); 98 void *data);
99 static ngx_int_t ngx_http_uwsgi_merge_ssl(ngx_conf_t *cf,
100 ngx_http_uwsgi_loc_conf_t *conf, ngx_http_uwsgi_loc_conf_t *prev);
99 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, 101 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf,
100 ngx_http_uwsgi_loc_conf_t *uwcf); 102 ngx_http_uwsgi_loc_conf_t *uwcf);
101 #endif 103 #endif
102 104
103 105
666 u = r->upstream; 668 u = r->upstream;
667 669
668 if (uwcf->uwsgi_lengths == NULL) { 670 if (uwcf->uwsgi_lengths == NULL) {
669 671
670 #if (NGX_HTTP_SSL) 672 #if (NGX_HTTP_SSL)
671 u->ssl = (uwcf->upstream.ssl != NULL); 673 u->ssl = uwcf->ssl;
672 674
673 if (u->ssl) { 675 if (u->ssl) {
674 ngx_str_set(&u->schema, "suwsgi://"); 676 ngx_str_set(&u->schema, "suwsgi://");
675 677
676 } else { 678 } else {
1863 ngx_conf_merge_value(conf->upstream.intercept_errors, 1865 ngx_conf_merge_value(conf->upstream.intercept_errors,
1864 prev->upstream.intercept_errors, 0); 1866 prev->upstream.intercept_errors, 0);
1865 1867
1866 #if (NGX_HTTP_SSL) 1868 #if (NGX_HTTP_SSL)
1867 1869
1870 if (ngx_http_uwsgi_merge_ssl(cf, conf, prev) != NGX_OK) {
1871 return NGX_CONF_ERROR;
1872 }
1873
1868 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, 1874 ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
1869 prev->upstream.ssl_session_reuse, 1); 1875 prev->upstream.ssl_session_reuse, 1);
1870 1876
1871 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, 1877 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
1872 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 1878 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
1925 1931
1926 conf->uwsgi_lengths = prev->uwsgi_lengths; 1932 conf->uwsgi_lengths = prev->uwsgi_lengths;
1927 conf->uwsgi_values = prev->uwsgi_values; 1933 conf->uwsgi_values = prev->uwsgi_values;
1928 1934
1929 #if (NGX_HTTP_SSL) 1935 #if (NGX_HTTP_SSL)
1930 conf->upstream.ssl = prev->upstream.ssl; 1936 conf->ssl = prev->ssl;
1931 #endif 1937 #endif
1932 } 1938 }
1933 1939
1934 if (clcf->lmt_excpt && clcf->handler == NULL 1940 if (clcf->lmt_excpt && clcf->handler == NULL
1935 && (conf->upstream.upstream || conf->uwsgi_lengths)) 1941 && (conf->upstream.upstream || conf->uwsgi_lengths))
2453 #endif 2459 #endif
2454 } 2460 }
2455 2461
2456 2462
2457 static ngx_int_t 2463 static ngx_int_t
2464 ngx_http_uwsgi_merge_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
2465 ngx_http_uwsgi_loc_conf_t *prev)
2466 {
2467 ngx_uint_t preserve;
2468
2469 if (conf->ssl_protocols == 0
2470 && conf->ssl_ciphers.data == NULL
2471 && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
2472 && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
2473 && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
2474 && conf->upstream.ssl_verify == NGX_CONF_UNSET
2475 && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
2476 && conf->ssl_trusted_certificate.data == NULL
2477 && conf->ssl_crl.data == NULL
2478 && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
2479 && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
2480 {
2481 if (prev->upstream.ssl) {
2482 conf->upstream.ssl = prev->upstream.ssl;
2483 return NGX_OK;
2484 }
2485
2486 preserve = 1;
2487
2488 } else {
2489 preserve = 0;
2490 }
2491
2492 conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
2493 if (conf->upstream.ssl == NULL) {
2494 return NGX_ERROR;
2495 }
2496
2497 conf->upstream.ssl->log = cf->log;
2498
2499 /*
2500 * special handling to preserve conf->upstream.ssl
2501 * in the "http" section to inherit it to all servers
2502 */
2503
2504 if (preserve) {
2505 prev->upstream.ssl = conf->upstream.ssl;
2506 }
2507
2508 return NGX_OK;
2509 }
2510
2511
2512 static ngx_int_t
2458 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) 2513 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
2459 { 2514 {
2460 ngx_pool_cleanup_t *cln; 2515 ngx_pool_cleanup_t *cln;
2461 2516
2462 uwcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); 2517 if (uwcf->upstream.ssl->ctx) {
2463 if (uwcf->upstream.ssl == NULL) { 2518 return NGX_OK;
2464 return NGX_ERROR; 2519 }
2465 }
2466
2467 uwcf->upstream.ssl->log = cf->log;
2468 2520
2469 if (ngx_ssl_create(uwcf->upstream.ssl, uwcf->ssl_protocols, NULL) 2521 if (ngx_ssl_create(uwcf->upstream.ssl, uwcf->ssl_protocols, NULL)
2470 != NGX_OK) 2522 != NGX_OK)
2471 { 2523 {
2472 return NGX_ERROR; 2524 return NGX_ERROR;