Mercurial > hg > nginx-quic

comparison src/http/modules/ngx_http_proxy_module.c @ 8487:d514f88053e5 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merged with the default branch.
author Sergey Kandaurov <pluknet@nginx.com>
date Fri, 28 May 2021 13:33:08 +0300
parents 3ab8e1e2f0f7
children 52338ddf9e2f
comparison
equal deleted inserted replaced
8445:e6c26cb4d38b 8487:d514f88053e5
122 ngx_uint_t ssl_protocols; 122 ngx_uint_t ssl_protocols;
123 ngx_str_t ssl_ciphers; 123 ngx_str_t ssl_ciphers;
124 ngx_uint_t ssl_verify_depth; 124 ngx_uint_t ssl_verify_depth;
125 ngx_str_t ssl_trusted_certificate; 125 ngx_str_t ssl_trusted_certificate;
126 ngx_str_t ssl_crl; 126 ngx_str_t ssl_crl;
127 ngx_str_t ssl_certificate;
128 ngx_str_t ssl_certificate_key;
129 ngx_array_t *ssl_passwords;
130 ngx_array_t *ssl_conf_commands; 127 ngx_array_t *ssl_conf_commands;
131 #endif 128 #endif
132 } ngx_http_proxy_loc_conf_t; 129 } ngx_http_proxy_loc_conf_t;
133 130
134 131
751 offsetof(ngx_http_proxy_loc_conf_t, ssl_crl), 748 offsetof(ngx_http_proxy_loc_conf_t, ssl_crl),
752 NULL }, 749 NULL },
753 750
754 { ngx_string("proxy_ssl_certificate"), 751 { ngx_string("proxy_ssl_certificate"),
755 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, 752 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
756 ngx_conf_set_str_slot, 753 ngx_http_set_complex_value_zero_slot,
757 NGX_HTTP_LOC_CONF_OFFSET, 754 NGX_HTTP_LOC_CONF_OFFSET,
758 offsetof(ngx_http_proxy_loc_conf_t, ssl_certificate), 755 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_certificate),
759 NULL }, 756 NULL },
760 757
761 { ngx_string("proxy_ssl_certificate_key"), 758 { ngx_string("proxy_ssl_certificate_key"),
762 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, 759 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
763 ngx_conf_set_str_slot, 760 ngx_http_set_complex_value_zero_slot,
764 NGX_HTTP_LOC_CONF_OFFSET, 761 NGX_HTTP_LOC_CONF_OFFSET,
765 offsetof(ngx_http_proxy_loc_conf_t, ssl_certificate_key), 762 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_certificate_key),
766 NULL }, 763 NULL },
767 764
768 { ngx_string("proxy_ssl_password_file"), 765 { ngx_string("proxy_ssl_password_file"),
769 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, 766 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
770 ngx_http_proxy_ssl_password_file, 767 ngx_http_proxy_ssl_password_file,
3325 * conf->upstream.cache_methods = 0; 3322 * conf->upstream.cache_methods = 0;
3326 * conf->upstream.temp_path = NULL; 3323 * conf->upstream.temp_path = NULL;
3327 * conf->upstream.hide_headers_hash = { NULL, 0 }; 3324 * conf->upstream.hide_headers_hash = { NULL, 0 };
3328 * conf->upstream.store_lengths = NULL; 3325 * conf->upstream.store_lengths = NULL;
3329 * conf->upstream.store_values = NULL; 3326 * conf->upstream.store_values = NULL;
3330 * conf->upstream.ssl_name = NULL;
3331 * 3327 *
3332 * conf->method = NULL;
3333 * conf->location = NULL; 3328 * conf->location = NULL;
3334 * conf->url = { 0, NULL }; 3329 * conf->url = { 0, NULL };
3335 * conf->headers.lengths = NULL; 3330 * conf->headers.lengths = NULL;
3336 * conf->headers.values = NULL; 3331 * conf->headers.values = NULL;
3337 * conf->headers.hash = { NULL, 0 }; 3332 * conf->headers.hash = { NULL, 0 };
3345 * conf->ssl = 0; 3340 * conf->ssl = 0;
3346 * conf->ssl_protocols = 0; 3341 * conf->ssl_protocols = 0;
3347 * conf->ssl_ciphers = { 0, NULL }; 3342 * conf->ssl_ciphers = { 0, NULL };
3348 * conf->ssl_trusted_certificate = { 0, NULL }; 3343 * conf->ssl_trusted_certificate = { 0, NULL };
3349 * conf->ssl_crl = { 0, NULL }; 3344 * conf->ssl_crl = { 0, NULL };
3350 * conf->ssl_certificate = { 0, NULL };
3351 * conf->ssl_certificate_key = { 0, NULL };
3352 */ 3345 */
3353 3346
3354 conf->upstream.store = NGX_CONF_UNSET; 3347 conf->upstream.store = NGX_CONF_UNSET;
3355 conf->upstream.store_access = NGX_CONF_UNSET_UINT; 3348 conf->upstream.store_access = NGX_CONF_UNSET_UINT;
3356 conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT; 3349 conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT;
3398 3391
3399 conf->upstream.intercept_errors = NGX_CONF_UNSET; 3392 conf->upstream.intercept_errors = NGX_CONF_UNSET;
3400 3393
3401 #if (NGX_HTTP_SSL) 3394 #if (NGX_HTTP_SSL)
3402 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; 3395 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
3396 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR;
3403 conf->upstream.ssl_server_name = NGX_CONF_UNSET; 3397 conf->upstream.ssl_server_name = NGX_CONF_UNSET;
3404 conf->upstream.ssl_verify = NGX_CONF_UNSET; 3398 conf->upstream.ssl_verify = NGX_CONF_UNSET;
3399 conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR;
3400 conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR;
3401 conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR;
3405 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; 3402 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
3406 conf->ssl_passwords = NGX_CONF_UNSET_PTR;
3407 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; 3403 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR;
3408 #endif 3404 #endif
3409 3405
3410 /* "proxy_cyclic_temp_file" is disabled */ 3406 /* "proxy_cyclic_temp_file" is disabled */
3411 conf->upstream.cyclic_temp_file = 0; 3407 conf->upstream.cyclic_temp_file = 0;
3412 3408
3409 conf->upstream.change_buffering = 1;
3410
3413 conf->headers_source = NGX_CONF_UNSET_PTR; 3411 conf->headers_source = NGX_CONF_UNSET_PTR;
3414 3412
3413 conf->method = NGX_CONF_UNSET_PTR;
3414
3415 conf->redirect = NGX_CONF_UNSET; 3415 conf->redirect = NGX_CONF_UNSET;
3416 conf->upstream.change_buffering = 1;
3417 3416
3418 conf->cookie_domains = NGX_CONF_UNSET_PTR; 3417 conf->cookie_domains = NGX_CONF_UNSET_PTR;
3419 conf->cookie_paths = NGX_CONF_UNSET_PTR; 3418 conf->cookie_paths = NGX_CONF_UNSET_PTR;
3420 conf->cookie_flags = NGX_CONF_UNSET_PTR; 3419 conf->cookie_flags = NGX_CONF_UNSET_PTR;
3421 3420
3706 ngx_conf_merge_value(conf->upstream.cache_background_update, 3705 ngx_conf_merge_value(conf->upstream.cache_background_update,
3707 prev->upstream.cache_background_update, 0); 3706 prev->upstream.cache_background_update, 0);
3708 3707
3709 #endif 3708 #endif
3710 3709
3711 if (conf->method == NULL) {
3712 conf->method = prev->method;
3713 }
3714
3715 ngx_conf_merge_value(conf->upstream.pass_request_headers, 3710 ngx_conf_merge_value(conf->upstream.pass_request_headers,
3716 prev->upstream.pass_request_headers, 1); 3711 prev->upstream.pass_request_headers, 1);
3717 ngx_conf_merge_value(conf->upstream.pass_request_body, 3712 ngx_conf_merge_value(conf->upstream.pass_request_body,
3718 prev->upstream.pass_request_body, 1); 3713 prev->upstream.pass_request_body, 1);
3719 3714
3730 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); 3725 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
3731 3726
3732 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, 3727 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
3733 "DEFAULT"); 3728 "DEFAULT");
3734 3729
3735 if (conf->upstream.ssl_name == NULL) { 3730 ngx_conf_merge_ptr_value(conf->upstream.ssl_name,
3736 conf->upstream.ssl_name = prev->upstream.ssl_name; 3731 prev->upstream.ssl_name, NULL);
3737 }
3738
3739 ngx_conf_merge_value(conf->upstream.ssl_server_name, 3732 ngx_conf_merge_value(conf->upstream.ssl_server_name,
3740 prev->upstream.ssl_server_name, 0); 3733 prev->upstream.ssl_server_name, 0);
3741 ngx_conf_merge_value(conf->upstream.ssl_verify, 3734 ngx_conf_merge_value(conf->upstream.ssl_verify,
3742 prev->upstream.ssl_verify, 0); 3735 prev->upstream.ssl_verify, 0);
3743 ngx_conf_merge_uint_value(conf->ssl_verify_depth, 3736 ngx_conf_merge_uint_value(conf->ssl_verify_depth,
3744 prev->ssl_verify_depth, 1); 3737 prev->ssl_verify_depth, 1);
3745 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, 3738 ngx_conf_merge_str_value(conf->ssl_trusted_certificate,
3746 prev->ssl_trusted_certificate, ""); 3739 prev->ssl_trusted_certificate, "");
3747 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); 3740 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");
3748 3741
3749 ngx_conf_merge_str_value(conf->ssl_certificate, 3742 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate,
3750 prev->ssl_certificate, ""); 3743 prev->upstream.ssl_certificate, NULL);
3751 ngx_conf_merge_str_value(conf->ssl_certificate_key, 3744 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key,
3752 prev->ssl_certificate_key, ""); 3745 prev->upstream.ssl_certificate_key, NULL);
3753 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); 3746 ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords,
3747 prev->upstream.ssl_passwords, NULL);
3754 3748
3755 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, 3749 ngx_conf_merge_ptr_value(conf->ssl_conf_commands,
3756 prev->ssl_conf_commands, NULL); 3750 prev->ssl_conf_commands, NULL);
3757 3751
3758 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { 3752 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {
3759 return NGX_CONF_ERROR; 3753 return NGX_CONF_ERROR;
3760 } 3754 }
3761 3755
3762 #endif 3756 #endif
3757
3758 ngx_conf_merge_ptr_value(conf->method, prev->method, NULL);
3763 3759
3764 ngx_conf_merge_value(conf->redirect, prev->redirect, 1); 3760 ngx_conf_merge_value(conf->redirect, prev->redirect, 1);
3765 3761
3766 if (conf->redirect) { 3762 if (conf->redirect) {
3767 3763
4857 { 4853 {
4858 ngx_http_proxy_loc_conf_t *plcf = conf; 4854 ngx_http_proxy_loc_conf_t *plcf = conf;
4859 4855
4860 ngx_str_t *value; 4856 ngx_str_t *value;
4861 4857
4862 if (plcf->ssl_passwords != NGX_CONF_UNSET_PTR) { 4858 if (plcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) {
4863 return "is duplicate"; 4859 return "is duplicate";
4864 } 4860 }
4865 4861
4866 value = cf->args->elts; 4862 value = cf->args->elts;
4867 4863
4868 plcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); 4864 plcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
4869 4865
4870 if (plcf->ssl_passwords == NULL) { 4866 if (plcf->upstream.ssl_passwords == NULL) {
4871 return NGX_CONF_ERROR; 4867 return NGX_CONF_ERROR;
4872 } 4868 }
4873 4869
4874 return NGX_CONF_OK; 4870 return NGX_CONF_OK;
4875 } 4871 }
4944 } 4940 }
4945 4941
4946 cln->handler = ngx_ssl_cleanup_ctx; 4942 cln->handler = ngx_ssl_cleanup_ctx;
4947 cln->data = plcf->upstream.ssl; 4943 cln->data = plcf->upstream.ssl;
4948 4944
4949 if (plcf->ssl_certificate.len) { 4945 if (plcf->upstream.ssl_certificate) {
4950 4946
4951 if (plcf->ssl_certificate_key.len == 0) { 4947 if (plcf->upstream.ssl_certificate_key == NULL) {
4952 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, 4948 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
4953 "no \"proxy_ssl_certificate_key\" is defined " 4949 "no \"proxy_ssl_certificate_key\" is defined "
4954 "for certificate \"%V\"", &plcf->ssl_certificate); 4950 "for certificate \"%V\"",
4951 &plcf->upstream.ssl_certificate->value);
4955 return NGX_ERROR; 4952 return NGX_ERROR;
4956 } 4953 }
4957 4954
4958 if (ngx_ssl_certificate(cf, plcf->upstream.ssl, &plcf->ssl_certificate, 4955 if (plcf->upstream.ssl_certificate->lengths
4959 &plcf->ssl_certificate_key, plcf->ssl_passwords) 4956 || plcf->upstream.ssl_certificate_key->lengths)
4960 != NGX_OK)
4961 { 4957 {
4962 return NGX_ERROR; 4958 plcf->upstream.ssl_passwords =
4959 ngx_ssl_preserve_passwords(cf, plcf->upstream.ssl_passwords);
4960 if (plcf->upstream.ssl_passwords == NULL) {
4961 return NGX_ERROR;
4962 }
4963
4964 } else {
4965 if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
4966 &plcf->upstream.ssl_certificate->value,
4967 &plcf->upstream.ssl_certificate_key->value,
4968 plcf->upstream.ssl_passwords)
4969 != NGX_OK)
4970 {
4971 return NGX_ERROR;
4972 }
4963 } 4973 }
4964 } 4974 }
4965 4975
4966 if (ngx_ssl_ciphers(cf, plcf->upstream.ssl, &plcf->ssl_ciphers, 0) 4976 if (ngx_ssl_ciphers(cf, plcf->upstream.ssl, &plcf->ssl_ciphers, 0)
4967 != NGX_OK) 4977 != NGX_OK)