# HG changeset patch # User Igor Sysoev # Date 1219003200 -14400 # Node ID 9d81578d04bbc73636567e84ed5a48e86826eb1b # Parent 47d42325b5fdbf391dc6ffbd9822ca71cb25b138 nginx 0.7.11 *) Change: now ngx_http_charset_module does not work by default with text/css MIME type. *) Feature: now nginx returns the 405 status code for POST method requesting a static file only if the file exists. *) Feature: the "proxy_ssl_session_reuse" directive. *) Bugfix: a "proxy_pass" directive without URI part might use original request after the "X-Accel-Redirect" redirection was used; *) Bugfix: if a directory has search only rights and the first index file was absent, then nginx returned the 500 status code. *) Bugfix: in inclusive locations; the bugs had appeared in 0.7.1. diff --git a/CHANGES b/CHANGES --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,23 @@ +Changes with nginx 0.7.11 18 Aug 2008 + + *) Change: now ngx_http_charset_module does not work by default with + text/css MIME type. + + *) Feature: now nginx returns the 405 status code for POST method + requesting a static file only if the file exists. + + *) Feature: the "proxy_ssl_session_reuse" directive. + + *) Bugfix: a "proxy_pass" directive without URI part might use original + request after the "X-Accel-Redirect" redirection was used; + + *) Bugfix: if a directory has search only rights and the first index + file was absent, then nginx returned the 500 status code. + + *) Bugfix: in inclusive locations; the bugs had appeared in 0.7.1. + + Changes with nginx 0.7.10 13 Aug 2008 *) Bugfix: in the "addition_types", "charset_types", "gzip_types", @@ -7,7 +26,7 @@ Changes with nginx 0.7.10 *) Bugfix: of recursive error_page for 500 status code. - *) Bugfix: now the ngx_http_realip_module set address not for whole + *) Bugfix: now the ngx_http_realip_module sets address not for whole keepalive connection, but for each request passed via the connection. diff --git a/CHANGES.ru b/CHANGES.ru --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,26 @@ +Изменения в nginx 0.7.11 18.08.2008 + + *) Изменение: теперь ngx_http_charset_module по умолчанию не работает + MIME-типом text/css. + + *) Добавление: теперь nginx возвращает код 405 для метода POST при + запросе статического файла, только если файл существует. + + *) Добавление: директива proxy_ssl_session_reuse. + + *) Исправление: после перенаправления запроса с помощью + "X-Accel-Redirect" директива proxy_pass без URI могла использовать + оригинальный запрос. + + *) Исправление: если у каталога были права доступа только на поиск + файлов и первый индексный файл отсутствовал, то nginx возвращал + ошибку 500. + + *) Исправление: ошибок во вложенных location'ах; ошибки появились в + 0.7.1. + + Изменения в nginx 0.7.10 13.08.2008 *) Исправление: ошибок в директивах addition_types, charset_types, diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -8,7 +8,7 @@ #define _NGINX_H_INCLUDED_ -#define NGINX_VERSION "0.7.10" +#define NGINX_VERSION "0.7.11" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/core/ngx_output_chain.c b/src/core/ngx_output_chain.c --- a/src/core/ngx_output_chain.c +++ b/src/core/ngx_output_chain.c @@ -414,7 +414,7 @@ ngx_output_chain_copy_buf(ngx_buf_t *dst if (n != size) { ngx_log_error(NGX_LOG_ALERT, src->file->log, 0, - ngx_read_file_n " reads only %z of %O from file", + ngx_read_file_n " read only %z of %O from file", n, size); if (n == 0) { return NGX_ERROR; diff --git a/src/http/modules/ngx_http_charset_filter_module.c b/src/http/modules/ngx_http_charset_filter_module.c --- a/src/http/modules/ngx_http_charset_filter_module.c +++ b/src/http/modules/ngx_http_charset_filter_module.c @@ -115,7 +115,6 @@ static ngx_int_t ngx_http_charset_postco ngx_str_t ngx_http_charset_default_types[] = { ngx_string("text/html"), - ngx_string("text/css"), ngx_string("text/xml"), ngx_string("text/plain"), ngx_string("text/vnd.wap.wml"), diff --git a/src/http/modules/ngx_http_index_module.c b/src/http/modules/ngx_http_index_module.c --- a/src/http/modules/ngx_http_index_module.c +++ b/src/http/modules/ngx_http_index_module.c @@ -309,6 +309,19 @@ ngx_http_index_test_dir(ngx_http_request return ngx_http_index_error(r, clcf, dir.data, NGX_ENOENT); } + if (of.err == NGX_EACCES) { + + *last = c; + + /* + * ngx_http_index_test_dir() is called after the first index + * file testing has returned an error distinct from NGX_EACCES. + * This means that directory searching is allowed. + */ + + return NGX_OK; + } + ngx_log_error(NGX_LOG_CRIT, r->connection->log, of.err, ngx_open_file_n " \"%s\" failed", dir.data); } diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -360,6 +360,17 @@ static ngx_command_t ngx_http_proxy_com offsetof(ngx_http_proxy_loc_conf_t, upstream.hide_headers), NULL }, +#if (NGX_HTTP_SSL) + + { ngx_string("proxy_ssl_session_reuse"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse), + NULL }, + +#endif + ngx_null_command }; @@ -1645,6 +1656,9 @@ ngx_http_proxy_create_loc_conf(ngx_conf_ conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; conf->upstream.intercept_errors = NGX_CONF_UNSET; +#if (NGX_HTTP_SSL) + conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; +#endif /* "proxy_cyclic_temp_file" is disabled */ conf->upstream.cyclic_temp_file = 0; @@ -1834,6 +1848,11 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t ngx_conf_merge_value(conf->upstream.intercept_errors, prev->upstream.intercept_errors, 0); +#if (NGX_HTTP_SSL) + ngx_conf_merge_value(conf->upstream.ssl_session_reuse, + prev->upstream.ssl_session_reuse, 1); +#endif + ngx_conf_merge_value(conf->redirect, prev->redirect, 1); if (conf->redirect) { diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c --- a/src/http/modules/ngx_http_static_module.c +++ b/src/http/modules/ngx_http_static_module.c @@ -58,7 +58,7 @@ ngx_http_static_handler(ngx_http_request ngx_open_file_info_t of; ngx_http_core_loc_conf_t *clcf; - if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD))) { + if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD|NGX_HTTP_POST))) { return NGX_HTTP_NOT_ALLOWED; } @@ -71,12 +71,6 @@ ngx_http_static_handler(ngx_http_request return NGX_DECLINED; } - rc = ngx_http_discard_request_body(r); - - if (rc != NGX_OK) { - return rc; - } - log = r->connection->log; /* @@ -203,6 +197,16 @@ ngx_http_static_handler(ngx_http_request #endif + if (r->method & NGX_HTTP_POST) { + return NGX_HTTP_NOT_ALLOWED; + } + + rc = ngx_http_discard_request_body(r); + + if (rc != NGX_OK) { + return rc; + } + log->action = "sending response to client"; r->headers_out.status = NGX_HTTP_OK; diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -47,7 +47,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '0.7.10'; +our $VERSION = '0.7.11'; require XSLoader; XSLoader::load('nginx', $VERSION); diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -789,7 +789,7 @@ ngx_http_core_find_config_phase(ngx_http rc = ngx_http_core_find_location(r); - if (rc == NGX_HTTP_INTERNAL_SERVER_ERROR) { + if (rc == NGX_ERROR) { ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); return NGX_OK; } @@ -1117,18 +1117,41 @@ ngx_http_update_location_config(ngx_http } +/* + * NGX_OK - exact or regex match + * NGX_DONE - auto redirect + * NGX_AGAIN - inclusive match + * NGX_ERROR - regex error + * NGX_DECLINED - no match + */ + static ngx_int_t ngx_http_core_find_location(ngx_http_request_t *r) { ngx_int_t rc; ngx_http_core_loc_conf_t *pclcf; +#if (NGX_PCRE) + ngx_int_t n; + ngx_uint_t noregex; + ngx_http_core_loc_conf_t *clcf, **clcfp; + + noregex = 0; +#endif pclcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); rc = ngx_http_core_find_static_location(r, pclcf->static_locations); if (rc == NGX_AGAIN) { + +#if (NGX_PCRE) + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + noregex = clcf->noregex; +#endif + /* look up nested locations */ + rc = ngx_http_core_find_location(r); } @@ -1139,13 +1162,8 @@ ngx_http_core_find_location(ngx_http_req /* rc == NGX_DECLINED or rc == NGX_AGAIN in nested location */ #if (NGX_PCRE) - { - ngx_int_t n; - ngx_http_core_loc_conf_t *clcf, **clcfp; - - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - - if (clcf->noregex == 0 && pclcf->regex_locations) { + + if (noregex == 0 && pclcf->regex_locations) { for (clcfp = pclcf->regex_locations; *clcfp; clcfp++) { @@ -1163,7 +1181,7 @@ ngx_http_core_find_location(ngx_http_req ngx_regex_exec_n " failed: %d on \"%V\" using \"%V\"", n, &r->uri, &(*clcfp)->name); - return NGX_HTTP_INTERNAL_SERVER_ERROR; + return NGX_ERROR; } /* match */ @@ -1172,10 +1190,11 @@ ngx_http_core_find_location(ngx_http_req /* look up nested locations */ - return ngx_http_core_find_location(r); + rc = ngx_http_core_find_location(r); + + return (rc == NGX_ERROR) ? rc : NGX_OK; } } - } #endif return rc; diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -789,10 +789,12 @@ ngx_http_upstream_ssl_init_connection(ng c->sendfile = 0; u->output.sendfile = 0; - if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { - ngx_http_upstream_finalize_request(r, u, - NGX_HTTP_INTERNAL_SERVER_ERROR); - return; + if (u->conf->ssl_session_reuse) { + if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { + ngx_http_upstream_finalize_request(r, u, + NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } } r->connection->log->action = "SSL handshaking to upstream"; @@ -819,7 +821,9 @@ ngx_http_upstream_ssl_handshake(ngx_conn if (c->ssl->handshaked) { - u->peer.save_session(&u->peer, u->peer.data); + if (u->conf->ssl_session_reuse) { + u->peer.save_session(&u->peer, u->peer.data); + } c->write->handler = ngx_http_upstream_send_request_handler; c->read->handler = ngx_http_upstream_process_header; @@ -1300,6 +1304,8 @@ ngx_http_upstream_process_header(ngx_eve r->method = NGX_HTTP_GET; } + r->valid_unparsed_uri = 0; + ngx_http_internal_redirect(r, uri, &args); return; } diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h @@ -148,6 +148,7 @@ typedef struct { #if (NGX_HTTP_SSL) ngx_ssl_t *ssl; + ngx_flag_t ssl_session_reuse; #endif } ngx_http_upstream_conf_t; diff --git a/src/os/unix/ngx_files.h b/src/os/unix/ngx_files.h --- a/src/os/unix/ngx_files.h +++ b/src/os/unix/ngx_files.h @@ -58,7 +58,11 @@ ngx_fd_t ngx_open_tempfile(u_char *name, ssize_t ngx_read_file(ngx_file_t *file, u_char *buf, size_t size, off_t offset); +#if (NGX_HAVE_PREAD) +#define ngx_read_file_n "pread()" +#else #define ngx_read_file_n "read()" +#endif ssize_t ngx_write_file(ngx_file_t *file, u_char *buf, size_t size, off_t offset);