Mercurial > hg > nginx
annotate src/stream/ngx_stream_proxy_module.c @ 8053:9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
To ensure optimal use of memory, SSL contexts for proxying are now
inherited from previous levels as long as relevant proxy_ssl_* directives
are not redefined.
Further, when no proxy_ssl_* directives are redefined in a server block,
we now preserve plcf->upstream.ssl in the "http" section configuration
to inherit it to all servers.
Similar changes made in uwsgi, grpc, and stream proxy.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 29 Jun 2022 02:47:45 +0300 |
parents | 457afc332c67 |
children | 17d6a537fb1b b30bec3d71d6 |
rev | line source |
---|---|
6115 | 1 |
2 /* | |
3 * Copyright (C) Roman Arutyunyan | |
4 * Copyright (C) Nginx, Inc. | |
5 */ | |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_stream.h> | |
11 | |
12 | |
13 typedef struct { | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
14 ngx_addr_t *addr; |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
15 ngx_stream_complex_value_t *value; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
16 #if (NGX_HAVE_TRANSPARENT_PROXY) |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
17 ngx_uint_t transparent; /* unsigned transparent:1; */ |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
18 #endif |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
19 } ngx_stream_upstream_local_t; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
20 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
21 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
22 typedef struct { |
6115 | 23 ngx_msec_t connect_timeout; |
24 ngx_msec_t timeout; | |
25 ngx_msec_t next_upstream_timeout; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
26 size_t buffer_size; |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
27 ngx_stream_complex_value_t *upload_rate; |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
28 ngx_stream_complex_value_t *download_rate; |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
29 ngx_uint_t requests; |
6436 | 30 ngx_uint_t responses; |
6115 | 31 ngx_uint_t next_upstream_tries; |
32 ngx_flag_t next_upstream; | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
33 ngx_flag_t proxy_protocol; |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
34 ngx_flag_t half_close; |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
35 ngx_stream_upstream_local_t *local; |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
36 ngx_flag_t socket_keepalive; |
6115 | 37 |
38 #if (NGX_STREAM_SSL) | |
39 ngx_flag_t ssl_enable; | |
40 ngx_flag_t ssl_session_reuse; | |
41 ngx_uint_t ssl_protocols; | |
42 ngx_str_t ssl_ciphers; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
43 ngx_stream_complex_value_t *ssl_name; |
6115 | 44 ngx_flag_t ssl_server_name; |
45 | |
46 ngx_flag_t ssl_verify; | |
47 ngx_uint_t ssl_verify_depth; | |
48 ngx_str_t ssl_trusted_certificate; | |
49 ngx_str_t ssl_crl; | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
50 ngx_stream_complex_value_t *ssl_certificate; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
51 ngx_stream_complex_value_t *ssl_certificate_key; |
6115 | 52 ngx_array_t *ssl_passwords; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
53 ngx_array_t *ssl_conf_commands; |
6115 | 54 |
55 ngx_ssl_t *ssl; | |
56 #endif | |
57 | |
58 ngx_stream_upstream_srv_conf_t *upstream; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
59 ngx_stream_complex_value_t *upstream_value; |
6115 | 60 } ngx_stream_proxy_srv_conf_t; |
61 | |
62 | |
63 static void ngx_stream_proxy_handler(ngx_stream_session_t *s); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
64 static ngx_int_t ngx_stream_proxy_eval(ngx_stream_session_t *s, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
65 ngx_stream_proxy_srv_conf_t *pscf); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
66 static ngx_int_t ngx_stream_proxy_set_local(ngx_stream_session_t *s, |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
67 ngx_stream_upstream_t *u, ngx_stream_upstream_local_t *local); |
6115 | 68 static void ngx_stream_proxy_connect(ngx_stream_session_t *s); |
69 static void ngx_stream_proxy_init_upstream(ngx_stream_session_t *s); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
70 static void ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx); |
6115 | 71 static void ngx_stream_proxy_upstream_handler(ngx_event_t *ev); |
72 static void ngx_stream_proxy_downstream_handler(ngx_event_t *ev); | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
73 static void ngx_stream_proxy_process_connection(ngx_event_t *ev, |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
74 ngx_uint_t from_upstream); |
6115 | 75 static void ngx_stream_proxy_connect_handler(ngx_event_t *ev); |
76 static ngx_int_t ngx_stream_proxy_test_connect(ngx_connection_t *c); | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
77 static void ngx_stream_proxy_process(ngx_stream_session_t *s, |
6115 | 78 ngx_uint_t from_upstream, ngx_uint_t do_write); |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
79 static ngx_int_t ngx_stream_proxy_test_finalize(ngx_stream_session_t *s, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
80 ngx_uint_t from_upstream); |
6115 | 81 static void ngx_stream_proxy_next_upstream(ngx_stream_session_t *s); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
82 static void ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc); |
6115 | 83 static u_char *ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, |
84 size_t len); | |
85 | |
86 static void *ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf); | |
87 static char *ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, | |
88 void *child); | |
89 static char *ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, | |
90 void *conf); | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
91 static char *ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
92 void *conf); |
6115 | 93 |
94 #if (NGX_STREAM_SSL) | |
95 | |
6692 | 96 static ngx_int_t ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s); |
6115 | 97 static char *ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, |
98 ngx_command_t *cmd, void *conf); | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
99 static char *ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
100 void *data); |
6115 | 101 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); |
102 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
103 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c); |
6115 | 104 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
105 static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s); |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
106 static ngx_int_t ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
107 ngx_stream_proxy_srv_conf_t *conf, ngx_stream_proxy_srv_conf_t *prev); |
6115 | 108 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, |
109 ngx_stream_proxy_srv_conf_t *pscf); | |
110 | |
111 | |
112 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { | |
113 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
114 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
115 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
116 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
117 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
6981
08dc60979133
SSL: added support for TLSv1.3 in ssl_protocols directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6868
diff
changeset
|
118 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, |
6115 | 119 { ngx_null_string, 0 } |
120 }; | |
121 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
122 static ngx_conf_post_t ngx_stream_proxy_ssl_conf_command_post = |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
123 { ngx_stream_proxy_ssl_conf_command_check }; |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
124 |
6115 | 125 #endif |
126 | |
127 | |
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
128 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_downstream_buffer = { |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
129 ngx_conf_deprecated, "proxy_downstream_buffer", "proxy_buffer_size" |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
130 }; |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
131 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
132 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_upstream_buffer = { |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
133 ngx_conf_deprecated, "proxy_upstream_buffer", "proxy_buffer_size" |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
134 }; |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
135 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
136 |
6115 | 137 static ngx_command_t ngx_stream_proxy_commands[] = { |
138 | |
139 { ngx_string("proxy_pass"), | |
140 NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
141 ngx_stream_proxy_pass, | |
142 NGX_STREAM_SRV_CONF_OFFSET, | |
143 0, | |
144 NULL }, | |
145 | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
146 { ngx_string("proxy_bind"), |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
147 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE12, |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
148 ngx_stream_proxy_bind, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
149 NGX_STREAM_SRV_CONF_OFFSET, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
150 0, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
151 NULL }, |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
152 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
153 { ngx_string("proxy_socket_keepalive"), |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
154 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
155 ngx_conf_set_flag_slot, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
156 NGX_STREAM_SRV_CONF_OFFSET, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
157 offsetof(ngx_stream_proxy_srv_conf_t, socket_keepalive), |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
158 NULL }, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
159 |
6115 | 160 { ngx_string("proxy_connect_timeout"), |
161 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
162 ngx_conf_set_msec_slot, | |
163 NGX_STREAM_SRV_CONF_OFFSET, | |
164 offsetof(ngx_stream_proxy_srv_conf_t, connect_timeout), | |
165 NULL }, | |
166 | |
167 { ngx_string("proxy_timeout"), | |
168 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
169 ngx_conf_set_msec_slot, | |
170 NGX_STREAM_SRV_CONF_OFFSET, | |
171 offsetof(ngx_stream_proxy_srv_conf_t, timeout), | |
172 NULL }, | |
173 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
174 { ngx_string("proxy_buffer_size"), |
6115 | 175 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
176 ngx_conf_set_size_slot, | |
177 NGX_STREAM_SRV_CONF_OFFSET, | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
178 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
6115 | 179 NULL }, |
180 | |
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
181 { ngx_string("proxy_downstream_buffer"), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
182 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
183 ngx_conf_set_size_slot, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
184 NGX_STREAM_SRV_CONF_OFFSET, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
185 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
186 &ngx_conf_deprecated_proxy_downstream_buffer }, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
187 |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
188 { ngx_string("proxy_upstream_buffer"), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
189 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
190 ngx_conf_set_size_slot, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
191 NGX_STREAM_SRV_CONF_OFFSET, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
192 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
193 &ngx_conf_deprecated_proxy_upstream_buffer }, |
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
194 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
195 { ngx_string("proxy_upload_rate"), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
196 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
197 ngx_stream_set_complex_value_size_slot, |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
198 NGX_STREAM_SRV_CONF_OFFSET, |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
199 offsetof(ngx_stream_proxy_srv_conf_t, upload_rate), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
200 NULL }, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
201 |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
202 { ngx_string("proxy_download_rate"), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
203 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
204 ngx_stream_set_complex_value_size_slot, |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
205 NGX_STREAM_SRV_CONF_OFFSET, |
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
206 offsetof(ngx_stream_proxy_srv_conf_t, download_rate), |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
207 NULL }, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
208 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
209 { ngx_string("proxy_requests"), |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
210 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
211 ngx_conf_set_num_slot, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
212 NGX_STREAM_SRV_CONF_OFFSET, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
213 offsetof(ngx_stream_proxy_srv_conf_t, requests), |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
214 NULL }, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
215 |
6436 | 216 { ngx_string("proxy_responses"), |
217 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
218 ngx_conf_set_num_slot, | |
219 NGX_STREAM_SRV_CONF_OFFSET, | |
220 offsetof(ngx_stream_proxy_srv_conf_t, responses), | |
221 NULL }, | |
222 | |
6115 | 223 { ngx_string("proxy_next_upstream"), |
224 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
225 ngx_conf_set_flag_slot, | |
226 NGX_STREAM_SRV_CONF_OFFSET, | |
227 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream), | |
228 NULL }, | |
229 | |
230 { ngx_string("proxy_next_upstream_tries"), | |
231 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
232 ngx_conf_set_num_slot, | |
233 NGX_STREAM_SRV_CONF_OFFSET, | |
234 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_tries), | |
235 NULL }, | |
236 | |
237 { ngx_string("proxy_next_upstream_timeout"), | |
238 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
239 ngx_conf_set_msec_slot, | |
240 NGX_STREAM_SRV_CONF_OFFSET, | |
241 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_timeout), | |
242 NULL }, | |
243 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
244 { ngx_string("proxy_protocol"), |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
245 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
246 ngx_conf_set_flag_slot, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
247 NGX_STREAM_SRV_CONF_OFFSET, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
248 offsetof(ngx_stream_proxy_srv_conf_t, proxy_protocol), |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
249 NULL }, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
250 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
251 { ngx_string("proxy_half_close"), |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
252 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
253 ngx_conf_set_flag_slot, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
254 NGX_STREAM_SRV_CONF_OFFSET, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
255 offsetof(ngx_stream_proxy_srv_conf_t, half_close), |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
256 NULL }, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
257 |
6115 | 258 #if (NGX_STREAM_SSL) |
259 | |
260 { ngx_string("proxy_ssl"), | |
261 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
262 ngx_conf_set_flag_slot, | |
263 NGX_STREAM_SRV_CONF_OFFSET, | |
264 offsetof(ngx_stream_proxy_srv_conf_t, ssl_enable), | |
265 NULL }, | |
266 | |
267 { ngx_string("proxy_ssl_session_reuse"), | |
268 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
269 ngx_conf_set_flag_slot, | |
270 NGX_STREAM_SRV_CONF_OFFSET, | |
271 offsetof(ngx_stream_proxy_srv_conf_t, ssl_session_reuse), | |
272 NULL }, | |
273 | |
274 { ngx_string("proxy_ssl_protocols"), | |
275 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_1MORE, | |
276 ngx_conf_set_bitmask_slot, | |
277 NGX_STREAM_SRV_CONF_OFFSET, | |
278 offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols), | |
279 &ngx_stream_proxy_ssl_protocols }, | |
280 | |
281 { ngx_string("proxy_ssl_ciphers"), | |
282 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
283 ngx_conf_set_str_slot, | |
284 NGX_STREAM_SRV_CONF_OFFSET, | |
285 offsetof(ngx_stream_proxy_srv_conf_t, ssl_ciphers), | |
286 NULL }, | |
287 | |
288 { ngx_string("proxy_ssl_name"), | |
289 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
290 ngx_stream_set_complex_value_slot, |
6115 | 291 NGX_STREAM_SRV_CONF_OFFSET, |
292 offsetof(ngx_stream_proxy_srv_conf_t, ssl_name), | |
293 NULL }, | |
294 | |
295 { ngx_string("proxy_ssl_server_name"), | |
296 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
297 ngx_conf_set_flag_slot, | |
298 NGX_STREAM_SRV_CONF_OFFSET, | |
299 offsetof(ngx_stream_proxy_srv_conf_t, ssl_server_name), | |
300 NULL }, | |
301 | |
302 { ngx_string("proxy_ssl_verify"), | |
303 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
304 ngx_conf_set_flag_slot, | |
305 NGX_STREAM_SRV_CONF_OFFSET, | |
306 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify), | |
307 NULL }, | |
308 | |
309 { ngx_string("proxy_ssl_verify_depth"), | |
310 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
311 ngx_conf_set_num_slot, | |
312 NGX_STREAM_SRV_CONF_OFFSET, | |
313 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify_depth), | |
314 NULL }, | |
315 | |
316 { ngx_string("proxy_ssl_trusted_certificate"), | |
317 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
318 ngx_conf_set_str_slot, | |
319 NGX_STREAM_SRV_CONF_OFFSET, | |
320 offsetof(ngx_stream_proxy_srv_conf_t, ssl_trusted_certificate), | |
321 NULL }, | |
322 | |
323 { ngx_string("proxy_ssl_crl"), | |
324 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
325 ngx_conf_set_str_slot, | |
326 NGX_STREAM_SRV_CONF_OFFSET, | |
327 offsetof(ngx_stream_proxy_srv_conf_t, ssl_crl), | |
328 NULL }, | |
329 | |
330 { ngx_string("proxy_ssl_certificate"), | |
331 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
332 ngx_stream_set_complex_value_zero_slot, |
6115 | 333 NGX_STREAM_SRV_CONF_OFFSET, |
334 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate), | |
335 NULL }, | |
336 | |
337 { ngx_string("proxy_ssl_certificate_key"), | |
338 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
339 ngx_stream_set_complex_value_zero_slot, |
6115 | 340 NGX_STREAM_SRV_CONF_OFFSET, |
341 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate_key), | |
342 NULL }, | |
343 | |
344 { ngx_string("proxy_ssl_password_file"), | |
345 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
346 ngx_stream_proxy_ssl_password_file, | |
347 NGX_STREAM_SRV_CONF_OFFSET, | |
348 0, | |
349 NULL }, | |
350 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
351 { ngx_string("proxy_ssl_conf_command"), |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
352 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE2, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
353 ngx_conf_set_keyval_slot, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
354 NGX_STREAM_SRV_CONF_OFFSET, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
355 offsetof(ngx_stream_proxy_srv_conf_t, ssl_conf_commands), |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
356 &ngx_stream_proxy_ssl_conf_command_post }, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
357 |
6115 | 358 #endif |
359 | |
360 ngx_null_command | |
361 }; | |
362 | |
363 | |
364 static ngx_stream_module_t ngx_stream_proxy_module_ctx = { | |
6606
2f41d383c9c7
Stream: added preconfiguration step.
Vladimir Homutov <vl@nginx.com>
parents:
6599
diff
changeset
|
365 NULL, /* preconfiguration */ |
6174
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
366 NULL, /* postconfiguration */ |
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
367 |
6115 | 368 NULL, /* create main configuration */ |
369 NULL, /* init main configuration */ | |
370 | |
371 ngx_stream_proxy_create_srv_conf, /* create server configuration */ | |
372 ngx_stream_proxy_merge_srv_conf /* merge server configuration */ | |
373 }; | |
374 | |
375 | |
376 ngx_module_t ngx_stream_proxy_module = { | |
377 NGX_MODULE_V1, | |
378 &ngx_stream_proxy_module_ctx, /* module context */ | |
379 ngx_stream_proxy_commands, /* module directives */ | |
380 NGX_STREAM_MODULE, /* module type */ | |
381 NULL, /* init master */ | |
382 NULL, /* init module */ | |
383 NULL, /* init process */ | |
384 NULL, /* init thread */ | |
385 NULL, /* exit thread */ | |
386 NULL, /* exit process */ | |
387 NULL, /* exit master */ | |
388 NGX_MODULE_V1_PADDING | |
389 }; | |
390 | |
391 | |
392 static void | |
393 ngx_stream_proxy_handler(ngx_stream_session_t *s) | |
394 { | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
395 u_char *p; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
396 ngx_str_t *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
397 ngx_uint_t i; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
398 ngx_connection_t *c; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
399 ngx_resolver_ctx_t *ctx, temp; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
400 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
401 ngx_stream_core_srv_conf_t *cscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
402 ngx_stream_proxy_srv_conf_t *pscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
403 ngx_stream_upstream_srv_conf_t *uscf, **uscfp; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
404 ngx_stream_upstream_main_conf_t *umcf; |
6115 | 405 |
406 c = s->connection; | |
407 | |
408 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
409 | |
410 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
411 "proxy connection handler"); | |
412 | |
413 u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t)); | |
414 if (u == NULL) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
415 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 416 return; |
417 } | |
418 | |
419 s->upstream = u; | |
420 | |
421 s->log_handler = ngx_stream_proxy_log_error; | |
422 | |
7286 | 423 u->requests = 1; |
424 | |
6115 | 425 u->peer.log = c->log; |
426 u->peer.log_error = NGX_ERROR_ERR; | |
427 | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
428 if (ngx_stream_proxy_set_local(s, u, pscf->local) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
429 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
430 return; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
431 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
432 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
433 if (pscf->socket_keepalive) { |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
434 u->peer.so_keepalive = 1; |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
435 } |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
436 |
6436 | 437 u->peer.type = c->type; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
438 u->start_sec = ngx_time(); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
439 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
440 c->write->handler = ngx_stream_proxy_downstream_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
441 c->read->handler = ngx_stream_proxy_downstream_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
442 |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
443 s->upstream_states = ngx_array_create(c->pool, 1, |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
444 sizeof(ngx_stream_upstream_state_t)); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
445 if (s->upstream_states == NULL) { |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
446 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
447 return; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
448 } |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
449 |
7286 | 450 p = ngx_pnalloc(c->pool, pscf->buffer_size); |
451 if (p == NULL) { | |
452 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
453 return; | |
454 } | |
455 | |
456 u->downstream_buf.start = p; | |
457 u->downstream_buf.end = p + pscf->buffer_size; | |
458 u->downstream_buf.pos = p; | |
459 u->downstream_buf.last = p; | |
460 | |
461 if (c->read->ready) { | |
462 ngx_post_event(c->read, &ngx_posted_events); | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
463 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
464 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
465 if (pscf->upstream_value) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
466 if (ngx_stream_proxy_eval(s, pscf) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
467 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
468 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
469 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
470 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
471 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
472 if (u->resolved == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
473 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
474 uscf = pscf->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
475 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
476 } else { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
477 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
478 #if (NGX_STREAM_SSL) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
479 u->ssl_name = u->resolved->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
480 #endif |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
481 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
482 host = &u->resolved->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
483 |
6786
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
484 umcf = ngx_stream_get_module_main_conf(s, ngx_stream_upstream_module); |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
485 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
486 uscfp = umcf->upstreams.elts; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
487 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
488 for (i = 0; i < umcf->upstreams.nelts; i++) { |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
489 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
490 uscf = uscfp[i]; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
491 |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
492 if (uscf->host.len == host->len |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
493 && ((uscf->port == 0 && u->resolved->no_port) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
494 || uscf->port == u->resolved->port) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
495 && ngx_strncasecmp(uscf->host.data, host->data, host->len) == 0) |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
496 { |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
497 goto found; |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
498 } |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
499 } |
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
500 |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
501 if (u->resolved->sockaddr) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
502 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
503 if (u->resolved->port == 0 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
504 && u->resolved->sockaddr->sa_family != AF_UNIX) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
505 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
506 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
507 "no port in upstream \"%V\"", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
508 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
509 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
510 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
511 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
512 if (ngx_stream_upstream_create_round_robin_peer(s, u->resolved) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
513 != NGX_OK) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
514 { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
515 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
516 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
517 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
518 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
519 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
520 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
521 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
522 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
523 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
524 if (u->resolved->port == 0) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
525 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
526 "no port in upstream \"%V\"", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
527 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
528 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
529 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
530 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
531 temp.name = *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
532 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
533 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
534 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
535 ctx = ngx_resolve_start(cscf->resolver, &temp); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
536 if (ctx == NULL) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
537 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
538 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
539 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
540 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
541 if (ctx == NGX_NO_RESOLVER) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
542 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
543 "no resolver defined to resolve %V", host); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
544 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
545 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
546 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
547 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
548 ctx->name = *host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
549 ctx->handler = ngx_stream_proxy_resolve_handler; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
550 ctx->data = s; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
551 ctx->timeout = cscf->resolver_timeout; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
552 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
553 u->resolved->ctx = ctx; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
554 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
555 if (ngx_resolve_name(ctx) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
556 u->resolved->ctx = NULL; |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
557 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
558 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
559 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
560 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
561 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
562 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
563 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
564 found: |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
565 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
566 if (uscf == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
567 ngx_log_error(NGX_LOG_ALERT, c->log, 0, "no upstream configuration"); |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
568 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
569 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
570 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
571 |
6703
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
572 u->upstream = uscf; |
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
573 |
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
574 #if (NGX_STREAM_SSL) |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
575 u->ssl_name = uscf->host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
576 #endif |
6115 | 577 |
578 if (uscf->peer.init(s, uscf) != NGX_OK) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
579 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 580 return; |
581 } | |
582 | |
583 u->peer.start_time = ngx_current_msec; | |
584 | |
585 if (pscf->next_upstream_tries | |
586 && u->peer.tries > pscf->next_upstream_tries) | |
587 { | |
588 u->peer.tries = pscf->next_upstream_tries; | |
589 } | |
590 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
591 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
592 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
593 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
594 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
595 static ngx_int_t |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
596 ngx_stream_proxy_eval(ngx_stream_session_t *s, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
597 ngx_stream_proxy_srv_conf_t *pscf) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
598 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
599 ngx_str_t host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
600 ngx_url_t url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
601 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
602 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
603 if (ngx_stream_complex_value(s, pscf->upstream_value, &host) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
604 return NGX_ERROR; |
6115 | 605 } |
606 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
607 ngx_memzero(&url, sizeof(ngx_url_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
608 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
609 url.url = host; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
610 url.no_resolve = 1; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
611 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
612 if (ngx_parse_url(s->connection->pool, &url) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
613 if (url.err) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
614 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
615 "%s in upstream \"%V\"", url.err, &url.url); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
616 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
617 |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
618 return NGX_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
619 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
620 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
621 u = s->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
622 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
623 u->resolved = ngx_pcalloc(s->connection->pool, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
624 sizeof(ngx_stream_upstream_resolved_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
625 if (u->resolved == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
626 return NGX_ERROR; |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
627 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
628 |
6784
1af120241cde
Upstream: removed unnecessary condition in proxy_eval() and friends.
Ruslan Ermilov <ru@nginx.com>
parents:
6777
diff
changeset
|
629 if (url.addrs) { |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
630 u->resolved->sockaddr = url.addrs[0].sockaddr; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
631 u->resolved->socklen = url.addrs[0].socklen; |
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
632 u->resolved->name = url.addrs[0].name; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
633 u->resolved->naddrs = 1; |
6115 | 634 } |
635 | |
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
636 u->resolved->host = url.host; |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
637 u->resolved->port = url.port; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
638 u->resolved->no_port = url.no_port; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
639 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
640 return NGX_OK; |
6115 | 641 } |
642 | |
643 | |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
644 static ngx_int_t |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
645 ngx_stream_proxy_set_local(ngx_stream_session_t *s, ngx_stream_upstream_t *u, |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
646 ngx_stream_upstream_local_t *local) |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
647 { |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
648 ngx_int_t rc; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
649 ngx_str_t val; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
650 ngx_addr_t *addr; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
651 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
652 if (local == NULL) { |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
653 u->peer.local = NULL; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
654 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
655 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
656 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
657 #if (NGX_HAVE_TRANSPARENT_PROXY) |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
658 u->peer.transparent = local->transparent; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
659 #endif |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
660 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
661 if (local->value == NULL) { |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
662 u->peer.local = local->addr; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
663 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
664 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
665 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
666 if (ngx_stream_complex_value(s, local->value, &val) != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
667 return NGX_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
668 } |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
669 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
670 if (val.len == 0) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
671 return NGX_OK; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
672 } |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
673 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
674 addr = ngx_palloc(s->connection->pool, sizeof(ngx_addr_t)); |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
675 if (addr == NULL) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
676 return NGX_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
677 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
678 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
679 rc = ngx_parse_addr_port(s->connection->pool, addr, val.data, val.len); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
680 if (rc == NGX_ERROR) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
681 return NGX_ERROR; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
682 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
683 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
684 if (rc != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
685 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
686 "invalid local address \"%V\"", &val); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
687 return NGX_OK; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
688 } |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
689 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
690 addr->name = val; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
691 u->peer.local = addr; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
692 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
693 return NGX_OK; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
694 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
695 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
696 |
6115 | 697 static void |
698 ngx_stream_proxy_connect(ngx_stream_session_t *s) | |
699 { | |
700 ngx_int_t rc; | |
701 ngx_connection_t *c, *pc; | |
702 ngx_stream_upstream_t *u; | |
703 ngx_stream_proxy_srv_conf_t *pscf; | |
704 | |
705 c = s->connection; | |
706 | |
707 c->log->action = "connecting to upstream"; | |
708 | |
6692 | 709 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
710 | |
6115 | 711 u = s->upstream; |
712 | |
6692 | 713 u->connected = 0; |
714 u->proxy_protocol = pscf->proxy_protocol; | |
715 | |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
716 if (u->state) { |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
717 u->state->response_time = ngx_current_msec - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
718 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
719 |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
720 u->state = ngx_array_push(s->upstream_states); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
721 if (u->state == NULL) { |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
722 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
723 return; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
724 } |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
725 |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
726 ngx_memzero(u->state, sizeof(ngx_stream_upstream_state_t)); |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
727 |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
728 u->start_time = ngx_current_msec; |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
729 |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
730 u->state->connect_time = (ngx_msec_t) -1; |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
731 u->state->first_byte_time = (ngx_msec_t) -1; |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
732 u->state->response_time = (ngx_msec_t) -1; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
733 |
6115 | 734 rc = ngx_event_connect_peer(&u->peer); |
735 | |
736 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, "proxy connect: %i", rc); | |
737 | |
738 if (rc == NGX_ERROR) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
739 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 740 return; |
741 } | |
742 | |
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
743 u->state->peer = u->peer.name; |
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
744 |
6115 | 745 if (rc == NGX_BUSY) { |
746 ngx_log_error(NGX_LOG_ERR, c->log, 0, "no live upstreams"); | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
747 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
6115 | 748 return; |
749 } | |
750 | |
751 if (rc == NGX_DECLINED) { | |
752 ngx_stream_proxy_next_upstream(s); | |
753 return; | |
754 } | |
755 | |
756 /* rc == NGX_OK || rc == NGX_AGAIN || rc == NGX_DONE */ | |
757 | |
758 pc = u->peer.connection; | |
759 | |
760 pc->data = s; | |
761 pc->log = c->log; | |
762 pc->pool = c->pool; | |
763 pc->read->log = c->log; | |
764 pc->write->log = c->log; | |
765 | |
766 if (rc != NGX_AGAIN) { | |
767 ngx_stream_proxy_init_upstream(s); | |
768 return; | |
769 } | |
770 | |
771 pc->read->handler = ngx_stream_proxy_connect_handler; | |
772 pc->write->handler = ngx_stream_proxy_connect_handler; | |
773 | |
774 ngx_add_timer(pc->write, pscf->connect_timeout); | |
775 } | |
776 | |
777 | |
778 static void | |
779 ngx_stream_proxy_init_upstream(ngx_stream_session_t *s) | |
780 { | |
781 u_char *p; | |
6692 | 782 ngx_chain_t *cl; |
6115 | 783 ngx_connection_t *c, *pc; |
784 ngx_log_handler_pt handler; | |
785 ngx_stream_upstream_t *u; | |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
786 ngx_stream_core_srv_conf_t *cscf; |
6115 | 787 ngx_stream_proxy_srv_conf_t *pscf; |
788 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
789 u = s->upstream; |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
790 pc = u->peer.connection; |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
791 |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
792 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
793 |
6436 | 794 if (pc->type == SOCK_STREAM |
795 && cscf->tcp_nodelay | |
7007
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
796 && ngx_tcp_nodelay(pc) != NGX_OK) |
6436 | 797 { |
7007
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
798 ngx_stream_proxy_next_upstream(s); |
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
799 return; |
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
800 } |
6115 | 801 |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
802 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
6115 | 803 |
804 #if (NGX_STREAM_SSL) | |
6692 | 805 |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
806 if (pc->type == SOCK_STREAM && pscf->ssl_enable) { |
6692 | 807 |
808 if (u->proxy_protocol) { | |
809 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { | |
810 return; | |
811 } | |
812 | |
813 u->proxy_protocol = 0; | |
814 } | |
815 | |
816 if (pc->ssl == NULL) { | |
817 ngx_stream_proxy_ssl_init_connection(s); | |
818 return; | |
819 } | |
6115 | 820 } |
6692 | 821 |
6115 | 822 #endif |
823 | |
824 c = s->connection; | |
825 | |
826 if (c->log->log_level >= NGX_LOG_INFO) { | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
827 ngx_str_t str; |
6115 | 828 u_char addr[NGX_SOCKADDR_STRLEN]; |
829 | |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
830 str.len = NGX_SOCKADDR_STRLEN; |
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
831 str.data = addr; |
6115 | 832 |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
833 if (ngx_connection_local_sockaddr(pc, &str, 1) == NGX_OK) { |
6115 | 834 handler = c->log->handler; |
835 c->log->handler = NULL; | |
836 | |
6461
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
837 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
838 "%sproxy %V connected to %V", |
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
839 pc->type == SOCK_DGRAM ? "udp " : "", |
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
840 &str, u->peer.name); |
6115 | 841 |
842 c->log->handler = handler; | |
843 } | |
844 } | |
845 | |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
846 u->state->connect_time = ngx_current_msec - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
847 |
6863
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
848 if (u->peer.notify) { |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
849 u->peer.notify(&u->peer, u->peer.data, |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
850 NGX_STREAM_UPSTREAM_NOTIFY_CONNECT); |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
851 } |
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
852 |
6436 | 853 if (u->upstream_buf.start == NULL) { |
854 p = ngx_pnalloc(c->pool, pscf->buffer_size); | |
855 if (p == NULL) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
856 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6436 | 857 return; |
858 } | |
859 | |
860 u->upstream_buf.start = p; | |
861 u->upstream_buf.end = p + pscf->buffer_size; | |
862 u->upstream_buf.pos = p; | |
863 u->upstream_buf.last = p; | |
6115 | 864 } |
865 | |
7665
d127837c714f
Stream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov <vl@nginx.com>
parents:
7505
diff
changeset
|
866 if (c->buffer && c->buffer->pos <= c->buffer->last) { |
6692 | 867 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
868 "stream proxy add preread buffer: %uz", | |
869 c->buffer->last - c->buffer->pos); | |
870 | |
871 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
872 if (cl == NULL) { | |
873 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
874 return; | |
875 } | |
876 | |
877 *cl->buf = *c->buffer; | |
878 | |
879 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
7665
d127837c714f
Stream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov <vl@nginx.com>
parents:
7505
diff
changeset
|
880 cl->buf->temporary = (cl->buf->pos == cl->buf->last) ? 0 : 1; |
6692 | 881 cl->buf->flush = 1; |
882 | |
883 cl->next = u->upstream_out; | |
884 u->upstream_out = cl; | |
885 } | |
886 | |
887 if (u->proxy_protocol) { | |
888 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
889 "stream proxy add PROXY protocol header"); | |
890 | |
891 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
892 if (cl == NULL) { | |
893 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
894 return; | |
6436 | 895 } |
6692 | 896 |
897 p = ngx_pnalloc(c->pool, NGX_PROXY_PROTOCOL_MAX_HEADER); | |
898 if (p == NULL) { | |
899 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
900 return; | |
901 } | |
902 | |
903 cl->buf->pos = p; | |
904 | |
905 p = ngx_proxy_protocol_write(c, p, p + NGX_PROXY_PROTOCOL_MAX_HEADER); | |
906 if (p == NULL) { | |
907 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
908 return; | |
909 } | |
910 | |
911 cl->buf->last = p; | |
912 cl->buf->temporary = 1; | |
913 cl->buf->flush = 0; | |
914 cl->buf->last_buf = 0; | |
915 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
916 | |
917 cl->next = u->upstream_out; | |
918 u->upstream_out = cl; | |
919 | |
920 u->proxy_protocol = 0; | |
921 } | |
922 | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
923 u->upload_rate = ngx_stream_complex_value_size(s, pscf->upload_rate, 0); |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
924 u->download_rate = ngx_stream_complex_value_size(s, pscf->download_rate, 0); |
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
925 |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
926 u->connected = 1; |
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
927 |
6115 | 928 pc->read->handler = ngx_stream_proxy_upstream_handler; |
929 pc->write->handler = ngx_stream_proxy_upstream_handler; | |
930 | |
7286 | 931 if (pc->read->ready) { |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
932 ngx_post_event(pc->read, &ngx_posted_events); |
6115 | 933 } |
934 | |
935 ngx_stream_proxy_process(s, 0, 1); | |
936 } | |
937 | |
938 | |
6692 | 939 #if (NGX_STREAM_SSL) |
940 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
941 static ngx_int_t |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
942 ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s) |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
943 { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
944 u_char *p; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
945 ssize_t n, size; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
946 ngx_connection_t *c, *pc; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
947 ngx_stream_upstream_t *u; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
948 ngx_stream_proxy_srv_conf_t *pscf; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
949 u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER]; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
950 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
951 c = s->connection; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
952 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
953 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
954 "stream proxy send PROXY protocol header"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
955 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
956 p = ngx_proxy_protocol_write(c, buf, buf + NGX_PROXY_PROTOCOL_MAX_HEADER); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
957 if (p == NULL) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
958 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
959 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
960 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
961 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
962 u = s->upstream; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
963 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
964 pc = u->peer.connection; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
965 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
966 size = p - buf; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
967 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
968 n = pc->send(pc, buf, size); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
969 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
970 if (n == NGX_AGAIN) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
971 if (ngx_handle_write_event(pc->write, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
972 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
973 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
974 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
975 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
976 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
977 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
978 ngx_add_timer(pc->write, pscf->timeout); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
979 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
980 pc->write->handler = ngx_stream_proxy_connect_handler; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
981 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
982 return NGX_AGAIN; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
983 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
984 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
985 if (n == NGX_ERROR) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
986 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
987 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
988 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
989 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
990 if (n != size) { |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
991 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
992 /* |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
993 * PROXY protocol specification: |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
994 * The sender must always ensure that the header |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
995 * is sent at once, so that the transport layer |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
996 * maintains atomicity along the path to the receiver. |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
997 */ |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
998 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
999 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1000 "could not send PROXY protocol header at once"); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1001 |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1002 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1003 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1004 return NGX_ERROR; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1005 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1006 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1007 return NGX_OK; |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1008 } |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1009 |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1010 |
6115 | 1011 static char * |
1012 ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
1013 void *conf) | |
1014 { | |
1015 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
1016 | |
1017 ngx_str_t *value; | |
1018 | |
1019 if (pscf->ssl_passwords != NGX_CONF_UNSET_PTR) { | |
1020 return "is duplicate"; | |
1021 } | |
1022 | |
1023 value = cf->args->elts; | |
1024 | |
1025 pscf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
1026 | |
1027 if (pscf->ssl_passwords == NULL) { | |
1028 return NGX_CONF_ERROR; | |
1029 } | |
1030 | |
1031 return NGX_CONF_OK; | |
1032 } | |
1033 | |
1034 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1035 static char * |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1036 ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1037 { |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1038 #ifndef SSL_CONF_FLAG_FILE |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1039 return "is not supported on this platform"; |
7787
7ce28b4cc57e
SSL: fixed build by Sun C with old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7731
diff
changeset
|
1040 #else |
7ce28b4cc57e
SSL: fixed build by Sun C with old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7731
diff
changeset
|
1041 return NGX_CONF_OK; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1042 #endif |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1043 } |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1044 |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1045 |
6115 | 1046 static void |
1047 ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) | |
1048 { | |
1049 ngx_int_t rc; | |
1050 ngx_connection_t *pc; | |
1051 ngx_stream_upstream_t *u; | |
1052 ngx_stream_proxy_srv_conf_t *pscf; | |
1053 | |
1054 u = s->upstream; | |
1055 | |
1056 pc = u->peer.connection; | |
1057 | |
1058 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1059 | |
1060 if (ngx_ssl_create_connection(pscf->ssl, pc, NGX_SSL_BUFFER|NGX_SSL_CLIENT) | |
1061 != NGX_OK) | |
1062 { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1063 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1064 return; |
1065 } | |
1066 | |
1067 if (pscf->ssl_server_name || pscf->ssl_verify) { | |
1068 if (ngx_stream_proxy_ssl_name(s) != NGX_OK) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1069 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1070 return; |
1071 } | |
1072 } | |
1073 | |
8042
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1074 if (pscf->ssl_certificate |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1075 && pscf->ssl_certificate->value.len |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1076 && (pscf->ssl_certificate->lengths |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1077 || pscf->ssl_certificate_key->lengths)) |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1078 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1079 if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1080 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1081 return; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1082 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1083 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1084 |
6115 | 1085 if (pscf->ssl_session_reuse) { |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1086 pc->ssl->save_session = ngx_stream_proxy_ssl_save_session; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1087 |
6115 | 1088 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1089 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6115 | 1090 return; |
1091 } | |
1092 } | |
1093 | |
1094 s->connection->log->action = "SSL handshaking to upstream"; | |
1095 | |
1096 rc = ngx_ssl_handshake(pc); | |
1097 | |
1098 if (rc == NGX_AGAIN) { | |
1099 | |
1100 if (!pc->write->timer_set) { | |
1101 ngx_add_timer(pc->write, pscf->connect_timeout); | |
1102 } | |
1103 | |
1104 pc->ssl->handler = ngx_stream_proxy_ssl_handshake; | |
1105 return; | |
1106 } | |
1107 | |
1108 ngx_stream_proxy_ssl_handshake(pc); | |
1109 } | |
1110 | |
1111 | |
1112 static void | |
1113 ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc) | |
1114 { | |
1115 long rc; | |
1116 ngx_stream_session_t *s; | |
1117 ngx_stream_upstream_t *u; | |
1118 ngx_stream_proxy_srv_conf_t *pscf; | |
1119 | |
1120 s = pc->data; | |
1121 | |
1122 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1123 | |
1124 if (pc->ssl->handshaked) { | |
1125 | |
1126 if (pscf->ssl_verify) { | |
1127 rc = SSL_get_verify_result(pc->ssl->connection); | |
1128 | |
1129 if (rc != X509_V_OK) { | |
1130 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
1131 "upstream SSL certificate verify error: (%l:%s)", | |
1132 rc, X509_verify_cert_error_string(rc)); | |
1133 goto failed; | |
1134 } | |
1135 | |
1136 u = s->upstream; | |
1137 | |
1138 if (ngx_ssl_check_host(pc, &u->ssl_name) != NGX_OK) { | |
1139 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
1140 "upstream SSL certificate does not match \"%V\"", | |
1141 &u->ssl_name); | |
1142 goto failed; | |
1143 } | |
1144 } | |
1145 | |
6258
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1146 if (pc->write->timer_set) { |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1147 ngx_del_timer(pc->write); |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1148 } |
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1149 |
6115 | 1150 ngx_stream_proxy_init_upstream(s); |
1151 | |
1152 return; | |
1153 } | |
1154 | |
1155 failed: | |
1156 | |
1157 ngx_stream_proxy_next_upstream(s); | |
1158 } | |
1159 | |
1160 | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1161 static void |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1162 ngx_stream_proxy_ssl_save_session(ngx_connection_t *c) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1163 { |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1164 ngx_stream_session_t *s; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1165 ngx_stream_upstream_t *u; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1166 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1167 s = c->data; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1168 u = s->upstream; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1169 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1170 u->peer.save_session(&u->peer, u->peer.data); |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1171 } |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1172 |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1173 |
6115 | 1174 static ngx_int_t |
1175 ngx_stream_proxy_ssl_name(ngx_stream_session_t *s) | |
1176 { | |
1177 u_char *p, *last; | |
1178 ngx_str_t name; | |
1179 ngx_stream_upstream_t *u; | |
1180 ngx_stream_proxy_srv_conf_t *pscf; | |
1181 | |
1182 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1183 | |
1184 u = s->upstream; | |
1185 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1186 if (pscf->ssl_name) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1187 if (ngx_stream_complex_value(s, pscf->ssl_name, &name) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1188 return NGX_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1189 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1190 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1191 } else { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1192 name = u->ssl_name; |
6115 | 1193 } |
1194 | |
1195 if (name.len == 0) { | |
1196 goto done; | |
1197 } | |
1198 | |
1199 /* | |
1200 * ssl name here may contain port, strip it for compatibility | |
1201 * with the http module | |
1202 */ | |
1203 | |
1204 p = name.data; | |
1205 last = name.data + name.len; | |
1206 | |
1207 if (*p == '[') { | |
1208 p = ngx_strlchr(p, last, ']'); | |
1209 | |
1210 if (p == NULL) { | |
1211 p = name.data; | |
1212 } | |
1213 } | |
1214 | |
1215 p = ngx_strlchr(p, last, ':'); | |
1216 | |
1217 if (p != NULL) { | |
1218 name.len = p - name.data; | |
1219 } | |
1220 | |
1221 if (!pscf->ssl_server_name) { | |
1222 goto done; | |
1223 } | |
1224 | |
1225 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | |
1226 | |
1227 /* as per RFC 6066, literal IPv4 and IPv6 addresses are not permitted */ | |
1228 | |
1229 if (name.len == 0 || *name.data == '[') { | |
1230 goto done; | |
1231 } | |
1232 | |
1233 if (ngx_inet_addr(name.data, name.len) != INADDR_NONE) { | |
1234 goto done; | |
1235 } | |
1236 | |
1237 /* | |
1238 * SSL_set_tlsext_host_name() needs a null-terminated string, | |
1239 * hence we explicitly null-terminate name here | |
1240 */ | |
1241 | |
1242 p = ngx_pnalloc(s->connection->pool, name.len + 1); | |
1243 if (p == NULL) { | |
1244 return NGX_ERROR; | |
1245 } | |
1246 | |
1247 (void) ngx_cpystrn(p, name.data, name.len + 1); | |
1248 | |
1249 name.data = p; | |
1250 | |
1251 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1252 "upstream SSL server name: \"%s\"", name.data); | |
1253 | |
6777
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1254 if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, |
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1255 (char *) name.data) |
6115 | 1256 == 0) |
1257 { | |
1258 ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0, | |
1259 "SSL_set_tlsext_host_name(\"%s\") failed", name.data); | |
1260 return NGX_ERROR; | |
1261 } | |
1262 | |
1263 #endif | |
1264 | |
1265 done: | |
1266 | |
1267 u->ssl_name = name; | |
1268 | |
1269 return NGX_OK; | |
1270 } | |
1271 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1272 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1273 static ngx_int_t |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1274 ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1275 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1276 ngx_str_t cert, key; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1277 ngx_connection_t *c; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1278 ngx_stream_proxy_srv_conf_t *pscf; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1279 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1280 c = s->upstream->peer.connection; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1281 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1282 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1283 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1284 if (ngx_stream_complex_value(s, pscf->ssl_certificate, &cert) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1285 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1286 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1287 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1288 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1289 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1290 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1291 "stream upstream ssl cert: \"%s\"", cert.data); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1292 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1293 if (*cert.data == '\0') { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1294 return NGX_OK; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1295 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1296 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1297 if (ngx_stream_complex_value(s, pscf->ssl_certificate_key, &key) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1298 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1299 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1300 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1301 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1302 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1303 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1304 "stream upstream ssl key: \"%s\"", key.data); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1305 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1306 if (ngx_ssl_connection_certificate(c, c->pool, &cert, &key, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1307 pscf->ssl_passwords) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1308 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1309 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1310 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1311 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1312 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1313 return NGX_OK; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1314 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1315 |
6115 | 1316 #endif |
1317 | |
1318 | |
1319 static void | |
1320 ngx_stream_proxy_downstream_handler(ngx_event_t *ev) | |
1321 { | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1322 ngx_stream_proxy_process_connection(ev, ev->write); |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1323 } |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1324 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1325 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1326 static void |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1327 ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1328 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1329 ngx_stream_session_t *s; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1330 ngx_stream_upstream_t *u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1331 ngx_stream_proxy_srv_conf_t *pscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1332 ngx_stream_upstream_resolved_t *ur; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1333 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1334 s = ctx->data; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1335 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1336 u = s->upstream; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1337 ur = u->resolved; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1338 |
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
1339 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1340 "stream upstream resolve"); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1341 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1342 if (ctx->state) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1343 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1344 "%V could not be resolved (%i: %s)", |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1345 &ctx->name, ctx->state, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1346 ngx_resolver_strerror(ctx->state)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1347 |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1348 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1349 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1350 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1351 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1352 ur->naddrs = ctx->naddrs; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1353 ur->addrs = ctx->addrs; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1354 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1355 #if (NGX_DEBUG) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1356 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1357 u_char text[NGX_SOCKADDR_STRLEN]; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1358 ngx_str_t addr; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1359 ngx_uint_t i; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1360 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1361 addr.data = text; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1362 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1363 for (i = 0; i < ctx->naddrs; i++) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1364 addr.len = ngx_sock_ntop(ur->addrs[i].sockaddr, ur->addrs[i].socklen, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1365 text, NGX_SOCKADDR_STRLEN, 0); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1366 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1367 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1368 "name was resolved to %V", &addr); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1369 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1370 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1371 #endif |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1372 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1373 if (ngx_stream_upstream_create_round_robin_peer(s, ur) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1374 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1375 return; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1376 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1377 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1378 ngx_resolve_name_done(ctx); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1379 ur->ctx = NULL; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1380 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1381 u->peer.start_time = ngx_current_msec; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1382 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1383 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1384 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1385 if (pscf->next_upstream_tries |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1386 && u->peer.tries > pscf->next_upstream_tries) |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1387 { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1388 u->peer.tries = pscf->next_upstream_tries; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1389 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1390 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1391 ngx_stream_proxy_connect(s); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1392 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1393 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1394 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1395 static void |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1396 ngx_stream_proxy_upstream_handler(ngx_event_t *ev) |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1397 { |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1398 ngx_stream_proxy_process_connection(ev, !ev->write); |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1399 } |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1400 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1401 |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1402 static void |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1403 ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream) |
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1404 { |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1405 ngx_connection_t *c, *pc; |
7286 | 1406 ngx_log_handler_pt handler; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1407 ngx_stream_session_t *s; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1408 ngx_stream_upstream_t *u; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1409 ngx_stream_proxy_srv_conf_t *pscf; |
6115 | 1410 |
1411 c = ev->data; | |
1412 s = c->data; | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1413 u = s->upstream; |
6115 | 1414 |
7156
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1415 if (c->close) { |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1416 ngx_log_error(NGX_LOG_INFO, c->log, 0, "shutdown timeout"); |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1417 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1418 return; |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1419 } |
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1420 |
6436 | 1421 c = s->connection; |
1422 pc = u->peer.connection; | |
1423 | |
1424 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1425 | |
6115 | 1426 if (ev->timedout) { |
6436 | 1427 ev->timedout = 0; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1428 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1429 if (ev->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1430 ev->delayed = 0; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1431 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1432 if (!ev->ready) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1433 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1434 ngx_stream_proxy_finalize(s, |
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1435 NGX_STREAM_INTERNAL_SERVER_ERROR); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1436 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1437 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1438 |
6436 | 1439 if (u->connected && !c->read->delayed && !pc->read->delayed) { |
1440 ngx_add_timer(c->write, pscf->timeout); | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1441 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1442 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1443 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1444 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1445 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1446 } else { |
6436 | 1447 if (s->connection->type == SOCK_DGRAM) { |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1448 |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1449 if (pscf->responses == NGX_MAX_INT32_VALUE |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1450 || (u->responses >= pscf->responses * u->requests)) |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1451 { |
6436 | 1452 |
1453 /* | |
1454 * successfully terminate timed out UDP session | |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1455 * if expected number of responses was received |
6436 | 1456 */ |
1457 | |
7286 | 1458 handler = c->log->handler; |
1459 c->log->handler = NULL; | |
1460 | |
1461 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
1462 "udp timed out" | |
1463 ", packets from/to client:%ui/%ui" | |
1464 ", bytes from/to client:%O/%O" | |
1465 ", bytes from/to upstream:%O/%O", | |
1466 u->requests, u->responses, | |
1467 s->received, c->sent, u->received, | |
1468 pc ? pc->sent : 0); | |
1469 | |
1470 c->log->handler = handler; | |
1471 | |
1472 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); | |
6436 | 1473 return; |
1474 } | |
1475 | |
7105
0846dd76a487
Stream: fixed logging UDP upstream timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7098
diff
changeset
|
1476 ngx_connection_error(pc, NGX_ETIMEDOUT, "upstream timed out"); |
0846dd76a487
Stream: fixed logging UDP upstream timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7098
diff
changeset
|
1477 |
7286 | 1478 pc->read->error = 1; |
1479 | |
1480 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); | |
1481 | |
1482 return; | |
6436 | 1483 } |
1484 | |
7286 | 1485 ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out"); |
1486 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1487 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
7286 | 1488 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1489 return; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1490 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1491 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1492 } else if (ev->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1493 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1494 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1495 "stream connection delayed"); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1496 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1497 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1498 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1499 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1500 |
6115 | 1501 return; |
1502 } | |
1503 | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1504 if (from_upstream && !u->connected) { |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1505 return; |
6115 | 1506 } |
1507 | |
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1508 ngx_stream_proxy_process(s, from_upstream, ev->write); |
6115 | 1509 } |
1510 | |
1511 | |
1512 static void | |
1513 ngx_stream_proxy_connect_handler(ngx_event_t *ev) | |
1514 { | |
1515 ngx_connection_t *c; | |
1516 ngx_stream_session_t *s; | |
1517 | |
1518 c = ev->data; | |
1519 s = c->data; | |
1520 | |
1521 if (ev->timedout) { | |
1522 ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out"); | |
1523 ngx_stream_proxy_next_upstream(s); | |
1524 return; | |
1525 } | |
1526 | |
1527 ngx_del_timer(c->write); | |
1528 | |
1529 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
1530 "stream proxy connect upstream"); | |
1531 | |
1532 if (ngx_stream_proxy_test_connect(c) != NGX_OK) { | |
1533 ngx_stream_proxy_next_upstream(s); | |
1534 return; | |
1535 } | |
1536 | |
1537 ngx_stream_proxy_init_upstream(s); | |
1538 } | |
1539 | |
1540 | |
1541 static ngx_int_t | |
1542 ngx_stream_proxy_test_connect(ngx_connection_t *c) | |
1543 { | |
1544 int err; | |
1545 socklen_t len; | |
1546 | |
1547 #if (NGX_HAVE_KQUEUE) | |
1548 | |
1549 if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { | |
1550 err = c->write->kq_errno ? c->write->kq_errno : c->read->kq_errno; | |
1551 | |
1552 if (err) { | |
1553 (void) ngx_connection_error(c, err, | |
1554 "kevent() reported that connect() failed"); | |
1555 return NGX_ERROR; | |
1556 } | |
1557 | |
1558 } else | |
1559 #endif | |
1560 { | |
1561 err = 0; | |
1562 len = sizeof(int); | |
1563 | |
1564 /* | |
1565 * BSDs and Linux return 0 and set a pending error in err | |
1566 * Solaris returns -1 and sets errno | |
1567 */ | |
1568 | |
1569 if (getsockopt(c->fd, SOL_SOCKET, SO_ERROR, (void *) &err, &len) | |
1570 == -1) | |
1571 { | |
1572 err = ngx_socket_errno; | |
1573 } | |
1574 | |
1575 if (err) { | |
1576 (void) ngx_connection_error(c, err, "connect() failed"); | |
1577 return NGX_ERROR; | |
1578 } | |
1579 } | |
1580 | |
1581 return NGX_OK; | |
1582 } | |
1583 | |
1584 | |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1585 static void |
6115 | 1586 ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, |
1587 ngx_uint_t do_write) | |
1588 { | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1589 char *recv_action, *send_action; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1590 off_t *received, limit; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1591 size_t size, limit_rate; |
6115 | 1592 ssize_t n; |
1593 ngx_buf_t *b; | |
6692 | 1594 ngx_int_t rc; |
7286 | 1595 ngx_uint_t flags, *packets; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1596 ngx_msec_t delay; |
6692 | 1597 ngx_chain_t *cl, **ll, **out, **busy; |
6115 | 1598 ngx_connection_t *c, *pc, *src, *dst; |
1599 ngx_log_handler_pt handler; | |
1600 ngx_stream_upstream_t *u; | |
1601 ngx_stream_proxy_srv_conf_t *pscf; | |
1602 | |
1603 u = s->upstream; | |
1604 | |
1605 c = s->connection; | |
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1606 pc = u->connected ? u->peer.connection : NULL; |
6115 | 1607 |
6436 | 1608 if (c->type == SOCK_DGRAM && (ngx_terminate || ngx_exiting)) { |
1609 | |
1610 /* socket is already closed on worker shutdown */ | |
1611 | |
1612 handler = c->log->handler; | |
1613 c->log->handler = NULL; | |
1614 | |
1615 ngx_log_error(NGX_LOG_INFO, c->log, 0, "disconnected on shutdown"); | |
1616 | |
1617 c->log->handler = handler; | |
1618 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1619 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6436 | 1620 return; |
1621 } | |
1622 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1623 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1624 |
6115 | 1625 if (from_upstream) { |
1626 src = pc; | |
1627 dst = c; | |
1628 b = &u->upstream_buf; | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
1629 limit_rate = u->download_rate; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1630 received = &u->received; |
7286 | 1631 packets = &u->responses; |
6692 | 1632 out = &u->downstream_out; |
1633 busy = &u->downstream_busy; | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1634 recv_action = "proxying and reading from upstream"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1635 send_action = "proxying and sending to client"; |
6115 | 1636 |
1637 } else { | |
1638 src = c; | |
1639 dst = pc; | |
1640 b = &u->downstream_buf; | |
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
1641 limit_rate = u->upload_rate; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1642 received = &s->received; |
7286 | 1643 packets = &u->requests; |
6692 | 1644 out = &u->upstream_out; |
1645 busy = &u->upstream_busy; | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1646 recv_action = "proxying and reading from client"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1647 send_action = "proxying and sending to upstream"; |
6115 | 1648 } |
1649 | |
1650 for ( ;; ) { | |
1651 | |
6692 | 1652 if (do_write && dst) { |
1653 | |
1654 if (*out || *busy || dst->buffered) { | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1655 c->log->action = send_action; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1656 |
6692 | 1657 rc = ngx_stream_top_filter(s, *out, from_upstream); |
1658 | |
1659 if (rc == NGX_ERROR) { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1660 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1661 return; |
6115 | 1662 } |
1663 | |
6692 | 1664 ngx_chain_update_chains(c->pool, &u->free, busy, out, |
1665 (ngx_buf_tag_t) &ngx_stream_proxy_module); | |
1666 | |
1667 if (*busy == NULL) { | |
1668 b->pos = b->start; | |
1669 b->last = b->start; | |
6115 | 1670 } |
1671 } | |
1672 } | |
1673 | |
1674 size = b->end - b->last; | |
1675 | |
6868
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1676 if (size && src->read->ready && !src->read->delayed |
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1677 && !src->read->error) |
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1678 { |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1679 if (limit_rate) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1680 limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1) |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1681 - *received; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1682 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1683 if (limit <= 0) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1684 src->read->delayed = 1; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1685 delay = (ngx_msec_t) (- limit * 1000 / limit_rate + 1); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1686 ngx_add_timer(src->read, delay); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1687 break; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1688 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1689 |
7441
8acaa1161783
Stream: do not split datagrams when limiting proxy rate.
Roman Arutyunyan <arut@nginx.com>
parents:
7440
diff
changeset
|
1690 if (c->type == SOCK_STREAM && (off_t) size > limit) { |
6203
fdfdcad62875
Stream: fixed MSVC compilation warning.
Roman Arutyunyan <arut@nginx.com>
parents:
6202
diff
changeset
|
1691 size = (size_t) limit; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1692 } |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1693 } |
6115 | 1694 |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1695 c->log->action = recv_action; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1696 |
6115 | 1697 n = src->recv(src, b->last, size); |
1698 | |
6692 | 1699 if (n == NGX_AGAIN) { |
6115 | 1700 break; |
1701 } | |
1702 | |
6692 | 1703 if (n == NGX_ERROR) { |
1704 src->read->eof = 1; | |
1705 n = 0; | |
1706 } | |
1707 | |
1708 if (n >= 0) { | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1709 if (limit_rate) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1710 delay = (ngx_msec_t) (n * 1000 / limit_rate); |
6115 | 1711 |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1712 if (delay > 0) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1713 src->read->delayed = 1; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1714 ngx_add_timer(src->read, delay); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1715 } |
6115 | 1716 } |
1717 | |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1718 if (from_upstream) { |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1719 if (u->state->first_byte_time == (ngx_msec_t) -1) { |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1720 u->state->first_byte_time = ngx_current_msec |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1721 - u->start_time; |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1722 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1723 } |
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1724 |
6692 | 1725 for (ll = out; *ll; ll = &(*ll)->next) { /* void */ } |
1726 | |
1727 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
1728 if (cl == NULL) { | |
1729 ngx_stream_proxy_finalize(s, | |
1730 NGX_STREAM_INTERNAL_SERVER_ERROR); | |
1731 return; | |
1732 } | |
1733 | |
1734 *ll = cl; | |
1735 | |
1736 cl->buf->pos = b->last; | |
1737 cl->buf->last = b->last + n; | |
1738 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
1739 | |
1740 cl->buf->temporary = (n ? 1 : 0); | |
1741 cl->buf->last_buf = src->read->eof; | |
8044
457afc332c67
Stream: don't flush empty buffers created for read errors.
Aleksei Bavshin <a.bavshin@f5.com>
parents:
8042
diff
changeset
|
1742 cl->buf->flush = !src->read->eof; |
6692 | 1743 |
7286 | 1744 (*packets)++; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1745 *received += n; |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1746 b->last += n; |
6115 | 1747 do_write = 1; |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1748 |
6115 | 1749 continue; |
1750 } | |
1751 } | |
1752 | |
1753 break; | |
1754 } | |
1755 | |
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1756 c->log->action = "proxying connection"; |
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1757 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1758 if (ngx_stream_proxy_test_finalize(s, from_upstream) == NGX_OK) { |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1759 return; |
6115 | 1760 } |
1761 | |
6124
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1762 flags = src->read->eof ? NGX_CLOSE_EVENT : 0; |
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1763 |
7440
6d4bc025c5a7
Prevented scheduling events on a shared connection.
Roman Arutyunyan <arut@nginx.com>
parents:
7397
diff
changeset
|
1764 if (ngx_handle_read_event(src->read, flags) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1765 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1766 return; |
6115 | 1767 } |
1768 | |
1769 if (dst) { | |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1770 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1771 if (dst->type == SOCK_STREAM && pscf->half_close |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1772 && src->read->eof && !u->half_closed && !dst->buffered) |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1773 { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1774 if (ngx_shutdown_socket(dst->fd, NGX_WRITE_SHUTDOWN) == -1) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1775 ngx_connection_error(c, ngx_socket_errno, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1776 ngx_shutdown_socket_n " failed"); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1777 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1778 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1779 return; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1780 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1781 |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1782 u->half_closed = 1; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1783 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1784 "stream proxy %s socket shutdown", |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1785 from_upstream ? "client" : "upstream"); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1786 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1787 |
7440
6d4bc025c5a7
Prevented scheduling events on a shared connection.
Roman Arutyunyan <arut@nginx.com>
parents:
7397
diff
changeset
|
1788 if (ngx_handle_write_event(dst->write, 0) != NGX_OK) { |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1789 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1790 return; |
6115 | 1791 } |
1792 | |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1793 if (!c->read->delayed && !pc->read->delayed) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1794 ngx_add_timer(c->write, pscf->timeout); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1795 |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1796 } else if (c->write->timer_set) { |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1797 ngx_del_timer(c->write); |
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1798 } |
6115 | 1799 } |
1800 } | |
1801 | |
1802 | |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1803 static ngx_int_t |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1804 ngx_stream_proxy_test_finalize(ngx_stream_session_t *s, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1805 ngx_uint_t from_upstream) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1806 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1807 ngx_connection_t *c, *pc; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1808 ngx_log_handler_pt handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1809 ngx_stream_upstream_t *u; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1810 ngx_stream_proxy_srv_conf_t *pscf; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1811 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1812 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1813 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1814 c = s->connection; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1815 u = s->upstream; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1816 pc = u->connected ? u->peer.connection : NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1817 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1818 if (c->type == SOCK_DGRAM) { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1819 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1820 if (pscf->requests && u->requests < pscf->requests) { |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1821 return NGX_DECLINED; |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1822 } |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1823 |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1824 if (pscf->requests) { |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1825 ngx_delete_udp_connection(c); |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1826 } |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1827 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1828 if (pscf->responses == NGX_MAX_INT32_VALUE |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1829 || u->responses < pscf->responses * u->requests) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1830 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1831 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1832 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1833 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1834 if (pc == NULL || c->buffered || pc->buffered) { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1835 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1836 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1837 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1838 handler = c->log->handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1839 c->log->handler = NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1840 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1841 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1842 "udp done" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1843 ", packets from/to client:%ui/%ui" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1844 ", bytes from/to client:%O/%O" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1845 ", bytes from/to upstream:%O/%O", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1846 u->requests, u->responses, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1847 s->received, c->sent, u->received, pc ? pc->sent : 0); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1848 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1849 c->log->handler = handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1850 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1851 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1852 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1853 return NGX_OK; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1854 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1855 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1856 /* c->type == SOCK_STREAM */ |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1857 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1858 if (pc == NULL |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1859 || (!c->read->eof && !pc->read->eof) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1860 || (!c->read->eof && c->buffered) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1861 || (!pc->read->eof && pc->buffered)) |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1862 { |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1863 return NGX_DECLINED; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1864 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1865 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1866 if (pscf->half_close) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1867 /* avoid closing live connections until both read ends get EOF */ |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1868 if (!(c->read->eof && pc->read->eof && !c->buffered && !pc->buffered)) { |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1869 return NGX_DECLINED; |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1870 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1871 } |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1872 |
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1873 handler = c->log->handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1874 c->log->handler = NULL; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1875 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1876 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1877 "%s disconnected" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1878 ", bytes from/to client:%O/%O" |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1879 ", bytes from/to upstream:%O/%O", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1880 from_upstream ? "upstream" : "client", |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1881 s->received, c->sent, u->received, pc ? pc->sent : 0); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1882 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1883 c->log->handler = handler; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1884 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1885 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1886 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1887 return NGX_OK; |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1888 } |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1889 |
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1890 |
6115 | 1891 static void |
1892 ngx_stream_proxy_next_upstream(ngx_stream_session_t *s) | |
1893 { | |
1894 ngx_msec_t timeout; | |
1895 ngx_connection_t *pc; | |
1896 ngx_stream_upstream_t *u; | |
1897 ngx_stream_proxy_srv_conf_t *pscf; | |
1898 | |
1899 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1900 "stream proxy next upstream"); | |
1901 | |
1902 u = s->upstream; | |
6692 | 1903 pc = u->peer.connection; |
1904 | |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1905 if (pc && pc->buffered) { |
6692 | 1906 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1907 "buffered data on next upstream"); |
6692 | 1908 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
1909 return; | |
1910 } | |
6115 | 1911 |
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1912 if (s->connection->type == SOCK_DGRAM) { |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1913 u->upstream_out = NULL; |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1914 } |
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1915 |
6115 | 1916 if (u->peer.sockaddr) { |
1917 u->peer.free(&u->peer, u->peer.data, NGX_PEER_FAILED); | |
1918 u->peer.sockaddr = NULL; | |
1919 } | |
1920 | |
1921 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
1922 | |
1923 timeout = pscf->next_upstream_timeout; | |
1924 | |
1925 if (u->peer.tries == 0 | |
1926 || !pscf->next_upstream | |
1927 || (timeout && ngx_current_msec - u->peer.start_time >= timeout)) | |
1928 { | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1929 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
6115 | 1930 return; |
1931 } | |
1932 | |
1933 if (pc) { | |
1934 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1935 "close proxy upstream connection: %d", pc->fd); | |
1936 | |
1937 #if (NGX_STREAM_SSL) | |
1938 if (pc->ssl) { | |
1939 pc->ssl->no_wait_shutdown = 1; | |
1940 pc->ssl->no_send_shutdown = 1; | |
1941 | |
1942 (void) ngx_ssl_shutdown(pc); | |
1943 } | |
1944 #endif | |
1945 | |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1946 u->state->bytes_received = u->received; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1947 u->state->bytes_sent = pc->sent; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1948 |
6115 | 1949 ngx_close_connection(pc); |
1950 u->peer.connection = NULL; | |
1951 } | |
1952 | |
1953 ngx_stream_proxy_connect(s); | |
1954 } | |
1955 | |
1956 | |
1957 static void | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1958 ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc) |
6115 | 1959 { |
7286 | 1960 ngx_uint_t state; |
6115 | 1961 ngx_connection_t *pc; |
1962 ngx_stream_upstream_t *u; | |
1963 | |
1964 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
1965 "finalize stream proxy: %i", rc); | |
1966 | |
1967 u = s->upstream; | |
1968 | |
1969 if (u == NULL) { | |
1970 goto noupstream; | |
1971 } | |
1972 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1973 if (u->resolved && u->resolved->ctx) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1974 ngx_resolve_name_done(u->resolved->ctx); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1975 u->resolved->ctx = NULL; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1976 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1977 |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1978 pc = u->peer.connection; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1979 |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1980 if (u->state) { |
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1981 if (u->state->response_time == (ngx_msec_t) -1) { |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1982 u->state->response_time = ngx_current_msec - u->start_time; |
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1983 } |
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1984 |
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1985 if (pc) { |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1986 u->state->bytes_received = u->received; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1987 u->state->bytes_sent = pc->sent; |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1988 } |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1989 } |
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1990 |
6115 | 1991 if (u->peer.free && u->peer.sockaddr) { |
7286 | 1992 state = 0; |
1993 | |
1994 if (pc && pc->type == SOCK_DGRAM | |
1995 && (pc->read->error || pc->write->error)) | |
1996 { | |
1997 state = NGX_PEER_FAILED; | |
1998 } | |
1999 | |
2000 u->peer.free(&u->peer, u->peer.data, state); | |
6115 | 2001 u->peer.sockaddr = NULL; |
2002 } | |
2003 | |
2004 if (pc) { | |
2005 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
2006 "close stream proxy upstream connection: %d", pc->fd); | |
2007 | |
2008 #if (NGX_STREAM_SSL) | |
2009 if (pc->ssl) { | |
2010 pc->ssl->no_wait_shutdown = 1; | |
2011 (void) ngx_ssl_shutdown(pc); | |
2012 } | |
2013 #endif | |
2014 | |
2015 ngx_close_connection(pc); | |
2016 u->peer.connection = NULL; | |
2017 } | |
2018 | |
2019 noupstream: | |
2020 | |
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
2021 ngx_stream_finalize_session(s, rc); |
6115 | 2022 } |
2023 | |
2024 | |
2025 static u_char * | |
2026 ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, size_t len) | |
2027 { | |
2028 u_char *p; | |
2029 ngx_connection_t *pc; | |
2030 ngx_stream_session_t *s; | |
2031 ngx_stream_upstream_t *u; | |
2032 | |
2033 s = log->data; | |
2034 | |
2035 u = s->upstream; | |
2036 | |
2037 p = buf; | |
2038 | |
2039 if (u->peer.name) { | |
2040 p = ngx_snprintf(p, len, ", upstream: \"%V\"", u->peer.name); | |
2041 len -= p - buf; | |
2042 } | |
2043 | |
2044 pc = u->peer.connection; | |
2045 | |
2046 p = ngx_snprintf(p, len, | |
2047 ", bytes from/to client:%O/%O" | |
2048 ", bytes from/to upstream:%O/%O", | |
2049 s->received, s->connection->sent, | |
2050 u->received, pc ? pc->sent : 0); | |
2051 | |
2052 return p; | |
2053 } | |
2054 | |
2055 | |
2056 static void * | |
2057 ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf) | |
2058 { | |
2059 ngx_stream_proxy_srv_conf_t *conf; | |
2060 | |
2061 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_proxy_srv_conf_t)); | |
2062 if (conf == NULL) { | |
2063 return NULL; | |
2064 } | |
2065 | |
2066 /* | |
2067 * set by ngx_pcalloc(): | |
2068 * | |
2069 * conf->ssl_protocols = 0; | |
2070 * conf->ssl_ciphers = { 0, NULL }; | |
2071 * conf->ssl_trusted_certificate = { 0, NULL }; | |
2072 * conf->ssl_crl = { 0, NULL }; | |
2073 * | |
2074 * conf->ssl = NULL; | |
2075 * conf->upstream = NULL; | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2076 * conf->upstream_value = NULL; |
6115 | 2077 */ |
2078 | |
2079 conf->connect_timeout = NGX_CONF_UNSET_MSEC; | |
2080 conf->timeout = NGX_CONF_UNSET_MSEC; | |
2081 conf->next_upstream_timeout = NGX_CONF_UNSET_MSEC; | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2082 conf->buffer_size = NGX_CONF_UNSET_SIZE; |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2083 conf->upload_rate = NGX_CONF_UNSET_PTR; |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2084 conf->download_rate = NGX_CONF_UNSET_PTR; |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2085 conf->requests = NGX_CONF_UNSET_UINT; |
6436 | 2086 conf->responses = NGX_CONF_UNSET_UINT; |
6115 | 2087 conf->next_upstream_tries = NGX_CONF_UNSET_UINT; |
2088 conf->next_upstream = NGX_CONF_UNSET; | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2089 conf->proxy_protocol = NGX_CONF_UNSET; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2090 conf->local = NGX_CONF_UNSET_PTR; |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2091 conf->socket_keepalive = NGX_CONF_UNSET; |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2092 conf->half_close = NGX_CONF_UNSET; |
6115 | 2093 |
2094 #if (NGX_STREAM_SSL) | |
2095 conf->ssl_enable = NGX_CONF_UNSET; | |
2096 conf->ssl_session_reuse = NGX_CONF_UNSET; | |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2097 conf->ssl_name = NGX_CONF_UNSET_PTR; |
6115 | 2098 conf->ssl_server_name = NGX_CONF_UNSET; |
2099 conf->ssl_verify = NGX_CONF_UNSET; | |
2100 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2101 conf->ssl_certificate = NGX_CONF_UNSET_PTR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2102 conf->ssl_certificate_key = NGX_CONF_UNSET_PTR; |
6115 | 2103 conf->ssl_passwords = NGX_CONF_UNSET_PTR; |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2104 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; |
6115 | 2105 #endif |
2106 | |
2107 return conf; | |
2108 } | |
2109 | |
2110 | |
2111 static char * | |
2112 ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
2113 { | |
2114 ngx_stream_proxy_srv_conf_t *prev = parent; | |
2115 ngx_stream_proxy_srv_conf_t *conf = child; | |
2116 | |
2117 ngx_conf_merge_msec_value(conf->connect_timeout, | |
2118 prev->connect_timeout, 60000); | |
2119 | |
2120 ngx_conf_merge_msec_value(conf->timeout, | |
2121 prev->timeout, 10 * 60000); | |
2122 | |
2123 ngx_conf_merge_msec_value(conf->next_upstream_timeout, | |
2124 prev->next_upstream_timeout, 0); | |
2125 | |
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2126 ngx_conf_merge_size_value(conf->buffer_size, |
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2127 prev->buffer_size, 16384); |
6115 | 2128 |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2129 ngx_conf_merge_ptr_value(conf->upload_rate, prev->upload_rate, NULL); |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2130 |
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2131 ngx_conf_merge_ptr_value(conf->download_rate, prev->download_rate, NULL); |
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
2132 |
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2133 ngx_conf_merge_uint_value(conf->requests, |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2134 prev->requests, 0); |
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2135 |
6436 | 2136 ngx_conf_merge_uint_value(conf->responses, |
2137 prev->responses, NGX_MAX_INT32_VALUE); | |
2138 | |
6115 | 2139 ngx_conf_merge_uint_value(conf->next_upstream_tries, |
2140 prev->next_upstream_tries, 0); | |
2141 | |
2142 ngx_conf_merge_value(conf->next_upstream, prev->next_upstream, 1); | |
2143 | |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2144 ngx_conf_merge_value(conf->proxy_protocol, prev->proxy_protocol, 0); |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2145 |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2146 ngx_conf_merge_ptr_value(conf->local, prev->local, NULL); |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2147 |
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2148 ngx_conf_merge_value(conf->socket_keepalive, |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2149 prev->socket_keepalive, 0); |
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2150 |
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2151 ngx_conf_merge_value(conf->half_close, prev->half_close, 0); |
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2152 |
6115 | 2153 #if (NGX_STREAM_SSL) |
2154 | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2155 if (ngx_stream_proxy_merge_ssl(cf, conf, prev) != NGX_OK) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2156 return NGX_CONF_ERROR; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2157 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2158 |
6115 | 2159 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); |
2160 | |
2161 ngx_conf_merge_value(conf->ssl_session_reuse, | |
2162 prev->ssl_session_reuse, 1); | |
2163 | |
2164 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | |
6157
b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6124
diff
changeset
|
2165 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |
b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6124
diff
changeset
|
2166 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
6115 | 2167 |
2168 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT"); | |
2169 | |
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2170 ngx_conf_merge_ptr_value(conf->ssl_name, prev->ssl_name, NULL); |
6115 | 2171 |
2172 ngx_conf_merge_value(conf->ssl_server_name, prev->ssl_server_name, 0); | |
2173 | |
2174 ngx_conf_merge_value(conf->ssl_verify, prev->ssl_verify, 0); | |
2175 | |
2176 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
2177 prev->ssl_verify_depth, 1); | |
2178 | |
2179 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
2180 prev->ssl_trusted_certificate, ""); | |
2181 | |
2182 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
2183 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2184 ngx_conf_merge_ptr_value(conf->ssl_certificate, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2185 prev->ssl_certificate, NULL); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2186 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2187 ngx_conf_merge_ptr_value(conf->ssl_certificate_key, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2188 prev->ssl_certificate_key, NULL); |
6115 | 2189 |
2190 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | |
2191 | |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2192 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2193 prev->ssl_conf_commands, NULL); |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2194 |
6115 | 2195 if (conf->ssl_enable && ngx_stream_proxy_set_ssl(cf, conf) != NGX_OK) { |
2196 return NGX_CONF_ERROR; | |
2197 } | |
2198 | |
2199 #endif | |
2200 | |
2201 return NGX_CONF_OK; | |
2202 } | |
2203 | |
2204 | |
2205 #if (NGX_STREAM_SSL) | |
2206 | |
2207 static ngx_int_t | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2208 ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *conf, |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2209 ngx_stream_proxy_srv_conf_t *prev) |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2210 { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2211 ngx_uint_t preserve; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2212 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2213 if (conf->ssl_protocols == 0 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2214 && conf->ssl_ciphers.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2215 && conf->ssl_certificate == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2216 && conf->ssl_certificate_key == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2217 && conf->ssl_passwords == NGX_CONF_UNSET_PTR |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2218 && conf->ssl_verify == NGX_CONF_UNSET |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2219 && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2220 && conf->ssl_trusted_certificate.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2221 && conf->ssl_crl.data == NULL |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2222 && conf->ssl_session_reuse == NGX_CONF_UNSET |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2223 && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR) |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2224 { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2225 if (prev->ssl) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2226 conf->ssl = prev->ssl; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2227 return NGX_OK; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2228 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2229 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2230 preserve = 1; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2231 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2232 } else { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2233 preserve = 0; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2234 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2235 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2236 conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2237 if (conf->ssl == NULL) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2238 return NGX_ERROR; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2239 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2240 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2241 conf->ssl->log = cf->log; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2242 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2243 /* |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2244 * special handling to preserve conf->ssl |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2245 * in the "stream" section to inherit it to all servers |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2246 */ |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2247 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2248 if (preserve) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2249 prev->ssl = conf->ssl; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2250 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2251 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2252 return NGX_OK; |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2253 } |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2254 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2255 |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2256 static ngx_int_t |
6115 | 2257 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) |
2258 { | |
2259 ngx_pool_cleanup_t *cln; | |
2260 | |
8053
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2261 if (pscf->ssl->ctx) { |
9d98d524bd02
Upstream: optimized use of SSL contexts (ticket #1234).
Maxim Dounin <mdounin@mdounin.ru>
parents:
8044
diff
changeset
|
2262 return NGX_OK; |
6115 | 2263 } |
2264 | |
2265 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { | |
2266 return NGX_ERROR; | |
2267 } | |
2268 | |
2269 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
2270 if (cln == NULL) { | |
7473
8981dbb12254
SSL: fixed potential leak on memory allocation errors.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7441
diff
changeset
|
2271 ngx_ssl_cleanup_ctx(pscf->ssl); |
6115 | 2272 return NGX_ERROR; |
2273 } | |
2274 | |
2275 cln->handler = ngx_ssl_cleanup_ctx; | |
2276 cln->data = pscf->ssl; | |
2277 | |
7904
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2278 if (ngx_ssl_ciphers(cf, pscf->ssl, &pscf->ssl_ciphers, 0) != NGX_OK) { |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2279 return NGX_ERROR; |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2280 } |
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2281 |
8042
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2282 if (pscf->ssl_certificate |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2283 && pscf->ssl_certificate->value.len) |
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2284 { |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2285 if (pscf->ssl_certificate_key == NULL) { |
6115 | 2286 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
2287 "no \"proxy_ssl_certificate_key\" is defined " | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2288 "for certificate \"%V\"", |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2289 &pscf->ssl_certificate->value); |
6115 | 2290 return NGX_ERROR; |
2291 } | |
2292 | |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2293 if (pscf->ssl_certificate->lengths |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2294 || pscf->ssl_certificate_key->lengths) |
6115 | 2295 { |
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2296 pscf->ssl_passwords = |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2297 ngx_ssl_preserve_passwords(cf, pscf->ssl_passwords); |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2298 if (pscf->ssl_passwords == NULL) { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2299 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2300 } |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2301 |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2302 } else { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2303 if (ngx_ssl_certificate(cf, pscf->ssl, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2304 &pscf->ssl_certificate->value, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2305 &pscf->ssl_certificate_key->value, |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2306 pscf->ssl_passwords) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2307 != NGX_OK) |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2308 { |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2309 return NGX_ERROR; |
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2310 } |
6115 | 2311 } |
2312 } | |
2313 | |
2314 if (pscf->ssl_verify) { | |
2315 if (pscf->ssl_trusted_certificate.len == 0) { | |
2316 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
2317 "no proxy_ssl_trusted_certificate for proxy_ssl_verify"); | |
2318 return NGX_ERROR; | |
2319 } | |
2320 | |
2321 if (ngx_ssl_trusted_certificate(cf, pscf->ssl, | |
2322 &pscf->ssl_trusted_certificate, | |
2323 pscf->ssl_verify_depth) | |
2324 != NGX_OK) | |
2325 { | |
2326 return NGX_ERROR; | |
2327 } | |
2328 | |
2329 if (ngx_ssl_crl(cf, pscf->ssl, &pscf->ssl_crl) != NGX_OK) { | |
2330 return NGX_ERROR; | |
2331 } | |
2332 } | |
2333 | |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2334 if (ngx_ssl_client_session_cache(cf, pscf->ssl, pscf->ssl_session_reuse) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2335 != NGX_OK) |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2336 { |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2337 return NGX_ERROR; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2338 } |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2339 |
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2340 if (ngx_ssl_conf_commands(cf, pscf->ssl, pscf->ssl_conf_commands) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2341 != NGX_OK) |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2342 { |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2343 return NGX_ERROR; |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2344 } |
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2345 |
6115 | 2346 return NGX_OK; |
2347 } | |
2348 | |
2349 #endif | |
2350 | |
2351 | |
2352 static char * | |
2353 ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
2354 { | |
2355 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
2356 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2357 ngx_url_t u; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2358 ngx_str_t *value, *url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2359 ngx_stream_complex_value_t cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2360 ngx_stream_core_srv_conf_t *cscf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2361 ngx_stream_compile_complex_value_t ccv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2362 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2363 if (pscf->upstream || pscf->upstream_value) { |
6115 | 2364 return "is duplicate"; |
2365 } | |
2366 | |
2367 cscf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_core_module); | |
2368 | |
2369 cscf->handler = ngx_stream_proxy_handler; | |
2370 | |
2371 value = cf->args->elts; | |
2372 | |
2373 url = &value[1]; | |
2374 | |
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2375 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2376 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2377 ccv.cf = cf; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2378 ccv.value = url; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2379 ccv.complex_value = &cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2380 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2381 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2382 return NGX_CONF_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2383 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2384 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2385 if (cv.lengths) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2386 pscf->upstream_value = ngx_palloc(cf->pool, |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2387 sizeof(ngx_stream_complex_value_t)); |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2388 if (pscf->upstream_value == NULL) { |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2389 return NGX_CONF_ERROR; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2390 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2391 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2392 *pscf->upstream_value = cv; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2393 |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2394 return NGX_CONF_OK; |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2395 } |
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2396 |
6115 | 2397 ngx_memzero(&u, sizeof(ngx_url_t)); |
2398 | |
2399 u.url = *url; | |
2400 u.no_resolve = 1; | |
2401 | |
2402 pscf->upstream = ngx_stream_upstream_add(cf, &u, 0); | |
2403 if (pscf->upstream == NULL) { | |
2404 return NGX_CONF_ERROR; | |
2405 } | |
2406 | |
2407 return NGX_CONF_OK; | |
2408 } | |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2409 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2410 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2411 static char * |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2412 ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2413 { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2414 ngx_stream_proxy_srv_conf_t *pscf = conf; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2415 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2416 ngx_int_t rc; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2417 ngx_str_t *value; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2418 ngx_stream_complex_value_t cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2419 ngx_stream_upstream_local_t *local; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2420 ngx_stream_compile_complex_value_t ccv; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2421 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2422 if (pscf->local != NGX_CONF_UNSET_PTR) { |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2423 return "is duplicate"; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2424 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2425 |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2426 value = cf->args->elts; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2427 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2428 if (cf->args->nelts == 2 && ngx_strcmp(value[1].data, "off") == 0) { |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2429 pscf->local = NULL; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2430 return NGX_CONF_OK; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2431 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2432 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2433 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2434 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2435 ccv.cf = cf; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2436 ccv.value = &value[1]; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2437 ccv.complex_value = &cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2438 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2439 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2440 return NGX_CONF_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2441 } |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2442 |
6598
4a724d6006ee
Stream: use ngx_pcalloc() in ngx_stream_proxy_bind().
Roman Arutyunyan <arut@nginx.com>
parents:
6595
diff
changeset
|
2443 local = ngx_pcalloc(cf->pool, sizeof(ngx_stream_upstream_local_t)); |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2444 if (local == NULL) { |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2445 return NGX_CONF_ERROR; |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2446 } |
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2447 |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2448 pscf->local = local; |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2449 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2450 if (cv.lengths) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2451 local->value = ngx_palloc(cf->pool, sizeof(ngx_stream_complex_value_t)); |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2452 if (local->value == NULL) { |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2453 return NGX_CONF_ERROR; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2454 } |
6595
0c98c4092440
Stream: support for $remote_port in proxy_bind.
Roman Arutyunyan <arut@nginx.com>
parents:
6594
diff
changeset
|
2455 |
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2456 *local->value = cv; |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2457 |
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2458 } else { |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2459 local->addr = ngx_palloc(cf->pool, sizeof(ngx_addr_t)); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2460 if (local->addr == NULL) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2461 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2462 } |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2463 |
6594
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2464 rc = ngx_parse_addr_port(cf->pool, local->addr, value[1].data, |
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2465 value[1].len); |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2466 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2467 switch (rc) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2468 case NGX_OK: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2469 local->addr->name = value[1]; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2470 break; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2471 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2472 case NGX_DECLINED: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2473 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2474 "invalid address \"%V\"", &value[1]); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2475 /* fall through */ |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2476 |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2477 default: |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2478 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2479 } |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2480 } |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2481 |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2482 if (cf->args->nelts > 2) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2483 if (ngx_strcmp(value[2].data, "transparent") == 0) { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2484 #if (NGX_HAVE_TRANSPARENT_PROXY) |
7174
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2485 ngx_core_conf_t *ccf; |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2486 |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2487 ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx, |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2488 ngx_core_module); |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2489 |
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2490 ccf->transparent = 1; |
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2491 local->transparent = 1; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2492 #else |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2493 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2494 "transparent proxying is not supported " |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2495 "on this platform, ignored"); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2496 #endif |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2497 } else { |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2498 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2499 "invalid parameter \"%V\"", &value[2]); |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2500 return NGX_CONF_ERROR; |
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2501 } |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2502 } |
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2503 |
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2504 return NGX_CONF_OK; |
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2505 } |