Mercurial > hg > nginx
annotate src/stream/ngx_stream_proxy_module.c @ 8042:c7e25324be11
Upstream: handling of certificates specified as an empty string.
Now, if the directive is given an empty string, such configuration cancels
loading of certificates, in particular, if they would be otherwise inherited
from the previous level. This restores previous behaviour, before variables
support in certificates was introduced (3ab8e1e2f0f7).
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 07 Jun 2022 20:08:57 +0400 |
| parents | bfad703459b4 |
| children | 457afc332c67 |
| rev | line source |
|---|---|
| 6115 | 1 |
| 2 /* | |
| 3 * Copyright (C) Roman Arutyunyan | |
| 4 * Copyright (C) Nginx, Inc. | |
| 5 */ | |
| 6 | |
| 7 | |
| 8 #include <ngx_config.h> | |
| 9 #include <ngx_core.h> | |
| 10 #include <ngx_stream.h> | |
| 11 | |
| 12 | |
| 13 typedef struct { | |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
14 ngx_addr_t *addr; |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
15 ngx_stream_complex_value_t *value; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
16 #if (NGX_HAVE_TRANSPARENT_PROXY) |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
17 ngx_uint_t transparent; /* unsigned transparent:1; */ |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
18 #endif |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
19 } ngx_stream_upstream_local_t; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
20 |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
21 |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
22 typedef struct { |
| 6115 | 23 ngx_msec_t connect_timeout; |
| 24 ngx_msec_t timeout; | |
| 25 ngx_msec_t next_upstream_timeout; | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
26 size_t buffer_size; |
|
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
27 ngx_stream_complex_value_t *upload_rate; |
|
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
28 ngx_stream_complex_value_t *download_rate; |
|
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
29 ngx_uint_t requests; |
| 6436 | 30 ngx_uint_t responses; |
| 6115 | 31 ngx_uint_t next_upstream_tries; |
| 32 ngx_flag_t next_upstream; | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
33 ngx_flag_t proxy_protocol; |
|
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
34 ngx_flag_t half_close; |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
35 ngx_stream_upstream_local_t *local; |
|
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
36 ngx_flag_t socket_keepalive; |
| 6115 | 37 |
| 38 #if (NGX_STREAM_SSL) | |
| 39 ngx_flag_t ssl_enable; | |
| 40 ngx_flag_t ssl_session_reuse; | |
| 41 ngx_uint_t ssl_protocols; | |
| 42 ngx_str_t ssl_ciphers; | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
43 ngx_stream_complex_value_t *ssl_name; |
| 6115 | 44 ngx_flag_t ssl_server_name; |
| 45 | |
| 46 ngx_flag_t ssl_verify; | |
| 47 ngx_uint_t ssl_verify_depth; | |
| 48 ngx_str_t ssl_trusted_certificate; | |
| 49 ngx_str_t ssl_crl; | |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
50 ngx_stream_complex_value_t *ssl_certificate; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
51 ngx_stream_complex_value_t *ssl_certificate_key; |
| 6115 | 52 ngx_array_t *ssl_passwords; |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
53 ngx_array_t *ssl_conf_commands; |
| 6115 | 54 |
| 55 ngx_ssl_t *ssl; | |
| 56 #endif | |
| 57 | |
| 58 ngx_stream_upstream_srv_conf_t *upstream; | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
59 ngx_stream_complex_value_t *upstream_value; |
| 6115 | 60 } ngx_stream_proxy_srv_conf_t; |
| 61 | |
| 62 | |
| 63 static void ngx_stream_proxy_handler(ngx_stream_session_t *s); | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
64 static ngx_int_t ngx_stream_proxy_eval(ngx_stream_session_t *s, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
65 ngx_stream_proxy_srv_conf_t *pscf); |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
66 static ngx_int_t ngx_stream_proxy_set_local(ngx_stream_session_t *s, |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
67 ngx_stream_upstream_t *u, ngx_stream_upstream_local_t *local); |
| 6115 | 68 static void ngx_stream_proxy_connect(ngx_stream_session_t *s); |
| 69 static void ngx_stream_proxy_init_upstream(ngx_stream_session_t *s); | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
70 static void ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx); |
| 6115 | 71 static void ngx_stream_proxy_upstream_handler(ngx_event_t *ev); |
| 72 static void ngx_stream_proxy_downstream_handler(ngx_event_t *ev); | |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
73 static void ngx_stream_proxy_process_connection(ngx_event_t *ev, |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
74 ngx_uint_t from_upstream); |
| 6115 | 75 static void ngx_stream_proxy_connect_handler(ngx_event_t *ev); |
| 76 static ngx_int_t ngx_stream_proxy_test_connect(ngx_connection_t *c); | |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
77 static void ngx_stream_proxy_process(ngx_stream_session_t *s, |
| 6115 | 78 ngx_uint_t from_upstream, ngx_uint_t do_write); |
|
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
79 static ngx_int_t ngx_stream_proxy_test_finalize(ngx_stream_session_t *s, |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
80 ngx_uint_t from_upstream); |
| 6115 | 81 static void ngx_stream_proxy_next_upstream(ngx_stream_session_t *s); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
82 static void ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc); |
| 6115 | 83 static u_char *ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, |
| 84 size_t len); | |
| 85 | |
| 86 static void *ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf); | |
| 87 static char *ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, | |
| 88 void *child); | |
| 89 static char *ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 90 void *conf); | |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
91 static char *ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
92 void *conf); |
| 6115 | 93 |
| 94 #if (NGX_STREAM_SSL) | |
| 95 | |
| 6692 | 96 static ngx_int_t ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s); |
| 6115 | 97 static char *ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, |
| 98 ngx_command_t *cmd, void *conf); | |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
99 static char *ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
100 void *data); |
| 6115 | 101 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); |
| 102 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); | |
|
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
103 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c); |
| 6115 | 104 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
105 static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s); |
| 6115 | 106 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, |
| 107 ngx_stream_proxy_srv_conf_t *pscf); | |
| 108 | |
| 109 | |
| 110 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { | |
| 111 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
| 112 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
| 113 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
| 114 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
| 115 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
|
6981
08dc60979133
SSL: added support for TLSv1.3 in ssl_protocols directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6868
diff
changeset
|
116 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, |
| 6115 | 117 { ngx_null_string, 0 } |
| 118 }; | |
| 119 | |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
120 static ngx_conf_post_t ngx_stream_proxy_ssl_conf_command_post = |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
121 { ngx_stream_proxy_ssl_conf_command_check }; |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
122 |
| 6115 | 123 #endif |
| 124 | |
| 125 | |
|
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
126 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_downstream_buffer = { |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
127 ngx_conf_deprecated, "proxy_downstream_buffer", "proxy_buffer_size" |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
128 }; |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
129 |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
130 static ngx_conf_deprecated_t ngx_conf_deprecated_proxy_upstream_buffer = { |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
131 ngx_conf_deprecated, "proxy_upstream_buffer", "proxy_buffer_size" |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
132 }; |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
133 |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
134 |
| 6115 | 135 static ngx_command_t ngx_stream_proxy_commands[] = { |
| 136 | |
| 137 { ngx_string("proxy_pass"), | |
| 138 NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 139 ngx_stream_proxy_pass, | |
| 140 NGX_STREAM_SRV_CONF_OFFSET, | |
| 141 0, | |
| 142 NULL }, | |
| 143 | |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
144 { ngx_string("proxy_bind"), |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
145 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE12, |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
146 ngx_stream_proxy_bind, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
147 NGX_STREAM_SRV_CONF_OFFSET, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
148 0, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
149 NULL }, |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
150 |
|
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
151 { ngx_string("proxy_socket_keepalive"), |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
152 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
153 ngx_conf_set_flag_slot, |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
154 NGX_STREAM_SRV_CONF_OFFSET, |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
155 offsetof(ngx_stream_proxy_srv_conf_t, socket_keepalive), |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
156 NULL }, |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
157 |
| 6115 | 158 { ngx_string("proxy_connect_timeout"), |
| 159 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 160 ngx_conf_set_msec_slot, | |
| 161 NGX_STREAM_SRV_CONF_OFFSET, | |
| 162 offsetof(ngx_stream_proxy_srv_conf_t, connect_timeout), | |
| 163 NULL }, | |
| 164 | |
| 165 { ngx_string("proxy_timeout"), | |
| 166 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 167 ngx_conf_set_msec_slot, | |
| 168 NGX_STREAM_SRV_CONF_OFFSET, | |
| 169 offsetof(ngx_stream_proxy_srv_conf_t, timeout), | |
| 170 NULL }, | |
| 171 | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
172 { ngx_string("proxy_buffer_size"), |
| 6115 | 173 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
| 174 ngx_conf_set_size_slot, | |
| 175 NGX_STREAM_SRV_CONF_OFFSET, | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
176 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
| 6115 | 177 NULL }, |
| 178 | |
|
6217
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
179 { ngx_string("proxy_downstream_buffer"), |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
180 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
181 ngx_conf_set_size_slot, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
182 NGX_STREAM_SRV_CONF_OFFSET, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
183 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
184 &ngx_conf_deprecated_proxy_downstream_buffer }, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
185 |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
186 { ngx_string("proxy_upstream_buffer"), |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
187 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
188 ngx_conf_set_size_slot, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
189 NGX_STREAM_SRV_CONF_OFFSET, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
190 offsetof(ngx_stream_proxy_srv_conf_t, buffer_size), |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
191 &ngx_conf_deprecated_proxy_upstream_buffer }, |
|
b544f8e0d921
Stream: deprecated proxy_downstream_buffer, proxy_upstream_buffer.
Roman Arutyunyan <arut@nginx.com>
parents:
6216
diff
changeset
|
192 |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
193 { ngx_string("proxy_upload_rate"), |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
194 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
195 ngx_stream_set_complex_value_size_slot, |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
196 NGX_STREAM_SRV_CONF_OFFSET, |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
197 offsetof(ngx_stream_proxy_srv_conf_t, upload_rate), |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
198 NULL }, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
199 |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
200 { ngx_string("proxy_download_rate"), |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
201 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
202 ngx_stream_set_complex_value_size_slot, |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
203 NGX_STREAM_SRV_CONF_OFFSET, |
|
6208
7a14a0d754ad
Stream: renamed rate limiting directives.
Roman Arutyunyan <arut@nginx.com>
parents:
6204
diff
changeset
|
204 offsetof(ngx_stream_proxy_srv_conf_t, download_rate), |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
205 NULL }, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
206 |
|
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
207 { ngx_string("proxy_requests"), |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
208 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
209 ngx_conf_set_num_slot, |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
210 NGX_STREAM_SRV_CONF_OFFSET, |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
211 offsetof(ngx_stream_proxy_srv_conf_t, requests), |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
212 NULL }, |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
213 |
| 6436 | 214 { ngx_string("proxy_responses"), |
| 215 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 216 ngx_conf_set_num_slot, | |
| 217 NGX_STREAM_SRV_CONF_OFFSET, | |
| 218 offsetof(ngx_stream_proxy_srv_conf_t, responses), | |
| 219 NULL }, | |
| 220 | |
| 6115 | 221 { ngx_string("proxy_next_upstream"), |
| 222 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 223 ngx_conf_set_flag_slot, | |
| 224 NGX_STREAM_SRV_CONF_OFFSET, | |
| 225 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream), | |
| 226 NULL }, | |
| 227 | |
| 228 { ngx_string("proxy_next_upstream_tries"), | |
| 229 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 230 ngx_conf_set_num_slot, | |
| 231 NGX_STREAM_SRV_CONF_OFFSET, | |
| 232 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_tries), | |
| 233 NULL }, | |
| 234 | |
| 235 { ngx_string("proxy_next_upstream_timeout"), | |
| 236 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 237 ngx_conf_set_msec_slot, | |
| 238 NGX_STREAM_SRV_CONF_OFFSET, | |
| 239 offsetof(ngx_stream_proxy_srv_conf_t, next_upstream_timeout), | |
| 240 NULL }, | |
| 241 | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
242 { ngx_string("proxy_protocol"), |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
243 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
244 ngx_conf_set_flag_slot, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
245 NGX_STREAM_SRV_CONF_OFFSET, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
246 offsetof(ngx_stream_proxy_srv_conf_t, proxy_protocol), |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
247 NULL }, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
248 |
|
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
249 { ngx_string("proxy_half_close"), |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
250 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
251 ngx_conf_set_flag_slot, |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
252 NGX_STREAM_SRV_CONF_OFFSET, |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
253 offsetof(ngx_stream_proxy_srv_conf_t, half_close), |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
254 NULL }, |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
255 |
| 6115 | 256 #if (NGX_STREAM_SSL) |
| 257 | |
| 258 { ngx_string("proxy_ssl"), | |
| 259 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 260 ngx_conf_set_flag_slot, | |
| 261 NGX_STREAM_SRV_CONF_OFFSET, | |
| 262 offsetof(ngx_stream_proxy_srv_conf_t, ssl_enable), | |
| 263 NULL }, | |
| 264 | |
| 265 { ngx_string("proxy_ssl_session_reuse"), | |
| 266 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 267 ngx_conf_set_flag_slot, | |
| 268 NGX_STREAM_SRV_CONF_OFFSET, | |
| 269 offsetof(ngx_stream_proxy_srv_conf_t, ssl_session_reuse), | |
| 270 NULL }, | |
| 271 | |
| 272 { ngx_string("proxy_ssl_protocols"), | |
| 273 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_1MORE, | |
| 274 ngx_conf_set_bitmask_slot, | |
| 275 NGX_STREAM_SRV_CONF_OFFSET, | |
| 276 offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols), | |
| 277 &ngx_stream_proxy_ssl_protocols }, | |
| 278 | |
| 279 { ngx_string("proxy_ssl_ciphers"), | |
| 280 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 281 ngx_conf_set_str_slot, | |
| 282 NGX_STREAM_SRV_CONF_OFFSET, | |
| 283 offsetof(ngx_stream_proxy_srv_conf_t, ssl_ciphers), | |
| 284 NULL }, | |
| 285 | |
| 286 { ngx_string("proxy_ssl_name"), | |
| 287 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
288 ngx_stream_set_complex_value_slot, |
| 6115 | 289 NGX_STREAM_SRV_CONF_OFFSET, |
| 290 offsetof(ngx_stream_proxy_srv_conf_t, ssl_name), | |
| 291 NULL }, | |
| 292 | |
| 293 { ngx_string("proxy_ssl_server_name"), | |
| 294 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 295 ngx_conf_set_flag_slot, | |
| 296 NGX_STREAM_SRV_CONF_OFFSET, | |
| 297 offsetof(ngx_stream_proxy_srv_conf_t, ssl_server_name), | |
| 298 NULL }, | |
| 299 | |
| 300 { ngx_string("proxy_ssl_verify"), | |
| 301 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, | |
| 302 ngx_conf_set_flag_slot, | |
| 303 NGX_STREAM_SRV_CONF_OFFSET, | |
| 304 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify), | |
| 305 NULL }, | |
| 306 | |
| 307 { ngx_string("proxy_ssl_verify_depth"), | |
| 308 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 309 ngx_conf_set_num_slot, | |
| 310 NGX_STREAM_SRV_CONF_OFFSET, | |
| 311 offsetof(ngx_stream_proxy_srv_conf_t, ssl_verify_depth), | |
| 312 NULL }, | |
| 313 | |
| 314 { ngx_string("proxy_ssl_trusted_certificate"), | |
| 315 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 316 ngx_conf_set_str_slot, | |
| 317 NGX_STREAM_SRV_CONF_OFFSET, | |
| 318 offsetof(ngx_stream_proxy_srv_conf_t, ssl_trusted_certificate), | |
| 319 NULL }, | |
| 320 | |
| 321 { ngx_string("proxy_ssl_crl"), | |
| 322 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 323 ngx_conf_set_str_slot, | |
| 324 NGX_STREAM_SRV_CONF_OFFSET, | |
| 325 offsetof(ngx_stream_proxy_srv_conf_t, ssl_crl), | |
| 326 NULL }, | |
| 327 | |
| 328 { ngx_string("proxy_ssl_certificate"), | |
| 329 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
330 ngx_stream_set_complex_value_zero_slot, |
| 6115 | 331 NGX_STREAM_SRV_CONF_OFFSET, |
| 332 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate), | |
| 333 NULL }, | |
| 334 | |
| 335 { ngx_string("proxy_ssl_certificate_key"), | |
| 336 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
337 ngx_stream_set_complex_value_zero_slot, |
| 6115 | 338 NGX_STREAM_SRV_CONF_OFFSET, |
| 339 offsetof(ngx_stream_proxy_srv_conf_t, ssl_certificate_key), | |
| 340 NULL }, | |
| 341 | |
| 342 { ngx_string("proxy_ssl_password_file"), | |
| 343 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, | |
| 344 ngx_stream_proxy_ssl_password_file, | |
| 345 NGX_STREAM_SRV_CONF_OFFSET, | |
| 346 0, | |
| 347 NULL }, | |
| 348 | |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
349 { ngx_string("proxy_ssl_conf_command"), |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
350 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE2, |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
351 ngx_conf_set_keyval_slot, |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
352 NGX_STREAM_SRV_CONF_OFFSET, |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
353 offsetof(ngx_stream_proxy_srv_conf_t, ssl_conf_commands), |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
354 &ngx_stream_proxy_ssl_conf_command_post }, |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
355 |
| 6115 | 356 #endif |
| 357 | |
| 358 ngx_null_command | |
| 359 }; | |
| 360 | |
| 361 | |
| 362 static ngx_stream_module_t ngx_stream_proxy_module_ctx = { | |
|
6606
2f41d383c9c7
Stream: added preconfiguration step.
Vladimir Homutov <vl@nginx.com>
parents:
6599
diff
changeset
|
363 NULL, /* preconfiguration */ |
|
6174
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
364 NULL, /* postconfiguration */ |
|
68c106e6fa0a
Stream: added postconfiguration method to stream modules.
Vladimir Homutov <vl@nginx.com>
parents:
6157
diff
changeset
|
365 |
| 6115 | 366 NULL, /* create main configuration */ |
| 367 NULL, /* init main configuration */ | |
| 368 | |
| 369 ngx_stream_proxy_create_srv_conf, /* create server configuration */ | |
| 370 ngx_stream_proxy_merge_srv_conf /* merge server configuration */ | |
| 371 }; | |
| 372 | |
| 373 | |
| 374 ngx_module_t ngx_stream_proxy_module = { | |
| 375 NGX_MODULE_V1, | |
| 376 &ngx_stream_proxy_module_ctx, /* module context */ | |
| 377 ngx_stream_proxy_commands, /* module directives */ | |
| 378 NGX_STREAM_MODULE, /* module type */ | |
| 379 NULL, /* init master */ | |
| 380 NULL, /* init module */ | |
| 381 NULL, /* init process */ | |
| 382 NULL, /* init thread */ | |
| 383 NULL, /* exit thread */ | |
| 384 NULL, /* exit process */ | |
| 385 NULL, /* exit master */ | |
| 386 NGX_MODULE_V1_PADDING | |
| 387 }; | |
| 388 | |
| 389 | |
| 390 static void | |
| 391 ngx_stream_proxy_handler(ngx_stream_session_t *s) | |
| 392 { | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
393 u_char *p; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
394 ngx_str_t *host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
395 ngx_uint_t i; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
396 ngx_connection_t *c; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
397 ngx_resolver_ctx_t *ctx, temp; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
398 ngx_stream_upstream_t *u; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
399 ngx_stream_core_srv_conf_t *cscf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
400 ngx_stream_proxy_srv_conf_t *pscf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
401 ngx_stream_upstream_srv_conf_t *uscf, **uscfp; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
402 ngx_stream_upstream_main_conf_t *umcf; |
| 6115 | 403 |
| 404 c = s->connection; | |
| 405 | |
| 406 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 407 | |
| 408 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
| 409 "proxy connection handler"); | |
| 410 | |
| 411 u = ngx_pcalloc(c->pool, sizeof(ngx_stream_upstream_t)); | |
| 412 if (u == NULL) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
413 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 414 return; |
| 415 } | |
| 416 | |
| 417 s->upstream = u; | |
| 418 | |
| 419 s->log_handler = ngx_stream_proxy_log_error; | |
| 420 | |
| 7286 | 421 u->requests = 1; |
| 422 | |
| 6115 | 423 u->peer.log = c->log; |
| 424 u->peer.log_error = NGX_ERROR_ERR; | |
| 425 | |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
426 if (ngx_stream_proxy_set_local(s, u, pscf->local) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
427 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
428 return; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
429 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
430 |
|
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
431 if (pscf->socket_keepalive) { |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
432 u->peer.so_keepalive = 1; |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
433 } |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
434 |
| 6436 | 435 u->peer.type = c->type; |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
436 u->start_sec = ngx_time(); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
437 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
438 c->write->handler = ngx_stream_proxy_downstream_handler; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
439 c->read->handler = ngx_stream_proxy_downstream_handler; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
440 |
|
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
441 s->upstream_states = ngx_array_create(c->pool, 1, |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
442 sizeof(ngx_stream_upstream_state_t)); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
443 if (s->upstream_states == NULL) { |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
444 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
445 return; |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
446 } |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
447 |
| 7286 | 448 p = ngx_pnalloc(c->pool, pscf->buffer_size); |
| 449 if (p == NULL) { | |
| 450 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 451 return; | |
| 452 } | |
| 453 | |
| 454 u->downstream_buf.start = p; | |
| 455 u->downstream_buf.end = p + pscf->buffer_size; | |
| 456 u->downstream_buf.pos = p; | |
| 457 u->downstream_buf.last = p; | |
| 458 | |
| 459 if (c->read->ready) { | |
| 460 ngx_post_event(c->read, &ngx_posted_events); | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
461 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
462 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
463 if (pscf->upstream_value) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
464 if (ngx_stream_proxy_eval(s, pscf) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
465 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
466 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
467 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
468 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
469 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
470 if (u->resolved == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
471 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
472 uscf = pscf->upstream; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
473 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
474 } else { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
475 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
476 #if (NGX_STREAM_SSL) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
477 u->ssl_name = u->resolved->host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
478 #endif |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
479 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
480 host = &u->resolved->host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
481 |
|
6786
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
482 umcf = ngx_stream_get_module_main_conf(s, ngx_stream_upstream_module); |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
483 |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
484 uscfp = umcf->upstreams.elts; |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
485 |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
486 for (i = 0; i < umcf->upstreams.nelts; i++) { |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
487 |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
488 uscf = uscfp[i]; |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
489 |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
490 if (uscf->host.len == host->len |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
491 && ((uscf->port == 0 && u->resolved->no_port) |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
492 || uscf->port == u->resolved->port) |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
493 && ngx_strncasecmp(uscf->host.data, host->data, host->len) == 0) |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
494 { |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
495 goto found; |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
496 } |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
497 } |
|
906ac20234ed
Upstream: do not unnecessarily create per-request upstreams.
Ruslan Ermilov <ru@nginx.com>
parents:
6785
diff
changeset
|
498 |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
499 if (u->resolved->sockaddr) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
500 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
501 if (u->resolved->port == 0 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
502 && u->resolved->sockaddr->sa_family != AF_UNIX) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
503 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
504 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
505 "no port in upstream \"%V\"", host); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
506 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
507 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
508 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
509 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
510 if (ngx_stream_upstream_create_round_robin_peer(s, u->resolved) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
511 != NGX_OK) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
512 { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
513 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
514 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
515 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
516 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
517 ngx_stream_proxy_connect(s); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
518 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
519 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
520 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
521 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
522 if (u->resolved->port == 0) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
523 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
524 "no port in upstream \"%V\"", host); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
525 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
526 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
527 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
528 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
529 temp.name = *host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
530 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
531 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
532 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
533 ctx = ngx_resolve_start(cscf->resolver, &temp); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
534 if (ctx == NULL) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
535 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
536 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
537 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
538 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
539 if (ctx == NGX_NO_RESOLVER) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
540 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
541 "no resolver defined to resolve %V", host); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
542 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
543 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
544 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
545 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
546 ctx->name = *host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
547 ctx->handler = ngx_stream_proxy_resolve_handler; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
548 ctx->data = s; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
549 ctx->timeout = cscf->resolver_timeout; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
550 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
551 u->resolved->ctx = ctx; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
552 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
553 if (ngx_resolve_name(ctx) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
554 u->resolved->ctx = NULL; |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
555 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
556 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
557 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
558 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
559 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
560 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
561 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
562 found: |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
563 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
564 if (uscf == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
565 ngx_log_error(NGX_LOG_ALERT, c->log, 0, "no upstream configuration"); |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
566 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
567 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
568 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
569 |
|
6703
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
570 u->upstream = uscf; |
|
edcd9303a4d3
Upstream: introduced u->upstream.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6692
diff
changeset
|
571 |
|
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
572 #if (NGX_STREAM_SSL) |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
573 u->ssl_name = uscf->host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
574 #endif |
| 6115 | 575 |
| 576 if (uscf->peer.init(s, uscf) != NGX_OK) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
577 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 578 return; |
| 579 } | |
| 580 | |
| 581 u->peer.start_time = ngx_current_msec; | |
| 582 | |
| 583 if (pscf->next_upstream_tries | |
| 584 && u->peer.tries > pscf->next_upstream_tries) | |
| 585 { | |
| 586 u->peer.tries = pscf->next_upstream_tries; | |
| 587 } | |
| 588 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
589 ngx_stream_proxy_connect(s); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
590 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
591 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
592 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
593 static ngx_int_t |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
594 ngx_stream_proxy_eval(ngx_stream_session_t *s, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
595 ngx_stream_proxy_srv_conf_t *pscf) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
596 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
597 ngx_str_t host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
598 ngx_url_t url; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
599 ngx_stream_upstream_t *u; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
600 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
601 if (ngx_stream_complex_value(s, pscf->upstream_value, &host) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
602 return NGX_ERROR; |
| 6115 | 603 } |
| 604 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
605 ngx_memzero(&url, sizeof(ngx_url_t)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
606 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
607 url.url = host; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
608 url.no_resolve = 1; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
609 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
610 if (ngx_parse_url(s->connection->pool, &url) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
611 if (url.err) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
612 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
613 "%s in upstream \"%V\"", url.err, &url.url); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
614 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
615 |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
616 return NGX_ERROR; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
617 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
618 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
619 u = s->upstream; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
620 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
621 u->resolved = ngx_pcalloc(s->connection->pool, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
622 sizeof(ngx_stream_upstream_resolved_t)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
623 if (u->resolved == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
624 return NGX_ERROR; |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
625 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
626 |
|
6784
1af120241cde
Upstream: removed unnecessary condition in proxy_eval() and friends.
Ruslan Ermilov <ru@nginx.com>
parents:
6777
diff
changeset
|
627 if (url.addrs) { |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
628 u->resolved->sockaddr = url.addrs[0].sockaddr; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
629 u->resolved->socklen = url.addrs[0].socklen; |
|
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
630 u->resolved->name = url.addrs[0].name; |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
631 u->resolved->naddrs = 1; |
| 6115 | 632 } |
| 633 | |
|
6785
d1d0dd69a419
Upstream: added the ngx_http_upstream_resolved_t.name field.
Ruslan Ermilov <ru@nginx.com>
parents:
6784
diff
changeset
|
634 u->resolved->host = url.host; |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
635 u->resolved->port = url.port; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
636 u->resolved->no_port = url.no_port; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
637 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
638 return NGX_OK; |
| 6115 | 639 } |
| 640 | |
| 641 | |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
642 static ngx_int_t |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
643 ngx_stream_proxy_set_local(ngx_stream_session_t *s, ngx_stream_upstream_t *u, |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
644 ngx_stream_upstream_local_t *local) |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
645 { |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
646 ngx_int_t rc; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
647 ngx_str_t val; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
648 ngx_addr_t *addr; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
649 |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
650 if (local == NULL) { |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
651 u->peer.local = NULL; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
652 return NGX_OK; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
653 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
654 |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
655 #if (NGX_HAVE_TRANSPARENT_PROXY) |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
656 u->peer.transparent = local->transparent; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
657 #endif |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
658 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
659 if (local->value == NULL) { |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
660 u->peer.local = local->addr; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
661 return NGX_OK; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
662 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
663 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
664 if (ngx_stream_complex_value(s, local->value, &val) != NGX_OK) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
665 return NGX_ERROR; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
666 } |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
667 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
668 if (val.len == 0) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
669 return NGX_OK; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
670 } |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
671 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
672 addr = ngx_palloc(s->connection->pool, sizeof(ngx_addr_t)); |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
673 if (addr == NULL) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
674 return NGX_ERROR; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
675 } |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
676 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
677 rc = ngx_parse_addr_port(s->connection->pool, addr, val.data, val.len); |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
678 if (rc == NGX_ERROR) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
679 return NGX_ERROR; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
680 } |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
681 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
682 if (rc != NGX_OK) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
683 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
684 "invalid local address \"%V\"", &val); |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
685 return NGX_OK; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
686 } |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
687 |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
688 addr->name = val; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
689 u->peer.local = addr; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
690 |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
691 return NGX_OK; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
692 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
693 |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
694 |
| 6115 | 695 static void |
| 696 ngx_stream_proxy_connect(ngx_stream_session_t *s) | |
| 697 { | |
| 698 ngx_int_t rc; | |
| 699 ngx_connection_t *c, *pc; | |
| 700 ngx_stream_upstream_t *u; | |
| 701 ngx_stream_proxy_srv_conf_t *pscf; | |
| 702 | |
| 703 c = s->connection; | |
| 704 | |
| 705 c->log->action = "connecting to upstream"; | |
| 706 | |
| 6692 | 707 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
| 708 | |
| 6115 | 709 u = s->upstream; |
| 710 | |
| 6692 | 711 u->connected = 0; |
| 712 u->proxy_protocol = pscf->proxy_protocol; | |
| 713 | |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
714 if (u->state) { |
|
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
715 u->state->response_time = ngx_current_msec - u->start_time; |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
716 } |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
717 |
|
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
718 u->state = ngx_array_push(s->upstream_states); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
719 if (u->state == NULL) { |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
720 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
721 return; |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
722 } |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
723 |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
724 ngx_memzero(u->state, sizeof(ngx_stream_upstream_state_t)); |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
725 |
|
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
726 u->start_time = ngx_current_msec; |
|
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
727 |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
728 u->state->connect_time = (ngx_msec_t) -1; |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
729 u->state->first_byte_time = (ngx_msec_t) -1; |
|
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
730 u->state->response_time = (ngx_msec_t) -1; |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
731 |
| 6115 | 732 rc = ngx_event_connect_peer(&u->peer); |
| 733 | |
| 734 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, "proxy connect: %i", rc); | |
| 735 | |
| 736 if (rc == NGX_ERROR) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
737 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 738 return; |
| 739 } | |
| 740 | |
|
6675
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
741 u->state->peer = u->peer.name; |
|
ab9b4fd8c5b7
Stream: the $upstream_addr variable.
Vladimir Homutov <vl@nginx.com>
parents:
6674
diff
changeset
|
742 |
| 6115 | 743 if (rc == NGX_BUSY) { |
| 744 ngx_log_error(NGX_LOG_ERR, c->log, 0, "no live upstreams"); | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
745 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
| 6115 | 746 return; |
| 747 } | |
| 748 | |
| 749 if (rc == NGX_DECLINED) { | |
| 750 ngx_stream_proxy_next_upstream(s); | |
| 751 return; | |
| 752 } | |
| 753 | |
| 754 /* rc == NGX_OK || rc == NGX_AGAIN || rc == NGX_DONE */ | |
| 755 | |
| 756 pc = u->peer.connection; | |
| 757 | |
| 758 pc->data = s; | |
| 759 pc->log = c->log; | |
| 760 pc->pool = c->pool; | |
| 761 pc->read->log = c->log; | |
| 762 pc->write->log = c->log; | |
| 763 | |
| 764 if (rc != NGX_AGAIN) { | |
| 765 ngx_stream_proxy_init_upstream(s); | |
| 766 return; | |
| 767 } | |
| 768 | |
| 769 pc->read->handler = ngx_stream_proxy_connect_handler; | |
| 770 pc->write->handler = ngx_stream_proxy_connect_handler; | |
| 771 | |
| 772 ngx_add_timer(pc->write, pscf->connect_timeout); | |
| 773 } | |
| 774 | |
| 775 | |
| 776 static void | |
| 777 ngx_stream_proxy_init_upstream(ngx_stream_session_t *s) | |
| 778 { | |
| 779 u_char *p; | |
| 6692 | 780 ngx_chain_t *cl; |
| 6115 | 781 ngx_connection_t *c, *pc; |
| 782 ngx_log_handler_pt handler; | |
| 783 ngx_stream_upstream_t *u; | |
|
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
784 ngx_stream_core_srv_conf_t *cscf; |
| 6115 | 785 ngx_stream_proxy_srv_conf_t *pscf; |
| 786 | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
787 u = s->upstream; |
|
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
788 pc = u->peer.connection; |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
789 |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
790 cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); |
|
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
791 |
| 6436 | 792 if (pc->type == SOCK_STREAM |
| 793 && cscf->tcp_nodelay | |
|
7007
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
794 && ngx_tcp_nodelay(pc) != NGX_OK) |
| 6436 | 795 { |
|
7007
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
796 ngx_stream_proxy_next_upstream(s); |
|
ed1101bbf19f
Introduced ngx_tcp_nodelay().
Ruslan Ermilov <ru@nginx.com>
parents:
6981
diff
changeset
|
797 return; |
|
6221
7565e056fad6
Stream: the "tcp_nodelay" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6217
diff
changeset
|
798 } |
| 6115 | 799 |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
800 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
| 6115 | 801 |
| 802 #if (NGX_STREAM_SSL) | |
| 6692 | 803 |
| 804 if (pc->type == SOCK_STREAM && pscf->ssl) { | |
| 805 | |
| 806 if (u->proxy_protocol) { | |
| 807 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { | |
| 808 return; | |
| 809 } | |
| 810 | |
| 811 u->proxy_protocol = 0; | |
| 812 } | |
| 813 | |
| 814 if (pc->ssl == NULL) { | |
| 815 ngx_stream_proxy_ssl_init_connection(s); | |
| 816 return; | |
| 817 } | |
| 6115 | 818 } |
| 6692 | 819 |
| 6115 | 820 #endif |
| 821 | |
| 822 c = s->connection; | |
| 823 | |
| 824 if (c->log->log_level >= NGX_LOG_INFO) { | |
|
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
825 ngx_str_t str; |
| 6115 | 826 u_char addr[NGX_SOCKADDR_STRLEN]; |
| 827 | |
|
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
828 str.len = NGX_SOCKADDR_STRLEN; |
|
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
829 str.data = addr; |
| 6115 | 830 |
|
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
831 if (ngx_connection_local_sockaddr(pc, &str, 1) == NGX_OK) { |
| 6115 | 832 handler = c->log->handler; |
| 833 c->log->handler = NULL; | |
| 834 | |
|
6461
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
835 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
836 "%sproxy %V connected to %V", |
|
a01e315b3a78
Stream: additional logging for UDP.
Vladimir Homutov <vl@nginx.com>
parents:
6436
diff
changeset
|
837 pc->type == SOCK_DGRAM ? "udp " : "", |
|
6230
2a621245f4cf
Win32: MSVC 2015 compatibility.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6222
diff
changeset
|
838 &str, u->peer.name); |
| 6115 | 839 |
| 840 c->log->handler = handler; | |
| 841 } | |
| 842 } | |
| 843 | |
|
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
844 u->state->connect_time = ngx_current_msec - u->start_time; |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
845 |
|
6863
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
846 if (u->peer.notify) { |
|
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
847 u->peer.notify(&u->peer, u->peer.data, |
|
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
848 NGX_STREAM_UPSTREAM_NOTIFY_CONNECT); |
|
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
849 } |
|
54cf51c4f07a
Stream: speed up TCP peer recovery.
Roman Arutyunyan <arut@nginx.com>
parents:
6786
diff
changeset
|
850 |
| 6436 | 851 if (u->upstream_buf.start == NULL) { |
| 852 p = ngx_pnalloc(c->pool, pscf->buffer_size); | |
| 853 if (p == NULL) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
854 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6436 | 855 return; |
| 856 } | |
| 857 | |
| 858 u->upstream_buf.start = p; | |
| 859 u->upstream_buf.end = p + pscf->buffer_size; | |
| 860 u->upstream_buf.pos = p; | |
| 861 u->upstream_buf.last = p; | |
| 6115 | 862 } |
| 863 | |
|
7665
d127837c714f
Stream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov <vl@nginx.com>
parents:
7505
diff
changeset
|
864 if (c->buffer && c->buffer->pos <= c->buffer->last) { |
| 6692 | 865 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
| 866 "stream proxy add preread buffer: %uz", | |
| 867 c->buffer->last - c->buffer->pos); | |
| 868 | |
| 869 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
| 870 if (cl == NULL) { | |
| 871 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 872 return; | |
| 873 } | |
| 874 | |
| 875 *cl->buf = *c->buffer; | |
| 876 | |
| 877 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
|
7665
d127837c714f
Stream: fixed processing of zero length UDP packets (ticket #1982).
Vladimir Homutov <vl@nginx.com>
parents:
7505
diff
changeset
|
878 cl->buf->temporary = (cl->buf->pos == cl->buf->last) ? 0 : 1; |
| 6692 | 879 cl->buf->flush = 1; |
| 880 | |
| 881 cl->next = u->upstream_out; | |
| 882 u->upstream_out = cl; | |
| 883 } | |
| 884 | |
| 885 if (u->proxy_protocol) { | |
| 886 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
| 887 "stream proxy add PROXY protocol header"); | |
| 888 | |
| 889 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
| 890 if (cl == NULL) { | |
| 891 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 892 return; | |
| 6436 | 893 } |
| 6692 | 894 |
| 895 p = ngx_pnalloc(c->pool, NGX_PROXY_PROTOCOL_MAX_HEADER); | |
| 896 if (p == NULL) { | |
| 897 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 898 return; | |
| 899 } | |
| 900 | |
| 901 cl->buf->pos = p; | |
| 902 | |
| 903 p = ngx_proxy_protocol_write(c, p, p + NGX_PROXY_PROTOCOL_MAX_HEADER); | |
| 904 if (p == NULL) { | |
| 905 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 906 return; | |
| 907 } | |
| 908 | |
| 909 cl->buf->last = p; | |
| 910 cl->buf->temporary = 1; | |
| 911 cl->buf->flush = 0; | |
| 912 cl->buf->last_buf = 0; | |
| 913 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
| 914 | |
| 915 cl->next = u->upstream_out; | |
| 916 u->upstream_out = cl; | |
| 917 | |
| 918 u->proxy_protocol = 0; | |
| 919 } | |
| 920 | |
|
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
921 u->upload_rate = ngx_stream_complex_value_size(s, pscf->upload_rate, 0); |
|
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
922 u->download_rate = ngx_stream_complex_value_size(s, pscf->download_rate, 0); |
|
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
923 |
|
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
924 u->connected = 1; |
|
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
925 |
| 6115 | 926 pc->read->handler = ngx_stream_proxy_upstream_handler; |
| 927 pc->write->handler = ngx_stream_proxy_upstream_handler; | |
| 928 | |
| 7286 | 929 if (pc->read->ready) { |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
930 ngx_post_event(pc->read, &ngx_posted_events); |
| 6115 | 931 } |
| 932 | |
| 933 ngx_stream_proxy_process(s, 0, 1); | |
| 934 } | |
| 935 | |
| 936 | |
| 6692 | 937 #if (NGX_STREAM_SSL) |
| 938 | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
939 static ngx_int_t |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
940 ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s) |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
941 { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
942 u_char *p; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
943 ssize_t n, size; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
944 ngx_connection_t *c, *pc; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
945 ngx_stream_upstream_t *u; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
946 ngx_stream_proxy_srv_conf_t *pscf; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
947 u_char buf[NGX_PROXY_PROTOCOL_MAX_HEADER]; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
948 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
949 c = s->connection; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
950 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
951 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
952 "stream proxy send PROXY protocol header"); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
953 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
954 p = ngx_proxy_protocol_write(c, buf, buf + NGX_PROXY_PROTOCOL_MAX_HEADER); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
955 if (p == NULL) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
956 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
957 return NGX_ERROR; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
958 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
959 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
960 u = s->upstream; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
961 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
962 pc = u->peer.connection; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
963 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
964 size = p - buf; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
965 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
966 n = pc->send(pc, buf, size); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
967 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
968 if (n == NGX_AGAIN) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
969 if (ngx_handle_write_event(pc->write, 0) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
970 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
971 return NGX_ERROR; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
972 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
973 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
974 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
975 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
976 ngx_add_timer(pc->write, pscf->timeout); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
977 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
978 pc->write->handler = ngx_stream_proxy_connect_handler; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
979 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
980 return NGX_AGAIN; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
981 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
982 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
983 if (n == NGX_ERROR) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
984 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
985 return NGX_ERROR; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
986 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
987 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
988 if (n != size) { |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
989 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
990 /* |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
991 * PROXY protocol specification: |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
992 * The sender must always ensure that the header |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
993 * is sent at once, so that the transport layer |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
994 * maintains atomicity along the path to the receiver. |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
995 */ |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
996 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
997 ngx_log_error(NGX_LOG_ERR, c->log, 0, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
998 "could not send PROXY protocol header at once"); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
999 |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1000 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1001 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1002 return NGX_ERROR; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1003 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1004 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1005 return NGX_OK; |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1006 } |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1007 |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
1008 |
| 6115 | 1009 static char * |
| 1010 ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 1011 void *conf) | |
| 1012 { | |
| 1013 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
| 1014 | |
| 1015 ngx_str_t *value; | |
| 1016 | |
| 1017 if (pscf->ssl_passwords != NGX_CONF_UNSET_PTR) { | |
| 1018 return "is duplicate"; | |
| 1019 } | |
| 1020 | |
| 1021 value = cf->args->elts; | |
| 1022 | |
| 1023 pscf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
| 1024 | |
| 1025 if (pscf->ssl_passwords == NULL) { | |
| 1026 return NGX_CONF_ERROR; | |
| 1027 } | |
| 1028 | |
| 1029 return NGX_CONF_OK; | |
| 1030 } | |
| 1031 | |
| 1032 | |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1033 static char * |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1034 ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1035 { |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1036 #ifndef SSL_CONF_FLAG_FILE |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1037 return "is not supported on this platform"; |
|
7787
7ce28b4cc57e
SSL: fixed build by Sun C with old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7731
diff
changeset
|
1038 #else |
|
7ce28b4cc57e
SSL: fixed build by Sun C with old OpenSSL versions.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7731
diff
changeset
|
1039 return NGX_CONF_OK; |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1040 #endif |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1041 } |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1042 |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
1043 |
| 6115 | 1044 static void |
| 1045 ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) | |
| 1046 { | |
| 1047 ngx_int_t rc; | |
| 1048 ngx_connection_t *pc; | |
| 1049 ngx_stream_upstream_t *u; | |
| 1050 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1051 | |
| 1052 u = s->upstream; | |
| 1053 | |
| 1054 pc = u->peer.connection; | |
| 1055 | |
| 1056 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1057 | |
| 1058 if (ngx_ssl_create_connection(pscf->ssl, pc, NGX_SSL_BUFFER|NGX_SSL_CLIENT) | |
| 1059 != NGX_OK) | |
| 1060 { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1061 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 1062 return; |
| 1063 } | |
| 1064 | |
| 1065 if (pscf->ssl_server_name || pscf->ssl_verify) { | |
| 1066 if (ngx_stream_proxy_ssl_name(s) != NGX_OK) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1067 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 1068 return; |
| 1069 } | |
| 1070 } | |
| 1071 | |
|
8042
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1072 if (pscf->ssl_certificate |
|
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1073 && pscf->ssl_certificate->value.len |
|
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1074 && (pscf->ssl_certificate->lengths |
|
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
1075 || pscf->ssl_certificate_key->lengths)) |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1076 { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1077 if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1078 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1079 return; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1080 } |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1081 } |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1082 |
| 6115 | 1083 if (pscf->ssl_session_reuse) { |
|
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1084 pc->ssl->save_session = ngx_stream_proxy_ssl_save_session; |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1085 |
| 6115 | 1086 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1087 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 6115 | 1088 return; |
| 1089 } | |
| 1090 } | |
| 1091 | |
| 1092 s->connection->log->action = "SSL handshaking to upstream"; | |
| 1093 | |
| 1094 rc = ngx_ssl_handshake(pc); | |
| 1095 | |
| 1096 if (rc == NGX_AGAIN) { | |
| 1097 | |
| 1098 if (!pc->write->timer_set) { | |
| 1099 ngx_add_timer(pc->write, pscf->connect_timeout); | |
| 1100 } | |
| 1101 | |
| 1102 pc->ssl->handler = ngx_stream_proxy_ssl_handshake; | |
| 1103 return; | |
| 1104 } | |
| 1105 | |
| 1106 ngx_stream_proxy_ssl_handshake(pc); | |
| 1107 } | |
| 1108 | |
| 1109 | |
| 1110 static void | |
| 1111 ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc) | |
| 1112 { | |
| 1113 long rc; | |
| 1114 ngx_stream_session_t *s; | |
| 1115 ngx_stream_upstream_t *u; | |
| 1116 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1117 | |
| 1118 s = pc->data; | |
| 1119 | |
| 1120 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1121 | |
| 1122 if (pc->ssl->handshaked) { | |
| 1123 | |
| 1124 if (pscf->ssl_verify) { | |
| 1125 rc = SSL_get_verify_result(pc->ssl->connection); | |
| 1126 | |
| 1127 if (rc != X509_V_OK) { | |
| 1128 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
| 1129 "upstream SSL certificate verify error: (%l:%s)", | |
| 1130 rc, X509_verify_cert_error_string(rc)); | |
| 1131 goto failed; | |
| 1132 } | |
| 1133 | |
| 1134 u = s->upstream; | |
| 1135 | |
| 1136 if (ngx_ssl_check_host(pc, &u->ssl_name) != NGX_OK) { | |
| 1137 ngx_log_error(NGX_LOG_ERR, pc->log, 0, | |
| 1138 "upstream SSL certificate does not match \"%V\"", | |
| 1139 &u->ssl_name); | |
| 1140 goto failed; | |
| 1141 } | |
| 1142 } | |
| 1143 | |
|
6258
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1144 if (pc->write->timer_set) { |
|
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1145 ngx_del_timer(pc->write); |
|
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1146 } |
|
4b4aee40c508
Stream: delete proxy connection timer after SSL handshake.
Ruslan Ermilov <ru@nginx.com>
parents:
6230
diff
changeset
|
1147 |
| 6115 | 1148 ngx_stream_proxy_init_upstream(s); |
| 1149 | |
| 1150 return; | |
| 1151 } | |
| 1152 | |
| 1153 failed: | |
| 1154 | |
| 1155 ngx_stream_proxy_next_upstream(s); | |
| 1156 } | |
| 1157 | |
| 1158 | |
|
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1159 static void |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1160 ngx_stream_proxy_ssl_save_session(ngx_connection_t *c) |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1161 { |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1162 ngx_stream_session_t *s; |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1163 ngx_stream_upstream_t *u; |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1164 |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1165 s = c->data; |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1166 u = s->upstream; |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1167 |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1168 u->peer.save_session(&u->peer, u->peer.data); |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1169 } |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1170 |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
1171 |
| 6115 | 1172 static ngx_int_t |
| 1173 ngx_stream_proxy_ssl_name(ngx_stream_session_t *s) | |
| 1174 { | |
| 1175 u_char *p, *last; | |
| 1176 ngx_str_t name; | |
| 1177 ngx_stream_upstream_t *u; | |
| 1178 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1179 | |
| 1180 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1181 | |
| 1182 u = s->upstream; | |
| 1183 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1184 if (pscf->ssl_name) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1185 if (ngx_stream_complex_value(s, pscf->ssl_name, &name) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1186 return NGX_ERROR; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1187 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1188 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1189 } else { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1190 name = u->ssl_name; |
| 6115 | 1191 } |
| 1192 | |
| 1193 if (name.len == 0) { | |
| 1194 goto done; | |
| 1195 } | |
| 1196 | |
| 1197 /* | |
| 1198 * ssl name here may contain port, strip it for compatibility | |
| 1199 * with the http module | |
| 1200 */ | |
| 1201 | |
| 1202 p = name.data; | |
| 1203 last = name.data + name.len; | |
| 1204 | |
| 1205 if (*p == '[') { | |
| 1206 p = ngx_strlchr(p, last, ']'); | |
| 1207 | |
| 1208 if (p == NULL) { | |
| 1209 p = name.data; | |
| 1210 } | |
| 1211 } | |
| 1212 | |
| 1213 p = ngx_strlchr(p, last, ':'); | |
| 1214 | |
| 1215 if (p != NULL) { | |
| 1216 name.len = p - name.data; | |
| 1217 } | |
| 1218 | |
| 1219 if (!pscf->ssl_server_name) { | |
| 1220 goto done; | |
| 1221 } | |
| 1222 | |
| 1223 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | |
| 1224 | |
| 1225 /* as per RFC 6066, literal IPv4 and IPv6 addresses are not permitted */ | |
| 1226 | |
| 1227 if (name.len == 0 || *name.data == '[') { | |
| 1228 goto done; | |
| 1229 } | |
| 1230 | |
| 1231 if (ngx_inet_addr(name.data, name.len) != INADDR_NONE) { | |
| 1232 goto done; | |
| 1233 } | |
| 1234 | |
| 1235 /* | |
| 1236 * SSL_set_tlsext_host_name() needs a null-terminated string, | |
| 1237 * hence we explicitly null-terminate name here | |
| 1238 */ | |
| 1239 | |
| 1240 p = ngx_pnalloc(s->connection->pool, name.len + 1); | |
| 1241 if (p == NULL) { | |
| 1242 return NGX_ERROR; | |
| 1243 } | |
| 1244 | |
| 1245 (void) ngx_cpystrn(p, name.data, name.len + 1); | |
| 1246 | |
| 1247 name.data = p; | |
| 1248 | |
| 1249 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1250 "upstream SSL server name: \"%s\"", name.data); | |
| 1251 | |
|
6777
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1252 if (SSL_set_tlsext_host_name(u->peer.connection->ssl->connection, |
|
563a1ee345a4
SSL: compatibility with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6703
diff
changeset
|
1253 (char *) name.data) |
| 6115 | 1254 == 0) |
| 1255 { | |
| 1256 ngx_ssl_error(NGX_LOG_ERR, s->connection->log, 0, | |
| 1257 "SSL_set_tlsext_host_name(\"%s\") failed", name.data); | |
| 1258 return NGX_ERROR; | |
| 1259 } | |
| 1260 | |
| 1261 #endif | |
| 1262 | |
| 1263 done: | |
| 1264 | |
| 1265 u->ssl_name = name; | |
| 1266 | |
| 1267 return NGX_OK; | |
| 1268 } | |
| 1269 | |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1270 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1271 static ngx_int_t |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1272 ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1273 { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1274 ngx_str_t cert, key; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1275 ngx_connection_t *c; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1276 ngx_stream_proxy_srv_conf_t *pscf; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1277 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1278 c = s->upstream->peer.connection; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1279 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1280 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1281 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1282 if (ngx_stream_complex_value(s, pscf->ssl_certificate, &cert) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1283 != NGX_OK) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1284 { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1285 return NGX_ERROR; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1286 } |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1287 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1288 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1289 "stream upstream ssl cert: \"%s\"", cert.data); |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1290 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1291 if (*cert.data == '\0') { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1292 return NGX_OK; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1293 } |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1294 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1295 if (ngx_stream_complex_value(s, pscf->ssl_certificate_key, &key) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1296 != NGX_OK) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1297 { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1298 return NGX_ERROR; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1299 } |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1300 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1301 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1302 "stream upstream ssl key: \"%s\"", key.data); |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1303 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1304 if (ngx_ssl_connection_certificate(c, c->pool, &cert, &key, |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1305 pscf->ssl_passwords) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1306 != NGX_OK) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1307 { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1308 return NGX_ERROR; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1309 } |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1310 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1311 return NGX_OK; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1312 } |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
1313 |
| 6115 | 1314 #endif |
| 1315 | |
| 1316 | |
| 1317 static void | |
| 1318 ngx_stream_proxy_downstream_handler(ngx_event_t *ev) | |
| 1319 { | |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1320 ngx_stream_proxy_process_connection(ev, ev->write); |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1321 } |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1322 |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1323 |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1324 static void |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1325 ngx_stream_proxy_resolve_handler(ngx_resolver_ctx_t *ctx) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1326 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1327 ngx_stream_session_t *s; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1328 ngx_stream_upstream_t *u; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1329 ngx_stream_proxy_srv_conf_t *pscf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1330 ngx_stream_upstream_resolved_t *ur; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1331 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1332 s = ctx->data; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1333 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1334 u = s->upstream; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1335 ur = u->resolved; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1336 |
|
6648
d43ee392e825
Stream: fixed build without stream_ssl_module (ticket #1032).
Vladimir Homutov <vl@nginx.com>
parents:
6643
diff
changeset
|
1337 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1338 "stream upstream resolve"); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1339 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1340 if (ctx->state) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1341 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1342 "%V could not be resolved (%i: %s)", |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1343 &ctx->name, ctx->state, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1344 ngx_resolver_strerror(ctx->state)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1345 |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1346 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1347 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1348 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1349 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1350 ur->naddrs = ctx->naddrs; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1351 ur->addrs = ctx->addrs; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1352 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1353 #if (NGX_DEBUG) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1354 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1355 u_char text[NGX_SOCKADDR_STRLEN]; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1356 ngx_str_t addr; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1357 ngx_uint_t i; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1358 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1359 addr.data = text; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1360 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1361 for (i = 0; i < ctx->naddrs; i++) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1362 addr.len = ngx_sock_ntop(ur->addrs[i].sockaddr, ur->addrs[i].socklen, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1363 text, NGX_SOCKADDR_STRLEN, 0); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1364 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1365 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1366 "name was resolved to %V", &addr); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1367 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1368 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1369 #endif |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1370 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1371 if (ngx_stream_upstream_create_round_robin_peer(s, ur) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1372 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1373 return; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1374 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1375 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1376 ngx_resolve_name_done(ctx); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1377 ur->ctx = NULL; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1378 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1379 u->peer.start_time = ngx_current_msec; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1380 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1381 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1382 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1383 if (pscf->next_upstream_tries |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1384 && u->peer.tries > pscf->next_upstream_tries) |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1385 { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1386 u->peer.tries = pscf->next_upstream_tries; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1387 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1388 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1389 ngx_stream_proxy_connect(s); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1390 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1391 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1392 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1393 static void |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1394 ngx_stream_proxy_upstream_handler(ngx_event_t *ev) |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1395 { |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1396 ngx_stream_proxy_process_connection(ev, !ev->write); |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1397 } |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1398 |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1399 |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1400 static void |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1401 ngx_stream_proxy_process_connection(ngx_event_t *ev, ngx_uint_t from_upstream) |
|
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1402 { |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1403 ngx_connection_t *c, *pc; |
| 7286 | 1404 ngx_log_handler_pt handler; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1405 ngx_stream_session_t *s; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1406 ngx_stream_upstream_t *u; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1407 ngx_stream_proxy_srv_conf_t *pscf; |
| 6115 | 1408 |
| 1409 c = ev->data; | |
| 1410 s = c->data; | |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1411 u = s->upstream; |
| 6115 | 1412 |
|
7156
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1413 if (c->close) { |
|
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1414 ngx_log_error(NGX_LOG_INFO, c->log, 0, "shutdown timeout"); |
|
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1415 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1416 return; |
|
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1417 } |
|
9c29644f6d03
Fixed worker_shutdown_timeout in various cases.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7105
diff
changeset
|
1418 |
| 6436 | 1419 c = s->connection; |
| 1420 pc = u->peer.connection; | |
| 1421 | |
| 1422 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1423 | |
| 6115 | 1424 if (ev->timedout) { |
| 6436 | 1425 ev->timedout = 0; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1426 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1427 if (ev->delayed) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1428 ev->delayed = 0; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1429 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1430 if (!ev->ready) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1431 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1432 ngx_stream_proxy_finalize(s, |
|
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1433 NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1434 return; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1435 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1436 |
| 6436 | 1437 if (u->connected && !c->read->delayed && !pc->read->delayed) { |
| 1438 ngx_add_timer(c->write, pscf->timeout); | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1439 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1440 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1441 return; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1442 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1443 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1444 } else { |
| 6436 | 1445 if (s->connection->type == SOCK_DGRAM) { |
|
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1446 |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1447 if (pscf->responses == NGX_MAX_INT32_VALUE |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1448 || (u->responses >= pscf->responses * u->requests)) |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1449 { |
| 6436 | 1450 |
| 1451 /* | |
| 1452 * successfully terminate timed out UDP session | |
|
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1453 * if expected number of responses was received |
| 6436 | 1454 */ |
| 1455 | |
| 7286 | 1456 handler = c->log->handler; |
| 1457 c->log->handler = NULL; | |
| 1458 | |
| 1459 ngx_log_error(NGX_LOG_INFO, c->log, 0, | |
| 1460 "udp timed out" | |
| 1461 ", packets from/to client:%ui/%ui" | |
| 1462 ", bytes from/to client:%O/%O" | |
| 1463 ", bytes from/to upstream:%O/%O", | |
| 1464 u->requests, u->responses, | |
| 1465 s->received, c->sent, u->received, | |
| 1466 pc ? pc->sent : 0); | |
| 1467 | |
| 1468 c->log->handler = handler; | |
| 1469 | |
| 1470 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); | |
| 6436 | 1471 return; |
| 1472 } | |
| 1473 | |
|
7105
0846dd76a487
Stream: fixed logging UDP upstream timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7098
diff
changeset
|
1474 ngx_connection_error(pc, NGX_ETIMEDOUT, "upstream timed out"); |
|
0846dd76a487
Stream: fixed logging UDP upstream timeout.
Roman Arutyunyan <arut@nginx.com>
parents:
7098
diff
changeset
|
1475 |
| 7286 | 1476 pc->read->error = 1; |
| 1477 | |
| 1478 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); | |
| 1479 | |
| 1480 return; | |
| 6436 | 1481 } |
| 1482 | |
| 7286 | 1483 ngx_connection_error(c, NGX_ETIMEDOUT, "connection timed out"); |
| 1484 | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1485 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
| 7286 | 1486 |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1487 return; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1488 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1489 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1490 } else if (ev->delayed) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1491 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1492 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1493 "stream connection delayed"); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1494 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1495 if (ngx_handle_read_event(ev, 0) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1496 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1497 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1498 |
| 6115 | 1499 return; |
| 1500 } | |
| 1501 | |
|
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1502 if (from_upstream && !u->connected) { |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1503 return; |
| 6115 | 1504 } |
| 1505 | |
|
6200
abee77018d3a
Stream: common handler for upstream and downstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
1506 ngx_stream_proxy_process(s, from_upstream, ev->write); |
| 6115 | 1507 } |
| 1508 | |
| 1509 | |
| 1510 static void | |
| 1511 ngx_stream_proxy_connect_handler(ngx_event_t *ev) | |
| 1512 { | |
| 1513 ngx_connection_t *c; | |
| 1514 ngx_stream_session_t *s; | |
| 1515 | |
| 1516 c = ev->data; | |
| 1517 s = c->data; | |
| 1518 | |
| 1519 if (ev->timedout) { | |
| 1520 ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out"); | |
| 1521 ngx_stream_proxy_next_upstream(s); | |
| 1522 return; | |
| 1523 } | |
| 1524 | |
| 1525 ngx_del_timer(c->write); | |
| 1526 | |
| 1527 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, | |
| 1528 "stream proxy connect upstream"); | |
| 1529 | |
| 1530 if (ngx_stream_proxy_test_connect(c) != NGX_OK) { | |
| 1531 ngx_stream_proxy_next_upstream(s); | |
| 1532 return; | |
| 1533 } | |
| 1534 | |
| 1535 ngx_stream_proxy_init_upstream(s); | |
| 1536 } | |
| 1537 | |
| 1538 | |
| 1539 static ngx_int_t | |
| 1540 ngx_stream_proxy_test_connect(ngx_connection_t *c) | |
| 1541 { | |
| 1542 int err; | |
| 1543 socklen_t len; | |
| 1544 | |
| 1545 #if (NGX_HAVE_KQUEUE) | |
| 1546 | |
| 1547 if (ngx_event_flags & NGX_USE_KQUEUE_EVENT) { | |
| 1548 err = c->write->kq_errno ? c->write->kq_errno : c->read->kq_errno; | |
| 1549 | |
| 1550 if (err) { | |
| 1551 (void) ngx_connection_error(c, err, | |
| 1552 "kevent() reported that connect() failed"); | |
| 1553 return NGX_ERROR; | |
| 1554 } | |
| 1555 | |
| 1556 } else | |
| 1557 #endif | |
| 1558 { | |
| 1559 err = 0; | |
| 1560 len = sizeof(int); | |
| 1561 | |
| 1562 /* | |
| 1563 * BSDs and Linux return 0 and set a pending error in err | |
| 1564 * Solaris returns -1 and sets errno | |
| 1565 */ | |
| 1566 | |
| 1567 if (getsockopt(c->fd, SOL_SOCKET, SO_ERROR, (void *) &err, &len) | |
| 1568 == -1) | |
| 1569 { | |
| 1570 err = ngx_socket_errno; | |
| 1571 } | |
| 1572 | |
| 1573 if (err) { | |
| 1574 (void) ngx_connection_error(c, err, "connect() failed"); | |
| 1575 return NGX_ERROR; | |
| 1576 } | |
| 1577 } | |
| 1578 | |
| 1579 return NGX_OK; | |
| 1580 } | |
| 1581 | |
| 1582 | |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1583 static void |
| 6115 | 1584 ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, |
| 1585 ngx_uint_t do_write) | |
| 1586 { | |
|
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1587 char *recv_action, *send_action; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1588 off_t *received, limit; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1589 size_t size, limit_rate; |
| 6115 | 1590 ssize_t n; |
| 1591 ngx_buf_t *b; | |
| 6692 | 1592 ngx_int_t rc; |
| 7286 | 1593 ngx_uint_t flags, *packets; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1594 ngx_msec_t delay; |
| 6692 | 1595 ngx_chain_t *cl, **ll, **out, **busy; |
| 6115 | 1596 ngx_connection_t *c, *pc, *src, *dst; |
| 1597 ngx_log_handler_pt handler; | |
| 1598 ngx_stream_upstream_t *u; | |
| 1599 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1600 | |
| 1601 u = s->upstream; | |
| 1602 | |
| 1603 c = s->connection; | |
|
6202
6345822f0abb
Stream: upstream "connected" flag.
Roman Arutyunyan <arut@nginx.com>
parents:
6201
diff
changeset
|
1604 pc = u->connected ? u->peer.connection : NULL; |
| 6115 | 1605 |
| 6436 | 1606 if (c->type == SOCK_DGRAM && (ngx_terminate || ngx_exiting)) { |
| 1607 | |
| 1608 /* socket is already closed on worker shutdown */ | |
| 1609 | |
| 1610 handler = c->log->handler; | |
| 1611 c->log->handler = NULL; | |
| 1612 | |
| 1613 ngx_log_error(NGX_LOG_INFO, c->log, 0, "disconnected on shutdown"); | |
| 1614 | |
| 1615 c->log->handler = handler; | |
| 1616 | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1617 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
| 6436 | 1618 return; |
| 1619 } | |
| 1620 | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1621 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1622 |
| 6115 | 1623 if (from_upstream) { |
| 1624 src = pc; | |
| 1625 dst = c; | |
| 1626 b = &u->upstream_buf; | |
|
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
1627 limit_rate = u->download_rate; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1628 received = &u->received; |
| 7286 | 1629 packets = &u->responses; |
| 6692 | 1630 out = &u->downstream_out; |
| 1631 busy = &u->downstream_busy; | |
|
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1632 recv_action = "proxying and reading from upstream"; |
|
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1633 send_action = "proxying and sending to client"; |
| 6115 | 1634 |
| 1635 } else { | |
| 1636 src = c; | |
| 1637 dst = pc; | |
| 1638 b = &u->downstream_buf; | |
|
7505
16a1adadf437
Variables support in proxy_upload_rate and proxy_download_rate.
Ruslan Ermilov <ru@nginx.com>
parents:
7473
diff
changeset
|
1639 limit_rate = u->upload_rate; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1640 received = &s->received; |
| 7286 | 1641 packets = &u->requests; |
| 6692 | 1642 out = &u->upstream_out; |
| 1643 busy = &u->upstream_busy; | |
|
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1644 recv_action = "proxying and reading from client"; |
|
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1645 send_action = "proxying and sending to upstream"; |
| 6115 | 1646 } |
| 1647 | |
| 1648 for ( ;; ) { | |
| 1649 | |
| 6692 | 1650 if (do_write && dst) { |
| 1651 | |
| 1652 if (*out || *busy || dst->buffered) { | |
|
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1653 c->log->action = send_action; |
|
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1654 |
| 6692 | 1655 rc = ngx_stream_top_filter(s, *out, from_upstream); |
| 1656 | |
| 1657 if (rc == NGX_ERROR) { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1658 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1659 return; |
| 6115 | 1660 } |
| 1661 | |
| 6692 | 1662 ngx_chain_update_chains(c->pool, &u->free, busy, out, |
| 1663 (ngx_buf_tag_t) &ngx_stream_proxy_module); | |
| 1664 | |
| 1665 if (*busy == NULL) { | |
| 1666 b->pos = b->start; | |
| 1667 b->last = b->start; | |
| 6115 | 1668 } |
| 1669 } | |
| 1670 } | |
| 1671 | |
| 1672 size = b->end - b->last; | |
| 1673 | |
|
6868
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1674 if (size && src->read->ready && !src->read->delayed |
|
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1675 && !src->read->error) |
|
ee3645078759
Stream: avoid infinite loop in case of socket read error.
Vladimir Homutov <vl@nginx.com>
parents:
6863
diff
changeset
|
1676 { |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1677 if (limit_rate) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1678 limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1) |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1679 - *received; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1680 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1681 if (limit <= 0) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1682 src->read->delayed = 1; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1683 delay = (ngx_msec_t) (- limit * 1000 / limit_rate + 1); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1684 ngx_add_timer(src->read, delay); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1685 break; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1686 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1687 |
|
7441
8acaa1161783
Stream: do not split datagrams when limiting proxy rate.
Roman Arutyunyan <arut@nginx.com>
parents:
7440
diff
changeset
|
1688 if (c->type == SOCK_STREAM && (off_t) size > limit) { |
|
6203
fdfdcad62875
Stream: fixed MSVC compilation warning.
Roman Arutyunyan <arut@nginx.com>
parents:
6202
diff
changeset
|
1689 size = (size_t) limit; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1690 } |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1691 } |
| 6115 | 1692 |
|
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1693 c->log->action = recv_action; |
|
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1694 |
| 6115 | 1695 n = src->recv(src, b->last, size); |
| 1696 | |
| 6692 | 1697 if (n == NGX_AGAIN) { |
| 6115 | 1698 break; |
| 1699 } | |
| 1700 | |
| 6692 | 1701 if (n == NGX_ERROR) { |
| 1702 src->read->eof = 1; | |
| 1703 n = 0; | |
| 1704 } | |
| 1705 | |
| 1706 if (n >= 0) { | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1707 if (limit_rate) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1708 delay = (ngx_msec_t) (n * 1000 / limit_rate); |
| 6115 | 1709 |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1710 if (delay > 0) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1711 src->read->delayed = 1; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1712 ngx_add_timer(src->read, delay); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1713 } |
| 6115 | 1714 } |
| 1715 | |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1716 if (from_upstream) { |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1717 if (u->state->first_byte_time == (ngx_msec_t) -1) { |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1718 u->state->first_byte_time = ngx_current_msec |
|
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1719 - u->start_time; |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1720 } |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1721 } |
|
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1722 |
| 6692 | 1723 for (ll = out; *ll; ll = &(*ll)->next) { /* void */ } |
| 1724 | |
| 1725 cl = ngx_chain_get_free_buf(c->pool, &u->free); | |
| 1726 if (cl == NULL) { | |
| 1727 ngx_stream_proxy_finalize(s, | |
| 1728 NGX_STREAM_INTERNAL_SERVER_ERROR); | |
| 1729 return; | |
| 1730 } | |
| 1731 | |
| 1732 *ll = cl; | |
| 1733 | |
| 1734 cl->buf->pos = b->last; | |
| 1735 cl->buf->last = b->last + n; | |
| 1736 cl->buf->tag = (ngx_buf_tag_t) &ngx_stream_proxy_module; | |
| 1737 | |
| 1738 cl->buf->temporary = (n ? 1 : 0); | |
| 1739 cl->buf->last_buf = src->read->eof; | |
| 1740 cl->buf->flush = 1; | |
| 1741 | |
| 7286 | 1742 (*packets)++; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1743 *received += n; |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1744 b->last += n; |
| 6115 | 1745 do_write = 1; |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1746 |
| 6115 | 1747 continue; |
| 1748 } | |
| 1749 } | |
| 1750 | |
| 1751 break; | |
| 1752 } | |
| 1753 | |
|
7250
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1754 c->log->action = "proxying connection"; |
|
ec4d95eed062
Stream: set action before each recv/send while proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7174
diff
changeset
|
1755 |
|
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1756 if (ngx_stream_proxy_test_finalize(s, from_upstream) == NGX_OK) { |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1757 return; |
| 6115 | 1758 } |
| 1759 | |
|
6124
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1760 flags = src->read->eof ? NGX_CLOSE_EVENT : 0; |
|
f1f222db290b
Stream: prevent repeated event notifications after eof.
Roman Arutyunyan <arut@nginx.com>
parents:
6115
diff
changeset
|
1761 |
|
7440
6d4bc025c5a7
Prevented scheduling events on a shared connection.
Roman Arutyunyan <arut@nginx.com>
parents:
7397
diff
changeset
|
1762 if (ngx_handle_read_event(src->read, flags) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1763 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1764 return; |
| 6115 | 1765 } |
| 1766 | |
| 1767 if (dst) { | |
|
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1768 |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1769 if (dst->type == SOCK_STREAM && pscf->half_close |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1770 && src->read->eof && !u->half_closed && !dst->buffered) |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1771 { |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1772 if (ngx_shutdown_socket(dst->fd, NGX_WRITE_SHUTDOWN) == -1) { |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1773 ngx_connection_error(c, ngx_socket_errno, |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1774 ngx_shutdown_socket_n " failed"); |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1775 |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1776 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1777 return; |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1778 } |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1779 |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1780 u->half_closed = 1; |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1781 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1782 "stream proxy %s socket shutdown", |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1783 from_upstream ? "client" : "upstream"); |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1784 } |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1785 |
|
7440
6d4bc025c5a7
Prevented scheduling events on a shared connection.
Roman Arutyunyan <arut@nginx.com>
parents:
7397
diff
changeset
|
1786 if (ngx_handle_write_event(dst->write, 0) != NGX_OK) { |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1787 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
|
6435
d1c791479bbb
Stream: post first read events from client and upstream.
Roman Arutyunyan <arut@nginx.com>
parents:
6393
diff
changeset
|
1788 return; |
| 6115 | 1789 } |
| 1790 | |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1791 if (!c->read->delayed && !pc->read->delayed) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1792 ngx_add_timer(c->write, pscf->timeout); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1793 |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1794 } else if (c->write->timer_set) { |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1795 ngx_del_timer(c->write); |
|
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
1796 } |
| 6115 | 1797 } |
| 1798 } | |
| 1799 | |
| 1800 | |
|
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1801 static ngx_int_t |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1802 ngx_stream_proxy_test_finalize(ngx_stream_session_t *s, |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1803 ngx_uint_t from_upstream) |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1804 { |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1805 ngx_connection_t *c, *pc; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1806 ngx_log_handler_pt handler; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1807 ngx_stream_upstream_t *u; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1808 ngx_stream_proxy_srv_conf_t *pscf; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1809 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1810 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1811 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1812 c = s->connection; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1813 u = s->upstream; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1814 pc = u->connected ? u->peer.connection : NULL; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1815 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1816 if (c->type == SOCK_DGRAM) { |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1817 |
|
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1818 if (pscf->requests && u->requests < pscf->requests) { |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1819 return NGX_DECLINED; |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1820 } |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1821 |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1822 if (pscf->requests) { |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1823 ngx_delete_udp_connection(c); |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1824 } |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
1825 |
|
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1826 if (pscf->responses == NGX_MAX_INT32_VALUE |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1827 || u->responses < pscf->responses * u->requests) |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1828 { |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1829 return NGX_DECLINED; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1830 } |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1831 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1832 if (pc == NULL || c->buffered || pc->buffered) { |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1833 return NGX_DECLINED; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1834 } |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1835 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1836 handler = c->log->handler; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1837 c->log->handler = NULL; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1838 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1839 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1840 "udp done" |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1841 ", packets from/to client:%ui/%ui" |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1842 ", bytes from/to client:%O/%O" |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1843 ", bytes from/to upstream:%O/%O", |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1844 u->requests, u->responses, |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1845 s->received, c->sent, u->received, pc ? pc->sent : 0); |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1846 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1847 c->log->handler = handler; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1848 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1849 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1850 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1851 return NGX_OK; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1852 } |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1853 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1854 /* c->type == SOCK_STREAM */ |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1855 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1856 if (pc == NULL |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1857 || (!c->read->eof && !pc->read->eof) |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1858 || (!c->read->eof && c->buffered) |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1859 || (!pc->read->eof && pc->buffered)) |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1860 { |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1861 return NGX_DECLINED; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1862 } |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1863 |
|
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1864 if (pscf->half_close) { |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1865 /* avoid closing live connections until both read ends get EOF */ |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1866 if (!(c->read->eof && pc->read->eof && !c->buffered && !pc->buffered)) { |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1867 return NGX_DECLINED; |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1868 } |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1869 } |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
1870 |
|
7392
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1871 handler = c->log->handler; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1872 c->log->handler = NULL; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1873 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1874 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1875 "%s disconnected" |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1876 ", bytes from/to client:%O/%O" |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1877 ", bytes from/to upstream:%O/%O", |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1878 from_upstream ? "upstream" : "client", |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1879 s->received, c->sent, u->received, pc ? pc->sent : 0); |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1880 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1881 c->log->handler = handler; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1882 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1883 ngx_stream_proxy_finalize(s, NGX_STREAM_OK); |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1884 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1885 return NGX_OK; |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1886 } |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1887 |
|
04ff25798002
Stream: session completion check code moved to a separate function.
Vladimir Homutov <vl@nginx.com>
parents:
7371
diff
changeset
|
1888 |
| 6115 | 1889 static void |
| 1890 ngx_stream_proxy_next_upstream(ngx_stream_session_t *s) | |
| 1891 { | |
| 1892 ngx_msec_t timeout; | |
| 1893 ngx_connection_t *pc; | |
| 1894 ngx_stream_upstream_t *u; | |
| 1895 ngx_stream_proxy_srv_conf_t *pscf; | |
| 1896 | |
| 1897 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1898 "stream proxy next upstream"); | |
| 1899 | |
| 1900 u = s->upstream; | |
| 6692 | 1901 pc = u->peer.connection; |
| 1902 | |
|
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1903 if (pc && pc->buffered) { |
| 6692 | 1904 ngx_log_error(NGX_LOG_ERR, s->connection->log, 0, |
|
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1905 "buffered data on next upstream"); |
| 6692 | 1906 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
| 1907 return; | |
| 1908 } | |
| 6115 | 1909 |
|
7098
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1910 if (s->connection->type == SOCK_DGRAM) { |
|
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1911 u->upstream_out = NULL; |
|
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1912 } |
|
7bfbf73db920
Stream: relaxed next upstream condition (ticket #1317).
Roman Arutyunyan <arut@nginx.com>
parents:
7007
diff
changeset
|
1913 |
| 6115 | 1914 if (u->peer.sockaddr) { |
| 1915 u->peer.free(&u->peer, u->peer.data, NGX_PEER_FAILED); | |
| 1916 u->peer.sockaddr = NULL; | |
| 1917 } | |
| 1918 | |
| 1919 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | |
| 1920 | |
| 1921 timeout = pscf->next_upstream_timeout; | |
| 1922 | |
| 1923 if (u->peer.tries == 0 | |
| 1924 || !pscf->next_upstream | |
| 1925 || (timeout && ngx_current_msec - u->peer.start_time >= timeout)) | |
| 1926 { | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1927 ngx_stream_proxy_finalize(s, NGX_STREAM_BAD_GATEWAY); |
| 6115 | 1928 return; |
| 1929 } | |
| 1930 | |
| 1931 if (pc) { | |
| 1932 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1933 "close proxy upstream connection: %d", pc->fd); | |
| 1934 | |
| 1935 #if (NGX_STREAM_SSL) | |
| 1936 if (pc->ssl) { | |
| 1937 pc->ssl->no_wait_shutdown = 1; | |
| 1938 pc->ssl->no_send_shutdown = 1; | |
| 1939 | |
| 1940 (void) ngx_ssl_shutdown(pc); | |
| 1941 } | |
| 1942 #endif | |
| 1943 | |
|
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1944 u->state->bytes_received = u->received; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1945 u->state->bytes_sent = pc->sent; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1946 |
| 6115 | 1947 ngx_close_connection(pc); |
| 1948 u->peer.connection = NULL; | |
| 1949 } | |
| 1950 | |
| 1951 ngx_stream_proxy_connect(s); | |
| 1952 } | |
| 1953 | |
| 1954 | |
| 1955 static void | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
1956 ngx_stream_proxy_finalize(ngx_stream_session_t *s, ngx_uint_t rc) |
| 6115 | 1957 { |
| 7286 | 1958 ngx_uint_t state; |
| 6115 | 1959 ngx_connection_t *pc; |
| 1960 ngx_stream_upstream_t *u; | |
| 1961 | |
| 1962 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 1963 "finalize stream proxy: %i", rc); | |
| 1964 | |
| 1965 u = s->upstream; | |
| 1966 | |
| 1967 if (u == NULL) { | |
| 1968 goto noupstream; | |
| 1969 } | |
| 1970 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1971 if (u->resolved && u->resolved->ctx) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1972 ngx_resolve_name_done(u->resolved->ctx); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1973 u->resolved->ctx = NULL; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1974 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
1975 |
|
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1976 pc = u->peer.connection; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1977 |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1978 if (u->state) { |
|
7397
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1979 if (u->state->response_time == (ngx_msec_t) -1) { |
|
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1980 u->state->response_time = ngx_current_msec - u->start_time; |
|
860d3907da1c
Upstream: revised upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
7393
diff
changeset
|
1981 } |
|
6677
c02290241cbe
Stream: upstream response time variables.
Vladimir Homutov <vl@nginx.com>
parents:
6676
diff
changeset
|
1982 |
|
6676
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1983 if (pc) { |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1984 u->state->bytes_received = u->received; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1985 u->state->bytes_sent = pc->sent; |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1986 } |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1987 } |
|
df3a7c029dec
Stream: $upstream_bytes_sent and $upstream_bytes_received.
Vladimir Homutov <vl@nginx.com>
parents:
6675
diff
changeset
|
1988 |
| 6115 | 1989 if (u->peer.free && u->peer.sockaddr) { |
| 7286 | 1990 state = 0; |
| 1991 | |
| 1992 if (pc && pc->type == SOCK_DGRAM | |
| 1993 && (pc->read->error || pc->write->error)) | |
| 1994 { | |
| 1995 state = NGX_PEER_FAILED; | |
| 1996 } | |
| 1997 | |
| 1998 u->peer.free(&u->peer, u->peer.data, state); | |
| 6115 | 1999 u->peer.sockaddr = NULL; |
| 2000 } | |
| 2001 | |
| 2002 if (pc) { | |
| 2003 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0, | |
| 2004 "close stream proxy upstream connection: %d", pc->fd); | |
| 2005 | |
| 2006 #if (NGX_STREAM_SSL) | |
| 2007 if (pc->ssl) { | |
| 2008 pc->ssl->no_wait_shutdown = 1; | |
| 2009 (void) ngx_ssl_shutdown(pc); | |
| 2010 } | |
| 2011 #endif | |
| 2012 | |
| 2013 ngx_close_connection(pc); | |
| 2014 u->peer.connection = NULL; | |
| 2015 } | |
| 2016 | |
| 2017 noupstream: | |
| 2018 | |
|
6674
38143d1abdec
Stream: the $status variable.
Roman Arutyunyan <arut@nginx.com>
parents:
6648
diff
changeset
|
2019 ngx_stream_finalize_session(s, rc); |
| 6115 | 2020 } |
| 2021 | |
| 2022 | |
| 2023 static u_char * | |
| 2024 ngx_stream_proxy_log_error(ngx_log_t *log, u_char *buf, size_t len) | |
| 2025 { | |
| 2026 u_char *p; | |
| 2027 ngx_connection_t *pc; | |
| 2028 ngx_stream_session_t *s; | |
| 2029 ngx_stream_upstream_t *u; | |
| 2030 | |
| 2031 s = log->data; | |
| 2032 | |
| 2033 u = s->upstream; | |
| 2034 | |
| 2035 p = buf; | |
| 2036 | |
| 2037 if (u->peer.name) { | |
| 2038 p = ngx_snprintf(p, len, ", upstream: \"%V\"", u->peer.name); | |
| 2039 len -= p - buf; | |
| 2040 } | |
| 2041 | |
| 2042 pc = u->peer.connection; | |
| 2043 | |
| 2044 p = ngx_snprintf(p, len, | |
| 2045 ", bytes from/to client:%O/%O" | |
| 2046 ", bytes from/to upstream:%O/%O", | |
| 2047 s->received, s->connection->sent, | |
| 2048 u->received, pc ? pc->sent : 0); | |
| 2049 | |
| 2050 return p; | |
| 2051 } | |
| 2052 | |
| 2053 | |
| 2054 static void * | |
| 2055 ngx_stream_proxy_create_srv_conf(ngx_conf_t *cf) | |
| 2056 { | |
| 2057 ngx_stream_proxy_srv_conf_t *conf; | |
| 2058 | |
| 2059 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_proxy_srv_conf_t)); | |
| 2060 if (conf == NULL) { | |
| 2061 return NULL; | |
| 2062 } | |
| 2063 | |
| 2064 /* | |
| 2065 * set by ngx_pcalloc(): | |
| 2066 * | |
| 2067 * conf->ssl_protocols = 0; | |
| 2068 * conf->ssl_ciphers = { 0, NULL }; | |
| 2069 * conf->ssl_trusted_certificate = { 0, NULL }; | |
| 2070 * conf->ssl_crl = { 0, NULL }; | |
| 2071 * | |
| 2072 * conf->ssl = NULL; | |
| 2073 * conf->upstream = NULL; | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2074 * conf->upstream_value = NULL; |
| 6115 | 2075 */ |
| 2076 | |
| 2077 conf->connect_timeout = NGX_CONF_UNSET_MSEC; | |
| 2078 conf->timeout = NGX_CONF_UNSET_MSEC; | |
| 2079 conf->next_upstream_timeout = NGX_CONF_UNSET_MSEC; | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2080 conf->buffer_size = NGX_CONF_UNSET_SIZE; |
|
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2081 conf->upload_rate = NGX_CONF_UNSET_PTR; |
|
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2082 conf->download_rate = NGX_CONF_UNSET_PTR; |
|
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2083 conf->requests = NGX_CONF_UNSET_UINT; |
| 6436 | 2084 conf->responses = NGX_CONF_UNSET_UINT; |
| 6115 | 2085 conf->next_upstream_tries = NGX_CONF_UNSET_UINT; |
| 2086 conf->next_upstream = NGX_CONF_UNSET; | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2087 conf->proxy_protocol = NGX_CONF_UNSET; |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2088 conf->local = NGX_CONF_UNSET_PTR; |
|
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2089 conf->socket_keepalive = NGX_CONF_UNSET; |
|
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2090 conf->half_close = NGX_CONF_UNSET; |
| 6115 | 2091 |
| 2092 #if (NGX_STREAM_SSL) | |
| 2093 conf->ssl_enable = NGX_CONF_UNSET; | |
| 2094 conf->ssl_session_reuse = NGX_CONF_UNSET; | |
|
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2095 conf->ssl_name = NGX_CONF_UNSET_PTR; |
| 6115 | 2096 conf->ssl_server_name = NGX_CONF_UNSET; |
| 2097 conf->ssl_verify = NGX_CONF_UNSET; | |
| 2098 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2099 conf->ssl_certificate = NGX_CONF_UNSET_PTR; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2100 conf->ssl_certificate_key = NGX_CONF_UNSET_PTR; |
| 6115 | 2101 conf->ssl_passwords = NGX_CONF_UNSET_PTR; |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2102 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; |
| 6115 | 2103 #endif |
| 2104 | |
| 2105 return conf; | |
| 2106 } | |
| 2107 | |
| 2108 | |
| 2109 static char * | |
| 2110 ngx_stream_proxy_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
| 2111 { | |
| 2112 ngx_stream_proxy_srv_conf_t *prev = parent; | |
| 2113 ngx_stream_proxy_srv_conf_t *conf = child; | |
| 2114 | |
| 2115 ngx_conf_merge_msec_value(conf->connect_timeout, | |
| 2116 prev->connect_timeout, 60000); | |
| 2117 | |
| 2118 ngx_conf_merge_msec_value(conf->timeout, | |
| 2119 prev->timeout, 10 * 60000); | |
| 2120 | |
| 2121 ngx_conf_merge_msec_value(conf->next_upstream_timeout, | |
| 2122 prev->next_upstream_timeout, 0); | |
| 2123 | |
|
6215
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2124 ngx_conf_merge_size_value(conf->buffer_size, |
|
8ee6a08ea3eb
Stream: added proxy_buffer_size to set the size of data buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
6208
diff
changeset
|
2125 prev->buffer_size, 16384); |
| 6115 | 2126 |
|
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2127 ngx_conf_merge_ptr_value(conf->upload_rate, prev->upload_rate, NULL); |
|
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2128 |
|
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2129 ngx_conf_merge_ptr_value(conf->download_rate, prev->download_rate, NULL); |
|
6201
24488e6db782
Stream: upstream and downstream limit rates.
Roman Arutyunyan <arut@nginx.com>
parents:
6200
diff
changeset
|
2130 |
|
7393
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2131 ngx_conf_merge_uint_value(conf->requests, |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2132 prev->requests, 0); |
|
4698cede59ff
Stream: proxy_requests directive.
Vladimir Homutov <vl@nginx.com>
parents:
7392
diff
changeset
|
2133 |
| 6436 | 2134 ngx_conf_merge_uint_value(conf->responses, |
| 2135 prev->responses, NGX_MAX_INT32_VALUE); | |
| 2136 | |
| 6115 | 2137 ngx_conf_merge_uint_value(conf->next_upstream_tries, |
| 2138 prev->next_upstream_tries, 0); | |
| 2139 | |
| 2140 ngx_conf_merge_value(conf->next_upstream, prev->next_upstream, 1); | |
| 2141 | |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2142 ngx_conf_merge_value(conf->proxy_protocol, prev->proxy_protocol, 0); |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
6183
diff
changeset
|
2143 |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2144 ngx_conf_merge_ptr_value(conf->local, prev->local, NULL); |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2145 |
|
7371
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2146 ngx_conf_merge_value(conf->socket_keepalive, |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2147 prev->socket_keepalive, 0); |
|
8b68d50090e4
Upstream: proxy_socket_keepalive and friends.
Vladimir Homutov <vl@nginx.com>
parents:
7320
diff
changeset
|
2148 |
|
7929
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2149 ngx_conf_merge_value(conf->half_close, prev->half_close, 0); |
|
bfad703459b4
Stream: added half-close support.
Vladimir Homutov <vl@nginx.com>
parents:
7904
diff
changeset
|
2150 |
| 6115 | 2151 #if (NGX_STREAM_SSL) |
| 2152 | |
| 2153 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); | |
| 2154 | |
| 2155 ngx_conf_merge_value(conf->ssl_session_reuse, | |
| 2156 prev->ssl_session_reuse, 1); | |
| 2157 | |
| 2158 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | |
|
6157
b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6124
diff
changeset
|
2159 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |
|
b2899e7d0ef8
Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6124
diff
changeset
|
2160 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
| 6115 | 2161 |
| 2162 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT"); | |
| 2163 | |
|
7831
bdd4d89370a7
Changed complex value slots to use NGX_CONF_UNSET_PTR.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7787
diff
changeset
|
2164 ngx_conf_merge_ptr_value(conf->ssl_name, prev->ssl_name, NULL); |
| 6115 | 2165 |
| 2166 ngx_conf_merge_value(conf->ssl_server_name, prev->ssl_server_name, 0); | |
| 2167 | |
| 2168 ngx_conf_merge_value(conf->ssl_verify, prev->ssl_verify, 0); | |
| 2169 | |
| 2170 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
| 2171 prev->ssl_verify_depth, 1); | |
| 2172 | |
| 2173 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
| 2174 prev->ssl_trusted_certificate, ""); | |
| 2175 | |
| 2176 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
| 2177 | |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2178 ngx_conf_merge_ptr_value(conf->ssl_certificate, |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2179 prev->ssl_certificate, NULL); |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2180 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2181 ngx_conf_merge_ptr_value(conf->ssl_certificate_key, |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2182 prev->ssl_certificate_key, NULL); |
| 6115 | 2183 |
| 2184 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | |
| 2185 | |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2186 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2187 prev->ssl_conf_commands, NULL); |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2188 |
| 6115 | 2189 if (conf->ssl_enable && ngx_stream_proxy_set_ssl(cf, conf) != NGX_OK) { |
| 2190 return NGX_CONF_ERROR; | |
| 2191 } | |
| 2192 | |
| 2193 #endif | |
| 2194 | |
| 2195 return NGX_CONF_OK; | |
| 2196 } | |
| 2197 | |
| 2198 | |
| 2199 #if (NGX_STREAM_SSL) | |
| 2200 | |
| 2201 static ngx_int_t | |
| 2202 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) | |
| 2203 { | |
| 2204 ngx_pool_cleanup_t *cln; | |
| 2205 | |
| 2206 pscf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); | |
| 2207 if (pscf->ssl == NULL) { | |
| 2208 return NGX_ERROR; | |
| 2209 } | |
| 2210 | |
| 2211 pscf->ssl->log = cf->log; | |
| 2212 | |
| 2213 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { | |
| 2214 return NGX_ERROR; | |
| 2215 } | |
| 2216 | |
| 2217 cln = ngx_pool_cleanup_add(cf->pool, 0); | |
| 2218 if (cln == NULL) { | |
|
7473
8981dbb12254
SSL: fixed potential leak on memory allocation errors.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7441
diff
changeset
|
2219 ngx_ssl_cleanup_ctx(pscf->ssl); |
| 6115 | 2220 return NGX_ERROR; |
| 2221 } | |
| 2222 | |
| 2223 cln->handler = ngx_ssl_cleanup_ctx; | |
| 2224 cln->data = pscf->ssl; | |
| 2225 | |
|
7904
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2226 if (ngx_ssl_ciphers(cf, pscf->ssl, &pscf->ssl_ciphers, 0) != NGX_OK) { |
|
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2227 return NGX_ERROR; |
|
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2228 } |
|
419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7833
diff
changeset
|
2229 |
|
8042
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2230 if (pscf->ssl_certificate |
|
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2231 && pscf->ssl_certificate->value.len) |
|
c7e25324be11
Upstream: handling of certificates specified as an empty string.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7929
diff
changeset
|
2232 { |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2233 if (pscf->ssl_certificate_key == NULL) { |
| 6115 | 2234 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 2235 "no \"proxy_ssl_certificate_key\" is defined " | |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2236 "for certificate \"%V\"", |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2237 &pscf->ssl_certificate->value); |
| 6115 | 2238 return NGX_ERROR; |
| 2239 } | |
| 2240 | |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2241 if (pscf->ssl_certificate->lengths |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2242 || pscf->ssl_certificate_key->lengths) |
| 6115 | 2243 { |
|
7833
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2244 pscf->ssl_passwords = |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2245 ngx_ssl_preserve_passwords(cf, pscf->ssl_passwords); |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2246 if (pscf->ssl_passwords == NULL) { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2247 return NGX_ERROR; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2248 } |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2249 |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2250 } else { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2251 if (ngx_ssl_certificate(cf, pscf->ssl, |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2252 &pscf->ssl_certificate->value, |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2253 &pscf->ssl_certificate_key->value, |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2254 pscf->ssl_passwords) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2255 != NGX_OK) |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2256 { |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2257 return NGX_ERROR; |
|
3ab8e1e2f0f7
Upstream: variables support in certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7831
diff
changeset
|
2258 } |
| 6115 | 2259 } |
| 2260 } | |
| 2261 | |
| 2262 if (pscf->ssl_verify) { | |
| 2263 if (pscf->ssl_trusted_certificate.len == 0) { | |
| 2264 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 2265 "no proxy_ssl_trusted_certificate for proxy_ssl_verify"); | |
| 2266 return NGX_ERROR; | |
| 2267 } | |
| 2268 | |
| 2269 if (ngx_ssl_trusted_certificate(cf, pscf->ssl, | |
| 2270 &pscf->ssl_trusted_certificate, | |
| 2271 pscf->ssl_verify_depth) | |
| 2272 != NGX_OK) | |
| 2273 { | |
| 2274 return NGX_ERROR; | |
| 2275 } | |
| 2276 | |
| 2277 if (ngx_ssl_crl(cf, pscf->ssl, &pscf->ssl_crl) != NGX_OK) { | |
| 2278 return NGX_ERROR; | |
| 2279 } | |
| 2280 } | |
| 2281 | |
|
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2282 if (ngx_ssl_client_session_cache(cf, pscf->ssl, pscf->ssl_session_reuse) |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2283 != NGX_OK) |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2284 { |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2285 return NGX_ERROR; |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2286 } |
|
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7286
diff
changeset
|
2287 |
|
7731
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2288 if (ngx_ssl_conf_commands(cf, pscf->ssl, pscf->ssl_conf_commands) |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2289 != NGX_OK) |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2290 { |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2291 return NGX_ERROR; |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2292 } |
|
fd0b2226919b
Stream: proxy_ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7665
diff
changeset
|
2293 |
| 6115 | 2294 return NGX_OK; |
| 2295 } | |
| 2296 | |
| 2297 #endif | |
| 2298 | |
| 2299 | |
| 2300 static char * | |
| 2301 ngx_stream_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 2302 { | |
| 2303 ngx_stream_proxy_srv_conf_t *pscf = conf; | |
| 2304 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2305 ngx_url_t u; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2306 ngx_str_t *value, *url; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2307 ngx_stream_complex_value_t cv; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2308 ngx_stream_core_srv_conf_t *cscf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2309 ngx_stream_compile_complex_value_t ccv; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2310 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2311 if (pscf->upstream || pscf->upstream_value) { |
| 6115 | 2312 return "is duplicate"; |
| 2313 } | |
| 2314 | |
| 2315 cscf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_core_module); | |
| 2316 | |
| 2317 cscf->handler = ngx_stream_proxy_handler; | |
| 2318 | |
| 2319 value = cf->args->elts; | |
| 2320 | |
| 2321 url = &value[1]; | |
| 2322 | |
|
6643
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2323 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2324 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2325 ccv.cf = cf; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2326 ccv.value = url; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2327 ccv.complex_value = &cv; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2328 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2329 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2330 return NGX_CONF_ERROR; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2331 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2332 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2333 if (cv.lengths) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2334 pscf->upstream_value = ngx_palloc(cf->pool, |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2335 sizeof(ngx_stream_complex_value_t)); |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2336 if (pscf->upstream_value == NULL) { |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2337 return NGX_CONF_ERROR; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2338 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2339 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2340 *pscf->upstream_value = cv; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2341 |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2342 return NGX_CONF_OK; |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2343 } |
|
9757cffc1e2f
Stream: variables in proxy_pass and proxy_ssl_name.
Vladimir Homutov <vl@nginx.com>
parents:
6610
diff
changeset
|
2344 |
| 6115 | 2345 ngx_memzero(&u, sizeof(ngx_url_t)); |
| 2346 | |
| 2347 u.url = *url; | |
| 2348 u.no_resolve = 1; | |
| 2349 | |
| 2350 pscf->upstream = ngx_stream_upstream_add(cf, &u, 0); | |
| 2351 if (pscf->upstream == NULL) { | |
| 2352 return NGX_CONF_ERROR; | |
| 2353 } | |
| 2354 | |
| 2355 return NGX_CONF_OK; | |
| 2356 } | |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2357 |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2358 |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2359 static char * |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2360 ngx_stream_proxy_bind(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2361 { |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2362 ngx_stream_proxy_srv_conf_t *pscf = conf; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2363 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2364 ngx_int_t rc; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2365 ngx_str_t *value; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2366 ngx_stream_complex_value_t cv; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2367 ngx_stream_upstream_local_t *local; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2368 ngx_stream_compile_complex_value_t ccv; |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2369 |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2370 if (pscf->local != NGX_CONF_UNSET_PTR) { |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2371 return "is duplicate"; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2372 } |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2373 |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2374 value = cf->args->elts; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2375 |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2376 if (cf->args->nelts == 2 && ngx_strcmp(value[1].data, "off") == 0) { |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2377 pscf->local = NULL; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2378 return NGX_CONF_OK; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2379 } |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2380 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2381 ngx_memzero(&ccv, sizeof(ngx_stream_compile_complex_value_t)); |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2382 |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2383 ccv.cf = cf; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2384 ccv.value = &value[1]; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2385 ccv.complex_value = &cv; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2386 |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2387 if (ngx_stream_compile_complex_value(&ccv) != NGX_OK) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2388 return NGX_CONF_ERROR; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2389 } |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2390 |
|
6598
4a724d6006ee
Stream: use ngx_pcalloc() in ngx_stream_proxy_bind().
Roman Arutyunyan <arut@nginx.com>
parents:
6595
diff
changeset
|
2391 local = ngx_pcalloc(cf->pool, sizeof(ngx_stream_upstream_local_t)); |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2392 if (local == NULL) { |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2393 return NGX_CONF_ERROR; |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2394 } |
|
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2395 |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2396 pscf->local = local; |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2397 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2398 if (cv.lengths) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2399 local->value = ngx_palloc(cf->pool, sizeof(ngx_stream_complex_value_t)); |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2400 if (local->value == NULL) { |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2401 return NGX_CONF_ERROR; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2402 } |
|
6595
0c98c4092440
Stream: support for $remote_port in proxy_bind.
Roman Arutyunyan <arut@nginx.com>
parents:
6594
diff
changeset
|
2403 |
|
6610
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2404 *local->value = cv; |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2405 |
|
d5b5866c06c4
Stream: got rid of pseudo variables.
Vladimir Homutov <vl@nginx.com>
parents:
6606
diff
changeset
|
2406 } else { |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2407 local->addr = ngx_palloc(cf->pool, sizeof(ngx_addr_t)); |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2408 if (local->addr == NULL) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2409 return NGX_CONF_ERROR; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2410 } |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2411 |
|
6594
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2412 rc = ngx_parse_addr_port(cf->pool, local->addr, value[1].data, |
|
3c87b82b17d4
Upstream: support for port in proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6593
diff
changeset
|
2413 value[1].len); |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2414 |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2415 switch (rc) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2416 case NGX_OK: |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2417 local->addr->name = value[1]; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2418 break; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2419 |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2420 case NGX_DECLINED: |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2421 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2422 "invalid address \"%V\"", &value[1]); |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2423 /* fall through */ |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2424 |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2425 default: |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2426 return NGX_CONF_ERROR; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2427 } |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2428 } |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2429 |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2430 if (cf->args->nelts > 2) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2431 if (ngx_strcmp(value[2].data, "transparent") == 0) { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2432 #if (NGX_HAVE_TRANSPARENT_PROXY) |
|
7174
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2433 ngx_core_conf_t *ccf; |
|
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2434 |
|
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2435 ccf = (ngx_core_conf_t *) ngx_get_conf(cf->cycle->conf_ctx, |
|
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2436 ngx_core_module); |
|
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2437 |
|
84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
Roman Arutyunyan <arut@nginx.com>
parents:
7156
diff
changeset
|
2438 ccf->transparent = 1; |
|
6530
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2439 local->transparent = 1; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2440 #else |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2441 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2442 "transparent proxying is not supported " |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2443 "on this platform, ignored"); |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2444 #endif |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2445 } else { |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2446 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2447 "invalid parameter \"%V\"", &value[2]); |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2448 return NGX_CONF_ERROR; |
|
1d0e03db9f8e
Upstream: the "transparent" parameter of proxy_bind and friends.
Roman Arutyunyan <arut@nginx.com>
parents:
6529
diff
changeset
|
2449 } |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2450 } |
|
6529
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2451 |
|
cb8177ca0990
Stream: prepared proxy_bind to accept parameters.
Roman Arutyunyan <arut@nginx.com>
parents:
6461
diff
changeset
|
2452 return NGX_CONF_OK; |
|
6183
4dcffe43a7ea
Stream: the "proxy_bind" directive.
Vladimir Homutov <vl@nginx.com>
parents:
6174
diff
changeset
|
2453 } |