Mercurial > hg > nginx
comparison src/http/modules/ngx_http_proxy_module.c @ 5660:7022564a9e0e
Upstream: proxy_ssl_name and proxy_ssl_server_name directives.
These directives allow to switch on Server Name Indication (SNI) while
connecting to upstream servers.
By default, proxy_ssl_server_name is currently off (that is, no SNI) and
proxy_ssl_name is set to a host used in the proxy_pass directive.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 18 Apr 2014 20:13:28 +0400 |
| parents | 3fb6615bb87f |
| children | 060c2e692b96 |
comparison
equal
deleted
inserted
replaced
| 5659:3fb6615bb87f | 5660:7022564a9e0e |
|---|---|
| 551 ngx_conf_set_str_slot, | 551 ngx_conf_set_str_slot, |
| 552 NGX_HTTP_LOC_CONF_OFFSET, | 552 NGX_HTTP_LOC_CONF_OFFSET, |
| 553 offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers), | 553 offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers), |
| 554 NULL }, | 554 NULL }, |
| 555 | 555 |
| 556 { ngx_string("proxy_ssl_name"), | |
| 557 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 558 ngx_http_set_complex_value_slot, | |
| 559 NGX_HTTP_LOC_CONF_OFFSET, | |
| 560 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_name), | |
| 561 NULL }, | |
| 562 | |
| 563 { ngx_string("proxy_ssl_server_name"), | |
| 564 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
| 565 ngx_conf_set_flag_slot, | |
| 566 NGX_HTTP_LOC_CONF_OFFSET, | |
| 567 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_server_name), | |
| 568 NULL }, | |
| 569 | |
| 556 #endif | 570 #endif |
| 557 | 571 |
| 558 ngx_null_command | 572 ngx_null_command |
| 559 }; | 573 }; |
| 560 | 574 |
| 2388 * conf->upstream.hide_headers_hash = { NULL, 0 }; | 2402 * conf->upstream.hide_headers_hash = { NULL, 0 }; |
| 2389 * conf->upstream.uri = { 0, NULL }; | 2403 * conf->upstream.uri = { 0, NULL }; |
| 2390 * conf->upstream.location = NULL; | 2404 * conf->upstream.location = NULL; |
| 2391 * conf->upstream.store_lengths = NULL; | 2405 * conf->upstream.store_lengths = NULL; |
| 2392 * conf->upstream.store_values = NULL; | 2406 * conf->upstream.store_values = NULL; |
| 2407 * conf->upstream.ssl_name = NULL; | |
| 2393 * | 2408 * |
| 2394 * conf->method = { 0, NULL }; | 2409 * conf->method = { 0, NULL }; |
| 2395 * conf->headers_source = NULL; | 2410 * conf->headers_source = NULL; |
| 2396 * conf->headers_set_len = NULL; | 2411 * conf->headers_set_len = NULL; |
| 2397 * conf->headers_set = NULL; | 2412 * conf->headers_set = NULL; |
| 2439 | 2454 |
| 2440 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; | 2455 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; |
| 2441 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; | 2456 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; |
| 2442 | 2457 |
| 2443 conf->upstream.intercept_errors = NGX_CONF_UNSET; | 2458 conf->upstream.intercept_errors = NGX_CONF_UNSET; |
| 2459 | |
| 2444 #if (NGX_HTTP_SSL) | 2460 #if (NGX_HTTP_SSL) |
| 2445 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 2461 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
| 2462 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | |
| 2446 #endif | 2463 #endif |
| 2447 | 2464 |
| 2448 /* "proxy_cyclic_temp_file" is disabled */ | 2465 /* "proxy_cyclic_temp_file" is disabled */ |
| 2449 conf->upstream.cyclic_temp_file = 0; | 2466 conf->upstream.cyclic_temp_file = 0; |
| 2450 | 2467 |
| 2712 | 2729 |
| 2713 ngx_conf_merge_value(conf->upstream.intercept_errors, | 2730 ngx_conf_merge_value(conf->upstream.intercept_errors, |
| 2714 prev->upstream.intercept_errors, 0); | 2731 prev->upstream.intercept_errors, 0); |
| 2715 | 2732 |
| 2716 #if (NGX_HTTP_SSL) | 2733 #if (NGX_HTTP_SSL) |
| 2734 | |
| 2717 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, | 2735 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, |
| 2718 prev->upstream.ssl_session_reuse, 1); | 2736 prev->upstream.ssl_session_reuse, 1); |
| 2719 | 2737 |
| 2720 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | 2738 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, |
| 2721 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 | 2739 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 |
| 2723 |NGX_SSL_TLSv1_2)); | 2741 |NGX_SSL_TLSv1_2)); |
| 2724 | 2742 |
| 2725 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, | 2743 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, |
| 2726 "DEFAULT"); | 2744 "DEFAULT"); |
| 2727 | 2745 |
| 2746 if (conf->upstream.ssl_name == NULL) { | |
| 2747 conf->upstream.ssl_name = prev->upstream.ssl_name; | |
| 2748 } | |
| 2749 | |
| 2750 ngx_conf_merge_value(conf->upstream.ssl_server_name, | |
| 2751 prev->upstream.ssl_server_name, 0); | |
| 2752 | |
| 2728 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { | 2753 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { |
| 2729 return NGX_CONF_ERROR; | 2754 return NGX_CONF_ERROR; |
| 2730 } | 2755 } |
| 2756 | |
| 2731 #endif | 2757 #endif |
| 2732 | 2758 |
| 2733 ngx_conf_merge_value(conf->redirect, prev->redirect, 1); | 2759 ngx_conf_merge_value(conf->redirect, prev->redirect, 1); |
| 2734 | 2760 |
| 2735 if (conf->redirect) { | 2761 if (conf->redirect) { |