Mercurial > hg > nginx
comparison src/http/modules/ngx_http_proxy_module.c @ 5660:7022564a9e0e
Upstream: proxy_ssl_name and proxy_ssl_server_name directives.
These directives allow to switch on Server Name Indication (SNI) while
connecting to upstream servers.
By default, proxy_ssl_server_name is currently off (that is, no SNI) and
proxy_ssl_name is set to a host used in the proxy_pass directive.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 18 Apr 2014 20:13:28 +0400 |
parents | 3fb6615bb87f |
children | 060c2e692b96 |
comparison
equal
deleted
inserted
replaced
5659:3fb6615bb87f | 5660:7022564a9e0e |
---|---|
551 ngx_conf_set_str_slot, | 551 ngx_conf_set_str_slot, |
552 NGX_HTTP_LOC_CONF_OFFSET, | 552 NGX_HTTP_LOC_CONF_OFFSET, |
553 offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers), | 553 offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers), |
554 NULL }, | 554 NULL }, |
555 | 555 |
556 { ngx_string("proxy_ssl_name"), | |
557 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
558 ngx_http_set_complex_value_slot, | |
559 NGX_HTTP_LOC_CONF_OFFSET, | |
560 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_name), | |
561 NULL }, | |
562 | |
563 { ngx_string("proxy_ssl_server_name"), | |
564 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
565 ngx_conf_set_flag_slot, | |
566 NGX_HTTP_LOC_CONF_OFFSET, | |
567 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_server_name), | |
568 NULL }, | |
569 | |
556 #endif | 570 #endif |
557 | 571 |
558 ngx_null_command | 572 ngx_null_command |
559 }; | 573 }; |
560 | 574 |
2388 * conf->upstream.hide_headers_hash = { NULL, 0 }; | 2402 * conf->upstream.hide_headers_hash = { NULL, 0 }; |
2389 * conf->upstream.uri = { 0, NULL }; | 2403 * conf->upstream.uri = { 0, NULL }; |
2390 * conf->upstream.location = NULL; | 2404 * conf->upstream.location = NULL; |
2391 * conf->upstream.store_lengths = NULL; | 2405 * conf->upstream.store_lengths = NULL; |
2392 * conf->upstream.store_values = NULL; | 2406 * conf->upstream.store_values = NULL; |
2407 * conf->upstream.ssl_name = NULL; | |
2393 * | 2408 * |
2394 * conf->method = { 0, NULL }; | 2409 * conf->method = { 0, NULL }; |
2395 * conf->headers_source = NULL; | 2410 * conf->headers_source = NULL; |
2396 * conf->headers_set_len = NULL; | 2411 * conf->headers_set_len = NULL; |
2397 * conf->headers_set = NULL; | 2412 * conf->headers_set = NULL; |
2439 | 2454 |
2440 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; | 2455 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; |
2441 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; | 2456 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; |
2442 | 2457 |
2443 conf->upstream.intercept_errors = NGX_CONF_UNSET; | 2458 conf->upstream.intercept_errors = NGX_CONF_UNSET; |
2459 | |
2444 #if (NGX_HTTP_SSL) | 2460 #if (NGX_HTTP_SSL) |
2445 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 2461 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
2462 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | |
2446 #endif | 2463 #endif |
2447 | 2464 |
2448 /* "proxy_cyclic_temp_file" is disabled */ | 2465 /* "proxy_cyclic_temp_file" is disabled */ |
2449 conf->upstream.cyclic_temp_file = 0; | 2466 conf->upstream.cyclic_temp_file = 0; |
2450 | 2467 |
2712 | 2729 |
2713 ngx_conf_merge_value(conf->upstream.intercept_errors, | 2730 ngx_conf_merge_value(conf->upstream.intercept_errors, |
2714 prev->upstream.intercept_errors, 0); | 2731 prev->upstream.intercept_errors, 0); |
2715 | 2732 |
2716 #if (NGX_HTTP_SSL) | 2733 #if (NGX_HTTP_SSL) |
2734 | |
2717 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, | 2735 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, |
2718 prev->upstream.ssl_session_reuse, 1); | 2736 prev->upstream.ssl_session_reuse, 1); |
2719 | 2737 |
2720 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | 2738 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, |
2721 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 | 2739 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 |
2723 |NGX_SSL_TLSv1_2)); | 2741 |NGX_SSL_TLSv1_2)); |
2724 | 2742 |
2725 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, | 2743 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, |
2726 "DEFAULT"); | 2744 "DEFAULT"); |
2727 | 2745 |
2746 if (conf->upstream.ssl_name == NULL) { | |
2747 conf->upstream.ssl_name = prev->upstream.ssl_name; | |
2748 } | |
2749 | |
2750 ngx_conf_merge_value(conf->upstream.ssl_server_name, | |
2751 prev->upstream.ssl_server_name, 0); | |
2752 | |
2728 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { | 2753 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { |
2729 return NGX_CONF_ERROR; | 2754 return NGX_CONF_ERROR; |
2730 } | 2755 } |
2756 | |
2731 #endif | 2757 #endif |
2732 | 2758 |
2733 ngx_conf_merge_value(conf->redirect, prev->redirect, 1); | 2759 ngx_conf_merge_value(conf->redirect, prev->redirect, 1); |
2734 | 2760 |
2735 if (conf->redirect) { | 2761 if (conf->redirect) { |