Mercurial > hg > nginx

comparison src/http/modules/ngx_http_grpc_module.c @ 8053:9d98d524bd02

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Upstream: optimized use of SSL contexts (ticket #1234). To ensure optimal use of memory, SSL contexts for proxying are now inherited from previous levels as long as relevant proxy_ssl_* directives are not redefined. Further, when no proxy_ssl_* directives are redefined in a server block, we now preserve plcf->upstream.ssl in the "http" section configuration to inherit it to all servers. Similar changes made in uwsgi, grpc, and stream proxy.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 29 Jun 2022 02:47:45 +0300
parents c7e25324be11
children d1cf09451ae8
comparison
equal deleted inserted replaced
8052:e210c8942a54 8053:9d98d524bd02
207 #if (NGX_HTTP_SSL) 207 #if (NGX_HTTP_SSL)
208 static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf, 208 static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf,
209 ngx_command_t *cmd, void *conf); 209 ngx_command_t *cmd, void *conf);
210 static char *ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post, 210 static char *ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post,
211 void *data); 211 void *data);
212 static ngx_int_t ngx_http_grpc_merge_ssl(ngx_conf_t *cf,
213 ngx_http_grpc_loc_conf_t *conf, ngx_http_grpc_loc_conf_t *prev);
212 static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf, 214 static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf,
213 ngx_http_grpc_loc_conf_t *glcf); 215 ngx_http_grpc_loc_conf_t *glcf);
214 #endif 216 #endif
215 217
216 218
560 562
561 if (glcf->grpc_lengths == NULL) { 563 if (glcf->grpc_lengths == NULL) {
562 ctx->host = glcf->host; 564 ctx->host = glcf->host;
563 565
564 #if (NGX_HTTP_SSL) 566 #if (NGX_HTTP_SSL)
565 u->ssl = (glcf->upstream.ssl != NULL); 567 u->ssl = glcf->ssl;
566 568
567 if (u->ssl) { 569 if (u->ssl) {
568 ngx_str_set(&u->schema, "grpcs://"); 570 ngx_str_set(&u->schema, "grpcs://");
569 571
570 } else { 572 } else {
4461 ngx_conf_merge_value(conf->upstream.intercept_errors, 4463 ngx_conf_merge_value(conf->upstream.intercept_errors,
4462 prev->upstream.intercept_errors, 0); 4464 prev->upstream.intercept_errors, 0);
4463 4465
4464 #if (NGX_HTTP_SSL) 4466 #if (NGX_HTTP_SSL)
4465 4467
4468 if (ngx_http_grpc_merge_ssl(cf, conf, prev) != NGX_OK) {
4469 return NGX_CONF_ERROR;
4470 }
4471
4466 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, 4472 ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
4467 prev->upstream.ssl_session_reuse, 1); 4473 prev->upstream.ssl_session_reuse, 1);
4468 4474
4469 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, 4475 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
4470 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 4476 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
4522 4528
4523 conf->grpc_lengths = prev->grpc_lengths; 4529 conf->grpc_lengths = prev->grpc_lengths;
4524 conf->grpc_values = prev->grpc_values; 4530 conf->grpc_values = prev->grpc_values;
4525 4531
4526 #if (NGX_HTTP_SSL) 4532 #if (NGX_HTTP_SSL)
4527 conf->upstream.ssl = prev->upstream.ssl; 4533 conf->ssl = prev->ssl;
4528 #endif 4534 #endif
4529 } 4535 }
4530 4536
4531 if (clcf->lmt_excpt && clcf->handler == NULL 4537 if (clcf->lmt_excpt && clcf->handler == NULL
4532 && (conf->upstream.upstream || conf->grpc_lengths)) 4538 && (conf->upstream.upstream || conf->grpc_lengths))
4872 #endif 4878 #endif
4873 } 4879 }
4874 4880
4875 4881
4876 static ngx_int_t 4882 static ngx_int_t
4883 ngx_http_grpc_merge_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *conf,
4884 ngx_http_grpc_loc_conf_t *prev)
4885 {
4886 ngx_uint_t preserve;
4887
4888 if (conf->ssl_protocols == 0
4889 && conf->ssl_ciphers.data == NULL
4890 && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
4891 && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
4892 && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
4893 && conf->upstream.ssl_verify == NGX_CONF_UNSET
4894 && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
4895 && conf->ssl_trusted_certificate.data == NULL
4896 && conf->ssl_crl.data == NULL
4897 && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
4898 && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
4899 {
4900 if (prev->upstream.ssl) {
4901 conf->upstream.ssl = prev->upstream.ssl;
4902 return NGX_OK;
4903 }
4904
4905 preserve = 1;
4906
4907 } else {
4908 preserve = 0;
4909 }
4910
4911 conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
4912 if (conf->upstream.ssl == NULL) {
4913 return NGX_ERROR;
4914 }
4915
4916 conf->upstream.ssl->log = cf->log;
4917
4918 /*
4919 * special handling to preserve conf->upstream.ssl
4920 * in the "http" section to inherit it to all servers
4921 */
4922
4923 if (preserve) {
4924 prev->upstream.ssl = conf->upstream.ssl;
4925 }
4926
4927 return NGX_OK;
4928 }
4929
4930
4931 static ngx_int_t
4877 ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf) 4932 ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
4878 { 4933 {
4879 ngx_pool_cleanup_t *cln; 4934 ngx_pool_cleanup_t *cln;
4880 4935
4881 glcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); 4936 if (glcf->upstream.ssl->ctx) {
4882 if (glcf->upstream.ssl == NULL) { 4937 return NGX_OK;
4883 return NGX_ERROR; 4938 }
4884 }
4885
4886 glcf->upstream.ssl->log = cf->log;
4887 4939
4888 if (ngx_ssl_create(glcf->upstream.ssl, glcf->ssl_protocols, NULL) 4940 if (ngx_ssl_create(glcf->upstream.ssl, glcf->ssl_protocols, NULL)
4889 != NGX_OK) 4941 != NGX_OK)
4890 { 4942 {
4891 return NGX_ERROR; 4943 return NGX_ERROR;