Mercurial > hg > nginx

view auto/modules @ 5095:4fbef397c753

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SNI: added restriction on requesting host other than negotiated. According to RFC 6066, client is not supposed to request a different server name at the application layer. Server implementations that rely upon these names being equal must validate that a client did not send a different name in HTTP request. Current versions of Apache HTTP server always return 400 "Bad Request" in such cases. There exist implementations however (e.g., SPDY) that rely on being able to request different host names in one connection. Given this, we only reject requests with differing host names if verification of client certificates is enabled in a corresponding server configuration. An example of configuration that might not work as expected: server { listen 433 ssl default; return 404; } server { listen 433 ssl; server_name example.org; ssl_client_certificate org.cert; ssl_verify_client on; } server { listen 433 ssl; server_name example.com; ssl_client_certificate com.cert; ssl_verify_client on; } Previously, a client was able to request example.com by presenting a certificate for example.org, and vice versa.
author Valentin Bartenev <vbart@nginx.com>
date Wed, 27 Feb 2013 17:41:34 +0000
parents f9ae534ebf4b
children c0f7b94e88ba
line wrap: on
line source


# Copyright (C) Igor Sysoev
# Copyright (C) Nginx, Inc.


if [ $EVENT_SELECT = NO -a $EVENT_FOUND = NO ]; then
    EVENT_SELECT=YES
fi

if [ $EVENT_SELECT = YES ]; then
    have=NGX_HAVE_SELECT . auto/have
    CORE_SRCS="$CORE_SRCS $SELECT_SRCS"
    EVENT_MODULES="$EVENT_MODULES $SELECT_MODULE"
fi


if [ $EVENT_POLL = NO -a $EVENT_FOUND = NO ]; then
    EVENT_POLL=YES
fi

if [ $EVENT_POLL = YES ]; then
    have=NGX_HAVE_POLL . auto/have
    CORE_SRCS="$CORE_SRCS $POLL_SRCS"
    EVENT_MODULES="$EVENT_MODULES $POLL_MODULE"
fi


if [ $NGX_TEST_BUILD_DEVPOLL = YES ]; then
    have=NGX_HAVE_DEVPOLL . auto/have
    have=NGX_TEST_BUILD_DEVPOLL . auto/have
    EVENT_MODULES="$EVENT_MODULES $DEVPOLL_MODULE"
    CORE_SRCS="$CORE_SRCS $DEVPOLL_SRCS"
fi


if [ $NGX_TEST_BUILD_EVENTPORT = YES ]; then
    have=NGX_HAVE_EVENTPORT . auto/have
    have=NGX_TEST_BUILD_EVENTPORT . auto/have
    EVENT_MODULES="$EVENT_MODULES $EVENTPORT_MODULE"
    CORE_SRCS="$CORE_SRCS $EVENTPORT_SRCS"
fi

if [ $NGX_TEST_BUILD_EPOLL = YES ]; then
    have=NGX_HAVE_EPOLL . auto/have
    have=NGX_HAVE_EVENTFD . auto/have
    have=NGX_TEST_BUILD_EPOLL . auto/have
    EVENT_MODULES="$EVENT_MODULES $EPOLL_MODULE"
    CORE_SRCS="$CORE_SRCS $EPOLL_SRCS"
fi

if [ $NGX_TEST_BUILD_RTSIG = YES ]; then
    have=NGX_HAVE_RTSIG . auto/have
    have=NGX_TEST_BUILD_RTSIG . auto/have
    EVENT_MODULES="$EVENT_MODULES $RTSIG_MODULE"
    CORE_SRCS="$CORE_SRCS $RTSIG_SRCS"
fi

if [ $NGX_TEST_BUILD_SOLARIS_SENDFILEV = YES ]; then
    have=NGX_TEST_BUILD_SOLARIS_SENDFILEV . auto/have
    CORE_SRCS="$CORE_SRCS $SOLARIS_SENDFILEV_SRCS"
fi


if [ $HTTP != YES ]; then
    have=NGX_CRYPT . auto/nohave
    CRYPT_LIB=
fi


if [ $HTTP_CACHE = YES ]; then
    USE_MD5=YES
    have=NGX_HTTP_CACHE . auto/have
    HTTP_SRCS="$HTTP_SRCS $HTTP_FILE_CACHE_SRCS"
fi


if [ $HTTP_SSI = YES ]; then
    HTTP_POSTPONE=YES
fi


if [ $HTTP_ADDITION = YES ]; then
    HTTP_POSTPONE=YES
fi


# the module order is important
#     ngx_http_static_module
#     ngx_http_gzip_static_module
#     ngx_http_dav_module
#     ngx_http_autoindex_module
#     ngx_http_index_module
#     ngx_http_random_index_module
#
#     ngx_http_access_module
#     ngx_http_realip_module
#
#
# the filter order is important
#     ngx_http_write_filter
#     ngx_http_header_filter
#     ngx_http_chunked_filter
#     ngx_http_range_header_filter
#     ngx_http_gzip_filter
#     ngx_http_postpone_filter
#     ngx_http_ssi_filter
#     ngx_http_charset_filter
#         ngx_http_xslt_filter
#         ngx_http_image_filter
#         ngx_http_sub_filter
#         ngx_http_addition_filter
#         ngx_http_gunzip_filter
#         ngx_http_userid_filter
#         ngx_http_headers_filter
#     ngx_http_copy_filter
#     ngx_http_range_body_filter
#     ngx_http_not_modified_filter

HTTP_FILTER_MODULES="$HTTP_WRITE_FILTER_MODULE \
                     $HTTP_HEADER_FILTER_MODULE \
                     $HTTP_CHUNKED_FILTER_MODULE \
                     $HTTP_RANGE_HEADER_FILTER_MODULE"

if [ $HTTP_GZIP = YES ]; then
    have=NGX_HTTP_GZIP . auto/have
    USE_ZLIB=YES
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_GZIP_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_GZIP_SRCS"
fi

if [ $HTTP_POSTPONE = YES ]; then
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_POSTPONE_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_POSTPONE_FILTER_SRCS"
fi

if [ $HTTP_SSI = YES ]; then
    have=NGX_HTTP_SSI . auto/have
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_SSI_FILTER_MODULE"
    HTTP_DEPS="$HTTP_DEPS $HTTP_SSI_DEPS"
    HTTP_SRCS="$HTTP_SRCS $HTTP_SSI_SRCS"
fi

if [ $HTTP_CHARSET = YES ]; then
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_CHARSET_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_CHARSET_SRCS"
fi

if [ $HTTP_XSLT = YES ]; then
    USE_LIBXSLT=YES
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_XSLT_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_XSLT_SRCS"
fi

if [ $HTTP_IMAGE_FILTER = YES ]; then
    USE_LIBGD=YES
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_IMAGE_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_IMAGE_SRCS"
fi

if [ $HTTP_SUB = YES ]; then
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_SUB_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_SUB_SRCS"
fi

if [ $HTTP_ADDITION = YES ]; then
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_ADDITION_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_ADDITION_SRCS"
fi

if [ $HTTP_GUNZIP = YES ]; then
    have=NGX_HTTP_GZIP . auto/have
    USE_ZLIB=YES
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_GUNZIP_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_GUNZIP_SRCS"
fi

if [ $HTTP_USERID = YES ]; then
    HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_USERID_FILTER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_USERID_SRCS"
fi

HTTP_MODULES="$HTTP_MODULES $HTTP_STATIC_MODULE"

if [ $HTTP_GZIP_STATIC = YES ]; then
    have=NGX_HTTP_GZIP . auto/have
    HTTP_MODULES="$HTTP_MODULES $HTTP_GZIP_STATIC_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_GZIP_STATIC_SRCS"
fi

if [ $HTTP_DAV = YES ]; then
    have=NGX_HTTP_DAV . auto/have
    HTTP_MODULES="$HTTP_MODULES $HTTP_DAV_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_DAV_SRCS"
fi

if [ $HTTP_AUTOINDEX = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_AUTOINDEX_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_AUTOINDEX_SRCS"
fi

HTTP_MODULES="$HTTP_MODULES $HTTP_INDEX_MODULE"

if [ $HTTP_RANDOM_INDEX = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_RANDOM_INDEX_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_RANDOM_INDEX_SRCS"
fi

if [ $HTTP_AUTH_BASIC = YES ]; then
    USE_MD5=YES
    USE_SHA1=YES
    have=NGX_CRYPT . auto/have
    HTTP_MODULES="$HTTP_MODULES $HTTP_AUTH_BASIC_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_AUTH_BASIC_SRCS"
    CORE_LIBS="$CORE_LIBS $CRYPT_LIB"
fi

if [ $HTTP_ACCESS = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_ACCESS_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_ACCESS_SRCS"
fi

if [ $HTTP_LIMIT_CONN = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_LIMIT_CONN_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_LIMIT_CONN_SRCS"
fi

if [ $HTTP_LIMIT_REQ = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_LIMIT_REQ_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_LIMIT_REQ_SRCS"
fi

if [ $HTTP_REALIP = YES ]; then
    have=NGX_HTTP_REALIP . auto/have
    have=NGX_HTTP_X_FORWARDED_FOR . auto/have
    HTTP_MODULES="$HTTP_MODULES $HTTP_REALIP_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_REALIP_SRCS"
fi

if [ $HTTP_STATUS = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_STATUS_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_STATUS_SRCS"
fi

if [ $HTTP_GEO = YES ]; then
    have=NGX_HTTP_X_FORWARDED_FOR . auto/have
    HTTP_MODULES="$HTTP_MODULES $HTTP_GEO_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_GEO_SRCS"
fi

if [ $HTTP_GEOIP = YES ]; then
    have=NGX_HTTP_X_FORWARDED_FOR . auto/have
    HTTP_MODULES="$HTTP_MODULES $HTTP_GEOIP_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_GEOIP_SRCS"
fi

if [ $HTTP_MAP = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_MAP_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_MAP_SRCS"
fi

if [ $HTTP_SPLIT_CLIENTS = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_SPLIT_CLIENTS_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_SPLIT_CLIENTS_SRCS"
fi

if [ $HTTP_REFERER = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_REFERER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_REFERER_SRCS"
fi

if [ $HTTP_REWRITE = YES -a $USE_PCRE != DISABLED ]; then
    USE_PCRE=YES
    HTTP_MODULES="$HTTP_MODULES $HTTP_REWRITE_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_REWRITE_SRCS"
fi

if [ $HTTP_SSL = YES ]; then
    USE_OPENSSL=YES
    have=NGX_HTTP_SSL . auto/have
    HTTP_MODULES="$HTTP_MODULES $HTTP_SSL_MODULE"
    HTTP_DEPS="$HTTP_DEPS $HTTP_SSL_DEPS"
    HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS"
fi

if [ $HTTP_PROXY = YES ]; then
    have=NGX_HTTP_X_FORWARDED_FOR . auto/have
    #USE_MD5=YES
    HTTP_MODULES="$HTTP_MODULES $HTTP_PROXY_MODULE"
    HTTP_DEPS="$HTTP_DEPS $HTTP_PROXY_DEPS"
    HTTP_SRCS="$HTTP_SRCS $HTTP_PROXY_SRCS"
fi

if [ $HTTP_FASTCGI = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_FASTCGI_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_FASTCGI_SRCS"
fi

if [ $HTTP_UWSGI = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_UWSGI_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_UWSGI_SRCS"
fi

if [ $HTTP_SCGI = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_SCGI_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_SCGI_SRCS"
fi

if [ $HTTP_PERL = YES ]; then
    USE_PERL=YES
    HTTP_MODULES="$HTTP_MODULES $HTTP_PERL_MODULE"
    HTTP_INCS="$HTTP_INCS $HTTP_PERL_INCS"
    HTTP_DEPS="$HTTP_DEPS $HTTP_PERL_DEPS"
    HTTP_SRCS="$HTTP_SRCS $HTTP_PERL_SRCS"
fi

if [ $HTTP_MEMCACHED = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_MEMCACHED_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_MEMCACHED_SRCS"
fi

if [ $HTTP_EMPTY_GIF = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_EMPTY_GIF_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_EMPTY_GIF_SRCS"
fi

if [ $HTTP_BROWSER = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_BROWSER_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_BROWSER_SRCS"
fi

if [ $HTTP_SECURE_LINK = YES ]; then
    USE_MD5=YES
    HTTP_MODULES="$HTTP_MODULES $HTTP_SECURE_LINK_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_SECURE_LINK_SRCS"
fi

if [ $HTTP_DEGRADATION = YES ]; then
    have=NGX_HTTP_DEGRADATION . auto/have
    HTTP_MODULES="$HTTP_MODULES $HTTP_DEGRADATION_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_DEGRADATION_SRCS"
fi

if [ $HTTP_FLV = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_FLV_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_FLV_SRCS"
fi

if [ $HTTP_MP4 = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_MP4_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_MP4_SRCS"
fi

if [ $HTTP_UPSTREAM_IP_HASH = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_IP_HASH_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_IP_HASH_SRCS"
fi

if [ $HTTP_UPSTREAM_LEAST_CONN = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_LEAST_CONN_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_LEAST_CONN_SRCS"
fi

if [ $HTTP_UPSTREAM_KEEPALIVE = YES ]; then
    HTTP_MODULES="$HTTP_MODULES $HTTP_UPSTREAM_KEEPALIVE_MODULE"
    HTTP_SRCS="$HTTP_SRCS $HTTP_UPSTREAM_KEEPALIVE_SRCS"
fi

if [ $HTTP_STUB_STATUS = YES ]; then
    have=NGX_STAT_STUB . auto/have
    HTTP_MODULES="$HTTP_MODULES ngx_http_stub_status_module"
    HTTP_SRCS="$HTTP_SRCS src/http/modules/ngx_http_stub_status_module.c"
fi

#if [ -r $NGX_OBJS/auto ]; then
#    . $NGX_OBJS/auto
#fi


if test -n "$NGX_ADDONS"; then

    echo configuring additional modules

    for ngx_addon_dir in $NGX_ADDONS
    do
        echo "adding module in $ngx_addon_dir"

        if test -f $ngx_addon_dir/config; then
            . $ngx_addon_dir/config

            echo " + $ngx_addon_name was configured"

        else
            echo "$0: error: no $ngx_addon_dir/config was found"
            exit 1
        fi
    done
fi


if [ $MAIL_SSL = YES ]; then
    have=NGX_MAIL_SSL . auto/have
    USE_OPENSSL=YES
fi


modules="$CORE_MODULES $EVENT_MODULES"


if [ $USE_OPENSSL = YES ]; then
    modules="$modules $OPENSSL_MODULE"
    CORE_DEPS="$CORE_DEPS $OPENSSL_DEPS"
    CORE_SRCS="$CORE_SRCS $OPENSSL_SRCS"
fi

if [ $USE_PCRE = YES ]; then
    modules="$modules $REGEX_MODULE"
    CORE_DEPS="$CORE_DEPS $REGEX_DEPS"
    CORE_SRCS="$CORE_SRCS $REGEX_SRCS"
fi

if [ $HTTP = YES ]; then
    modules="$modules $HTTP_MODULES $HTTP_FILTER_MODULES \
             $HTTP_HEADERS_FILTER_MODULE \
             $HTTP_AUX_FILTER_MODULES \
             $HTTP_COPY_FILTER_MODULE \
             $HTTP_RANGE_BODY_FILTER_MODULE \
             $HTTP_NOT_MODIFIED_FILTER_MODULE"

    NGX_ADDON_DEPS="$NGX_ADDON_DEPS \$(HTTP_DEPS)"
fi


if [ $MAIL = YES ]; then
    modules="$modules $MAIL_MODULES"

    if [ $MAIL_SSL = YES ]; then
        modules="$modules $MAIL_SSL_MODULE"
        MAIL_DEPS="$MAIL_DEPS $MAIL_SSL_DEPS"
        MAIL_SRCS="$MAIL_SRCS $MAIL_SSL_SRCS"
    fi

    if [ $MAIL_POP3 = YES ]; then
        modules="$modules $MAIL_POP3_MODULE"
        MAIL_DEPS="$MAIL_DEPS $MAIL_POP3_DEPS"
        MAIL_SRCS="$MAIL_SRCS $MAIL_POP3_SRCS"
    fi

    if [ $MAIL_IMAP = YES ]; then
        modules="$modules $MAIL_IMAP_MODULE"
        MAIL_DEPS="$MAIL_DEPS $MAIL_IMAP_DEPS"
        MAIL_SRCS="$MAIL_SRCS $MAIL_IMAP_SRCS"
    fi

    if [ $MAIL_SMTP = YES ]; then
        modules="$modules $MAIL_SMTP_MODULE"
        MAIL_DEPS="$MAIL_DEPS $MAIL_SMTP_DEPS"
        MAIL_SRCS="$MAIL_SRCS $MAIL_SMTP_SRCS"
    fi

    modules="$modules $MAIL_AUTH_HTTP_MODULE"
    MAIL_SRCS="$MAIL_SRCS $MAIL_AUTH_HTTP_SRCS"

    modules="$modules $MAIL_PROXY_MODULE"
    MAIL_SRCS="$MAIL_SRCS $MAIL_PROXY_SRCS"
fi


if [ $NGX_GOOGLE_PERFTOOLS = YES ]; then
    modules="$modules $NGX_GOOGLE_PERFTOOLS_MODULE"
    NGX_MISC_SRCS="$NGX_MISC_SRCS $NGX_GOOGLE_PERFTOOLS_SRCS"
fi


if [ $NGX_CPP_TEST = YES ]; then
    NGX_MISC_SRCS="$NGX_MISC_SRCS $NGX_CPP_TEST_SRCS"
    CORE_LIBS="$CORE_LIBS -lstdc++"
fi


cat << END                                    > $NGX_MODULES_C

#include <ngx_config.h>
#include <ngx_core.h>

$NGX_PRAGMA

END

for mod in $modules
do
    echo "extern ngx_module_t  $mod;"         >> $NGX_MODULES_C
done

echo                                          >> $NGX_MODULES_C
echo 'ngx_module_t *ngx_modules[] = {'        >> $NGX_MODULES_C

for mod in $modules
do
    echo "    &$mod,"                         >> $NGX_MODULES_C
done

cat << END                                    >> $NGX_MODULES_C
    NULL
};

END