| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
| |
These modules can't be compiled on win32.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
If a peer was initially skipped due to max_fails, there's no reason
not to try it again if enough time has passed, and the next_upstream
logic is in action.
This also reduces diffs with NGINX Plus.
|
| |
|
|
|
| |
This fixes compilation of various 3rd party modules when nginx is
configured with threads.
|
| | |
|
| |
|
|
|
| |
Upstreams with the "zone" directive are kept in shared memory,
with a consistent view of all worker processes.
|
| | |
|
| | |
|
| |
|
|
| |
This is an API change.
|
| |
|
|
| |
This also simplifies the implementation of the least_conn module.
|
| |
|
|
| |
Casting a "const char *" to "char *" doesn't work on older gcc versions.
|
| | |
|
| | |
|
| |
|
|
| |
The new thread pools code uses spinlocks.
|
| |
|
|
|
|
|
|
| |
Similar to ngx_http_file_cache_set_slot(), the last component of file->name
with a fixed length of 10 bytes, as generated in ngx_create_temp_path(), is
used as a source for the names of intermediate subdirectories with each one
taking its own part. Ensure that the sum of specified levels with slashes
fits into the length (ticket #731).
|
| |
|
|
| |
Level hierarchy is pre-zeroed in ngx_pcalloc() of the surrounding ngx_path_t.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This fixes unbuffered proxying to SSL backends, since it prevents
ngx_ssl_send_chain() from accumulation of request body in the SSL
buffer.
|
| | |
|
| |
|
|
|
|
| |
Missing call to X509_STORE_CTX_free when X509_STORE_CTX_init fails.
Missing call to OCSP_CERTID_free when OCSP_request_add0_id fails.
Possible leaks in vary particular scenariis of memory shortage.
|
| | |
|
| |
|
|
| |
Found by Valgrind.
|
| |
|
|
|
| |
The main thread could wake up and start processing the notify event
before the handler was set.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This helps to avoid suboptimal behavior when a client waits for a control
frame or more data to increase window size, but the frames have been delayed
in the socket buffer.
The delays can be caused by bad interaction between Nagle's algorithm on
nginx side and delayed ACK on the client side or by TCP_CORK/TCP_NOPUSH
if SPDY was working without SSL and sendfile() was used.
The pushing code is now very similar to ngx_http_set_keepalive().
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
If any preread body bytes were sent in the first chain, chunk size was
incorrectly added before the whole chain, including header, resulting in
an invalid request sent to upstream. Fixed to properly add chunk size
after the header.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The r->request_body_no_buffering flag was introduced. It instructs
client request body reading code to avoid reading the whole body, and
to call post_handler early instead. The caller should use the
ngx_http_read_unbuffered_request_body() function to read remaining
parts of the body.
Upstream module is now able to use this mode, if configured with
the proxy_request_buffering directive.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Now we log a "zero size buf in chain writer" alert if we encounter a zero
sized buffer in ngx_chain_writer(), and skip the buffer.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the last header evaluation resulted in an empty header, the e.skip flag
was set and was not reset when we've switched to evaluation of body_values.
This incorrectly resulted in body values being skipped instead of producing
some correct body as set by proxy_set_body. Fix is to properly reset
the e.skip flag.
As the problem only appeared if the last potentially non-empty header
happened to be empty, it only manifested itself if proxy_set_body was used
with proxy_cache.
|
| | |
|
| |
|
|
| |
No functional changes.
|
| |
|
|
|
|
| |
It's not needed for completed tasks queue since the previous change.
No functional changes.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The SSL_MODE_NO_AUTO_CHAIN mode prevents OpenSSL from automatically
building a certificate chain on the fly if there is no certificate chain
explicitly provided. Before this change, certificates provided via the
ssl_client_certificate and ssl_trusted_certificate directives were
used by OpenSSL to automatically build certificate chains, resulting
in unexpected (and in some cases unneeded) chains being sent to clients.
|
| |
|
|
|
|
|
|
| |
LibreSSL removed support for export ciphers and a call to
SSL_CTX_set_tmp_rsa_callback() results in an error left in the error
queue. This caused alerts "ignoring stale global SSL error (...called
a function you should not call) while SSL handshaking" on a first connection
in each worker process.
|
| |
|
|
|
|
|
|
| |
LibreSSL 2.1.1+ started to set SSL_OP_NO_SSLv3 option by default on
new contexts. This makes sure to clear it to make it possible to use SSLv3
with LibreSSL if enabled in nginx config.
Prodded by Kuramoto Eiji.
|
