nginxtra 1.2.0.1 → 1.2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. data/VERSION +1 -1
  2. data/bin/nginxtra +1 -1
  3. data/lib/nginxtra.rb +2 -0
  4. data/lib/nginxtra/action.rb +1 -1
  5. data/lib/nginxtra/actions/convert.rb +67 -0
  6. data/lib/nginxtra/actions/install.rb +3 -0
  7. data/lib/nginxtra/cli.rb +20 -0
  8. data/lib/nginxtra/config_converter.rb +324 -0
  9. data/lib/nginxtra/error.rb +3 -0
  10. data/src/nginx/CHANGES +45 -0
  11. data/src/nginx/CHANGES.ru +46 -0
  12. data/src/nginx/src/core/nginx.h +2 -2
  13. data/src/nginx/src/core/ngx_resolver.c +14 -2
  14. data/src/nginx/src/event/ngx_event.c +18 -21
  15. data/src/nginx/src/event/ngx_event.h +0 -6
  16. data/src/nginx/src/event/ngx_event_accept.c +90 -13
  17. data/src/nginx/src/event/ngx_event_openssl.c +1 -0
  18. data/src/nginx/src/http/modules/ngx_http_fastcgi_module.c +26 -4
  19. data/src/nginx/src/http/modules/ngx_http_flv_module.c +1 -1
  20. data/src/nginx/src/http/modules/ngx_http_geo_module.c +62 -74
  21. data/src/nginx/src/http/modules/ngx_http_geoip_module.c +130 -30
  22. data/src/nginx/src/http/modules/ngx_http_gzip_static_module.c +1 -1
  23. data/src/nginx/src/http/modules/ngx_http_mp4_module.c +1 -1
  24. data/src/nginx/src/http/modules/ngx_http_realip_module.c +45 -93
  25. data/src/nginx/src/http/modules/ngx_http_scgi_module.c +2 -0
  26. data/src/nginx/src/http/modules/ngx_http_stub_status_module.c +1 -1
  27. data/src/nginx/src/http/modules/ngx_http_uwsgi_module.c +2 -0
  28. data/src/nginx/src/http/modules/perl/nginx.pm +1 -1
  29. data/src/nginx/src/http/ngx_http_core_module.c +104 -0
  30. data/src/nginx/src/http/ngx_http_core_module.h +3 -0
  31. data/src/nginx/src/http/ngx_http_parse.c +20 -0
  32. data/src/nginx/src/http/ngx_http_request.c +26 -15
  33. data/src/nginx/src/http/ngx_http_script.c +0 -1
  34. data/src/nginx/src/http/ngx_http_upstream_round_robin.c +72 -170
  35. data/src/nginx/src/http/ngx_http_upstream_round_robin.h +1 -0
  36. data/src/nginx/src/os/unix/ngx_errno.h +2 -0
  37. metadata +6 -4
@@ -9,5 +9,8 @@ module Nginxtra
9
9
 
10
10
  # Raised when a run command fails
11
11
  class RunFailed < StandardError; end
12
+
13
+ # Raised if config conversion fails
14
+ class ConvertFailed < StandardError; end
12
15
  end
13
16
  end
data/src/nginx/CHANGES CHANGED
@@ -1,4 +1,49 @@
1
1
 
2
+ Changes with nginx 1.2.1 05 Jun 2012
3
+
4
+ *) Security: now nginx/Windows ignores trailing dot in URI path
5
+ component, and does not allow URIs with ":$" in it.
6
+ Thanks to Vladimir Kochetkov, Positive Research Center.
7
+
8
+ *) Feature: the "debug_connection" directive now supports IPv6 addresses
9
+ and the "unix:" parameter.
10
+
11
+ *) Feature: the "set_real_ip_from" directive and the "proxy" parameter
12
+ of the "geo" directive now support IPv6 addresses.
13
+
14
+ *) Feature: the "real_ip_recursive", "geoip_proxy", and
15
+ "geoip_proxy_recursive" directives.
16
+
17
+ *) Feature: the "proxy_recursive" parameter of the "geo" directive.
18
+
19
+ *) Bugfix: a segmentation fault might occur in a worker process if the
20
+ "resolver" directive was used.
21
+
22
+ *) Bugfix: a segmentation fault might occur in a worker process if the
23
+ "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives were used and
24
+ backend returned incorrect response.
25
+
26
+ *) Bugfix: a segmentation fault might occur in a worker process if the
27
+ "rewrite" directive was used and new request arguments in a
28
+ replacement used variables.
29
+
30
+ *) Bugfix: nginx might hog CPU if the open file resource limit was
31
+ reached.
32
+
33
+ *) Bugfix: nginx might loop infinitely over backends if the
34
+ "proxy_next_upstream" directive with the "http_404" parameter was
35
+ used and there were backup servers specified in an upstream block.
36
+
37
+ *) Bugfix: adding the "down" parameter of the "server" directive might
38
+ cause unneeded client redistribution among backend servers if the
39
+ "ip_hash" directive was used.
40
+
41
+ *) Bugfix: socket leak.
42
+ Thanks to Yichun Zhang.
43
+
44
+ *) Bugfix: in the ngx_http_fastcgi_module.
45
+
46
+
2
47
  Changes with nginx 1.2.0 23 Apr 2012
3
48
 
4
49
  *) Bugfix: a segmentation fault might occur in a worker process if the
data/src/nginx/CHANGES.ru CHANGED
@@ -1,4 +1,50 @@
1
1
 
2
+ Изменения в nginx 1.2.1 05.06.2012
3
+
4
+ *) Безопасность: теперь nginx/Windows игнорирует точку в конце
5
+ компонента URI и не разрешает URI, содержащие последовательность
6
+ ":$".
7
+ Спасибо Владимиру Кочеткову, Positive Research Center.
8
+
9
+ *) Добавление: директива debug_connection теперь поддерживает
10
+ IPv6-адреса и параметр "unix:".
11
+
12
+ *) Добавление: директива set_real_ip_from и параметр proxy директивы geo
13
+ теперь поддерживают IPv6-адреса.
14
+
15
+ *) Добавление: директивы real_ip_recursive, geoip_proxy и
16
+ geoip_proxy_recursive.
17
+
18
+ *) Добавление: параметр proxy_recursive директивы geo.
19
+
20
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
21
+ если использовалась директива resolver.
22
+
23
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
24
+ если использовались директивы fastcgi_pass, scgi_pass или uwsgi_pass
25
+ и бэкенд возвращал некорректный ответ.
26
+
27
+ *) Исправление: в рабочем процессе мог произойти segmentation fault,
28
+ если использовалась директива rewrite и в новых аргументах запроса в
29
+ строке замены использовались переменные.
30
+
31
+ *) Исправление: nginx мог нагружать процессор, если было достигнуто
32
+ ограничение на количество открытых файлов.
33
+
34
+ *) Исправление: при использовании директивы proxy_next_upstream с
35
+ параметром http_404 nginx мог бесконечно перебирать бэкенды, если в
36
+ блоке upstream был хотя бы один сервер с флагом backup.
37
+
38
+ *) Исправление: при использовании директивы ip_hash установка параметра
39
+ down директивы server могла приводить к ненужному перераспределению
40
+ клиентов между бэкендами.
41
+
42
+ *) Исправление: утечки сокетов.
43
+ Спасибо Yichun Zhang.
44
+
45
+ *) Исправление: в модуле ngx_http_fastcgi_module.
46
+
47
+
2
48
  Изменения в nginx 1.2.0 23.04.2012
3
49
 
4
50
  *) Исправление: в рабочем процессе мог произойти segmentation fault,
@@ -9,8 +9,8 @@
9
9
  #define _NGINX_H_INCLUDED_
10
10
 
11
11
 
12
- #define nginx_version 1002000
13
- #define NGINX_VERSION "1.2.0"
12
+ #define nginx_version 1002001
13
+ #define NGINX_VERSION "1.2.1"
14
14
  #define NGINX_VER "nginx/" NGINX_VERSION
15
15
 
16
16
  #define NGINX_VAR "NGINX"
@@ -513,8 +513,10 @@ ngx_resolve_name_locked(ngx_resolver_t *r, ngx_resolver_ctx_t *ctx)
513
513
 
514
514
  /* lock alloc mutex */
515
515
 
516
- ngx_resolver_free_locked(r, rn->query);
517
- rn->query = NULL;
516
+ if (rn->query) {
517
+ ngx_resolver_free_locked(r, rn->query);
518
+ rn->query = NULL;
519
+ }
518
520
 
519
521
  if (rn->cnlen) {
520
522
  ngx_resolver_free_locked(r, rn->u.cname);
@@ -1409,6 +1411,9 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
1409
1411
  ngx_resolver_free(r, addrs);
1410
1412
  }
1411
1413
 
1414
+ ngx_resolver_free(r, rn->query);
1415
+ rn->query = NULL;
1416
+
1412
1417
  return;
1413
1418
 
1414
1419
  } else if (cname) {
@@ -1441,6 +1446,9 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
1441
1446
  (void) ngx_resolve_name_locked(r, ctx);
1442
1447
  }
1443
1448
 
1449
+ ngx_resolver_free(r, rn->query);
1450
+ rn->query = NULL;
1451
+
1444
1452
  return;
1445
1453
  }
1446
1454
 
@@ -1834,6 +1842,10 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
1834
1842
  p--;
1835
1843
  *p-- = '\0';
1836
1844
 
1845
+ if (ctx->name.len == 0) {
1846
+ return NGX_DECLINED;
1847
+ }
1848
+
1837
1849
  for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) {
1838
1850
  if (*s != '.') {
1839
1851
  *p = *s;
@@ -1064,38 +1064,34 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
1064
1064
 
1065
1065
  ngx_int_t rc;
1066
1066
  ngx_str_t *value;
1067
- ngx_event_debug_t *dc;
1068
1067
  struct hostent *h;
1069
- ngx_cidr_t cidr;
1068
+ ngx_cidr_t *cidr;
1070
1069
 
1071
1070
  value = cf->args->elts;
1072
1071
 
1073
- dc = ngx_array_push(&ecf->debug_connection);
1074
- if (dc == NULL) {
1072
+ cidr = ngx_array_push(&ecf->debug_connection);
1073
+ if (cidr == NULL) {
1075
1074
  return NGX_CONF_ERROR;
1076
1075
  }
1077
1076
 
1078
- rc = ngx_ptocidr(&value[1], &cidr);
1077
+ #if (NGX_HAVE_UNIX_DOMAIN)
1078
+
1079
+ if (ngx_strcmp(value[1].data, "unix:") == 0) {
1080
+ cidr->family = AF_UNIX;
1081
+ return NGX_CONF_OK;
1082
+ }
1083
+
1084
+ #endif
1085
+
1086
+ rc = ngx_ptocidr(&value[1], cidr);
1079
1087
 
1080
1088
  if (rc == NGX_DONE) {
1081
1089
  ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
1082
1090
  "low address bits of %V are meaningless", &value[1]);
1083
- rc = NGX_OK;
1091
+ return NGX_CONF_OK;
1084
1092
  }
1085
1093
 
1086
1094
  if (rc == NGX_OK) {
1087
-
1088
- /* AF_INET only */
1089
-
1090
- if (cidr.family != AF_INET) {
1091
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
1092
- "\"debug_connection\" supports IPv4 only");
1093
- return NGX_CONF_ERROR;
1094
- }
1095
-
1096
- dc->mask = cidr.u.in.mask;
1097
- dc->addr = cidr.u.in.addr;
1098
-
1099
1095
  return NGX_CONF_OK;
1100
1096
  }
1101
1097
 
@@ -1107,8 +1103,9 @@ ngx_event_debug_connection(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
1107
1103
  return NGX_CONF_ERROR;
1108
1104
  }
1109
1105
 
1110
- dc->mask = 0xffffffff;
1111
- dc->addr = *(in_addr_t *)(h->h_addr_list[0]);
1106
+ cidr->family = AF_INET;
1107
+ cidr->u.in.mask = 0xffffffff;
1108
+ cidr->u.in.addr = *(in_addr_t *)(h->h_addr_list[0]);
1112
1109
 
1113
1110
  #else
1114
1111
 
@@ -1142,7 +1139,7 @@ ngx_event_core_create_conf(ngx_cycle_t *cycle)
1142
1139
  #if (NGX_DEBUG)
1143
1140
 
1144
1141
  if (ngx_array_init(&ecf->debug_connection, cycle->pool, 4,
1145
- sizeof(ngx_event_debug_t)) == NGX_ERROR)
1142
+ sizeof(ngx_cidr_t)) == NGX_ERROR)
1146
1143
  {
1147
1144
  return NULL;
1148
1145
  }
@@ -221,12 +221,6 @@ struct ngx_event_aio_s {
221
221
  #endif
222
222
 
223
223
 
224
- typedef struct {
225
- in_addr_t mask;
226
- in_addr_t addr;
227
- } ngx_event_debug_t;
228
-
229
-
230
224
  typedef struct {
231
225
  ngx_int_t (*add)(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags);
232
226
  ngx_int_t (*del)(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags);
@@ -21,6 +21,7 @@ ngx_event_accept(ngx_event_t *ev)
21
21
  socklen_t socklen;
22
22
  ngx_err_t err;
23
23
  ngx_log_t *log;
24
+ ngx_uint_t level;
24
25
  ngx_socket_t s;
25
26
  ngx_event_t *rev, *wev;
26
27
  ngx_listening_t *ls;
@@ -31,6 +32,14 @@ ngx_event_accept(ngx_event_t *ev)
31
32
  static ngx_uint_t use_accept4 = 1;
32
33
  #endif
33
34
 
35
+ if (ev->timedout) {
36
+ if (ngx_enable_accept_events((ngx_cycle_t *) ngx_cycle) != NGX_OK) {
37
+ return;
38
+ }
39
+
40
+ ev->timedout = 0;
41
+ }
42
+
34
43
  ecf = ngx_event_get_conf(ngx_cycle->conf_ctx, ngx_event_core_module);
35
44
 
36
45
  if (ngx_event_flags & NGX_USE_RTSIG_EVENT) {
@@ -70,10 +79,17 @@ ngx_event_accept(ngx_event_t *ev)
70
79
  return;
71
80
  }
72
81
 
82
+ level = NGX_LOG_ALERT;
83
+
84
+ if (err == NGX_ECONNABORTED) {
85
+ level = NGX_LOG_ERR;
86
+
87
+ } else if (err == NGX_EMFILE || err == NGX_ENFILE) {
88
+ level = NGX_LOG_CRIT;
89
+ }
90
+
73
91
  #if (NGX_HAVE_ACCEPT4)
74
- ngx_log_error((ngx_uint_t) ((err == NGX_ECONNABORTED) ?
75
- NGX_LOG_ERR : NGX_LOG_ALERT),
76
- ev->log, err,
92
+ ngx_log_error(level, ev->log, err,
77
93
  use_accept4 ? "accept4() failed" : "accept() failed");
78
94
 
79
95
  if (use_accept4 && err == NGX_ENOSYS) {
@@ -82,9 +98,7 @@ ngx_event_accept(ngx_event_t *ev)
82
98
  continue;
83
99
  }
84
100
  #else
85
- ngx_log_error((ngx_uint_t) ((err == NGX_ECONNABORTED) ?
86
- NGX_LOG_ERR : NGX_LOG_ALERT),
87
- ev->log, err, "accept() failed");
101
+ ngx_log_error(level, ev->log, err, "accept() failed");
88
102
  #endif
89
103
 
90
104
  if (err == NGX_ECONNABORTED) {
@@ -97,6 +111,26 @@ ngx_event_accept(ngx_event_t *ev)
97
111
  }
98
112
  }
99
113
 
114
+ if (err == NGX_EMFILE || err == NGX_ENFILE) {
115
+ if (ngx_disable_accept_events((ngx_cycle_t *) ngx_cycle)
116
+ != NGX_OK)
117
+ {
118
+ return;
119
+ }
120
+
121
+ if (ngx_use_accept_mutex) {
122
+ if (ngx_accept_mutex_held) {
123
+ ngx_shmtx_unlock(&ngx_accept_mutex);
124
+ ngx_accept_mutex_held = 0;
125
+ }
126
+
127
+ ngx_accept_disabled = 1;
128
+
129
+ } else {
130
+ ngx_add_timer(ev, ecf->accept_mutex_delay);
131
+ }
132
+ }
133
+
100
134
  return;
101
135
  }
102
136
 
@@ -252,17 +286,56 @@ ngx_event_accept(ngx_event_t *ev)
252
286
  #if (NGX_DEBUG)
253
287
  {
254
288
 
255
- in_addr_t i;
256
- ngx_event_debug_t *dc;
257
- struct sockaddr_in *sin;
289
+ struct sockaddr_in *sin;
290
+ ngx_cidr_t *cidr;
291
+ ngx_uint_t i;
292
+ #if (NGX_HAVE_INET6)
293
+ struct sockaddr_in6 *sin6;
294
+ ngx_uint_t n;
295
+ #endif
258
296
 
259
- sin = (struct sockaddr_in *) sa;
260
- dc = ecf->debug_connection.elts;
297
+ cidr = ecf->debug_connection.elts;
261
298
  for (i = 0; i < ecf->debug_connection.nelts; i++) {
262
- if ((sin->sin_addr.s_addr & dc[i].mask) == dc[i].addr) {
263
- log->log_level = NGX_LOG_DEBUG_CONNECTION|NGX_LOG_DEBUG_ALL;
299
+ if (cidr[i].family != c->sockaddr->sa_family) {
300
+ goto next;
301
+ }
302
+
303
+ switch (cidr[i].family) {
304
+
305
+ #if (NGX_HAVE_INET6)
306
+ case AF_INET6:
307
+ sin6 = (struct sockaddr_in6 *) c->sockaddr;
308
+ for (n = 0; n < 16; n++) {
309
+ if ((sin6->sin6_addr.s6_addr[n]
310
+ & cidr[i].u.in6.mask.s6_addr[n])
311
+ != cidr[i].u.in6.addr.s6_addr[n])
312
+ {
313
+ goto next;
314
+ }
315
+ }
316
+ break;
317
+ #endif
318
+
319
+ #if (NGX_HAVE_UNIX_DOMAIN)
320
+ case AF_UNIX:
321
+ break;
322
+ #endif
323
+
324
+ default: /* AF_INET */
325
+ sin = (struct sockaddr_in *) c->sockaddr;
326
+ if ((sin->sin_addr.s_addr & cidr[i].u.in.mask)
327
+ != cidr[i].u.in.addr)
328
+ {
329
+ goto next;
330
+ }
264
331
  break;
265
332
  }
333
+
334
+ log->log_level = NGX_LOG_DEBUG_CONNECTION|NGX_LOG_DEBUG_ALL;
335
+ break;
336
+
337
+ next:
338
+ continue;
266
339
  }
267
340
 
268
341
  }
@@ -344,6 +417,10 @@ ngx_enable_accept_events(ngx_cycle_t *cycle)
344
417
 
345
418
  c = ls[i].connection;
346
419
 
420
+ if (c->read->active) {
421
+ continue;
422
+ }
423
+
347
424
  if (ngx_event_flags & NGX_USE_RTSIG_EVENT) {
348
425
 
349
426
  if (ngx_add_conn(c) == NGX_ERROR) {
@@ -995,6 +995,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
995
995
  }
996
996
 
997
997
  in->buf->pos += n;
998
+ c->sent += n;
998
999
 
999
1000
  if (in->buf->pos == in->buf->last) {
1000
1001
  in = in->next;
@@ -619,6 +619,7 @@ ngx_http_fastcgi_handler(ngx_http_request_t *r)
619
619
  u->process_header = ngx_http_fastcgi_process_header;
620
620
  u->abort_request = ngx_http_fastcgi_abort_request;
621
621
  u->finalize_request = ngx_http_fastcgi_finalize_request;
622
+ r->state = 0;
622
623
 
623
624
  u->buffering = 1;
624
625
 
@@ -1194,6 +1195,8 @@ ngx_http_fastcgi_reinit_request(ngx_http_request_t *r)
1194
1195
  f->fastcgi_stdout = 0;
1195
1196
  f->large_stderr = 0;
1196
1197
 
1198
+ r->state = 0;
1199
+
1197
1200
  return NGX_OK;
1198
1201
  }
1199
1202
 
@@ -1353,7 +1356,11 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
1353
1356
  }
1354
1357
 
1355
1358
  } else {
1356
- f->state = ngx_http_fastcgi_st_version;
1359
+ if (f->padding) {
1360
+ f->state = ngx_http_fastcgi_st_padding;
1361
+ } else {
1362
+ f->state = ngx_http_fastcgi_st_version;
1363
+ }
1357
1364
  }
1358
1365
 
1359
1366
  continue;
@@ -1686,7 +1693,12 @@ ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
1686
1693
  }
1687
1694
 
1688
1695
  if (f->type == NGX_HTTP_FASTCGI_STDOUT && f->length == 0) {
1689
- f->state = ngx_http_fastcgi_st_version;
1696
+
1697
+ if (f->padding) {
1698
+ f->state = ngx_http_fastcgi_st_padding;
1699
+ } else {
1700
+ f->state = ngx_http_fastcgi_st_version;
1701
+ }
1690
1702
 
1691
1703
  if (!flcf->keep_conn) {
1692
1704
  p->upstream_done = 1;
@@ -1699,7 +1711,13 @@ ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
1699
1711
  }
1700
1712
 
1701
1713
  if (f->type == NGX_HTTP_FASTCGI_END_REQUEST) {
1702
- f->state = ngx_http_fastcgi_st_version;
1714
+
1715
+ if (f->padding) {
1716
+ f->state = ngx_http_fastcgi_st_padding;
1717
+ } else {
1718
+ f->state = ngx_http_fastcgi_st_version;
1719
+ }
1720
+
1703
1721
  p->upstream_done = 1;
1704
1722
 
1705
1723
  if (flcf->keep_conn) {
@@ -1772,7 +1790,11 @@ ngx_http_fastcgi_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf)
1772
1790
  }
1773
1791
 
1774
1792
  } else {
1775
- f->state = ngx_http_fastcgi_st_version;
1793
+ if (f->padding) {
1794
+ f->state = ngx_http_fastcgi_st_padding;
1795
+ } else {
1796
+ f->state = ngx_http_fastcgi_st_version;
1797
+ }
1776
1798
  }
1777
1799
 
1778
1800
  continue;