nginxtra 1.2.0.1 → 1.2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/bin/nginxtra +1 -1
- data/lib/nginxtra.rb +2 -0
- data/lib/nginxtra/action.rb +1 -1
- data/lib/nginxtra/actions/convert.rb +67 -0
- data/lib/nginxtra/actions/install.rb +3 -0
- data/lib/nginxtra/cli.rb +20 -0
- data/lib/nginxtra/config_converter.rb +324 -0
- data/lib/nginxtra/error.rb +3 -0
- data/src/nginx/CHANGES +45 -0
- data/src/nginx/CHANGES.ru +46 -0
- data/src/nginx/src/core/nginx.h +2 -2
- data/src/nginx/src/core/ngx_resolver.c +14 -2
- data/src/nginx/src/event/ngx_event.c +18 -21
- data/src/nginx/src/event/ngx_event.h +0 -6
- data/src/nginx/src/event/ngx_event_accept.c +90 -13
- data/src/nginx/src/event/ngx_event_openssl.c +1 -0
- data/src/nginx/src/http/modules/ngx_http_fastcgi_module.c +26 -4
- data/src/nginx/src/http/modules/ngx_http_flv_module.c +1 -1
- data/src/nginx/src/http/modules/ngx_http_geo_module.c +62 -74
- data/src/nginx/src/http/modules/ngx_http_geoip_module.c +130 -30
- data/src/nginx/src/http/modules/ngx_http_gzip_static_module.c +1 -1
- data/src/nginx/src/http/modules/ngx_http_mp4_module.c +1 -1
- data/src/nginx/src/http/modules/ngx_http_realip_module.c +45 -93
- data/src/nginx/src/http/modules/ngx_http_scgi_module.c +2 -0
- data/src/nginx/src/http/modules/ngx_http_stub_status_module.c +1 -1
- data/src/nginx/src/http/modules/ngx_http_uwsgi_module.c +2 -0
- data/src/nginx/src/http/modules/perl/nginx.pm +1 -1
- data/src/nginx/src/http/ngx_http_core_module.c +104 -0
- data/src/nginx/src/http/ngx_http_core_module.h +3 -0
- data/src/nginx/src/http/ngx_http_parse.c +20 -0
- data/src/nginx/src/http/ngx_http_request.c +26 -15
- data/src/nginx/src/http/ngx_http_script.c +0 -1
- data/src/nginx/src/http/ngx_http_upstream_round_robin.c +72 -170
- data/src/nginx/src/http/ngx_http_upstream_round_robin.h +1 -0
- data/src/nginx/src/os/unix/ngx_errno.h +2 -0
- metadata +6 -4
@@ -16,13 +16,11 @@
|
|
16
16
|
|
17
17
|
|
18
18
|
typedef struct {
|
19
|
-
ngx_array_t *from; /* array of
|
19
|
+
ngx_array_t *from; /* array of ngx_cidr_t */
|
20
20
|
ngx_uint_t type;
|
21
21
|
ngx_uint_t hash;
|
22
22
|
ngx_str_t header;
|
23
|
-
|
24
|
-
ngx_uint_t unixsock; /* unsigned unixsock:2; */
|
25
|
-
#endif
|
23
|
+
ngx_flag_t recursive;
|
26
24
|
} ngx_http_realip_loc_conf_t;
|
27
25
|
|
28
26
|
|
@@ -35,8 +33,8 @@ typedef struct {
|
|
35
33
|
|
36
34
|
|
37
35
|
static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r);
|
38
|
-
static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r,
|
39
|
-
|
36
|
+
static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r,
|
37
|
+
ngx_addr_t *addr);
|
40
38
|
static void ngx_http_realip_cleanup(void *data);
|
41
39
|
static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd,
|
42
40
|
void *conf);
|
@@ -63,6 +61,13 @@ static ngx_command_t ngx_http_realip_commands[] = {
|
|
63
61
|
0,
|
64
62
|
NULL },
|
65
63
|
|
64
|
+
{ ngx_string("real_ip_recursive"),
|
65
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
|
66
|
+
ngx_conf_set_flag_slot,
|
67
|
+
NGX_HTTP_LOC_CONF_OFFSET,
|
68
|
+
offsetof(ngx_http_realip_loc_conf_t, recursive),
|
69
|
+
NULL },
|
70
|
+
|
66
71
|
ngx_null_command
|
67
72
|
};
|
68
73
|
|
@@ -105,10 +110,9 @@ ngx_http_realip_handler(ngx_http_request_t *r)
|
|
105
110
|
u_char *ip, *p;
|
106
111
|
size_t len;
|
107
112
|
ngx_uint_t i, hash;
|
113
|
+
ngx_addr_t addr;
|
108
114
|
ngx_list_part_t *part;
|
109
115
|
ngx_table_elt_t *header;
|
110
|
-
struct sockaddr_in *sin;
|
111
|
-
ngx_in_cidr_t *from;
|
112
116
|
ngx_connection_t *c;
|
113
117
|
ngx_http_realip_ctx_t *ctx;
|
114
118
|
ngx_http_realip_loc_conf_t *rlcf;
|
@@ -121,12 +125,7 @@ ngx_http_realip_handler(ngx_http_request_t *r)
|
|
121
125
|
|
122
126
|
rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module);
|
123
127
|
|
124
|
-
if (rlcf->from == NULL
|
125
|
-
#if (NGX_HAVE_UNIX_DOMAIN)
|
126
|
-
&& !rlcf->unixsock
|
127
|
-
#endif
|
128
|
-
)
|
129
|
-
{
|
128
|
+
if (rlcf->from == NULL) {
|
130
129
|
return NGX_DECLINED;
|
131
130
|
}
|
132
131
|
|
@@ -152,15 +151,6 @@ ngx_http_realip_handler(ngx_http_request_t *r)
|
|
152
151
|
len = r->headers_in.x_forwarded_for->value.len;
|
153
152
|
ip = r->headers_in.x_forwarded_for->value.data;
|
154
153
|
|
155
|
-
for (p = ip + len - 1; p > ip; p--) {
|
156
|
-
if (*p == ' ' || *p == ',') {
|
157
|
-
p++;
|
158
|
-
len -= p - ip;
|
159
|
-
ip = p;
|
160
|
-
break;
|
161
|
-
}
|
162
|
-
}
|
163
|
-
|
164
154
|
break;
|
165
155
|
|
166
156
|
default: /* NGX_HTTP_REALIP_HEADER */
|
@@ -204,42 +194,27 @@ found:
|
|
204
194
|
|
205
195
|
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "realip: \"%s\"", ip);
|
206
196
|
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
sin = (struct sockaddr_in *) c->sockaddr;
|
211
|
-
|
212
|
-
from = rlcf->from->elts;
|
213
|
-
for (i = 0; i < rlcf->from->nelts; i++) {
|
197
|
+
addr.sockaddr = c->sockaddr;
|
198
|
+
addr.socklen = c->socklen;
|
199
|
+
/* addr.name = c->addr_text; */
|
214
200
|
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
return ngx_http_realip_set_addr(r, ip, len);
|
221
|
-
}
|
222
|
-
}
|
223
|
-
}
|
224
|
-
|
225
|
-
#if (NGX_HAVE_UNIX_DOMAIN)
|
226
|
-
|
227
|
-
if (c->sockaddr->sa_family == AF_UNIX && rlcf->unixsock) {
|
228
|
-
return ngx_http_realip_set_addr(r, ip, len);
|
201
|
+
if (ngx_http_get_forwarded_addr(r, &addr, ip, len, rlcf->from,
|
202
|
+
rlcf->recursive)
|
203
|
+
== NGX_OK)
|
204
|
+
{
|
205
|
+
return ngx_http_realip_set_addr(r, &addr);
|
229
206
|
}
|
230
207
|
|
231
|
-
#endif
|
232
|
-
|
233
208
|
return NGX_DECLINED;
|
234
209
|
}
|
235
210
|
|
236
211
|
|
237
212
|
static ngx_int_t
|
238
|
-
ngx_http_realip_set_addr(ngx_http_request_t *r,
|
213
|
+
ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr)
|
239
214
|
{
|
215
|
+
size_t len;
|
240
216
|
u_char *p;
|
241
|
-
|
242
|
-
ngx_addr_t addr;
|
217
|
+
u_char text[NGX_SOCKADDR_STRLEN];
|
243
218
|
ngx_connection_t *c;
|
244
219
|
ngx_pool_cleanup_t *cln;
|
245
220
|
ngx_http_realip_ctx_t *ctx;
|
@@ -254,15 +229,9 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
|
|
254
229
|
|
255
230
|
c = r->connection;
|
256
231
|
|
257
|
-
|
258
|
-
|
259
|
-
switch (rc) {
|
260
|
-
case NGX_DECLINED:
|
261
|
-
return NGX_DECLINED;
|
262
|
-
case NGX_ERROR:
|
232
|
+
len = ngx_sock_ntop(addr->sockaddr, text, NGX_SOCKADDR_STRLEN, 0);
|
233
|
+
if (len == 0) {
|
263
234
|
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
264
|
-
default: /* NGX_OK */
|
265
|
-
break;
|
266
235
|
}
|
267
236
|
|
268
237
|
p = ngx_pnalloc(c->pool, len);
|
@@ -270,7 +239,7 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
|
|
270
239
|
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
271
240
|
}
|
272
241
|
|
273
|
-
ngx_memcpy(p,
|
242
|
+
ngx_memcpy(p, text, len);
|
274
243
|
|
275
244
|
cln->handler = ngx_http_realip_cleanup;
|
276
245
|
|
@@ -279,8 +248,8 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
|
|
279
248
|
ctx->socklen = c->socklen;
|
280
249
|
ctx->addr_text = c->addr_text;
|
281
250
|
|
282
|
-
c->sockaddr = addr
|
283
|
-
c->socklen = addr
|
251
|
+
c->sockaddr = addr->sockaddr;
|
252
|
+
c->socklen = addr->socklen;
|
284
253
|
c->addr_text.len = len;
|
285
254
|
c->addr_text.data = p;
|
286
255
|
|
@@ -310,34 +279,33 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
310
279
|
|
311
280
|
ngx_int_t rc;
|
312
281
|
ngx_str_t *value;
|
313
|
-
ngx_cidr_t
|
314
|
-
ngx_in_cidr_t *from;
|
282
|
+
ngx_cidr_t *cidr;
|
315
283
|
|
316
284
|
value = cf->args->elts;
|
317
285
|
|
318
|
-
#if (NGX_HAVE_UNIX_DOMAIN)
|
319
|
-
|
320
|
-
if (ngx_strcmp(value[1].data, "unix:") == 0) {
|
321
|
-
rlcf->unixsock = 1;
|
322
|
-
return NGX_CONF_OK;
|
323
|
-
}
|
324
|
-
|
325
|
-
#endif
|
326
|
-
|
327
286
|
if (rlcf->from == NULL) {
|
328
287
|
rlcf->from = ngx_array_create(cf->pool, 2,
|
329
|
-
sizeof(
|
288
|
+
sizeof(ngx_cidr_t));
|
330
289
|
if (rlcf->from == NULL) {
|
331
290
|
return NGX_CONF_ERROR;
|
332
291
|
}
|
333
292
|
}
|
334
293
|
|
335
|
-
|
336
|
-
if (
|
294
|
+
cidr = ngx_array_push(rlcf->from);
|
295
|
+
if (cidr == NULL) {
|
337
296
|
return NGX_CONF_ERROR;
|
338
297
|
}
|
339
298
|
|
340
|
-
|
299
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
300
|
+
|
301
|
+
if (ngx_strcmp(value[1].data, "unix:") == 0) {
|
302
|
+
cidr->family = AF_UNIX;
|
303
|
+
return NGX_CONF_OK;
|
304
|
+
}
|
305
|
+
|
306
|
+
#endif
|
307
|
+
|
308
|
+
rc = ngx_ptocidr(&value[1], cidr);
|
341
309
|
|
342
310
|
if (rc == NGX_ERROR) {
|
343
311
|
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
|
@@ -345,20 +313,11 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
345
313
|
return NGX_CONF_ERROR;
|
346
314
|
}
|
347
315
|
|
348
|
-
if (cidr.family != AF_INET) {
|
349
|
-
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
350
|
-
"\"set_real_ip_from\" supports IPv4 only");
|
351
|
-
return NGX_CONF_ERROR;
|
352
|
-
}
|
353
|
-
|
354
316
|
if (rc == NGX_DONE) {
|
355
317
|
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
356
318
|
"low address bits of %V are meaningless", &value[1]);
|
357
319
|
}
|
358
320
|
|
359
|
-
from->mask = cidr.u.in.mask;
|
360
|
-
from->addr = cidr.u.in.addr;
|
361
|
-
|
362
321
|
return NGX_CONF_OK;
|
363
322
|
}
|
364
323
|
|
@@ -409,9 +368,7 @@ ngx_http_realip_create_loc_conf(ngx_conf_t *cf)
|
|
409
368
|
*/
|
410
369
|
|
411
370
|
conf->type = NGX_CONF_UNSET_UINT;
|
412
|
-
|
413
|
-
conf->unixsock = 2;
|
414
|
-
#endif
|
371
|
+
conf->recursive = NGX_CONF_UNSET;
|
415
372
|
|
416
373
|
return conf;
|
417
374
|
}
|
@@ -427,13 +384,8 @@ ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
427
384
|
conf->from = prev->from;
|
428
385
|
}
|
429
386
|
|
430
|
-
#if (NGX_HAVE_UNIX_DOMAIN)
|
431
|
-
if (conf->unixsock == 2) {
|
432
|
-
conf->unixsock = (prev->unixsock == 2) ? 0 : prev->unixsock;
|
433
|
-
}
|
434
|
-
#endif
|
435
|
-
|
436
387
|
ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP);
|
388
|
+
ngx_conf_merge_value(conf->recursive, prev->recursive, 0);
|
437
389
|
|
438
390
|
if (conf->header.len == 0) {
|
439
391
|
conf->hash = prev->hash;
|
@@ -434,6 +434,7 @@ ngx_http_scgi_handler(ngx_http_request_t *r)
|
|
434
434
|
u->process_header = ngx_http_scgi_process_status_line;
|
435
435
|
u->abort_request = ngx_http_scgi_abort_request;
|
436
436
|
u->finalize_request = ngx_http_scgi_finalize_request;
|
437
|
+
r->state = 0;
|
437
438
|
|
438
439
|
u->buffering = scf->upstream.buffering;
|
439
440
|
|
@@ -843,6 +844,7 @@ ngx_http_scgi_reinit_request(ngx_http_request_t *r)
|
|
843
844
|
status->end = NULL;
|
844
845
|
|
845
846
|
r->upstream->process_header = ngx_http_scgi_process_status_line;
|
847
|
+
r->state = 0;
|
846
848
|
|
847
849
|
return NGX_OK;
|
848
850
|
}
|
@@ -121,7 +121,7 @@ static ngx_int_t ngx_http_status_handler(ngx_http_request_t *r)
|
|
121
121
|
r->headers_out.status = NGX_HTTP_OK;
|
122
122
|
r->headers_out.content_length_n = b->last - b->pos;
|
123
123
|
|
124
|
-
b->last_buf = 1;
|
124
|
+
b->last_buf = (r == r->main) ? 1 : 0;
|
125
125
|
|
126
126
|
rc = ngx_http_send_header(r);
|
127
127
|
|
@@ -467,6 +467,7 @@ ngx_http_uwsgi_handler(ngx_http_request_t *r)
|
|
467
467
|
u->process_header = ngx_http_uwsgi_process_status_line;
|
468
468
|
u->abort_request = ngx_http_uwsgi_abort_request;
|
469
469
|
u->finalize_request = ngx_http_uwsgi_finalize_request;
|
470
|
+
r->state = 0;
|
470
471
|
|
471
472
|
u->buffering = uwcf->upstream.buffering;
|
472
473
|
|
@@ -883,6 +884,7 @@ ngx_http_uwsgi_reinit_request(ngx_http_request_t *r)
|
|
883
884
|
status->end = NULL;
|
884
885
|
|
885
886
|
r->upstream->process_header = ngx_http_uwsgi_process_status_line;
|
887
|
+
r->state = 0;
|
886
888
|
|
887
889
|
return NGX_OK;
|
888
890
|
}
|
@@ -2599,6 +2599,7 @@ ngx_http_named_location(ngx_http_request_t *r, ngx_str_t *name)
|
|
2599
2599
|
|
2600
2600
|
r->phase_handler = cmcf->phase_engine.location_rewrite_index;
|
2601
2601
|
|
2602
|
+
r->write_event_handler = ngx_http_core_run_phases;
|
2602
2603
|
ngx_http_core_run_phases(r);
|
2603
2604
|
|
2604
2605
|
return NGX_DONE;
|
@@ -2698,6 +2699,109 @@ ngx_http_set_disable_symlinks(ngx_http_request_t *r,
|
|
2698
2699
|
}
|
2699
2700
|
|
2700
2701
|
|
2702
|
+
ngx_int_t
|
2703
|
+
ngx_http_get_forwarded_addr(ngx_http_request_t *r, ngx_addr_t *addr,
|
2704
|
+
u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive)
|
2705
|
+
{
|
2706
|
+
u_char *p;
|
2707
|
+
in_addr_t inaddr;
|
2708
|
+
ngx_addr_t paddr;
|
2709
|
+
ngx_cidr_t *cidr;
|
2710
|
+
ngx_uint_t family, i;
|
2711
|
+
#if (NGX_HAVE_INET6)
|
2712
|
+
ngx_uint_t n;
|
2713
|
+
struct in6_addr *inaddr6;
|
2714
|
+
#endif
|
2715
|
+
|
2716
|
+
#if (NGX_SUPPRESS_WARN)
|
2717
|
+
inaddr = 0;
|
2718
|
+
#if (NGX_HAVE_INET6)
|
2719
|
+
inaddr6 = NULL;
|
2720
|
+
#endif
|
2721
|
+
#endif
|
2722
|
+
|
2723
|
+
family = addr->sockaddr->sa_family;
|
2724
|
+
|
2725
|
+
if (family == AF_INET) {
|
2726
|
+
inaddr = ((struct sockaddr_in *) addr->sockaddr)->sin_addr.s_addr;
|
2727
|
+
}
|
2728
|
+
|
2729
|
+
#if (NGX_HAVE_INET6)
|
2730
|
+
else if (family == AF_INET6) {
|
2731
|
+
inaddr6 = &((struct sockaddr_in6 *) addr->sockaddr)->sin6_addr;
|
2732
|
+
|
2733
|
+
if (IN6_IS_ADDR_V4MAPPED(inaddr6)) {
|
2734
|
+
family = AF_INET;
|
2735
|
+
inaddr = *(in_addr_t *) &inaddr6->s6_addr[12];
|
2736
|
+
}
|
2737
|
+
}
|
2738
|
+
#endif
|
2739
|
+
|
2740
|
+
for (cidr = proxies->elts, i = 0; i < proxies->nelts; i++) {
|
2741
|
+
if (cidr[i].family != family) {
|
2742
|
+
goto next;
|
2743
|
+
}
|
2744
|
+
|
2745
|
+
switch (family) {
|
2746
|
+
|
2747
|
+
#if (NGX_HAVE_INET6)
|
2748
|
+
case AF_INET6:
|
2749
|
+
for (n = 0; n < 16; n++) {
|
2750
|
+
if ((inaddr6->s6_addr[n] & cidr[i].u.in6.mask.s6_addr[n])
|
2751
|
+
!= cidr[i].u.in6.addr.s6_addr[n])
|
2752
|
+
{
|
2753
|
+
goto next;
|
2754
|
+
}
|
2755
|
+
}
|
2756
|
+
break;
|
2757
|
+
#endif
|
2758
|
+
|
2759
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
2760
|
+
case AF_UNIX:
|
2761
|
+
break;
|
2762
|
+
#endif
|
2763
|
+
|
2764
|
+
default: /* AF_INET */
|
2765
|
+
if ((inaddr & cidr[i].u.in.mask) != cidr[i].u.in.addr) {
|
2766
|
+
goto next;
|
2767
|
+
}
|
2768
|
+
break;
|
2769
|
+
}
|
2770
|
+
|
2771
|
+
for (p = xff + xfflen - 1; p > xff; p--, xfflen--) {
|
2772
|
+
if (*p != ' ' && *p != ',') {
|
2773
|
+
break;
|
2774
|
+
}
|
2775
|
+
}
|
2776
|
+
|
2777
|
+
for ( /* void */ ; p > xff; p--) {
|
2778
|
+
if (*p == ' ' || *p == ',') {
|
2779
|
+
p++;
|
2780
|
+
break;
|
2781
|
+
}
|
2782
|
+
}
|
2783
|
+
|
2784
|
+
if (ngx_parse_addr(r->pool, &paddr, p, xfflen - (p - xff)) != NGX_OK) {
|
2785
|
+
return NGX_DECLINED;
|
2786
|
+
}
|
2787
|
+
|
2788
|
+
*addr = paddr;
|
2789
|
+
|
2790
|
+
if (recursive && p > xff) {
|
2791
|
+
(void) ngx_http_get_forwarded_addr(r, addr, xff, p - 1 - xff,
|
2792
|
+
proxies, 1);
|
2793
|
+
}
|
2794
|
+
|
2795
|
+
return NGX_OK;
|
2796
|
+
|
2797
|
+
next:
|
2798
|
+
continue;
|
2799
|
+
}
|
2800
|
+
|
2801
|
+
return NGX_DECLINED;
|
2802
|
+
}
|
2803
|
+
|
2804
|
+
|
2701
2805
|
static char *
|
2702
2806
|
ngx_http_core_server(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
|
2703
2807
|
{
|