nginxtra 1.2.0.1 → 1.2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. data/VERSION +1 -1
  2. data/bin/nginxtra +1 -1
  3. data/lib/nginxtra.rb +2 -0
  4. data/lib/nginxtra/action.rb +1 -1
  5. data/lib/nginxtra/actions/convert.rb +67 -0
  6. data/lib/nginxtra/actions/install.rb +3 -0
  7. data/lib/nginxtra/cli.rb +20 -0
  8. data/lib/nginxtra/config_converter.rb +324 -0
  9. data/lib/nginxtra/error.rb +3 -0
  10. data/src/nginx/CHANGES +45 -0
  11. data/src/nginx/CHANGES.ru +46 -0
  12. data/src/nginx/src/core/nginx.h +2 -2
  13. data/src/nginx/src/core/ngx_resolver.c +14 -2
  14. data/src/nginx/src/event/ngx_event.c +18 -21
  15. data/src/nginx/src/event/ngx_event.h +0 -6
  16. data/src/nginx/src/event/ngx_event_accept.c +90 -13
  17. data/src/nginx/src/event/ngx_event_openssl.c +1 -0
  18. data/src/nginx/src/http/modules/ngx_http_fastcgi_module.c +26 -4
  19. data/src/nginx/src/http/modules/ngx_http_flv_module.c +1 -1
  20. data/src/nginx/src/http/modules/ngx_http_geo_module.c +62 -74
  21. data/src/nginx/src/http/modules/ngx_http_geoip_module.c +130 -30
  22. data/src/nginx/src/http/modules/ngx_http_gzip_static_module.c +1 -1
  23. data/src/nginx/src/http/modules/ngx_http_mp4_module.c +1 -1
  24. data/src/nginx/src/http/modules/ngx_http_realip_module.c +45 -93
  25. data/src/nginx/src/http/modules/ngx_http_scgi_module.c +2 -0
  26. data/src/nginx/src/http/modules/ngx_http_stub_status_module.c +1 -1
  27. data/src/nginx/src/http/modules/ngx_http_uwsgi_module.c +2 -0
  28. data/src/nginx/src/http/modules/perl/nginx.pm +1 -1
  29. data/src/nginx/src/http/ngx_http_core_module.c +104 -0
  30. data/src/nginx/src/http/ngx_http_core_module.h +3 -0
  31. data/src/nginx/src/http/ngx_http_parse.c +20 -0
  32. data/src/nginx/src/http/ngx_http_request.c +26 -15
  33. data/src/nginx/src/http/ngx_http_script.c +0 -1
  34. data/src/nginx/src/http/ngx_http_upstream_round_robin.c +72 -170
  35. data/src/nginx/src/http/ngx_http_upstream_round_robin.h +1 -0
  36. data/src/nginx/src/os/unix/ngx_errno.h +2 -0
  37. metadata +6 -4
@@ -245,7 +245,7 @@ ngx_http_gzip_static_handler(ngx_http_request_t *r)
245
245
  b->file_last = of.size;
246
246
 
247
247
  b->in_file = b->file_last ? 1 : 0;
248
- b->last_buf = 1;
248
+ b->last_buf = (r == r->main) ? 1 : 0;
249
249
  b->last_in_chain = 1;
250
250
 
251
251
  b->file->fd = of.fd;
@@ -616,7 +616,7 @@ ngx_http_mp4_handler(ngx_http_request_t *r)
616
616
  b->file_last = of.size;
617
617
 
618
618
  b->in_file = b->file_last ? 1 : 0;
619
- b->last_buf = 1;
619
+ b->last_buf = (r == r->main) ? 1 : 0;
620
620
  b->last_in_chain = 1;
621
621
 
622
622
  b->file->fd = of.fd;
@@ -16,13 +16,11 @@
16
16
 
17
17
 
18
18
  typedef struct {
19
- ngx_array_t *from; /* array of ngx_in_cidr_t */
19
+ ngx_array_t *from; /* array of ngx_cidr_t */
20
20
  ngx_uint_t type;
21
21
  ngx_uint_t hash;
22
22
  ngx_str_t header;
23
- #if (NGX_HAVE_UNIX_DOMAIN)
24
- ngx_uint_t unixsock; /* unsigned unixsock:2; */
25
- #endif
23
+ ngx_flag_t recursive;
26
24
  } ngx_http_realip_loc_conf_t;
27
25
 
28
26
 
@@ -35,8 +33,8 @@ typedef struct {
35
33
 
36
34
 
37
35
  static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r);
38
- static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip,
39
- size_t len);
36
+ static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r,
37
+ ngx_addr_t *addr);
40
38
  static void ngx_http_realip_cleanup(void *data);
41
39
  static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd,
42
40
  void *conf);
@@ -63,6 +61,13 @@ static ngx_command_t ngx_http_realip_commands[] = {
63
61
  0,
64
62
  NULL },
65
63
 
64
+ { ngx_string("real_ip_recursive"),
65
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
66
+ ngx_conf_set_flag_slot,
67
+ NGX_HTTP_LOC_CONF_OFFSET,
68
+ offsetof(ngx_http_realip_loc_conf_t, recursive),
69
+ NULL },
70
+
66
71
  ngx_null_command
67
72
  };
68
73
 
@@ -105,10 +110,9 @@ ngx_http_realip_handler(ngx_http_request_t *r)
105
110
  u_char *ip, *p;
106
111
  size_t len;
107
112
  ngx_uint_t i, hash;
113
+ ngx_addr_t addr;
108
114
  ngx_list_part_t *part;
109
115
  ngx_table_elt_t *header;
110
- struct sockaddr_in *sin;
111
- ngx_in_cidr_t *from;
112
116
  ngx_connection_t *c;
113
117
  ngx_http_realip_ctx_t *ctx;
114
118
  ngx_http_realip_loc_conf_t *rlcf;
@@ -121,12 +125,7 @@ ngx_http_realip_handler(ngx_http_request_t *r)
121
125
 
122
126
  rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module);
123
127
 
124
- if (rlcf->from == NULL
125
- #if (NGX_HAVE_UNIX_DOMAIN)
126
- && !rlcf->unixsock
127
- #endif
128
- )
129
- {
128
+ if (rlcf->from == NULL) {
130
129
  return NGX_DECLINED;
131
130
  }
132
131
 
@@ -152,15 +151,6 @@ ngx_http_realip_handler(ngx_http_request_t *r)
152
151
  len = r->headers_in.x_forwarded_for->value.len;
153
152
  ip = r->headers_in.x_forwarded_for->value.data;
154
153
 
155
- for (p = ip + len - 1; p > ip; p--) {
156
- if (*p == ' ' || *p == ',') {
157
- p++;
158
- len -= p - ip;
159
- ip = p;
160
- break;
161
- }
162
- }
163
-
164
154
  break;
165
155
 
166
156
  default: /* NGX_HTTP_REALIP_HEADER */
@@ -204,42 +194,27 @@ found:
204
194
 
205
195
  ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "realip: \"%s\"", ip);
206
196
 
207
- /* AF_INET only */
208
-
209
- if (c->sockaddr->sa_family == AF_INET) {
210
- sin = (struct sockaddr_in *) c->sockaddr;
211
-
212
- from = rlcf->from->elts;
213
- for (i = 0; i < rlcf->from->nelts; i++) {
197
+ addr.sockaddr = c->sockaddr;
198
+ addr.socklen = c->socklen;
199
+ /* addr.name = c->addr_text; */
214
200
 
215
- ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
216
- "realip: %08XD %08XD %08XD",
217
- sin->sin_addr.s_addr, from[i].mask, from[i].addr);
218
-
219
- if ((sin->sin_addr.s_addr & from[i].mask) == from[i].addr) {
220
- return ngx_http_realip_set_addr(r, ip, len);
221
- }
222
- }
223
- }
224
-
225
- #if (NGX_HAVE_UNIX_DOMAIN)
226
-
227
- if (c->sockaddr->sa_family == AF_UNIX && rlcf->unixsock) {
228
- return ngx_http_realip_set_addr(r, ip, len);
201
+ if (ngx_http_get_forwarded_addr(r, &addr, ip, len, rlcf->from,
202
+ rlcf->recursive)
203
+ == NGX_OK)
204
+ {
205
+ return ngx_http_realip_set_addr(r, &addr);
229
206
  }
230
207
 
231
- #endif
232
-
233
208
  return NGX_DECLINED;
234
209
  }
235
210
 
236
211
 
237
212
  static ngx_int_t
238
- ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
213
+ ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr)
239
214
  {
215
+ size_t len;
240
216
  u_char *p;
241
- ngx_int_t rc;
242
- ngx_addr_t addr;
217
+ u_char text[NGX_SOCKADDR_STRLEN];
243
218
  ngx_connection_t *c;
244
219
  ngx_pool_cleanup_t *cln;
245
220
  ngx_http_realip_ctx_t *ctx;
@@ -254,15 +229,9 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
254
229
 
255
230
  c = r->connection;
256
231
 
257
- rc = ngx_parse_addr(c->pool, &addr, ip, len);
258
-
259
- switch (rc) {
260
- case NGX_DECLINED:
261
- return NGX_DECLINED;
262
- case NGX_ERROR:
232
+ len = ngx_sock_ntop(addr->sockaddr, text, NGX_SOCKADDR_STRLEN, 0);
233
+ if (len == 0) {
263
234
  return NGX_HTTP_INTERNAL_SERVER_ERROR;
264
- default: /* NGX_OK */
265
- break;
266
235
  }
267
236
 
268
237
  p = ngx_pnalloc(c->pool, len);
@@ -270,7 +239,7 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
270
239
  return NGX_HTTP_INTERNAL_SERVER_ERROR;
271
240
  }
272
241
 
273
- ngx_memcpy(p, ip, len);
242
+ ngx_memcpy(p, text, len);
274
243
 
275
244
  cln->handler = ngx_http_realip_cleanup;
276
245
 
@@ -279,8 +248,8 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
279
248
  ctx->socklen = c->socklen;
280
249
  ctx->addr_text = c->addr_text;
281
250
 
282
- c->sockaddr = addr.sockaddr;
283
- c->socklen = addr.socklen;
251
+ c->sockaddr = addr->sockaddr;
252
+ c->socklen = addr->socklen;
284
253
  c->addr_text.len = len;
285
254
  c->addr_text.data = p;
286
255
 
@@ -310,34 +279,33 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
310
279
 
311
280
  ngx_int_t rc;
312
281
  ngx_str_t *value;
313
- ngx_cidr_t cidr;
314
- ngx_in_cidr_t *from;
282
+ ngx_cidr_t *cidr;
315
283
 
316
284
  value = cf->args->elts;
317
285
 
318
- #if (NGX_HAVE_UNIX_DOMAIN)
319
-
320
- if (ngx_strcmp(value[1].data, "unix:") == 0) {
321
- rlcf->unixsock = 1;
322
- return NGX_CONF_OK;
323
- }
324
-
325
- #endif
326
-
327
286
  if (rlcf->from == NULL) {
328
287
  rlcf->from = ngx_array_create(cf->pool, 2,
329
- sizeof(ngx_in_cidr_t));
288
+ sizeof(ngx_cidr_t));
330
289
  if (rlcf->from == NULL) {
331
290
  return NGX_CONF_ERROR;
332
291
  }
333
292
  }
334
293
 
335
- from = ngx_array_push(rlcf->from);
336
- if (from == NULL) {
294
+ cidr = ngx_array_push(rlcf->from);
295
+ if (cidr == NULL) {
337
296
  return NGX_CONF_ERROR;
338
297
  }
339
298
 
340
- rc = ngx_ptocidr(&value[1], &cidr);
299
+ #if (NGX_HAVE_UNIX_DOMAIN)
300
+
301
+ if (ngx_strcmp(value[1].data, "unix:") == 0) {
302
+ cidr->family = AF_UNIX;
303
+ return NGX_CONF_OK;
304
+ }
305
+
306
+ #endif
307
+
308
+ rc = ngx_ptocidr(&value[1], cidr);
341
309
 
342
310
  if (rc == NGX_ERROR) {
343
311
  ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
@@ -345,20 +313,11 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
345
313
  return NGX_CONF_ERROR;
346
314
  }
347
315
 
348
- if (cidr.family != AF_INET) {
349
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
350
- "\"set_real_ip_from\" supports IPv4 only");
351
- return NGX_CONF_ERROR;
352
- }
353
-
354
316
  if (rc == NGX_DONE) {
355
317
  ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
356
318
  "low address bits of %V are meaningless", &value[1]);
357
319
  }
358
320
 
359
- from->mask = cidr.u.in.mask;
360
- from->addr = cidr.u.in.addr;
361
-
362
321
  return NGX_CONF_OK;
363
322
  }
364
323
 
@@ -409,9 +368,7 @@ ngx_http_realip_create_loc_conf(ngx_conf_t *cf)
409
368
  */
410
369
 
411
370
  conf->type = NGX_CONF_UNSET_UINT;
412
- #if (NGX_HAVE_UNIX_DOMAIN)
413
- conf->unixsock = 2;
414
- #endif
371
+ conf->recursive = NGX_CONF_UNSET;
415
372
 
416
373
  return conf;
417
374
  }
@@ -427,13 +384,8 @@ ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
427
384
  conf->from = prev->from;
428
385
  }
429
386
 
430
- #if (NGX_HAVE_UNIX_DOMAIN)
431
- if (conf->unixsock == 2) {
432
- conf->unixsock = (prev->unixsock == 2) ? 0 : prev->unixsock;
433
- }
434
- #endif
435
-
436
387
  ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP);
388
+ ngx_conf_merge_value(conf->recursive, prev->recursive, 0);
437
389
 
438
390
  if (conf->header.len == 0) {
439
391
  conf->hash = prev->hash;
@@ -434,6 +434,7 @@ ngx_http_scgi_handler(ngx_http_request_t *r)
434
434
  u->process_header = ngx_http_scgi_process_status_line;
435
435
  u->abort_request = ngx_http_scgi_abort_request;
436
436
  u->finalize_request = ngx_http_scgi_finalize_request;
437
+ r->state = 0;
437
438
 
438
439
  u->buffering = scf->upstream.buffering;
439
440
 
@@ -843,6 +844,7 @@ ngx_http_scgi_reinit_request(ngx_http_request_t *r)
843
844
  status->end = NULL;
844
845
 
845
846
  r->upstream->process_header = ngx_http_scgi_process_status_line;
847
+ r->state = 0;
846
848
 
847
849
  return NGX_OK;
848
850
  }
@@ -121,7 +121,7 @@ static ngx_int_t ngx_http_status_handler(ngx_http_request_t *r)
121
121
  r->headers_out.status = NGX_HTTP_OK;
122
122
  r->headers_out.content_length_n = b->last - b->pos;
123
123
 
124
- b->last_buf = 1;
124
+ b->last_buf = (r == r->main) ? 1 : 0;
125
125
 
126
126
  rc = ngx_http_send_header(r);
127
127
 
@@ -467,6 +467,7 @@ ngx_http_uwsgi_handler(ngx_http_request_t *r)
467
467
  u->process_header = ngx_http_uwsgi_process_status_line;
468
468
  u->abort_request = ngx_http_uwsgi_abort_request;
469
469
  u->finalize_request = ngx_http_uwsgi_finalize_request;
470
+ r->state = 0;
470
471
 
471
472
  u->buffering = uwcf->upstream.buffering;
472
473
 
@@ -883,6 +884,7 @@ ngx_http_uwsgi_reinit_request(ngx_http_request_t *r)
883
884
  status->end = NULL;
884
885
 
885
886
  r->upstream->process_header = ngx_http_uwsgi_process_status_line;
887
+ r->state = 0;
886
888
 
887
889
  return NGX_OK;
888
890
  }
@@ -50,7 +50,7 @@ our @EXPORT = qw(
50
50
  HTTP_INSUFFICIENT_STORAGE
51
51
  );
52
52
 
53
- our $VERSION = '1.2.0';
53
+ our $VERSION = '1.2.1';
54
54
 
55
55
  require XSLoader;
56
56
  XSLoader::load('nginx', $VERSION);
@@ -2599,6 +2599,7 @@ ngx_http_named_location(ngx_http_request_t *r, ngx_str_t *name)
2599
2599
 
2600
2600
  r->phase_handler = cmcf->phase_engine.location_rewrite_index;
2601
2601
 
2602
+ r->write_event_handler = ngx_http_core_run_phases;
2602
2603
  ngx_http_core_run_phases(r);
2603
2604
 
2604
2605
  return NGX_DONE;
@@ -2698,6 +2699,109 @@ ngx_http_set_disable_symlinks(ngx_http_request_t *r,
2698
2699
  }
2699
2700
 
2700
2701
 
2702
+ ngx_int_t
2703
+ ngx_http_get_forwarded_addr(ngx_http_request_t *r, ngx_addr_t *addr,
2704
+ u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive)
2705
+ {
2706
+ u_char *p;
2707
+ in_addr_t inaddr;
2708
+ ngx_addr_t paddr;
2709
+ ngx_cidr_t *cidr;
2710
+ ngx_uint_t family, i;
2711
+ #if (NGX_HAVE_INET6)
2712
+ ngx_uint_t n;
2713
+ struct in6_addr *inaddr6;
2714
+ #endif
2715
+
2716
+ #if (NGX_SUPPRESS_WARN)
2717
+ inaddr = 0;
2718
+ #if (NGX_HAVE_INET6)
2719
+ inaddr6 = NULL;
2720
+ #endif
2721
+ #endif
2722
+
2723
+ family = addr->sockaddr->sa_family;
2724
+
2725
+ if (family == AF_INET) {
2726
+ inaddr = ((struct sockaddr_in *) addr->sockaddr)->sin_addr.s_addr;
2727
+ }
2728
+
2729
+ #if (NGX_HAVE_INET6)
2730
+ else if (family == AF_INET6) {
2731
+ inaddr6 = &((struct sockaddr_in6 *) addr->sockaddr)->sin6_addr;
2732
+
2733
+ if (IN6_IS_ADDR_V4MAPPED(inaddr6)) {
2734
+ family = AF_INET;
2735
+ inaddr = *(in_addr_t *) &inaddr6->s6_addr[12];
2736
+ }
2737
+ }
2738
+ #endif
2739
+
2740
+ for (cidr = proxies->elts, i = 0; i < proxies->nelts; i++) {
2741
+ if (cidr[i].family != family) {
2742
+ goto next;
2743
+ }
2744
+
2745
+ switch (family) {
2746
+
2747
+ #if (NGX_HAVE_INET6)
2748
+ case AF_INET6:
2749
+ for (n = 0; n < 16; n++) {
2750
+ if ((inaddr6->s6_addr[n] & cidr[i].u.in6.mask.s6_addr[n])
2751
+ != cidr[i].u.in6.addr.s6_addr[n])
2752
+ {
2753
+ goto next;
2754
+ }
2755
+ }
2756
+ break;
2757
+ #endif
2758
+
2759
+ #if (NGX_HAVE_UNIX_DOMAIN)
2760
+ case AF_UNIX:
2761
+ break;
2762
+ #endif
2763
+
2764
+ default: /* AF_INET */
2765
+ if ((inaddr & cidr[i].u.in.mask) != cidr[i].u.in.addr) {
2766
+ goto next;
2767
+ }
2768
+ break;
2769
+ }
2770
+
2771
+ for (p = xff + xfflen - 1; p > xff; p--, xfflen--) {
2772
+ if (*p != ' ' && *p != ',') {
2773
+ break;
2774
+ }
2775
+ }
2776
+
2777
+ for ( /* void */ ; p > xff; p--) {
2778
+ if (*p == ' ' || *p == ',') {
2779
+ p++;
2780
+ break;
2781
+ }
2782
+ }
2783
+
2784
+ if (ngx_parse_addr(r->pool, &paddr, p, xfflen - (p - xff)) != NGX_OK) {
2785
+ return NGX_DECLINED;
2786
+ }
2787
+
2788
+ *addr = paddr;
2789
+
2790
+ if (recursive && p > xff) {
2791
+ (void) ngx_http_get_forwarded_addr(r, addr, xff, p - 1 - xff,
2792
+ proxies, 1);
2793
+ }
2794
+
2795
+ return NGX_OK;
2796
+
2797
+ next:
2798
+ continue;
2799
+ }
2800
+
2801
+ return NGX_DECLINED;
2802
+ }
2803
+
2804
+
2701
2805
  static char *
2702
2806
  ngx_http_core_server(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
2703
2807
  {