nginxtra 1.2.0.1 → 1.2.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/bin/nginxtra +1 -1
- data/lib/nginxtra.rb +2 -0
- data/lib/nginxtra/action.rb +1 -1
- data/lib/nginxtra/actions/convert.rb +67 -0
- data/lib/nginxtra/actions/install.rb +3 -0
- data/lib/nginxtra/cli.rb +20 -0
- data/lib/nginxtra/config_converter.rb +324 -0
- data/lib/nginxtra/error.rb +3 -0
- data/src/nginx/CHANGES +45 -0
- data/src/nginx/CHANGES.ru +46 -0
- data/src/nginx/src/core/nginx.h +2 -2
- data/src/nginx/src/core/ngx_resolver.c +14 -2
- data/src/nginx/src/event/ngx_event.c +18 -21
- data/src/nginx/src/event/ngx_event.h +0 -6
- data/src/nginx/src/event/ngx_event_accept.c +90 -13
- data/src/nginx/src/event/ngx_event_openssl.c +1 -0
- data/src/nginx/src/http/modules/ngx_http_fastcgi_module.c +26 -4
- data/src/nginx/src/http/modules/ngx_http_flv_module.c +1 -1
- data/src/nginx/src/http/modules/ngx_http_geo_module.c +62 -74
- data/src/nginx/src/http/modules/ngx_http_geoip_module.c +130 -30
- data/src/nginx/src/http/modules/ngx_http_gzip_static_module.c +1 -1
- data/src/nginx/src/http/modules/ngx_http_mp4_module.c +1 -1
- data/src/nginx/src/http/modules/ngx_http_realip_module.c +45 -93
- data/src/nginx/src/http/modules/ngx_http_scgi_module.c +2 -0
- data/src/nginx/src/http/modules/ngx_http_stub_status_module.c +1 -1
- data/src/nginx/src/http/modules/ngx_http_uwsgi_module.c +2 -0
- data/src/nginx/src/http/modules/perl/nginx.pm +1 -1
- data/src/nginx/src/http/ngx_http_core_module.c +104 -0
- data/src/nginx/src/http/ngx_http_core_module.h +3 -0
- data/src/nginx/src/http/ngx_http_parse.c +20 -0
- data/src/nginx/src/http/ngx_http_request.c +26 -15
- data/src/nginx/src/http/ngx_http_script.c +0 -1
- data/src/nginx/src/http/ngx_http_upstream_round_robin.c +72 -170
- data/src/nginx/src/http/ngx_http_upstream_round_robin.h +1 -0
- data/src/nginx/src/os/unix/ngx_errno.h +2 -0
- metadata +6 -4
@@ -16,13 +16,11 @@
|
|
16
16
|
|
17
17
|
|
18
18
|
typedef struct {
|
19
|
-
ngx_array_t *from; /* array of
|
19
|
+
ngx_array_t *from; /* array of ngx_cidr_t */
|
20
20
|
ngx_uint_t type;
|
21
21
|
ngx_uint_t hash;
|
22
22
|
ngx_str_t header;
|
23
|
-
|
24
|
-
ngx_uint_t unixsock; /* unsigned unixsock:2; */
|
25
|
-
#endif
|
23
|
+
ngx_flag_t recursive;
|
26
24
|
} ngx_http_realip_loc_conf_t;
|
27
25
|
|
28
26
|
|
@@ -35,8 +33,8 @@ typedef struct {
|
|
35
33
|
|
36
34
|
|
37
35
|
static ngx_int_t ngx_http_realip_handler(ngx_http_request_t *r);
|
38
|
-
static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r,
|
39
|
-
|
36
|
+
static ngx_int_t ngx_http_realip_set_addr(ngx_http_request_t *r,
|
37
|
+
ngx_addr_t *addr);
|
40
38
|
static void ngx_http_realip_cleanup(void *data);
|
41
39
|
static char *ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd,
|
42
40
|
void *conf);
|
@@ -63,6 +61,13 @@ static ngx_command_t ngx_http_realip_commands[] = {
|
|
63
61
|
0,
|
64
62
|
NULL },
|
65
63
|
|
64
|
+
{ ngx_string("real_ip_recursive"),
|
65
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
|
66
|
+
ngx_conf_set_flag_slot,
|
67
|
+
NGX_HTTP_LOC_CONF_OFFSET,
|
68
|
+
offsetof(ngx_http_realip_loc_conf_t, recursive),
|
69
|
+
NULL },
|
70
|
+
|
66
71
|
ngx_null_command
|
67
72
|
};
|
68
73
|
|
@@ -105,10 +110,9 @@ ngx_http_realip_handler(ngx_http_request_t *r)
|
|
105
110
|
u_char *ip, *p;
|
106
111
|
size_t len;
|
107
112
|
ngx_uint_t i, hash;
|
113
|
+
ngx_addr_t addr;
|
108
114
|
ngx_list_part_t *part;
|
109
115
|
ngx_table_elt_t *header;
|
110
|
-
struct sockaddr_in *sin;
|
111
|
-
ngx_in_cidr_t *from;
|
112
116
|
ngx_connection_t *c;
|
113
117
|
ngx_http_realip_ctx_t *ctx;
|
114
118
|
ngx_http_realip_loc_conf_t *rlcf;
|
@@ -121,12 +125,7 @@ ngx_http_realip_handler(ngx_http_request_t *r)
|
|
121
125
|
|
122
126
|
rlcf = ngx_http_get_module_loc_conf(r, ngx_http_realip_module);
|
123
127
|
|
124
|
-
if (rlcf->from == NULL
|
125
|
-
#if (NGX_HAVE_UNIX_DOMAIN)
|
126
|
-
&& !rlcf->unixsock
|
127
|
-
#endif
|
128
|
-
)
|
129
|
-
{
|
128
|
+
if (rlcf->from == NULL) {
|
130
129
|
return NGX_DECLINED;
|
131
130
|
}
|
132
131
|
|
@@ -152,15 +151,6 @@ ngx_http_realip_handler(ngx_http_request_t *r)
|
|
152
151
|
len = r->headers_in.x_forwarded_for->value.len;
|
153
152
|
ip = r->headers_in.x_forwarded_for->value.data;
|
154
153
|
|
155
|
-
for (p = ip + len - 1; p > ip; p--) {
|
156
|
-
if (*p == ' ' || *p == ',') {
|
157
|
-
p++;
|
158
|
-
len -= p - ip;
|
159
|
-
ip = p;
|
160
|
-
break;
|
161
|
-
}
|
162
|
-
}
|
163
|
-
|
164
154
|
break;
|
165
155
|
|
166
156
|
default: /* NGX_HTTP_REALIP_HEADER */
|
@@ -204,42 +194,27 @@ found:
|
|
204
194
|
|
205
195
|
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "realip: \"%s\"", ip);
|
206
196
|
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
sin = (struct sockaddr_in *) c->sockaddr;
|
211
|
-
|
212
|
-
from = rlcf->from->elts;
|
213
|
-
for (i = 0; i < rlcf->from->nelts; i++) {
|
197
|
+
addr.sockaddr = c->sockaddr;
|
198
|
+
addr.socklen = c->socklen;
|
199
|
+
/* addr.name = c->addr_text; */
|
214
200
|
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
return ngx_http_realip_set_addr(r, ip, len);
|
221
|
-
}
|
222
|
-
}
|
223
|
-
}
|
224
|
-
|
225
|
-
#if (NGX_HAVE_UNIX_DOMAIN)
|
226
|
-
|
227
|
-
if (c->sockaddr->sa_family == AF_UNIX && rlcf->unixsock) {
|
228
|
-
return ngx_http_realip_set_addr(r, ip, len);
|
201
|
+
if (ngx_http_get_forwarded_addr(r, &addr, ip, len, rlcf->from,
|
202
|
+
rlcf->recursive)
|
203
|
+
== NGX_OK)
|
204
|
+
{
|
205
|
+
return ngx_http_realip_set_addr(r, &addr);
|
229
206
|
}
|
230
207
|
|
231
|
-
#endif
|
232
|
-
|
233
208
|
return NGX_DECLINED;
|
234
209
|
}
|
235
210
|
|
236
211
|
|
237
212
|
static ngx_int_t
|
238
|
-
ngx_http_realip_set_addr(ngx_http_request_t *r,
|
213
|
+
ngx_http_realip_set_addr(ngx_http_request_t *r, ngx_addr_t *addr)
|
239
214
|
{
|
215
|
+
size_t len;
|
240
216
|
u_char *p;
|
241
|
-
|
242
|
-
ngx_addr_t addr;
|
217
|
+
u_char text[NGX_SOCKADDR_STRLEN];
|
243
218
|
ngx_connection_t *c;
|
244
219
|
ngx_pool_cleanup_t *cln;
|
245
220
|
ngx_http_realip_ctx_t *ctx;
|
@@ -254,15 +229,9 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
|
|
254
229
|
|
255
230
|
c = r->connection;
|
256
231
|
|
257
|
-
|
258
|
-
|
259
|
-
switch (rc) {
|
260
|
-
case NGX_DECLINED:
|
261
|
-
return NGX_DECLINED;
|
262
|
-
case NGX_ERROR:
|
232
|
+
len = ngx_sock_ntop(addr->sockaddr, text, NGX_SOCKADDR_STRLEN, 0);
|
233
|
+
if (len == 0) {
|
263
234
|
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
264
|
-
default: /* NGX_OK */
|
265
|
-
break;
|
266
235
|
}
|
267
236
|
|
268
237
|
p = ngx_pnalloc(c->pool, len);
|
@@ -270,7 +239,7 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
|
|
270
239
|
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
271
240
|
}
|
272
241
|
|
273
|
-
ngx_memcpy(p,
|
242
|
+
ngx_memcpy(p, text, len);
|
274
243
|
|
275
244
|
cln->handler = ngx_http_realip_cleanup;
|
276
245
|
|
@@ -279,8 +248,8 @@ ngx_http_realip_set_addr(ngx_http_request_t *r, u_char *ip, size_t len)
|
|
279
248
|
ctx->socklen = c->socklen;
|
280
249
|
ctx->addr_text = c->addr_text;
|
281
250
|
|
282
|
-
c->sockaddr = addr
|
283
|
-
c->socklen = addr
|
251
|
+
c->sockaddr = addr->sockaddr;
|
252
|
+
c->socklen = addr->socklen;
|
284
253
|
c->addr_text.len = len;
|
285
254
|
c->addr_text.data = p;
|
286
255
|
|
@@ -310,34 +279,33 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
310
279
|
|
311
280
|
ngx_int_t rc;
|
312
281
|
ngx_str_t *value;
|
313
|
-
ngx_cidr_t
|
314
|
-
ngx_in_cidr_t *from;
|
282
|
+
ngx_cidr_t *cidr;
|
315
283
|
|
316
284
|
value = cf->args->elts;
|
317
285
|
|
318
|
-
#if (NGX_HAVE_UNIX_DOMAIN)
|
319
|
-
|
320
|
-
if (ngx_strcmp(value[1].data, "unix:") == 0) {
|
321
|
-
rlcf->unixsock = 1;
|
322
|
-
return NGX_CONF_OK;
|
323
|
-
}
|
324
|
-
|
325
|
-
#endif
|
326
|
-
|
327
286
|
if (rlcf->from == NULL) {
|
328
287
|
rlcf->from = ngx_array_create(cf->pool, 2,
|
329
|
-
sizeof(
|
288
|
+
sizeof(ngx_cidr_t));
|
330
289
|
if (rlcf->from == NULL) {
|
331
290
|
return NGX_CONF_ERROR;
|
332
291
|
}
|
333
292
|
}
|
334
293
|
|
335
|
-
|
336
|
-
if (
|
294
|
+
cidr = ngx_array_push(rlcf->from);
|
295
|
+
if (cidr == NULL) {
|
337
296
|
return NGX_CONF_ERROR;
|
338
297
|
}
|
339
298
|
|
340
|
-
|
299
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
300
|
+
|
301
|
+
if (ngx_strcmp(value[1].data, "unix:") == 0) {
|
302
|
+
cidr->family = AF_UNIX;
|
303
|
+
return NGX_CONF_OK;
|
304
|
+
}
|
305
|
+
|
306
|
+
#endif
|
307
|
+
|
308
|
+
rc = ngx_ptocidr(&value[1], cidr);
|
341
309
|
|
342
310
|
if (rc == NGX_ERROR) {
|
343
311
|
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"",
|
@@ -345,20 +313,11 @@ ngx_http_realip_from(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
345
313
|
return NGX_CONF_ERROR;
|
346
314
|
}
|
347
315
|
|
348
|
-
if (cidr.family != AF_INET) {
|
349
|
-
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
350
|
-
"\"set_real_ip_from\" supports IPv4 only");
|
351
|
-
return NGX_CONF_ERROR;
|
352
|
-
}
|
353
|
-
|
354
316
|
if (rc == NGX_DONE) {
|
355
317
|
ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
|
356
318
|
"low address bits of %V are meaningless", &value[1]);
|
357
319
|
}
|
358
320
|
|
359
|
-
from->mask = cidr.u.in.mask;
|
360
|
-
from->addr = cidr.u.in.addr;
|
361
|
-
|
362
321
|
return NGX_CONF_OK;
|
363
322
|
}
|
364
323
|
|
@@ -409,9 +368,7 @@ ngx_http_realip_create_loc_conf(ngx_conf_t *cf)
|
|
409
368
|
*/
|
410
369
|
|
411
370
|
conf->type = NGX_CONF_UNSET_UINT;
|
412
|
-
|
413
|
-
conf->unixsock = 2;
|
414
|
-
#endif
|
371
|
+
conf->recursive = NGX_CONF_UNSET;
|
415
372
|
|
416
373
|
return conf;
|
417
374
|
}
|
@@ -427,13 +384,8 @@ ngx_http_realip_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
427
384
|
conf->from = prev->from;
|
428
385
|
}
|
429
386
|
|
430
|
-
#if (NGX_HAVE_UNIX_DOMAIN)
|
431
|
-
if (conf->unixsock == 2) {
|
432
|
-
conf->unixsock = (prev->unixsock == 2) ? 0 : prev->unixsock;
|
433
|
-
}
|
434
|
-
#endif
|
435
|
-
|
436
387
|
ngx_conf_merge_uint_value(conf->type, prev->type, NGX_HTTP_REALIP_XREALIP);
|
388
|
+
ngx_conf_merge_value(conf->recursive, prev->recursive, 0);
|
437
389
|
|
438
390
|
if (conf->header.len == 0) {
|
439
391
|
conf->hash = prev->hash;
|
@@ -434,6 +434,7 @@ ngx_http_scgi_handler(ngx_http_request_t *r)
|
|
434
434
|
u->process_header = ngx_http_scgi_process_status_line;
|
435
435
|
u->abort_request = ngx_http_scgi_abort_request;
|
436
436
|
u->finalize_request = ngx_http_scgi_finalize_request;
|
437
|
+
r->state = 0;
|
437
438
|
|
438
439
|
u->buffering = scf->upstream.buffering;
|
439
440
|
|
@@ -843,6 +844,7 @@ ngx_http_scgi_reinit_request(ngx_http_request_t *r)
|
|
843
844
|
status->end = NULL;
|
844
845
|
|
845
846
|
r->upstream->process_header = ngx_http_scgi_process_status_line;
|
847
|
+
r->state = 0;
|
846
848
|
|
847
849
|
return NGX_OK;
|
848
850
|
}
|
@@ -121,7 +121,7 @@ static ngx_int_t ngx_http_status_handler(ngx_http_request_t *r)
|
|
121
121
|
r->headers_out.status = NGX_HTTP_OK;
|
122
122
|
r->headers_out.content_length_n = b->last - b->pos;
|
123
123
|
|
124
|
-
b->last_buf = 1;
|
124
|
+
b->last_buf = (r == r->main) ? 1 : 0;
|
125
125
|
|
126
126
|
rc = ngx_http_send_header(r);
|
127
127
|
|
@@ -467,6 +467,7 @@ ngx_http_uwsgi_handler(ngx_http_request_t *r)
|
|
467
467
|
u->process_header = ngx_http_uwsgi_process_status_line;
|
468
468
|
u->abort_request = ngx_http_uwsgi_abort_request;
|
469
469
|
u->finalize_request = ngx_http_uwsgi_finalize_request;
|
470
|
+
r->state = 0;
|
470
471
|
|
471
472
|
u->buffering = uwcf->upstream.buffering;
|
472
473
|
|
@@ -883,6 +884,7 @@ ngx_http_uwsgi_reinit_request(ngx_http_request_t *r)
|
|
883
884
|
status->end = NULL;
|
884
885
|
|
885
886
|
r->upstream->process_header = ngx_http_uwsgi_process_status_line;
|
887
|
+
r->state = 0;
|
886
888
|
|
887
889
|
return NGX_OK;
|
888
890
|
}
|
@@ -2599,6 +2599,7 @@ ngx_http_named_location(ngx_http_request_t *r, ngx_str_t *name)
|
|
2599
2599
|
|
2600
2600
|
r->phase_handler = cmcf->phase_engine.location_rewrite_index;
|
2601
2601
|
|
2602
|
+
r->write_event_handler = ngx_http_core_run_phases;
|
2602
2603
|
ngx_http_core_run_phases(r);
|
2603
2604
|
|
2604
2605
|
return NGX_DONE;
|
@@ -2698,6 +2699,109 @@ ngx_http_set_disable_symlinks(ngx_http_request_t *r,
|
|
2698
2699
|
}
|
2699
2700
|
|
2700
2701
|
|
2702
|
+
ngx_int_t
|
2703
|
+
ngx_http_get_forwarded_addr(ngx_http_request_t *r, ngx_addr_t *addr,
|
2704
|
+
u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive)
|
2705
|
+
{
|
2706
|
+
u_char *p;
|
2707
|
+
in_addr_t inaddr;
|
2708
|
+
ngx_addr_t paddr;
|
2709
|
+
ngx_cidr_t *cidr;
|
2710
|
+
ngx_uint_t family, i;
|
2711
|
+
#if (NGX_HAVE_INET6)
|
2712
|
+
ngx_uint_t n;
|
2713
|
+
struct in6_addr *inaddr6;
|
2714
|
+
#endif
|
2715
|
+
|
2716
|
+
#if (NGX_SUPPRESS_WARN)
|
2717
|
+
inaddr = 0;
|
2718
|
+
#if (NGX_HAVE_INET6)
|
2719
|
+
inaddr6 = NULL;
|
2720
|
+
#endif
|
2721
|
+
#endif
|
2722
|
+
|
2723
|
+
family = addr->sockaddr->sa_family;
|
2724
|
+
|
2725
|
+
if (family == AF_INET) {
|
2726
|
+
inaddr = ((struct sockaddr_in *) addr->sockaddr)->sin_addr.s_addr;
|
2727
|
+
}
|
2728
|
+
|
2729
|
+
#if (NGX_HAVE_INET6)
|
2730
|
+
else if (family == AF_INET6) {
|
2731
|
+
inaddr6 = &((struct sockaddr_in6 *) addr->sockaddr)->sin6_addr;
|
2732
|
+
|
2733
|
+
if (IN6_IS_ADDR_V4MAPPED(inaddr6)) {
|
2734
|
+
family = AF_INET;
|
2735
|
+
inaddr = *(in_addr_t *) &inaddr6->s6_addr[12];
|
2736
|
+
}
|
2737
|
+
}
|
2738
|
+
#endif
|
2739
|
+
|
2740
|
+
for (cidr = proxies->elts, i = 0; i < proxies->nelts; i++) {
|
2741
|
+
if (cidr[i].family != family) {
|
2742
|
+
goto next;
|
2743
|
+
}
|
2744
|
+
|
2745
|
+
switch (family) {
|
2746
|
+
|
2747
|
+
#if (NGX_HAVE_INET6)
|
2748
|
+
case AF_INET6:
|
2749
|
+
for (n = 0; n < 16; n++) {
|
2750
|
+
if ((inaddr6->s6_addr[n] & cidr[i].u.in6.mask.s6_addr[n])
|
2751
|
+
!= cidr[i].u.in6.addr.s6_addr[n])
|
2752
|
+
{
|
2753
|
+
goto next;
|
2754
|
+
}
|
2755
|
+
}
|
2756
|
+
break;
|
2757
|
+
#endif
|
2758
|
+
|
2759
|
+
#if (NGX_HAVE_UNIX_DOMAIN)
|
2760
|
+
case AF_UNIX:
|
2761
|
+
break;
|
2762
|
+
#endif
|
2763
|
+
|
2764
|
+
default: /* AF_INET */
|
2765
|
+
if ((inaddr & cidr[i].u.in.mask) != cidr[i].u.in.addr) {
|
2766
|
+
goto next;
|
2767
|
+
}
|
2768
|
+
break;
|
2769
|
+
}
|
2770
|
+
|
2771
|
+
for (p = xff + xfflen - 1; p > xff; p--, xfflen--) {
|
2772
|
+
if (*p != ' ' && *p != ',') {
|
2773
|
+
break;
|
2774
|
+
}
|
2775
|
+
}
|
2776
|
+
|
2777
|
+
for ( /* void */ ; p > xff; p--) {
|
2778
|
+
if (*p == ' ' || *p == ',') {
|
2779
|
+
p++;
|
2780
|
+
break;
|
2781
|
+
}
|
2782
|
+
}
|
2783
|
+
|
2784
|
+
if (ngx_parse_addr(r->pool, &paddr, p, xfflen - (p - xff)) != NGX_OK) {
|
2785
|
+
return NGX_DECLINED;
|
2786
|
+
}
|
2787
|
+
|
2788
|
+
*addr = paddr;
|
2789
|
+
|
2790
|
+
if (recursive && p > xff) {
|
2791
|
+
(void) ngx_http_get_forwarded_addr(r, addr, xff, p - 1 - xff,
|
2792
|
+
proxies, 1);
|
2793
|
+
}
|
2794
|
+
|
2795
|
+
return NGX_OK;
|
2796
|
+
|
2797
|
+
next:
|
2798
|
+
continue;
|
2799
|
+
}
|
2800
|
+
|
2801
|
+
return NGX_DECLINED;
|
2802
|
+
}
|
2803
|
+
|
2804
|
+
|
2701
2805
|
static char *
|
2702
2806
|
ngx_http_core_server(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy)
|
2703
2807
|
{
|