nginxtra 1.4.7.9 → 1.6.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/nginxtra +1 -1
- data/bin/nginxtra_rails +1 -1
- data/lib/nginxtra/version.rb +1 -1
- data/vendor/nginx/CHANGES +286 -19
- data/vendor/nginx/CHANGES.ru +296 -22
- data/vendor/nginx/auto/cc/clang +4 -3
- data/vendor/nginx/auto/cc/conf +23 -0
- data/vendor/nginx/auto/cc/msvc +1 -0
- data/vendor/nginx/auto/cc/name +1 -1
- data/vendor/nginx/auto/cc/owc +4 -4
- data/vendor/nginx/auto/cc/sunc +1 -1
- data/vendor/nginx/auto/endianness +2 -2
- data/vendor/nginx/auto/feature +1 -1
- data/vendor/nginx/auto/include +1 -1
- data/vendor/nginx/auto/lib/libatomic/make +3 -1
- data/vendor/nginx/auto/lib/openssl/conf +4 -0
- data/vendor/nginx/auto/lib/openssl/make +1 -1
- data/vendor/nginx/auto/lib/pcre/conf +5 -0
- data/vendor/nginx/auto/lib/pcre/make +11 -11
- data/vendor/nginx/auto/lib/pcre/makefile.bcc +4 -3
- data/vendor/nginx/auto/lib/pcre/makefile.msvc +2 -1
- data/vendor/nginx/auto/lib/pcre/makefile.owc +2 -1
- data/vendor/nginx/auto/lib/perl/make +1 -0
- data/vendor/nginx/auto/lib/test +1 -1
- data/vendor/nginx/auto/lib/zlib/make +22 -1
- data/vendor/nginx/auto/modules +8 -0
- data/vendor/nginx/auto/options +3 -0
- data/vendor/nginx/auto/os/darwin +1 -1
- data/vendor/nginx/auto/os/linux +32 -0
- data/vendor/nginx/auto/os/win32 +12 -1
- data/vendor/nginx/auto/sources +8 -2
- data/vendor/nginx/auto/types/sizeof +1 -1
- data/vendor/nginx/auto/types/typedef +1 -1
- data/vendor/nginx/auto/types/uintptr_t +1 -1
- data/vendor/nginx/auto/unix +13 -1
- data/vendor/nginx/conf/mime.types +11 -2
- data/vendor/nginx/conf/nginx.conf +3 -4
- data/vendor/nginx/contrib/README +6 -0
- data/vendor/nginx/contrib/vim/ftdetect/nginx.vim +4 -0
- data/vendor/nginx/contrib/vim/indent/nginx.vim +11 -0
- data/vendor/nginx/contrib/vim/syntax/nginx.vim +703 -0
- data/vendor/nginx/src/core/nginx.c +2 -7
- data/vendor/nginx/src/core/nginx.h +2 -2
- data/vendor/nginx/src/core/ngx_conf_file.c +8 -88
- data/vendor/nginx/src/core/ngx_conf_file.h +3 -3
- data/vendor/nginx/src/core/ngx_config.h +2 -2
- data/vendor/nginx/src/core/ngx_connection.c +100 -29
- data/vendor/nginx/src/core/ngx_connection.h +11 -0
- data/vendor/nginx/src/core/ngx_core.h +1 -0
- data/vendor/nginx/src/core/ngx_cycle.c +23 -99
- data/vendor/nginx/src/core/ngx_cycle.h +2 -0
- data/vendor/nginx/src/core/ngx_file.c +100 -8
- data/vendor/nginx/src/core/ngx_file.h +3 -0
- data/vendor/nginx/src/core/ngx_hash.c +6 -9
- data/vendor/nginx/src/core/ngx_inet.c +93 -5
- data/vendor/nginx/src/core/ngx_inet.h +4 -2
- data/vendor/nginx/src/core/ngx_list.c +1 -9
- data/vendor/nginx/src/core/ngx_log.c +132 -30
- data/vendor/nginx/src/core/ngx_log.h +5 -2
- data/vendor/nginx/src/core/ngx_open_file_cache.c +67 -1
- data/vendor/nginx/src/core/ngx_palloc.c +5 -2
- data/vendor/nginx/src/core/ngx_proxy_protocol.c +91 -0
- data/vendor/nginx/src/core/ngx_proxy_protocol.h +23 -0
- data/vendor/nginx/src/core/ngx_resolver.c +1080 -285
- data/vendor/nginx/src/core/ngx_resolver.h +33 -3
- data/vendor/nginx/src/core/ngx_slab.c +7 -2
- data/vendor/nginx/src/core/ngx_slab.h +2 -0
- data/vendor/nginx/src/core/ngx_string.c +78 -13
- data/vendor/nginx/src/core/ngx_string.h +2 -0
- data/vendor/nginx/src/event/modules/ngx_devpoll_module.c +2 -2
- data/vendor/nginx/src/event/modules/ngx_epoll_module.c +13 -5
- data/vendor/nginx/src/event/modules/ngx_select_module.c +1 -1
- data/vendor/nginx/src/event/modules/ngx_win32_select_module.c +2 -2
- data/vendor/nginx/src/event/ngx_event.c +0 -1
- data/vendor/nginx/src/event/ngx_event.h +7 -6
- data/vendor/nginx/src/event/ngx_event_accept.c +6 -4
- data/vendor/nginx/src/event/ngx_event_connect.c +2 -2
- data/vendor/nginx/src/event/ngx_event_openssl.c +304 -13
- data/vendor/nginx/src/event/ngx_event_openssl.h +20 -1
- data/vendor/nginx/src/event/ngx_event_openssl_stapling.c +35 -23
- data/vendor/nginx/src/event/ngx_event_pipe.c +15 -30
- data/vendor/nginx/src/http/modules/ngx_http_access_module.c +115 -35
- data/vendor/nginx/src/http/modules/ngx_http_auth_basic_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_auth_request_module.c +444 -0
- data/vendor/nginx/src/http/modules/ngx_http_autoindex_module.c +2 -1
- data/vendor/nginx/src/http/modules/ngx_http_charset_filter_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_dav_module.c +1 -3
- data/vendor/nginx/src/http/modules/ngx_http_fastcgi_module.c +251 -36
- data/vendor/nginx/src/http/modules/ngx_http_gunzip_filter_module.c +9 -5
- data/vendor/nginx/src/http/modules/ngx_http_gzip_filter_module.c +5 -3
- data/vendor/nginx/src/http/modules/ngx_http_gzip_static_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_headers_filter_module.c +4 -0
- data/vendor/nginx/src/http/modules/ngx_http_image_filter_module.c +8 -2
- data/vendor/nginx/src/http/modules/ngx_http_limit_req_module.c +5 -1
- data/vendor/nginx/src/http/modules/ngx_http_map_module.c +3 -3
- data/vendor/nginx/src/http/modules/ngx_http_memcached_module.c +21 -10
- data/vendor/nginx/src/http/modules/ngx_http_mp4_module.c +669 -197
- data/vendor/nginx/src/http/modules/ngx_http_proxy_module.c +93 -60
- data/vendor/nginx/src/http/modules/ngx_http_range_filter_module.c +13 -6
- data/vendor/nginx/src/http/modules/ngx_http_realip_module.c +20 -1
- data/vendor/nginx/src/http/modules/ngx_http_referer_module.c +132 -74
- data/vendor/nginx/src/http/modules/ngx_http_scgi_module.c +18 -12
- data/vendor/nginx/src/http/modules/ngx_http_ssi_filter_module.c +22 -20
- data/vendor/nginx/src/http/modules/ngx_http_ssl_module.c +121 -3
- data/vendor/nginx/src/http/modules/ngx_http_ssl_module.h +5 -0
- data/vendor/nginx/src/http/modules/ngx_http_stub_status_module.c +3 -0
- data/vendor/nginx/src/http/modules/ngx_http_sub_filter_module.c +123 -91
- data/vendor/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c +29 -19
- data/vendor/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c +2 -5
- data/vendor/nginx/src/http/modules/ngx_http_uwsgi_module.c +215 -19
- data/vendor/nginx/src/http/modules/ngx_http_xslt_filter_module.c +32 -6
- data/vendor/nginx/src/http/modules/perl/nginx.xs +4 -7
- data/vendor/nginx/src/http/modules/perl/ngx_http_perl_module.c +2 -2
- data/vendor/nginx/src/http/ngx_http.c +17 -7
- data/vendor/nginx/src/http/ngx_http_cache.h +4 -2
- data/vendor/nginx/src/http/ngx_http_copy_filter_module.c +4 -2
- data/vendor/nginx/src/http/ngx_http_core_module.c +63 -50
- data/vendor/nginx/src/http/ngx_http_core_module.h +5 -0
- data/vendor/nginx/src/http/ngx_http_file_cache.c +115 -3
- data/vendor/nginx/src/http/ngx_http_header_filter_module.c +9 -6
- data/vendor/nginx/src/http/ngx_http_parse.c +88 -10
- data/vendor/nginx/src/http/ngx_http_postpone_filter_module.c +2 -4
- data/vendor/nginx/src/http/ngx_http_request.c +116 -8
- data/vendor/nginx/src/http/ngx_http_request.h +5 -1
- data/vendor/nginx/src/http/ngx_http_request_body.c +7 -7
- data/vendor/nginx/src/http/ngx_http_script.c +6 -5
- data/vendor/nginx/src/http/ngx_http_spdy.c +889 -271
- data/vendor/nginx/src/http/ngx_http_spdy.h +51 -28
- data/vendor/nginx/src/http/ngx_http_spdy_filter_module.c +382 -167
- data/vendor/nginx/src/http/ngx_http_spdy_module.c +65 -8
- data/vendor/nginx/src/http/ngx_http_spdy_module.h +5 -0
- data/vendor/nginx/src/http/ngx_http_special_response.c +1 -1
- data/vendor/nginx/src/http/ngx_http_upstream.c +290 -114
- data/vendor/nginx/src/http/ngx_http_upstream.h +9 -5
- data/vendor/nginx/src/http/ngx_http_upstream_round_robin.c +32 -24
- data/vendor/nginx/src/http/ngx_http_variables.c +40 -6
- data/vendor/nginx/src/http/ngx_http_write_filter_module.c +12 -5
- data/vendor/nginx/src/mail/ngx_mail.c +4 -2
- data/vendor/nginx/src/mail/ngx_mail.h +2 -0
- data/vendor/nginx/src/mail/ngx_mail_auth_http_module.c +0 -1
- data/vendor/nginx/src/mail/ngx_mail_core_module.c +2 -1
- data/vendor/nginx/src/mail/ngx_mail_handler.c +17 -4
- data/vendor/nginx/src/mail/ngx_mail_parse.c +32 -2
- data/vendor/nginx/src/mail/ngx_mail_proxy_module.c +54 -7
- data/vendor/nginx/src/mail/ngx_mail_smtp_handler.c +50 -78
- data/vendor/nginx/src/mail/ngx_mail_ssl_module.c +48 -11
- data/vendor/nginx/src/mail/ngx_mail_ssl_module.h +3 -0
- data/vendor/nginx/src/os/unix/ngx_channel.c +3 -1
- data/vendor/nginx/src/os/unix/ngx_darwin_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_darwin_init.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_darwin_sendfile_chain.c +14 -16
- data/vendor/nginx/src/os/unix/ngx_errno.h +3 -0
- data/vendor/nginx/src/os/unix/ngx_files.h +10 -16
- data/vendor/nginx/src/os/unix/ngx_freebsd_config.h +6 -0
- data/vendor/nginx/src/os/unix/ngx_freebsd_init.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_freebsd_rfork_thread.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_freebsd_rfork_thread.h +2 -2
- data/vendor/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c +17 -19
- data/vendor/nginx/src/os/unix/ngx_linux_config.h +8 -2
- data/vendor/nginx/src/os/unix/ngx_linux_sendfile_chain.c +20 -22
- data/vendor/nginx/src/os/unix/ngx_posix_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_process.c +5 -0
- data/vendor/nginx/src/os/unix/ngx_process_cycle.c +15 -3
- data/vendor/nginx/src/os/unix/ngx_readv_chain.c +2 -1
- data/vendor/nginx/src/os/unix/ngx_recv.c +4 -1
- data/vendor/nginx/src/os/unix/ngx_solaris_config.h +1 -0
- data/vendor/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c +14 -16
- metadata +8 -2
@@ -65,6 +65,7 @@ static ngx_conf_bitmask_t ngx_http_scgi_next_upstream_masks[] = {
|
|
65
65
|
{ ngx_string("invalid_header"), NGX_HTTP_UPSTREAM_FT_INVALID_HEADER },
|
66
66
|
{ ngx_string("http_500"), NGX_HTTP_UPSTREAM_FT_HTTP_500 },
|
67
67
|
{ ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 },
|
68
|
+
{ ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 },
|
68
69
|
{ ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 },
|
69
70
|
{ ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING },
|
70
71
|
{ ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF },
|
@@ -261,6 +262,13 @@ static ngx_command_t ngx_http_scgi_commands[] = {
|
|
261
262
|
offsetof(ngx_http_scgi_loc_conf_t, upstream.cache_lock_timeout),
|
262
263
|
NULL },
|
263
264
|
|
265
|
+
{ ngx_string("scgi_cache_revalidate"),
|
266
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
|
267
|
+
ngx_conf_set_flag_slot,
|
268
|
+
NGX_HTTP_LOC_CONF_OFFSET,
|
269
|
+
offsetof(ngx_http_scgi_loc_conf_t, upstream.cache_revalidate),
|
270
|
+
NULL },
|
271
|
+
|
264
272
|
#endif
|
265
273
|
|
266
274
|
{ ngx_string("scgi_temp_path"),
|
@@ -368,7 +376,8 @@ static ngx_str_t ngx_http_scgi_hide_headers[] = {
|
|
368
376
|
#if (NGX_HTTP_CACHE)
|
369
377
|
|
370
378
|
static ngx_keyval_t ngx_http_scgi_cache_headers[] = {
|
371
|
-
{ ngx_string("HTTP_IF_MODIFIED_SINCE"),
|
379
|
+
{ ngx_string("HTTP_IF_MODIFIED_SINCE"),
|
380
|
+
ngx_string("$upstream_cache_last_modified") },
|
372
381
|
{ ngx_string("HTTP_IF_UNMODIFIED_SINCE"), ngx_string("") },
|
373
382
|
{ ngx_string("HTTP_IF_NONE_MATCH"), ngx_string("") },
|
374
383
|
{ ngx_string("HTTP_IF_MATCH"), ngx_string("") },
|
@@ -393,13 +402,6 @@ ngx_http_scgi_handler(ngx_http_request_t *r)
|
|
393
402
|
ngx_http_upstream_t *u;
|
394
403
|
ngx_http_scgi_loc_conf_t *scf;
|
395
404
|
|
396
|
-
if (r->subrequest_in_memory) {
|
397
|
-
ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
|
398
|
-
"ngx_http_scgi_module does not support "
|
399
|
-
"subrequests in memory");
|
400
|
-
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
401
|
-
}
|
402
|
-
|
403
405
|
if (ngx_http_upstream_create(r) != NGX_OK) {
|
404
406
|
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
405
407
|
}
|
@@ -883,7 +885,7 @@ ngx_http_scgi_process_status_line(ngx_http_request_t *r)
|
|
883
885
|
return ngx_http_scgi_process_header(r);
|
884
886
|
}
|
885
887
|
|
886
|
-
if (u->state) {
|
888
|
+
if (u->state && u->state->status == 0) {
|
887
889
|
u->state->status = status->code;
|
888
890
|
}
|
889
891
|
|
@@ -1011,7 +1013,7 @@ ngx_http_scgi_process_header(ngx_http_request_t *r)
|
|
1011
1013
|
ngx_str_set(&u->headers_in.status_line, "200 OK");
|
1012
1014
|
}
|
1013
1015
|
|
1014
|
-
if (u->state) {
|
1016
|
+
if (u->state && u->state->status == 0) {
|
1015
1017
|
u->state->status = u->headers_in.status_n;
|
1016
1018
|
}
|
1017
1019
|
|
@@ -1099,6 +1101,7 @@ ngx_http_scgi_create_loc_conf(ngx_conf_t *cf)
|
|
1099
1101
|
conf->upstream.cache_valid = NGX_CONF_UNSET_PTR;
|
1100
1102
|
conf->upstream.cache_lock = NGX_CONF_UNSET;
|
1101
1103
|
conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC;
|
1104
|
+
conf->upstream.cache_revalidate = NGX_CONF_UNSET;
|
1102
1105
|
#endif
|
1103
1106
|
|
1104
1107
|
conf->upstream.hide_headers = NGX_CONF_UNSET_PTR;
|
@@ -1339,6 +1342,9 @@ ngx_http_scgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
1339
1342
|
ngx_conf_merge_msec_value(conf->upstream.cache_lock_timeout,
|
1340
1343
|
prev->upstream.cache_lock_timeout, 5000);
|
1341
1344
|
|
1345
|
+
ngx_conf_merge_value(conf->upstream.cache_revalidate,
|
1346
|
+
prev->upstream.cache_revalidate, 0);
|
1347
|
+
|
1342
1348
|
#endif
|
1343
1349
|
|
1344
1350
|
ngx_conf_merge_value(conf->upstream.pass_request_headers,
|
@@ -1500,7 +1506,7 @@ ngx_http_scgi_merge_params(ngx_conf_t *cf, ngx_http_scgi_loc_conf_t *conf,
|
|
1500
1506
|
|
1501
1507
|
s->key = h->key;
|
1502
1508
|
s->value = h->value;
|
1503
|
-
s->skip_empty =
|
1509
|
+
s->skip_empty = 1;
|
1504
1510
|
|
1505
1511
|
next:
|
1506
1512
|
|
@@ -1728,7 +1734,7 @@ ngx_http_scgi_store(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
1728
1734
|
sc.source = &value[1];
|
1729
1735
|
sc.lengths = &scf->upstream.store_lengths;
|
1730
1736
|
sc.values = &scf->upstream.store_values;
|
1731
|
-
sc.variables = ngx_http_script_variables_count(&value[1])
|
1737
|
+
sc.variables = ngx_http_script_variables_count(&value[1]);
|
1732
1738
|
sc.complete_lengths = 1;
|
1733
1739
|
sc.complete_values = 1;
|
1734
1740
|
|
@@ -21,6 +21,7 @@ typedef struct {
|
|
21
21
|
ngx_flag_t enable;
|
22
22
|
ngx_flag_t silent_errors;
|
23
23
|
ngx_flag_t ignore_recycled_buffers;
|
24
|
+
ngx_flag_t last_modified;
|
24
25
|
|
25
26
|
ngx_hash_t types;
|
26
27
|
|
@@ -162,6 +163,13 @@ static ngx_command_t ngx_http_ssi_filter_commands[] = {
|
|
162
163
|
offsetof(ngx_http_ssi_loc_conf_t, types_keys),
|
163
164
|
&ngx_http_html_default_types[0] },
|
164
165
|
|
166
|
+
{ ngx_string("ssi_last_modified"),
|
167
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
|
168
|
+
ngx_conf_set_flag_slot,
|
169
|
+
NGX_HTTP_LOC_CONF_OFFSET,
|
170
|
+
offsetof(ngx_http_ssi_loc_conf_t, last_modified),
|
171
|
+
NULL },
|
172
|
+
|
165
173
|
ngx_null_command
|
166
174
|
};
|
167
175
|
|
@@ -205,6 +213,7 @@ static ngx_http_output_body_filter_pt ngx_http_next_body_filter;
|
|
205
213
|
static u_char ngx_http_ssi_string[] = "<!--";
|
206
214
|
|
207
215
|
static ngx_str_t ngx_http_ssi_none = ngx_string("(none)");
|
216
|
+
static ngx_str_t ngx_http_ssi_timefmt = ngx_string("%A, %d-%b-%Y %H:%M:%S %Z");
|
208
217
|
static ngx_str_t ngx_http_ssi_null_string = ngx_null_string;
|
209
218
|
|
210
219
|
|
@@ -351,7 +360,7 @@ ngx_http_ssi_header_filter(ngx_http_request_t *r)
|
|
351
360
|
ctx->params.nalloc = NGX_HTTP_SSI_PARAMS_N;
|
352
361
|
ctx->params.pool = r->pool;
|
353
362
|
|
354
|
-
|
363
|
+
ctx->timefmt = ngx_http_ssi_timefmt;
|
355
364
|
ngx_str_set(&ctx->errmsg,
|
356
365
|
"[an error occurred while processing the directive]");
|
357
366
|
|
@@ -359,9 +368,12 @@ ngx_http_ssi_header_filter(ngx_http_request_t *r)
|
|
359
368
|
|
360
369
|
if (r == r->main) {
|
361
370
|
ngx_http_clear_content_length(r);
|
362
|
-
ngx_http_clear_last_modified(r);
|
363
371
|
ngx_http_clear_accept_ranges(r);
|
364
372
|
ngx_http_clear_etag(r);
|
373
|
+
|
374
|
+
if (!slcf->last_modified) {
|
375
|
+
ngx_http_clear_last_modified(r);
|
376
|
+
}
|
365
377
|
}
|
366
378
|
|
367
379
|
return ngx_http_next_header_filter(r);
|
@@ -1971,8 +1983,6 @@ static ngx_int_t
|
|
1971
1983
|
ngx_http_ssi_include(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx,
|
1972
1984
|
ngx_str_t **params)
|
1973
1985
|
{
|
1974
|
-
u_char *dst, *src;
|
1975
|
-
size_t len;
|
1976
1986
|
ngx_int_t rc, key;
|
1977
1987
|
ngx_str_t *uri, *file, *wait, *set, *stub, args;
|
1978
1988
|
ngx_buf_t *b;
|
@@ -2043,18 +2053,6 @@ ngx_http_ssi_include(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx,
|
|
2043
2053
|
return rc;
|
2044
2054
|
}
|
2045
2055
|
|
2046
|
-
dst = uri->data;
|
2047
|
-
src = uri->data;
|
2048
|
-
|
2049
|
-
ngx_unescape_uri(&dst, &src, uri->len, NGX_UNESCAPE_URI);
|
2050
|
-
|
2051
|
-
len = (uri->data + uri->len) - src;
|
2052
|
-
if (len) {
|
2053
|
-
dst = ngx_movemem(dst, src, len);
|
2054
|
-
}
|
2055
|
-
|
2056
|
-
uri->len = dst - uri->data;
|
2057
|
-
|
2058
2056
|
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
2059
2057
|
"ssi include: \"%V\"", uri);
|
2060
2058
|
|
@@ -2723,6 +2721,7 @@ ngx_http_ssi_date_gmt_local_variable(ngx_http_request_t *r,
|
|
2723
2721
|
{
|
2724
2722
|
ngx_http_ssi_ctx_t *ctx;
|
2725
2723
|
ngx_time_t *tp;
|
2724
|
+
ngx_str_t *timefmt;
|
2726
2725
|
struct tm tm;
|
2727
2726
|
char buf[NGX_HTTP_SSI_DATE_LEN];
|
2728
2727
|
|
@@ -2734,9 +2733,10 @@ ngx_http_ssi_date_gmt_local_variable(ngx_http_request_t *r,
|
|
2734
2733
|
|
2735
2734
|
ctx = ngx_http_get_module_ctx(r, ngx_http_ssi_filter_module);
|
2736
2735
|
|
2737
|
-
|
2738
|
-
|
2739
|
-
|
2736
|
+
timefmt = ctx ? &ctx->timefmt : &ngx_http_ssi_timefmt;
|
2737
|
+
|
2738
|
+
if (timefmt->len == sizeof("%s") - 1
|
2739
|
+
&& timefmt->data[0] == '%' && timefmt->data[1] == 's')
|
2740
2740
|
{
|
2741
2741
|
v->data = ngx_pnalloc(r->pool, NGX_TIME_T_LEN);
|
2742
2742
|
if (v->data == NULL) {
|
@@ -2755,7 +2755,7 @@ ngx_http_ssi_date_gmt_local_variable(ngx_http_request_t *r,
|
|
2755
2755
|
}
|
2756
2756
|
|
2757
2757
|
v->len = strftime(buf, NGX_HTTP_SSI_DATE_LEN,
|
2758
|
-
(char *)
|
2758
|
+
(char *) timefmt->data, &tm);
|
2759
2759
|
if (v->len == 0) {
|
2760
2760
|
return NGX_ERROR;
|
2761
2761
|
}
|
@@ -2878,6 +2878,7 @@ ngx_http_ssi_create_loc_conf(ngx_conf_t *cf)
|
|
2878
2878
|
slcf->enable = NGX_CONF_UNSET;
|
2879
2879
|
slcf->silent_errors = NGX_CONF_UNSET;
|
2880
2880
|
slcf->ignore_recycled_buffers = NGX_CONF_UNSET;
|
2881
|
+
slcf->last_modified = NGX_CONF_UNSET;
|
2881
2882
|
|
2882
2883
|
slcf->min_file_chunk = NGX_CONF_UNSET_SIZE;
|
2883
2884
|
slcf->value_len = NGX_CONF_UNSET_SIZE;
|
@@ -2896,6 +2897,7 @@ ngx_http_ssi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
2896
2897
|
ngx_conf_merge_value(conf->silent_errors, prev->silent_errors, 0);
|
2897
2898
|
ngx_conf_merge_value(conf->ignore_recycled_buffers,
|
2898
2899
|
prev->ignore_recycled_buffers, 0);
|
2900
|
+
ngx_conf_merge_value(conf->last_modified, prev->last_modified, 0);
|
2899
2901
|
|
2900
2902
|
ngx_conf_merge_size_value(conf->min_file_chunk, prev->min_file_chunk, 1024);
|
2901
2903
|
ngx_conf_merge_size_value(conf->value_len, prev->value_len, 255);
|
@@ -17,6 +17,14 @@ typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
|
|
17
17
|
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
|
18
18
|
#define NGX_DEFAULT_ECDH_CURVE "prime256v1"
|
19
19
|
|
20
|
+
#define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
|
21
|
+
|
22
|
+
|
23
|
+
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
|
24
|
+
static int ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
|
25
|
+
const unsigned char **out, unsigned char *outlen,
|
26
|
+
const unsigned char *in, unsigned int inlen, void *arg);
|
27
|
+
#endif
|
20
28
|
|
21
29
|
#ifdef TLSEXT_TYPE_next_proto_neg
|
22
30
|
static int ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
|
@@ -111,6 +119,13 @@ static ngx_command_t ngx_http_ssl_commands[] = {
|
|
111
119
|
offsetof(ngx_http_ssl_srv_conf_t, ciphers),
|
112
120
|
NULL },
|
113
121
|
|
122
|
+
{ ngx_string("ssl_buffer_size"),
|
123
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
|
124
|
+
ngx_conf_set_size_slot,
|
125
|
+
NGX_HTTP_SRV_CONF_OFFSET,
|
126
|
+
offsetof(ngx_http_ssl_srv_conf_t, buffer_size),
|
127
|
+
NULL },
|
128
|
+
|
114
129
|
{ ngx_string("ssl_verify_client"),
|
115
130
|
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
|
116
131
|
ngx_conf_set_enum_slot,
|
@@ -119,7 +134,7 @@ static ngx_command_t ngx_http_ssl_commands[] = {
|
|
119
134
|
&ngx_http_ssl_verify },
|
120
135
|
|
121
136
|
{ ngx_string("ssl_verify_depth"),
|
122
|
-
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|
|
137
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
|
123
138
|
ngx_conf_set_num_slot,
|
124
139
|
NGX_HTTP_SRV_CONF_OFFSET,
|
125
140
|
offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
|
@@ -153,6 +168,20 @@ static ngx_command_t ngx_http_ssl_commands[] = {
|
|
153
168
|
0,
|
154
169
|
NULL },
|
155
170
|
|
171
|
+
{ ngx_string("ssl_session_tickets"),
|
172
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
|
173
|
+
ngx_conf_set_flag_slot,
|
174
|
+
NGX_HTTP_SRV_CONF_OFFSET,
|
175
|
+
offsetof(ngx_http_ssl_srv_conf_t, session_tickets),
|
176
|
+
NULL },
|
177
|
+
|
178
|
+
{ ngx_string("ssl_session_ticket_key"),
|
179
|
+
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
|
180
|
+
ngx_conf_set_str_array_slot,
|
181
|
+
NGX_HTTP_SRV_CONF_OFFSET,
|
182
|
+
offsetof(ngx_http_ssl_srv_conf_t, session_ticket_keys),
|
183
|
+
NULL },
|
184
|
+
|
156
185
|
{ ngx_string("ssl_session_timeout"),
|
157
186
|
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
|
158
187
|
ngx_conf_set_sec_slot,
|
@@ -241,6 +270,9 @@ static ngx_http_variable_t ngx_http_ssl_vars[] = {
|
|
241
270
|
{ ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
|
242
271
|
(uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
|
243
272
|
|
273
|
+
{ ngx_string("ssl_session_reused"), NULL, ngx_http_ssl_variable,
|
274
|
+
(uintptr_t) ngx_ssl_get_session_reused, NGX_HTTP_VAR_CHANGEABLE, 0 },
|
275
|
+
|
244
276
|
{ ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
|
245
277
|
(uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
|
246
278
|
|
@@ -267,9 +299,65 @@ static ngx_http_variable_t ngx_http_ssl_vars[] = {
|
|
267
299
|
static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
|
268
300
|
|
269
301
|
|
270
|
-
#ifdef
|
302
|
+
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
|
271
303
|
|
272
|
-
|
304
|
+
static int
|
305
|
+
ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out,
|
306
|
+
unsigned char *outlen, const unsigned char *in, unsigned int inlen,
|
307
|
+
void *arg)
|
308
|
+
{
|
309
|
+
unsigned int srvlen;
|
310
|
+
unsigned char *srv;
|
311
|
+
#if (NGX_DEBUG)
|
312
|
+
unsigned int i;
|
313
|
+
#endif
|
314
|
+
#if (NGX_HTTP_SPDY)
|
315
|
+
ngx_http_connection_t *hc;
|
316
|
+
#endif
|
317
|
+
#if (NGX_HTTP_SPDY || NGX_DEBUG)
|
318
|
+
ngx_connection_t *c;
|
319
|
+
|
320
|
+
c = ngx_ssl_get_connection(ssl_conn);
|
321
|
+
#endif
|
322
|
+
|
323
|
+
#if (NGX_DEBUG)
|
324
|
+
for (i = 0; i < inlen; i += in[i] + 1) {
|
325
|
+
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
|
326
|
+
"SSL ALPN supported by client: %*s", in[i], &in[i + 1]);
|
327
|
+
}
|
328
|
+
#endif
|
329
|
+
|
330
|
+
#if (NGX_HTTP_SPDY)
|
331
|
+
hc = c->data;
|
332
|
+
|
333
|
+
if (hc->addr_conf->spdy) {
|
334
|
+
srv = (unsigned char *) NGX_SPDY_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
|
335
|
+
srvlen = sizeof(NGX_SPDY_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
|
336
|
+
|
337
|
+
} else
|
338
|
+
#endif
|
339
|
+
{
|
340
|
+
srv = (unsigned char *) NGX_HTTP_NPN_ADVERTISE;
|
341
|
+
srvlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
|
342
|
+
}
|
343
|
+
|
344
|
+
if (SSL_select_next_proto((unsigned char **) out, outlen, srv, srvlen,
|
345
|
+
in, inlen)
|
346
|
+
!= OPENSSL_NPN_NEGOTIATED)
|
347
|
+
{
|
348
|
+
return SSL_TLSEXT_ERR_NOACK;
|
349
|
+
}
|
350
|
+
|
351
|
+
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
|
352
|
+
"SSL ALPN selected: %*s", *outlen, *out);
|
353
|
+
|
354
|
+
return SSL_TLSEXT_ERR_OK;
|
355
|
+
}
|
356
|
+
|
357
|
+
#endif
|
358
|
+
|
359
|
+
|
360
|
+
#ifdef TLSEXT_TYPE_next_proto_neg
|
273
361
|
|
274
362
|
static int
|
275
363
|
ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
|
@@ -417,10 +505,13 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
|
|
417
505
|
|
418
506
|
sscf->enable = NGX_CONF_UNSET;
|
419
507
|
sscf->prefer_server_ciphers = NGX_CONF_UNSET;
|
508
|
+
sscf->buffer_size = NGX_CONF_UNSET_SIZE;
|
420
509
|
sscf->verify = NGX_CONF_UNSET_UINT;
|
421
510
|
sscf->verify_depth = NGX_CONF_UNSET_UINT;
|
422
511
|
sscf->builtin_session_cache = NGX_CONF_UNSET;
|
423
512
|
sscf->session_timeout = NGX_CONF_UNSET;
|
513
|
+
sscf->session_tickets = NGX_CONF_UNSET;
|
514
|
+
sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
|
424
515
|
sscf->stapling = NGX_CONF_UNSET;
|
425
516
|
sscf->stapling_verify = NGX_CONF_UNSET;
|
426
517
|
|
@@ -457,6 +548,9 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
457
548
|
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
|
458
549
|
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
|
459
550
|
|
551
|
+
ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
|
552
|
+
NGX_SSL_BUFSIZE);
|
553
|
+
|
460
554
|
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
|
461
555
|
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
|
462
556
|
|
@@ -534,6 +628,10 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
534
628
|
|
535
629
|
#endif
|
536
630
|
|
631
|
+
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
|
632
|
+
SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_http_ssl_alpn_select, NULL);
|
633
|
+
#endif
|
634
|
+
|
537
635
|
#ifdef TLSEXT_TYPE_next_proto_neg
|
538
636
|
SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
|
539
637
|
ngx_http_ssl_npn_advertised, NULL);
|
@@ -561,8 +659,11 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
561
659
|
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
|
562
660
|
"SSL_CTX_set_cipher_list(\"%V\") failed",
|
563
661
|
&conf->ciphers);
|
662
|
+
return NGX_CONF_ERROR;
|
564
663
|
}
|
565
664
|
|
665
|
+
conf->ssl.buffer_size = conf->buffer_size;
|
666
|
+
|
566
667
|
if (conf->verify) {
|
567
668
|
|
568
669
|
if (conf->client_certificate.len == 0 && conf->verify != 3) {
|
@@ -622,6 +723,23 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
622
723
|
return NGX_CONF_ERROR;
|
623
724
|
}
|
624
725
|
|
726
|
+
ngx_conf_merge_value(conf->session_tickets, prev->session_tickets, 1);
|
727
|
+
|
728
|
+
#ifdef SSL_OP_NO_TICKET
|
729
|
+
if (!conf->session_tickets) {
|
730
|
+
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
|
731
|
+
}
|
732
|
+
#endif
|
733
|
+
|
734
|
+
ngx_conf_merge_ptr_value(conf->session_ticket_keys,
|
735
|
+
prev->session_ticket_keys, NULL);
|
736
|
+
|
737
|
+
if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys)
|
738
|
+
!= NGX_OK)
|
739
|
+
{
|
740
|
+
return NGX_CONF_ERROR;
|
741
|
+
}
|
742
|
+
|
625
743
|
if (conf->stapling) {
|
626
744
|
|
627
745
|
if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,
|
@@ -26,6 +26,8 @@ typedef struct {
|
|
26
26
|
ngx_uint_t verify;
|
27
27
|
ngx_uint_t verify_depth;
|
28
28
|
|
29
|
+
size_t buffer_size;
|
30
|
+
|
29
31
|
ssize_t builtin_session_cache;
|
30
32
|
|
31
33
|
time_t session_timeout;
|
@@ -42,6 +44,9 @@ typedef struct {
|
|
42
44
|
|
43
45
|
ngx_shm_zone_t *shm_zone;
|
44
46
|
|
47
|
+
ngx_flag_t session_tickets;
|
48
|
+
ngx_array_t *session_ticket_keys;
|
49
|
+
|
45
50
|
ngx_flag_t stapling;
|
46
51
|
ngx_flag_t stapling_verify;
|
47
52
|
ngx_str_t stapling_file;
|
@@ -98,7 +98,9 @@ static ngx_int_t ngx_http_status_handler(ngx_http_request_t *r)
|
|
98
98
|
return rc;
|
99
99
|
}
|
100
100
|
|
101
|
+
r->headers_out.content_type_len = sizeof("text/plain") - 1;
|
101
102
|
ngx_str_set(&r->headers_out.content_type, "text/plain");
|
103
|
+
r->headers_out.content_type_lowcase = NULL;
|
102
104
|
|
103
105
|
if (r->method == NGX_HTTP_HEAD) {
|
104
106
|
r->headers_out.status = NGX_HTTP_OK;
|
@@ -145,6 +147,7 @@ static ngx_int_t ngx_http_status_handler(ngx_http_request_t *r)
|
|
145
147
|
r->headers_out.content_length_n = b->last - b->pos;
|
146
148
|
|
147
149
|
b->last_buf = (r == r->main) ? 1 : 0;
|
150
|
+
b->last_in_chain = 1;
|
148
151
|
|
149
152
|
rc = ngx_http_send_header(r);
|
150
153
|
|