nginx-0.2.0-RELEASE import
*) The pid-file names used during online upgrade was changed and now is
not required a manual rename operation. The old master process adds
the ".oldbin" suffix to its pid-file and executes a new binary file.
The new master process creates usual pid-file without the ".newbin"
suffix. If the master process exits, then old master process renames
back its pid-file with the ".oldbin" suffix to the pid-file without
suffix.
*) Change: the "worker_connections" directive, new name of the
"connections" directive; now the directive specifies maximum number
of connections, but not maximum socket descriptor number.
*) Feature: SSL supports the session cache inside one worker process.
*) Feature: the "satisfy_any" directive.
*) Change: the ngx_http_access_module and ngx_http_auth_basic_module do
not run for subrequests.
*) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending"
directives.
*) Bugfix: if all backend using in load-balancing failed after one
error, then nginx did not try do connect to them during 60 seconds.
*) Bugfix: in IMAP/POP3 command argument parsing.
Thanks to Rob Mueller.
*) Bugfix: errors while using SSL in IMAP/POP3 proxy.
*) Bugfix: errors while using SSI and gzipping.
*) Bugfix: the "Expires" and "Cache-Control" header lines were omitted
from the 304 responses.
Thanks to Alexandr Kukushkin.
diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c
index 2838e9f..fb40669 100644
--- a/src/http/modules/ngx_http_autoindex_module.c
+++ b/src/http/modules/ngx_http_autoindex_module.c
@@ -203,7 +203,10 @@
if (ngx_open_dir(&dname, &dir) == NGX_ERROR) {
err = ngx_errno;
- if (err == NGX_ENOENT || err == NGX_ENOTDIR) {
+ if (err == NGX_ENOENT
+ || err == NGX_ENOTDIR
+ || err == NGX_ENAMETOOLONG)
+ {
level = NGX_LOG_ERR;
rc = NGX_HTTP_NOT_FOUND;
diff --git a/src/http/modules/ngx_http_headers_filter_module.c b/src/http/modules/ngx_http_headers_filter_module.c
index 1ad225f..43cb5c8 100644
--- a/src/http/modules/ngx_http_headers_filter_module.c
+++ b/src/http/modules/ngx_http_headers_filter_module.c
@@ -82,7 +82,10 @@
ngx_table_elt_t *expires, *cc, **ccp;
ngx_http_headers_conf_t *conf;
- if (r->headers_out.status != NGX_HTTP_OK || r->main) {
+ if ((r->headers_out.status != NGX_HTTP_OK
+ && r->headers_out.status != NGX_HTTP_NOT_MODIFIED)
+ || r->main)
+ {
return ngx_http_next_header_filter(r);
}
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index 1415f21..c807df9 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -160,7 +160,7 @@
NULL },
{ ngx_string("proxy_pass_unparsed_uri"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
ngx_conf_set_flag_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_proxy_loc_conf_t, upstream.pass_unparsed_uri),
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 5137af0..130f2b3 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -83,6 +83,9 @@
};
+static u_char ngx_http_session_id_ctx[] = "HTTP";
+
+
static void *
ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
{
@@ -147,12 +150,6 @@
}
-#if 0
- SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL);
- SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_NO_SSLv3);
- SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_SINGLE_DH_USE);
-#endif
-
if (conf->ciphers.len) {
if (SSL_CTX_set_cipher_list(conf->ssl_ctx,
(const char *) conf->ciphers.data) == 0)
@@ -182,7 +179,16 @@
return NGX_CONF_ERROR;
}
- SSL_CTX_set_verify(conf->ssl_ctx, SSL_VERIFY_NONE, NULL);
+ SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL);
+
+ SSL_CTX_set_mode(conf->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
+ SSL_CTX_set_read_ahead(conf->ssl_ctx, 1);
+
+ SSL_CTX_set_session_cache_mode(conf->ssl_ctx, SSL_SESS_CACHE_SERVER);
+
+ SSL_CTX_set_session_id_context(conf->ssl_ctx, ngx_http_session_id_ctx,
+ sizeof(ngx_http_session_id_ctx) - 1);
return NGX_CONF_OK;
}
diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c
index eac3c19..d8884ca 100644
--- a/src/http/modules/ngx_http_static_module.c
+++ b/src/http/modules/ngx_http_static_module.c
@@ -203,7 +203,10 @@
if (fd == NGX_INVALID_FILE) {
err = ngx_errno;
- if (err == NGX_ENOENT || err == NGX_ENOTDIR) {
+ if (err == NGX_ENOENT
+ || err == NGX_ENOTDIR
+ || err == NGX_ENAMETOOLONG)
+ {
level = NGX_LOG_ERR;
rc = NGX_HTTP_NOT_FOUND;
diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c
index 646e16d..54702cc 100644
--- a/src/http/ngx_http.c
+++ b/src/http/ngx_http.c
@@ -646,7 +646,10 @@
ls->post_accept_timeout = cscf->client_header_timeout;
clcf = cscf->ctx->loc_conf[ngx_http_core_module.ctx_index];
- ls->log = clcf->err_log;
+
+ ls->log = *clcf->err_log;
+ ls->log.data = &ls->addr_text;
+ ls->log.handler = ngx_accept_log_error;
#if (NGX_WIN32)
iocpcf = ngx_event_get_conf(cf->cycle->conf_ctx, ngx_iocp_module);
diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
index 66373e3..e9f5942 100644
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -284,6 +284,13 @@
0,
NULL },
+ { ngx_string("satisfy_any"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_core_loc_conf_t, satisfy_any),
+ NULL },
+
{ ngx_string("internal"),
NGX_HTTP_LOC_CONF|NGX_CONF_NOARGS,
ngx_http_core_internal,
@@ -401,50 +408,43 @@
r->connection->unexpected_eof = 0;
- switch (r->headers_in.connection_type) {
- case 0:
- if (r->http_version > NGX_HTTP_VERSION_10) {
+ if (r->err_ctx == NULL) {
+ switch (r->headers_in.connection_type) {
+ case 0:
+ if (r->http_version > NGX_HTTP_VERSION_10) {
+ r->keepalive = 1;
+ } else {
+ r->keepalive = 0;
+ }
+ break;
+
+ case NGX_HTTP_CONNECTION_CLOSE:
+ r->keepalive = 0;
+ break;
+
+ case NGX_HTTP_CONNECTION_KEEP_ALIVE:
r->keepalive = 1;
- } else {
+ break;
+ }
+
+ if (r->keepalive && r->headers_in.msie && r->method == NGX_HTTP_POST) {
+
+ /*
+ * MSIE may wait for some time if the response for the POST request
+ * is sent over the keepalive connection
+ */
+
r->keepalive = 0;
}
- break;
- case NGX_HTTP_CONNECTION_CLOSE:
- r->keepalive = 0;
- break;
+ if (r->headers_in.content_length_n > 0) {
+ r->lingering_close = 1;
- case NGX_HTTP_CONNECTION_KEEP_ALIVE:
- r->keepalive = 1;
- break;
+ } else {
+ r->lingering_close = 0;
+ }
}
- if (r->keepalive && r->headers_in.msie && r->method == NGX_HTTP_POST) {
-
- /*
- * MSIE may wait for some time if the response for the POST request
- * is sent over the keepalive connection
- */
-
- r->keepalive = 0;
- }
-
-#if 0
- /* TEST STUB */ r->http_version = NGX_HTTP_VERSION_10;
- /* TEST STUB */ r->keepalive = 0;
-#endif
-
- if (r->headers_in.content_length_n > 0) {
- r->lingering_close = 1;
-
- } else {
- r->lingering_close = 0;
- }
-
-#if 0
- /* TEST STUB */ r->lingering_close = 1;
-#endif
-
r->write_event_handler = ngx_http_core_run_phases;
r->valid_unparsed_uri = 1;
@@ -498,6 +498,10 @@
r->phase = NGX_HTTP_FIND_CONFIG_PHASE;
}
+ if (r->phase == NGX_HTTP_ACCESS_PHASE && r->main) {
+ continue;
+ }
+
if (r->phase == NGX_HTTP_CONTENT_PHASE && r->content_handler) {
r->write_event_handler = ngx_http_request_empty_handler;
ngx_http_finalize_request(r, r->content_handler(r));
@@ -515,7 +519,7 @@
/*
* we should never use r here because
- * it could point to already freed data
+ * it may point to already freed data
*/
return;
@@ -525,6 +529,30 @@
continue;
}
+ if (r->phase == NGX_HTTP_ACCESS_PHASE) {
+ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+ if (clcf->satisfy_any) {
+
+ if (rc == NGX_OK) {
+ r->access_code = 0;
+
+ if (r->headers_out.www_authenticate) {
+ r->headers_out.www_authenticate->hash = 0;
+ }
+
+ break;
+ }
+
+ if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED)
+ {
+ r->access_code = rc;
+
+ continue;
+ }
+ }
+ }
+
if (rc >= NGX_HTTP_SPECIAL_RESPONSE
|| rc == NGX_HTTP_NO_CONTENT
|| rc == NGX_ERROR)
@@ -545,6 +573,12 @@
if (rc == NGX_OK && cmcf->phases[r->phase].type == NGX_OK) {
break;
}
+
+ }
+
+ if (r->phase == NGX_HTTP_ACCESS_PHASE && r->access_code) {
+ ngx_http_finalize_request(r, r->access_code);
+ return;
}
}
@@ -1102,6 +1136,7 @@
sr->internal = 1;
+ sr->discard_body = r->discard_body;
sr->main_filter_need_in_memory = r->main_filter_need_in_memory;
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
@@ -1793,6 +1828,7 @@
lcf->client_max_body_size = NGX_CONF_UNSET_SIZE;
lcf->client_body_buffer_size = NGX_CONF_UNSET_SIZE;
lcf->client_body_timeout = NGX_CONF_UNSET_MSEC;
+ lcf->satisfy_any = NGX_CONF_UNSET;
lcf->internal = NGX_CONF_UNSET;
lcf->sendfile = NGX_CONF_UNSET;
lcf->tcp_nopush = NGX_CONF_UNSET;
@@ -1895,6 +1931,7 @@
ngx_conf_merge_msec_value(conf->client_body_timeout,
prev->client_body_timeout, 60000);
+ ngx_conf_merge_value(conf->satisfy_any, prev->satisfy_any, 0);
ngx_conf_merge_value(conf->internal, prev->internal, 0);
ngx_conf_merge_value(conf->sendfile, prev->sendfile, 0);
ngx_conf_merge_value(conf->tcp_nopush, prev->tcp_nopush, 0);
diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h
index 59fc32a..d175f2e 100644
--- a/src/http/ngx_http_core_module.h
+++ b/src/http/ngx_http_core_module.h
@@ -217,6 +217,7 @@
time_t keepalive_header; /* keepalive_timeout */
+ ngx_flag_t satisfy_any; /* satisfy_any */
ngx_flag_t internal; /* internal */
ngx_flag_t sendfile; /* sendfile */
ngx_flag_t tcp_nopush; /* tcp_nopush */
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 594a272..cb3937c 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -359,7 +359,7 @@
if (sscf->enable) {
if (c->ssl == NULL) {
- if (ngx_ssl_create_session(sscf->ssl_ctx, c, NGX_SSL_BUFFER)
+ if (ngx_ssl_create_connection(sscf->ssl_ctx, c, NGX_SSL_BUFFER)
== NGX_ERROR)
{
ngx_http_close_connection(c);
@@ -1732,10 +1732,6 @@
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"http postponed output filter: %d", rc);
- if (rc == NGX_AGAIN) {
- return rc;
- }
-
/*
* we treat NGX_ERROR as NGX_OK, because we need to complete
* all postponed requests
@@ -1744,6 +1740,11 @@
pr = r->postponed;
if (pr == NULL) {
+
+ if (rc == NGX_AGAIN) {
+ return NGX_AGAIN;
+ }
+
return NGX_OK;
}
}
diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
index fe56b26..8dbf0ba 100644
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -307,6 +307,7 @@
ngx_uint_t phase;
ngx_int_t phase_handler;
ngx_http_handler_pt content_handler;
+ ngx_uint_t access_code;
ngx_http_variable_value_t **variables;
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 04a7a57..834c302 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -459,7 +459,11 @@
u->state->peer = &u->peer.peers->peer[u->peer.cur_peer].name;
- if (rc == NGX_CONNECT_ERROR) {
+ if (rc == NGX_BUSY) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "no live upstreams");
+ }
+
+ if (rc == NGX_BUSY || rc == NGX_DECLINED) {
ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR);
return;
}
