nginx.git/src/http/modules, branch release-1.11.0 nginx Realip: detect duplicate real_ip_header directive. 2016-05-23T16:17:24+00:00 Ruslan Ermilov ru@nginx.com 2016-05-23T16:17:24+00:00 adfd0b065cca23d2ca61ad43c5b8fdaa23957da9 






Realip: take client port from PROXY protocol header.
2016-05-23T15:44:22+00:00

Dmitry Volyntsev
xeioex@nginx.com

2016-05-23T15:44:22+00:00

19140c8c4f7f16747df4a7e3bf4299a6a8d75a81

Previously, when the client address was changed to the one from
the PROXY protocol header, the client port ($remote_port) was
reset to zero.  Now the client port is also changed to the one
from the PROXY protocol header.





Previously, when the client address was changed to the one from
the PROXY protocol header, the client port ($remote_port) was
reset to zero.  Now the client port is also changed to the one
from the PROXY protocol header.







Added the $realip_remote_port variable.
2016-05-23T15:44:22+00:00

Dmitry Volyntsev
xeioex@nginx.com

2016-05-23T15:44:22+00:00

97495b662f378bad2a9df05d4c4b4e0977b1d309












Introduced the ngx_sockaddr_t type.
2016-05-23T13:37:20+00:00

Ruslan Ermilov
ru@nginx.com

2016-05-23T13:37:20+00:00

fd064d3b88e59ee71aec508687403539b01d643c

It's properly aligned and can hold any supported sockaddr.





It's properly aligned and can hold any supported sockaddr.







SSL: support for multiple curves (ticket #885).
2016-05-19T11:46:32+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-05-19T11:46:32+00:00

3b7dca4bb5b0938addd48dd5261a0b61d849f8f3

OpenSSL 1.0.2+ allows configuring a curve list instead of a single curve
previously supported.  This allows use of different curves depending on
what client supports (as available via the elliptic_curves extension),
and also allows use of different curves in an ECDHE key exchange and
in the ECDSA certificate.

The special value "auto" was introduced (now the default for ssl_ecdh_curve),
which means "use an internal list of curves as available in the OpenSSL
library used".  For versions prior to OpenSSL 1.0.2 it maps to "prime256v1"
as previously used.  The default in 1.0.2b+ prefers prime256v1 as well
(and X25519 in OpenSSL 1.1.0+).

As client vs. server preference of curves is controlled by the
same option as used for ciphers (SSL_OP_CIPHER_SERVER_PREFERENCE),
the ssl_prefer_server_ciphers directive now controls both.





OpenSSL 1.0.2+ allows configuring a curve list instead of a single curve
previously supported.  This allows use of different curves depending on
what client supports (as available via the elliptic_curves extension),
and also allows use of different curves in an ECDHE key exchange and
in the ECDSA certificate.

The special value "auto" was introduced (now the default for ssl_ecdh_curve),
which means "use an internal list of curves as available in the OpenSSL
library used".  For versions prior to OpenSSL 1.0.2 it maps to "prime256v1"
as previously used.  The default in 1.0.2b+ prefers prime256v1 as well
(and X25519 in OpenSSL 1.1.0+).

As client vs. server preference of curves is controlled by the
same option as used for ciphers (SSL_OP_CIPHER_SERVER_PREFERENCE),
the ssl_prefer_server_ciphers directive now controls both.







SSL: support for multiple certificates (ticket #814).
2016-05-19T11:46:32+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-05-19T11:46:32+00:00

cf126b98b30847a453c6f62e0717867cb05098b0












Dav: return 501 on PUT with ranges (ticket #948).
2016-05-16T17:37:23+00:00

Maxim Dounin
mdounin@mdounin.ru

2016-05-16T17:37:23+00:00

099d74cf3d62a092e51ef7dbba9dace68aca7209












Map: support of complex values in resulting strings.
2016-05-12T13:43:19+00:00

Dmitry Volyntsev
xeioex@nginx.com

2016-05-12T13:43:19+00:00

cbf6ca98bc3f839ab3519ac45807c3c8ae6deb84












Upstream: the "transparent" parameter of proxy_bind and friends.
2015-12-18T16:05:27+00:00

Roman Arutyunyan
arut@nginx.com

2015-12-18T16:05:27+00:00

be79f5cb16eeb452e2a9e343a89f89b3b47bc5a2

This parameter lets binding the proxy connection to a non-local address.
Upstream will see the connection as coming from that address.
When used with $remote_addr, upstream will accept the connection from real
client address.

Example:

    proxy_bind $remote_addr transparent;





This parameter lets binding the proxy connection to a non-local address.
Upstream will see the connection as coming from that address.
When used with $remote_addr, upstream will accept the connection from real
client address.

Example:

    proxy_bind $remote_addr transparent;







FastCGI: skip special bufs in buffered request body chain.
2016-04-11T15:42:34+00:00

Valentin Bartenev
vbart@nginx.com

2016-04-11T15:42:34+00:00

4c1b9fef65e9a992933ae0168e62bba279eabfab

This prevents forming empty records out of such buffers.  Particularly it fixes
double end-of-stream records with chunked transfer encoding, or when HTTP/2 is
used and the END_STREAM flag has been sent without data.  In both cases there
is an empty buffer at the end of the request body chain with the "last_buf"
flag set.

The canonical libfcgi, as well as php implementation, tolerates such records,
while the HHVM parser is more strict and drops the connection (ticket #950).





This prevents forming empty records out of such buffers.  Particularly it fixes
double end-of-stream records with chunked transfer encoding, or when HTTP/2 is
used and the END_STREAM flag has been sent without data.  In both cases there
is an empty buffer at the end of the request body chain with the "last_buf"
flag set.

The canonical libfcgi, as well as php implementation, tolerates such records,
while the HHVM parser is more strict and drops the connection (ticket #950).