nginx.git/src/http/modules, branch release-1.13.8 nginx Proxy: escape explicit space in URI in default cache key. 2017-11-20T17:50:35+00:00 Roman Arutyunyan arut@nginx.com 2017-11-20T17:50:35+00:00 6754a404669b527340dd74270289da6adfc6302f If the flag space_in_uri is set, the URI in HTTP upstream request is escaped to convert space to %20. However this flag is not checked while creating the default cache key. This leads to different cache keys for requests '/foo bar' and '/foo%20bar', while the upstream requests are identical. Additionally, the change fixes background cache updates when the client URI contains unescaped space. Default cache key in a subrequest is always based on escaped URI, while the main request may not escape it. As a result, background cache update subrequest may update a different cache entry. 
If the flag space_in_uri is set, the URI in HTTP upstream request is escaped to
convert space to %20.  However this flag is not checked while creating the
default cache key.  This leads to different cache keys for requests
'/foo bar' and '/foo%20bar', while the upstream requests are identical.

Additionally, the change fixes background cache updates when the client URI
contains unescaped space.  Default cache key in a subrequest is always based on
escaped URI, while the main request may not escape it.  As a result, background
cache update subrequest may update a different cache entry.
Proxy: simplified conditions of using unparsed uri. 2017-11-20T10:47:17+00:00 Roman Arutyunyan arut@nginx.com 2017-11-20T10:47:17+00:00 de11c2ad09286fe728b357a41543f3ba219f8986 Previously, the unparsed uri was explicitly allowed to be used only by the main request. However the valid_unparsed_uri flag is nonzero only in the main request, which makes the main request check pointless. 
Previously, the unparsed uri was explicitly allowed to be used only by the main
request.  However the valid_unparsed_uri flag is nonzero only in the main
request, which makes the main request check pointless.
Upstream keepalive: clean read delayed flag in stored connections. 2017-11-28T11:00:00+00:00 Roman Arutyunyan arut@nginx.com 2017-11-28T11:00:00+00:00 e13268714fa3f57adbc7c3891db86b025d79eaf4 If a connection with the read delayed flag set was stored in the keepalive cache, and after picking it from the cache a read timer was set on that connection, this timer was considered a delay timer rather than a socket read event timer as expected. The latter timeout is usually much longer than the former, which caused a significant delay in request processing. The issue manifested itself with proxy_limit_rate and upstream keepalive enabled and exists since 973ee2276300 (1.7.7) when proxy_limit_rate was introduced. 
If a connection with the read delayed flag set was stored in the keepalive
cache, and after picking it from the cache a read timer was set on that
connection, this timer was considered a delay timer rather than a socket read
event timer as expected.  The latter timeout is usually much longer than the
former, which caused a significant delay in request processing.

The issue manifested itself with proxy_limit_rate and upstream keepalive
enabled and exists since 973ee2276300 (1.7.7) when proxy_limit_rate was
introduced.
Autoindex: discard request body (ticket #1439). 2017-12-04T14:30:02+00:00 Maxim Dounin mdounin@mdounin.ru 2017-12-04T14:30:02+00:00 53e5a746bff6860607d0afced9de9854ad62c50f 






Gzip: support for a zlib variant from Intel.
2017-11-18T01:03:27+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-11-18T01:03:27+00:00

f1c4853ea1a981073b067cd1356febd08b86f898

A zlib variant from Intel as available from https://github.com/jtkukunas/zlib
uses 64K hash instead of scaling it from the specified memory level, and
also uses 16-byte padding in one of the window-sized memory buffers, and can
force window bits to 13 if compression level is set to 1 and appropriate
compile options are used.  As a result, nginx complained with "gzip filter
failed to use preallocated memory" alerts.

This change improves deflate_state allocation detection by testing that
items is 1 (deflate_state is the only allocation where items is 1).
Additionally, on first failure to use preallocated memory we now assume
that we are working with the Intel's modified zlib, and switch to using
appropriate preallocations.  If this does not help, we complain with the
usual alerts.

Previous version of this patch was published at
http://mailman.nginx.org/pipermail/nginx/2014-July/044568.html.
The zlib variant in question is used by default in ClearLinux from Intel,
see http://mailman.nginx.org/pipermail/nginx-ru/2017-October/060421.html,
http://mailman.nginx.org/pipermail/nginx-ru/2017-November/060544.html.





A zlib variant from Intel as available from https://github.com/jtkukunas/zlib
uses 64K hash instead of scaling it from the specified memory level, and
also uses 16-byte padding in one of the window-sized memory buffers, and can
force window bits to 13 if compression level is set to 1 and appropriate
compile options are used.  As a result, nginx complained with "gzip filter
failed to use preallocated memory" alerts.

This change improves deflate_state allocation detection by testing that
items is 1 (deflate_state is the only allocation where items is 1).
Additionally, on first failure to use preallocated memory we now assume
that we are working with the Intel's modified zlib, and switch to using
appropriate preallocations.  If this does not help, we complain with the
usual alerts.

Previous version of this patch was published at
http://mailman.nginx.org/pipermail/nginx/2014-July/044568.html.
The zlib variant in question is used by default in ClearLinux from Intel,
see http://mailman.nginx.org/pipermail/nginx-ru/2017-October/060421.html,
http://mailman.nginx.org/pipermail/nginx-ru/2017-November/060544.html.







Xslt: fixed parameters parsing (ticket #1416).
2017-11-16T10:20:47+00:00

Ruslan Ermilov
ru@nginx.com

2017-11-16T10:20:47+00:00

cdbdbbd8423ab96c89c034d879b16b1a931eb38a

If parameters were specified in xslt_stylesheet without variables,
any request except the first would cause an internal server error.





If parameters were specified in xslt_stylesheet without variables,
any request except the first would cause an internal server error.







SSI: fixed type.
2017-10-26T16:30:38+00:00

hucongcong
hucong.c@foxmail.com

2017-10-26T16:30:38+00:00

d303a95594fdbca28b241e53d0346d5965cfd757












FastCGI: adjust buffer position when parsing incomplete records.
2017-11-09T12:35:20+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-11-09T12:35:20+00:00

cfc8c28259b3fd59f2517ac4830a08e8a9925148

Previously, nginx failed to move buffer position when parsing an incomplete
record header, and due to this wasn't be able to continue parsing once
remaining bytes of the record header were received.

This can affect response header parsing, potentially generating spurious errors
like "upstream sent unexpected FastCGI request id high byte: 1 while reading
response header from upstream".  While this is very unlikely, since usually
record headers are written in a single buffer, this still can happen in real
life, for example, if a record header will be split across two TCP packets
and the second packet will be delayed.

This does not affect non-buffered response body proxying, due to "buf->pos =
buf->last;" at the start of the ngx_http_fastcgi_non_buffered_filter()
function.  Also this does not affect buffered response body proxying, as
each input buffer is only passed to the filter once.





Previously, nginx failed to move buffer position when parsing an incomplete
record header, and due to this wasn't be able to continue parsing once
remaining bytes of the record header were received.

This can affect response header parsing, potentially generating spurious errors
like "upstream sent unexpected FastCGI request id high byte: 1 while reading
response header from upstream".  While this is very unlikely, since usually
record headers are written in a single buffer, this still can happen in real
life, for example, if a record header will be split across two TCP packets
and the second packet will be delayed.

This does not affect non-buffered response body proxying, due to "buf->pos =
buf->last;" at the start of the ngx_http_fastcgi_non_buffered_filter()
function.  Also this does not affect buffered response body proxying, as
each input buffer is only passed to the filter once.







Upstream hash: reordered peer checks.
2017-10-05T14:43:05+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-10-05T14:43:05+00:00

53d655f89407af017cd193fd4d8d82118c9c2c80

This slightly reduces cost of selecting a peer if all or almost all peers
failed, see ticket #1030.  There should be no measureable difference with
other workloads.





This slightly reduces cost of selecting a peer if all or almost all peers
failed, see ticket #1030.  There should be no measureable difference with
other workloads.







Upstream hash: limited number of tries in consistent case.
2017-10-05T14:42:59+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-10-05T14:42:59+00:00

a10ec2db91b448029968025d23155e9c383f522d

While this may result in non-ideal distribution of requests if nginx
won't be able to select a server in a reasonable number of attempts,
this still looks better than severe performance degradation observed
if there is no limit and there are many points configured (ticket #1030).
This is also in line with what we do for other hash balancing methods.





While this may result in non-ideal distribution of requests if nginx
won't be able to select a server in a reasonable number of attempts,
this still looks better than severe performance degradation observed
if there is no limit and there are many points configured (ticket #1030).
This is also in line with what we do for other hash balancing methods.