nginx.git/src/http/modules, branch release-1.14.0 nginx gRPC: fixed possible sign extension of error and setting_value. 2018-03-22T16:26:25+00:00 Maxim Dounin mdounin@mdounin.ru 2018-03-22T16:26:25+00:00 0ac57648ebc93358e977939bfcb9d1e67485b98e All cases are harmless and should not happen on valid values, though can result in bad values being shown incorrectly in logs. Found by Coverity (CID 1430311, 1430312, 1430313). 
All cases are harmless and should not happen on valid values, though can
result in bad values being shown incorrectly in logs.

Found by Coverity (CID 1430311, 1430312, 1430313).
gRPC: fixed missing state save in frame header parsing. 2018-03-20T12:58:11+00:00 Sergey Kandaurov pluknet@nginx.com 2018-03-20T12:58:11+00:00 e232421266416ed841272847ea307e935852230d Previously, frame state wasn't saved if HEADERS frame payload that begins with header fragment was not received at once. 
Previously, frame state wasn't saved if HEADERS frame payload
that begins with header fragment was not received at once.
gRPC: fixed parsing response headers split on CONTINUATION frames. 2018-03-19T13:42:56+00:00 Sergey Kandaurov pluknet@nginx.com 2018-03-19T13:42:56+00:00 f3ad346952e90c4d5dc34b5da924f1a57deb5165 






Upstream: fixed comments after 13f8dec720b5.
2018-03-19T13:22:09+00:00

Ruslan Ermilov
ru@nginx.com

2018-03-19T13:22:09+00:00

510986b80683e6d44e0e431ae92423eb7be64351

The fields "uri", "location", and "url" from ngx_http_upstream_conf_t
moved to ngx_http_proxy_loc_conf_t and ngx_http_proxy_vars_t, reflect
this change in create_loc_conf comments.





The fields "uri", "location", and "url" from ngx_http_upstream_conf_t
moved to ngx_http_proxy_loc_conf_t and ngx_http_proxy_vars_t, reflect
this change in create_loc_conf comments.







gRPC: special handling of "trailer only" responses.
2018-03-17T20:04:26+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-03-17T20:04:26+00:00

6559a420134b0f52ce2d4f147bdd92269ad5f677

The gRPC protocol makes a distinction between HEADERS frame with
the END_STREAM flag set, and a HEADERS frame followed by an empty
DATA frame with the END_STREAM flag.  The latter is not permitted,
and results in errors not being propagated through nginx.  Instead,
gRPC clients complain that "server closed the stream without sending
trailers" (seen in grpc-go) or "13: Received RST_STREAM with error
code 2" (seen in grpc-c).

To fix this, nginx now returns HEADERS with the END_STREAM flag if
the response length is known to be 0, and we are not expecting
any trailer headers to be added.  And the response length is
explicitly set to 0 in the gRPC proxy if we see initial HEADERS frame
with the END_STREAM flag set.





The gRPC protocol makes a distinction between HEADERS frame with
the END_STREAM flag set, and a HEADERS frame followed by an empty
DATA frame with the END_STREAM flag.  The latter is not permitted,
and results in errors not being propagated through nginx.  Instead,
gRPC clients complain that "server closed the stream without sending
trailers" (seen in grpc-go) or "13: Received RST_STREAM with error
code 2" (seen in grpc-c).

To fix this, nginx now returns HEADERS with the END_STREAM flag if
the response length is known to be 0, and we are not expecting
any trailer headers to be added.  And the response length is
explicitly set to 0 in the gRPC proxy if we see initial HEADERS frame
with the END_STREAM flag set.







gRPC: special handling of the TE request header.
2018-03-17T20:04:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-03-17T20:04:25+00:00

6a0d9e5b2d9274e5ac5059a674763f19c2731b11

According to the gRPC protocol specification, the "TE" header is used
to detect incompatible proxies, and at least grpc-c server rejects
requests without "TE: trailers".

To preserve the logic, we have to pass "TE: trailers" to the backend if
and only if the original request contains "trailers" in the "TE" header.
Note that no other TE values are allowed in HTTP/2, so we have to remove
anything else.





According to the gRPC protocol specification, the "TE" header is used
to detect incompatible proxies, and at least grpc-c server rejects
requests without "TE: trailers".

To preserve the logic, we have to pass "TE: trailers" to the backend if
and only if the original request contains "trailers" in the "TE" header.
Note that no other TE values are allowed in HTTP/2, so we have to remove
anything else.







The gRPC proxy module.
2018-03-17T20:04:24+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-03-17T20:04:24+00:00

56ad960e7a3d4cf16c03ff231616a76c4834e548

The module allows passing requests to upstream gRPC servers.
The module is built by default as long as HTTP/2 support is compiled in.
Example configuration:

    grpc_pass 127.0.0.1:9000;

Alternatively, the "grpc://" scheme can be used:

    grpc_pass grpc://127.0.0.1:9000;

Keepalive support is available via the upstream keepalive module.  Note
that keepalive connections won't currently work with grpc-go as it fails
to handle SETTINGS_HEADER_TABLE_SIZE.

To use with SSL:

    grpc_pass grpcs://127.0.0.1:9000;

SSL connections use ALPN "h2" when available.  At least grpc-go works fine
without ALPN, so if ALPN is not available we just establish a connection
without it.

Tested with grpc-c++ and grpc-go.





The module allows passing requests to upstream gRPC servers.
The module is built by default as long as HTTP/2 support is compiled in.
Example configuration:

    grpc_pass 127.0.0.1:9000;

Alternatively, the "grpc://" scheme can be used:

    grpc_pass grpc://127.0.0.1:9000;

Keepalive support is available via the upstream keepalive module.  Note
that keepalive connections won't currently work with grpc-go as it fails
to handle SETTINGS_HEADER_TABLE_SIZE.

To use with SSL:

    grpc_pass grpcs://127.0.0.1:9000;

SSL connections use ALPN "h2" when available.  At least grpc-go works fine
without ALPN, so if ALPN is not available we just establish a connection
without it.

Tested with grpc-c++ and grpc-go.







Access log: support for disabling escaping (ticket #1450).
2018-03-01T08:42:55+00:00

Vladimir Homutov
vl@nginx.com

2018-03-01T08:42:55+00:00

764737256521de5c34f7ce1cc1b27bf440b6cced

Based on patches by Johannes Baiter <johannes.baiter@bsb-muenchen.de>
and Calin Don.





Based on patches by Johannes Baiter <johannes.baiter@bsb-muenchen.de>
and Calin Don.







Generic subrequests in memory.
2018-02-28T13:56:58+00:00

Roman Arutyunyan
arut@nginx.com

2018-02-28T13:56:58+00:00

7c5c15a25d22b05f1baabfb14395a7924fe4fd8c

Previously, only the upstream response body could be accessed with the
NGX_HTTP_SUBREQUEST_IN_MEMORY feature.  Now any response body from a subrequest
can be saved in a memory buffer.  It is available as a single buffer in r->out
and the buffer size is configured by the subrequest_output_buffer_size
directive.

Upstream, proxy and fastcgi code used to handle the old-style feature is
removed.





Previously, only the upstream response body could be accessed with the
NGX_HTTP_SUBREQUEST_IN_MEMORY feature.  Now any response body from a subrequest
can be saved in a memory buffer.  It is available as a single buffer in r->out
and the buffer size is configured by the subrequest_output_buffer_size
directive.

Upstream, proxy and fastcgi code used to handle the old-style feature is
removed.







Auth basic: prevent null character in error log (ticket #1494).
2018-02-26T14:52:20+00:00

Vadim Filimonov
fffilimonov@yandex.ru

2018-02-26T14:52:20+00:00

f607032e0c7edd44b25a759ebcaea077e94f6b10