nginx.git/src/http/modules, branch release-1.29.4 nginx Proxy: cache support for HTTP/2. 2025-12-08T03:49:16+00:00 Zhidao HONG z.hong@f5.com 2025-11-30T16:35:31+00:00 61690b5dc04ac31e4b402695cfc71c504be489dd 






Proxy: buffering support for HTTP/2.
2025-12-08T03:49:16+00:00

Zhidao HONG
z.hong@f5.com

2025-11-30T16:32:15+00:00

17fd964f99b7c28155dc0aadbadeb3b739951cf3












Proxy: extracted control frame and skip functions for HTTP/2.
2025-12-08T03:49:16+00:00

Zhidao HONG
z.hong@f5.com

2025-11-30T16:27:26+00:00

fdd8e97558b3e4002affd11fedc88cdf4ad4796c












Proxy: extracted ngx_http_proxy_v2_process_frames() function.
2025-12-08T03:49:16+00:00

Zhidao HONG
z.hong@f5.com

2025-11-30T16:24:24+00:00

2a0342a17ddfe32ee984177dc313c8de14cb1de2












Proxy: added HTTP/2 proxy module.
2025-12-08T03:49:16+00:00

Zhidao HONG
z.hong@f5.com

2025-07-15T15:35:39+00:00

9bf758ea4d5db1101296cc111f6d782045148727

The module allows to use HTTP/2 protocol for proxying.
HTTP/2 proxying is enabled by specifying "proxy_http_version 2".

Example:

    server {
        listen 8000;

        location / {
            proxy_http_version 2;
            proxy_pass https://127.0.0.1:8443;
        }
    }

    server {
        listen 8443 ssl;
        http2 on;

        ssl_certificate certs/example.com.crt;
        ssl_certificate_key certs/example.com.key;

        location / {
            return 200 foo;
        }
    }





The module allows to use HTTP/2 protocol for proxying.
HTTP/2 proxying is enabled by specifying "proxy_http_version 2".

Example:

    server {
        listen 8000;

        location / {
            proxy_http_version 2;
            proxy_pass https://127.0.0.1:8443;
        }
    }

    server {
        listen 8443 ssl;
        http2 on;

        ssl_certificate certs/example.com.crt;
        ssl_certificate_key certs/example.com.key;

        location / {
            return 200 foo;
        }
    }







Proxy: refactored for HTTP/2 support.
2025-12-08T03:49:16+00:00

Roman Arutyunyan
arut@nginx.com

2025-07-15T15:03:39+00:00

90a4fc793527b67678fd48b2692be09f30d8ffcf












Disabled bare LF in chunked transfer encoding.
2025-12-06T13:41:32+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-11-24T22:06:29+00:00

f405ef11fde6ed749318a844c010ce97483a8f98

Chunked transfer encoding, since originally introduced in HTTP/1.1
in RFC 2068, is specified to use CRLF as the only line terminator.

Although tolerant applications may recognize a single LF, formally
this covers the start line and fields, and doesn't apply to chunks.
Strict chunked parsing is reaffirmed as intentional in RFC errata
ID 7633, notably "because it does not have to retain backwards
compatibility with 1.0 parsers".

A general RFC 2616 recommendation to tolerate deviations whenever
interpreted unambiguously doesn't apply here, because chunked body
is used to determine HTTP message framing; a relaxed parsing may
cause various security problems due to a broken delimitation.
For instance, this is possible when receiving chunked body from
intermediates that blindly parse chunk-ext or a trailer section
until CRLF, and pass it further without re-coding.





Chunked transfer encoding, since originally introduced in HTTP/1.1
in RFC 2068, is specified to use CRLF as the only line terminator.

Although tolerant applications may recognize a single LF, formally
this covers the start line and fields, and doesn't apply to chunks.
Strict chunked parsing is reaffirmed as intentional in RFC errata
ID 7633, notably "because it does not have to retain backwards
compatibility with 1.0 parsers".

A general RFC 2616 recommendation to tolerate deviations whenever
interpreted unambiguously doesn't apply here, because chunked body
is used to determine HTTP message framing; a relaxed parsing may
cause various security problems due to a broken delimitation.
For instance, this is possible when receiving chunked body from
intermediates that blindly parse chunk-ext or a trailer section
until CRLF, and pass it further without re-coding.







Add basic ECH shared-mode via OpenSSL.
2025-12-01T12:33:40+00:00

sftcd
stephen.farrell@cs.tcd.ie

2025-11-26T14:12:07+00:00

ab4f5b2d32c1f621ebdf5816a34b568015b98c63












Proxy: fixed segfault in URI change.
2025-11-26T18:46:22+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-11-24T11:57:09+00:00

bcb41c91939009b7d01074c9a8f3cef1da13ec50

If request URI was shorter than location prefix, as after replacement
with try_files, location length was used to copy the remaining URI part
leading to buffer overread.

The fix is to replace full request URI in this case.  In the following
configuration, request "/123" is changed to "/" when sent to backend.

    location /1234 {
        try_files /123 =404;
        proxy_pass http://127.0.0.1:8080/;
    }

Closes #983 on GitHub.





If request URI was shorter than location prefix, as after replacement
with try_files, location length was used to copy the remaining URI part
leading to buffer overread.

The fix is to replace full request URI in this case.  In the following
configuration, request "/123" is changed to "/" when sent to backend.

    location /1234 {
        try_files /123 =404;
        proxy_pass http://127.0.0.1:8080/;
    }

Closes #983 on GitHub.







SSL: ngx_ssl_set_client_hello_callback() error handling.
2025-11-10T16:01:28+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-11-06T13:30:41+00:00

38a701d88b14f0747003c4e893d9fb13f51639ca

The function interface is changed to follow a common approach
to other functions used to setup SSL_CTX, with an exception of
"ngx_conf_t *cf" since it is not bound to nginx configuration.

This is required to report and propagate SSL_CTX_set_ex_data()
errors, as reminded by Coverity (CID 1668589).





The function interface is changed to follow a common approach
to other functions used to setup SSL_CTX, with an exception of
"ngx_conf_t *cf" since it is not bound to nginx configuration.

This is required to report and propagate SSL_CTX_set_ex_data()
errors, as reminded by Coverity (CID 1668589).