nginx.git/src/http/ngx_http_upstream.c, branch release-1.29.7 nginx Sticky: added the "header" parameter in the learn mode. 2026-03-09T17:08:30+00:00 Vladimir Homutov vl@nginx.com 2017-06-08T12:39:06+00:00 8021cb02de840d6168a98e4eefb9bdfbe51ba96e With this parameter set, sessions are learned after receiving upstream headers. 
With this parameter set, sessions are learned after receiving upstream headers.
Sticky: added "draining" peer state. 2026-03-09T17:08:30+00:00 Vladimir Homutov vl@nginx.com 2014-08-28T07:53:49+00:00 d12dd2405d659707f75eaa93d45ed762cc5bdd5d While peer is draining, only sticky requests are served and the peer is never selected to process new requests. Co-authored-by: Ruslan Ermilov <ru@nginx.com> 
While peer is draining, only sticky requests are served and the peer is never
selected to process new requests.

Co-authored-by: Ruslan Ermilov <ru@nginx.com>
Upstream: introduced a new macro for down value. 2026-03-09T17:08:30+00:00 Aleksei Bavshin a.bavshin@nginx.com 2026-03-04T19:35:41+00:00 c5036ad30cfafb233494fa81c0b328aac3eb0e9b 






Upstream: added sticky sessions support for upstreams.
2026-03-09T17:08:30+00:00

Vladimir Homutov
vl@nginx.com

2013-04-02T21:44:36+00:00

104734f21888cfec6994e092073f51a0d4b0fb47

Sticky sessions allow to route the same client to the same upstream server.

- upstream structures are extended to keep session-related information

- existing balancing modules are updated to provide an id of the selected
  server (SID) in pc->sid, and to select the server, given it's SID.

- other balancing modules are allowed to set the pc->hint value to choose
  the desired peer.  The sticky module will not change the hint if it's
  already set.

- the feature is enabled by default and can be disabled with the
  "--without-http_upstream_sticky" switch of the configure script.

The following configuration can be used to enable sticky sessions for
supported balancing modules:

    upstream u1 {
        server 127.0.0.1:8080;
        server 127.0.0.1:8081;

        sticky cookie server_id expires=1h domain=.example.com path=/;
    }

Co-authored-by: Ruslan Ermilov <ru@nginx.com>
Co-authored-by: Roman Arutyunyan <arut@nginx.com>
Co-authored-by: Maxim Dounin <mdounin@mdounin.ru>





Sticky sessions allow to route the same client to the same upstream server.

- upstream structures are extended to keep session-related information

- existing balancing modules are updated to provide an id of the selected
  server (SID) in pc->sid, and to select the server, given it's SID.

- other balancing modules are allowed to set the pc->hint value to choose
  the desired peer.  The sticky module will not change the hint if it's
  already set.

- the feature is enabled by default and can be disabled with the
  "--without-http_upstream_sticky" switch of the configure script.

The following configuration can be used to enable sticky sessions for
supported balancing modules:

    upstream u1 {
        server 127.0.0.1:8080;
        server 127.0.0.1:8081;

        sticky cookie server_id expires=1h domain=.example.com path=/;
    }

Co-authored-by: Ruslan Ermilov <ru@nginx.com>
Co-authored-by: Roman Arutyunyan <arut@nginx.com>
Co-authored-by: Maxim Dounin <mdounin@mdounin.ru>







Upstream: reinit upstream after reading bad response.
2026-02-04T15:09:20+00:00

Roman Arutyunyan
arut@nginx.com

2026-01-28T16:38:38+00:00

d7a249470b78a155c7548aea5f4eb959dae9fd03

Previously, when connecting to a backend, if the read event handler was
called before the write event handler, and the received response triggered
a next upstream condition, then ngx_http_upstream_reinit() was not called
to clean up the old upstream context.  This had multiple implications.

For all proxy modules, since the last upstream response was not cleaned up,
it was mixed with the next upstream response.  This could result in ignoring
the second response status code, duplicate response headers or reporting
old upstream header errors.

With ngx_http_grpc_module and ngx_http_proxy_v2_module, ctx->connection
was left dangling since the object it referenced was allocated from the
last upstream connection pool, which was deleted when freeing last upstream.
This lead to use-after-free when trying to reuse this object for the next
upstream.





Previously, when connecting to a backend, if the read event handler was
called before the write event handler, and the received response triggered
a next upstream condition, then ngx_http_upstream_reinit() was not called
to clean up the old upstream context.  This had multiple implications.

For all proxy modules, since the last upstream response was not cleaned up,
it was mixed with the next upstream response.  This could result in ignoring
the second response status code, duplicate response headers or reporting
old upstream header errors.

With ngx_http_grpc_module and ngx_http_proxy_v2_module, ctx->connection
was left dangling since the object it referenced was allocated from the
last upstream connection pool, which was deleted when freeing last upstream.
This lead to use-after-free when trying to reuse this object for the next
upstream.







Upstream: detect premature plain text response from SSL backend.
2026-02-04T15:09:20+00:00

Roman Arutyunyan
arut@nginx.com

2026-01-29T09:27:32+00:00

a59f5f099a89dc8eaebd48077292313f9f7e33e3

When connecting to a backend, the connection write event is triggered
first in most cases.  However if a response arrives quickly enough, both
read and write events can be triggered together within the same event loop
iteration.  In this case the read event handler is called first and the
write event handler is called after it.

SSL initialization for backend connections happens only in the write event
handler since SSL handshake starts with sending Client Hello.  Previously,
if a backend sent a quick plain text response, it could be parsed by the
read event handler prior to starting SSL handshake on the connection.
The change adds protection against parsing such responses on SSL-enabled
connections.





When connecting to a backend, the connection write event is triggered
first in most cases.  However if a response arrives quickly enough, both
read and write events can be triggered together within the same event loop
iteration.  In this case the read event handler is called first and the
write event handler is called after it.

SSL initialization for backend connections happens only in the write event
handler since SSL handshake starts with sending Client Hello.  Previously,
if a backend sent a quick plain text response, it could be parsed by the
read event handler prior to starting SSL handshake on the connection.
The change adds protection against parsing such responses on SSL-enabled
connections.







Upstream: add support for connection level ALPN protocol negotiation.
2025-12-08T03:49:16+00:00

Zhidao HONG
z.hong@f5.com

2025-07-15T14:54:21+00:00

b8492d9c25c34c87419d2ad118fa812fd72da27c

This commit is prepared for HTTP/2 and HTTP/3 support.

The ALPN protocol is now set per-connection in
ngx_http_upstream_ssl_init_connection(), allowing proper protocol negotiation
for each individual upstream connection regardless of SSL context sharing.





This commit is prepared for HTTP/2 and HTTP/3 support.

The ALPN protocol is now set per-connection in
ngx_http_upstream_ssl_init_connection(), allowing proper protocol negotiation
for each individual upstream connection regardless of SSL context sharing.







Upstream: reset local address in case of error.
2025-10-24T13:49:04+00:00

Roman Arutyunyan
arut@nginx.com

2025-10-23T14:21:57+00:00

364a94ecec13037126f28f91cf8f290979ffc229

After f10bc5a763bb the address was set to NULL only when local address was
not specified at all.  In case complex value evaluated to an empty or
invalid string, local address remained unchanged.  Currenrly this is not
a problem since the value is only set once.  This change is a preparation
for being able to change the local address after initial setting.





After f10bc5a763bb the address was set to NULL only when local address was
not specified at all.  In case complex value evaluated to an empty or
invalid string, local address remained unchanged.  Currenrly this is not
a problem since the value is only set once.  This change is a preparation
for being able to change the local address after initial setting.







Upstream: overflow detection in Cache-Control delta-seconds.
2025-09-26T12:50:13+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-09-10T14:39:52+00:00

8255bd29ac9a7bcdc317a8889420554e00d435cb

Overflowing calculations are now aligned to the greatest positive integer
as specified in RFC 9111, Section 1.2.2.





Overflowing calculations are now aligned to the greatest positive integer
as specified in RFC 9111, Section 1.2.2.







Upstream: fixed reinit request with gRPC and Early Hints.
2025-06-23T16:12:21+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-06-23T10:55:32+00:00

cdf7a9c6cb7f344efc80d790fbacdc1c94ab16e3

The gRPC module context has connection specific state, which can be lost
after request reinitialization when it comes to processing early hints.

The fix is to do only a portion of u->reinit_request() implementation
required after processing early hints, now inlined in modules.

Now NGX_HTTP_UPSTREAM_EARLY_HINTS is returned from u->process_header()
for early hints.  When reading a cached response, this code is mapped
to NGX_HTTP_UPSTREAM_INVALID_HEADER to indicate invalid header format.





The gRPC module context has connection specific state, which can be lost
after request reinitialization when it comes to processing early hints.

The fix is to do only a portion of u->reinit_request() implementation
required after processing early hints, now inlined in modules.

Now NGX_HTTP_UPSTREAM_EARLY_HINTS is returned from u->process_header()
for early hints.  When reading a cached response, this code is mapped
to NGX_HTTP_UPSTREAM_INVALID_HEADER to indicate invalid header format.