nginx.git/src/http, branch release-1.15.1 nginx Upstream: fixed tcp_nopush with gRPC. 2018-07-02T16:03:04+00:00 Maxim Dounin mdounin@mdounin.ru 2018-07-02T16:03:04+00:00 a7186c8f1ceef938b710509993719b93daff419a With gRPC it is possible that a request sending is blocked due to flow control. Moreover, further sending might be only allowed once the backend sees all the data we've already sent. With such a backend it is required to clear the TCP_NOPUSH socket option to make sure all the data we've sent are actually delivered to the backend. As such, we now clear TCP_NOPUSH in ngx_http_upstream_send_request() also on NGX_AGAIN if c->write->ready is set. This fixes a test (which waits for all the 64k bytes as per initial window before allowing more bytes) with sendfile enabled when the body was written to a file in a different context. 
With gRPC it is possible that a request sending is blocked due to flow
control.  Moreover, further sending might be only allowed once the
backend sees all the data we've already sent.  With such a backend
it is required to clear the TCP_NOPUSH socket option to make sure all
the data we've sent are actually delivered to the backend.

As such, we now clear TCP_NOPUSH in ngx_http_upstream_send_request()
also on NGX_AGAIN if c->write->ready is set.  This fixes a test (which
waits for all the 64k bytes as per initial window before allowing more
bytes) with sendfile enabled when the body was written to a file
in a different context.
Upstream: fixed unexpected tcp_nopush usage on peer connections. 2018-07-02T16:02:31+00:00 Maxim Dounin mdounin@mdounin.ru 2018-07-02T16:02:31+00:00 1331a99f5c55cb1aff399000af56b17a43552e3f Now tcp_nopush on peer connections is disabled if it is disabled on the client connection, similar to how we handle c->sendfile. Previously, tcp_nopush was always used on upstream connections, regardless of the "tcp_nopush" directive. 
Now tcp_nopush on peer connections is disabled if it is disabled on
the client connection, similar to how we handle c->sendfile.  Previously,
tcp_nopush was always used on upstream connections, regardless of
the "tcp_nopush" directive.
gRPC: clearing buffers in ngx_http_grpc_get_buf(). 2018-07-02T16:02:08+00:00 Maxim Dounin mdounin@mdounin.ru 2018-07-02T16:02:08+00:00 d842b4e5e0ebda87559d804de29dd56bd4cbc4dc We copy input buffers to our buffers, so various flags might be unexpectedly set in buffers returned by ngx_chain_get_free_buf(). In particular, the b->in_file flag might be set when the body was written to a file in a different context. With sendfile enabled this in turn might result in protocol corruption if such a buffer was reused for a control frame. Make sure to clear buffers and set only fields we really need to be set. 
We copy input buffers to our buffers, so various flags might be
unexpectedly set in buffers returned by ngx_chain_get_free_buf().

In particular, the b->in_file flag might be set when the body was
written to a file in a different context.  With sendfile enabled this
in turn might result in protocol corruption if such a buffer was reused
for a control frame.

Make sure to clear buffers and set only fields we really need to be set.
Upstream: ngx_http_upstream_random module. 2018-06-15T08:46:14+00:00 Vladimir Homutov vl@nginx.com 2018-06-15T08:46:14+00:00 0c4ccbea23813a50132df511d4445bc1686dbc2f The module implements random load-balancing algorithm with optional second choice. In the latter case, the best of two servers is chosen, accounting number of connections and server weight. Example: upstream u { random [two [least_conn]]; server 127.0.0.1:8080; server 127.0.0.1:8081; server 127.0.0.1:8082; server 127.0.0.1:8083; } 
The module implements random load-balancing algorithm with optional second
choice.  In the latter case, the best of two servers is chosen, accounting
number of connections and server weight.

Example:

upstream u {
    random [two [least_conn]];

    server 127.0.0.1:8080;
    server 127.0.0.1:8081;
    server 127.0.0.1:8082;
    server 127.0.0.1:8083;
}
Upstream: improved peer selection concurrency for hash and ip_hash. 2018-06-14T04:03:50+00:00 Ruslan Ermilov ru@nginx.com 2018-06-14T04:03:50+00:00 2eab9efbe4050ab471cfa3ed778d751454fcd87d 






Upstream: disable body cleanup with preserve_output (ticket #1565).
2018-06-13T12:28:11+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-06-13T12:28:11+00:00

9b6bc8a5787d270a54a3465a23eef22cee870e37

With u->conf->preserve_output set the request body file might be used
after the response header is sent, so avoid cleaning it.  (Normally
this is not a problem as u->conf->preserve_output is only set with
r->request_body_no_buffering, but the request body might be already
written to a file in a different context.)





With u->conf->preserve_output set the request body file might be used
after the response header is sent, so avoid cleaning it.  (Normally
this is not a problem as u->conf->preserve_output is only set with
r->request_body_no_buffering, but the request body might be already
written to a file in a different context.)







HTTP/2: use scheme from original request for pushes (closes #1549).
2018-06-07T17:04:22+00:00

Ruslan Ermilov
ru@nginx.com

2018-06-07T17:04:22+00:00

fb3a9e28b233f3c2823487378622e7cf4284857a

Instead of the connection scheme, use scheme from the original request.
This fixes pushes when SSL is terminated by a proxy server in front of
nginx.





Instead of the connection scheme, use scheme from the original request.
This fixes pushes when SSL is terminated by a proxy server in front of
nginx.







Added r->schema.
2018-06-07T17:01:41+00:00

Ruslan Ermilov
ru@nginx.com

2018-06-07T17:01:41+00:00

f11a9cbdd0f5806131e4308d2ce98a2a97ca4007

For HTTP/1, it keeps scheme from the absolute form of URI.
For HTTP/2, the :scheme request pseudo-header field value.





For HTTP/1, it keeps scheme from the absolute form of URI.
For HTTP/2, the :scheme request pseudo-header field value.







Removed extraneous check while processing request line.
2018-06-07T16:53:43+00:00

Ruslan Ermilov
ru@nginx.com

2018-06-07T16:53:43+00:00

70b6e7a299e6488c2f59f1768c600921bd08a2d7












HTTP/2: validate client request scheme.
2018-06-07T08:47:10+00:00

Ruslan Ermilov
ru@nginx.com

2018-06-07T08:47:10+00:00

94a2ce426fc36a6c82411a331bb18bf129c6d014

The scheme is validated as per RFC 3986, Section 3.1.





The scheme is validated as per RFC 3986, Section 3.1.