nginx.git/src/stream/ngx_stream_upstream_round_robin.c, branch release-1.28.3 nginx SSL: removed stale comments. 2025-02-26T13:40:03+00:00 Sergey Kandaurov pluknet@nginx.com 2025-02-21T11:54:04+00:00 d16251969bf113272b577920940f020524d5fceb It appears to be a relic from prototype locking removed in b0b7b5a35. 
It appears to be a relic from prototype locking removed in b0b7b5a35.
SSL: improved logging of saving sessions from upstream servers. 2025-02-26T13:40:03+00:00 Sergey Kandaurov pluknet@nginx.com 2025-02-21T11:41:33+00:00 311c39037734df89b56325091e9435bc542308f4 This makes it easier to understand why sessions may not be saved in shared memory due to size. 
This makes it easier to understand why sessions may not be saved
in shared memory due to size.
SSL: using static storage for NGX_SSL_MAX_SESSION_SIZE buffers. 2025-02-26T13:40:03+00:00 Sergey Kandaurov pluknet@nginx.com 2025-02-21T09:49:41+00:00 3d7304b527d1fb6eb697eb8719f286ba7b8e90de All such transient buffers are converted to the single storage in BSS. In preparation to raise the limit. 
All such transient buffers are converted to the single storage in BSS.

In preparation to raise the limit.
Upstream: per-upstream resolver. 2024-11-07T15:57:42+00:00 Vladimir Homutov vl@nginx.com 2019-10-18T13:33:15+00:00 ea4654550ab021b5576c03b708079e3ce3e5d9ed The "resolver" and "resolver_timeout" directives can now be specified directly in the "upstream" block. 
The "resolver" and "resolver_timeout" directives can now be specified
directly in the "upstream" block.
 Upstream: construct upstream peers from DNS SRV records. 2024-11-07T15:57:42+00:00 Dmitry Volyntsev xeioex@nginx.com 2016-03-17T15:42:31+00:00 9fe119b431c957824d7bed75fce47dfbda74ca33 






Upstream: re-resolvable servers.
2024-11-07T15:57:42+00:00

Ruslan Ermilov
ru@nginx.com

2014-02-15T11:12:34+00:00

db6870e06dde7ab249e9a41a0e0a76219f82dd8c

Specifying the upstream server by a hostname together with the
"resolve" parameter will make the hostname to be periodically
resolved, and upstream servers added/removed as necessary.

This requires a "resolver" at the "http" configuration block.

The "resolver_timeout" parameter also affects when the failed
DNS requests will be attempted again.  Responses with NXDOMAIN
will be attempted again in 10 seconds.

Upstream has a configuration generation number that is incremented each
time servers are added/removed to the primary/backup list.  This number
is remembered by the peer.init method, and if peer.get detects a change
in configuration, it returns NGX_BUSY.

Each server has a reference counter.  It is incremented by peer.get and
decremented by peer.free.  When a server is removed, it is removed from
the list of servers and is marked as "zombie".  The memory allocated by
a zombie peer is freed only when its reference count becomes zero.

Co-authored-by: Roman Arutyunyan <arut@nginx.com>
Co-authored-by: Sergey Kandaurov <pluknet@nginx.com>
Co-authored-by: Vladimir Homutov <vl@nginx.com>




Specifying the upstream server by a hostname together with the
"resolve" parameter will make the hostname to be periodically
resolved, and upstream servers added/removed as necessary.

This requires a "resolver" at the "http" configuration block.

The "resolver_timeout" parameter also affects when the failed
DNS requests will be attempted again.  Responses with NXDOMAIN
will be attempted again in 10 seconds.

Upstream has a configuration generation number that is incremented each
time servers are added/removed to the primary/backup list.  This number
is remembered by the peer.init method, and if peer.get detects a change
in configuration, it returns NGX_BUSY.

Each server has a reference counter.  It is incremented by peer.get and
decremented by peer.free.  When a server is removed, it is removed from
the list of servers and is marked as "zombie".  The memory allocated by
a zombie peer is freed only when its reference count becomes zero.

Co-authored-by: Roman Arutyunyan <arut@nginx.com>
Co-authored-by: Sergey Kandaurov <pluknet@nginx.com>
Co-authored-by: Vladimir Homutov <vl@nginx.com>






Upstream: excluded down servers from the next_upstream tries.
2020-11-26T21:01:20+00:00

Ruslan Ermilov
ru@nginx.com

2020-11-26T21:01:20+00:00

cfa669151e605410cfb57cc70b0e4023f4777602

Previously, the number of next_upstream tries included servers marked
as "down", resulting in "no live upstreams" with the code 502 instead
of the code derived from an attempt to connect to the last tried "up"
server (ticket #2096).





Previously, the number of next_upstream tries included servers marked
as "down", resulting in "no live upstreams" with the code 502 instead
of the code derived from an attempt to connect to the last tried "up"
server (ticket #2096).







SSL: removed OpenSSL 0.9.7 compatibility.
2016-04-11T12:46:36+00:00

Sergey Kandaurov
pluknet@nginx.com

2016-04-11T12:46:36+00:00

c17bc31d41a0372002115899a2c64e89aeca7e7d












SSL: save sessions for upstream peers using a callback function.
2018-07-17T09:53:23+00:00

Sergey Kandaurov
pluknet@nginx.com

2018-07-17T09:53:23+00:00

d5a27006e03174aa518f6c849d377a130a7c705c

In TLSv1.3, NewSessionTicket messages arrive after the handshake and
can come at any time.  Therefore we use a callback to save the session
when we know about it.  This approach works for < TLSv1.3 as well.
The callback function is set once per location on merge phase.

Since SSL_get_session() in BoringSSL returns an unresumable session for
TLSv1.3, peer save_session() methods have been updated as well to use a
session supplied within the callback.  To preserve API, the session is
cached in c->ssl->session.  It is preferably accessed in save_session()
methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers.





In TLSv1.3, NewSessionTicket messages arrive after the handshake and
can come at any time.  Therefore we use a callback to save the session
when we know about it.  This approach works for < TLSv1.3 as well.
The callback function is set once per location on merge phase.

Since SSL_get_session() in BoringSSL returns an unresumable session for
TLSv1.3, peer save_session() methods have been updated as well to use a
session supplied within the callback.  To preserve API, the session is
cached in c->ssl->session.  It is preferably accessed in save_session()
methods by ngx_ssl_get_session() and ngx_ssl_get0_session() wrappers.







Stream: speed up TCP peer recovery.
2016-12-26T11:27:05+00:00

Roman Arutyunyan
arut@nginx.com

2016-12-26T11:27:05+00:00

6dae95a7d499c836f72a585961cb80166ed5fde7

Previously, an unavailable peer was considered recovered after a successful
proxy session to this peer.  Until then, only a single client connection per
fail_timeout was allowed to be proxied to the peer.

Since stream sessions can be long, it may take indefinite time for a peer to
recover, limiting the ability of the peer to receive new connections.

Now, a peer is considered recovered after a successful TCP connection is
established to it.  Balancers are notified of this event via the notify()
callback.





Previously, an unavailable peer was considered recovered after a successful
proxy session to this peer.  Until then, only a single client connection per
fail_timeout was allowed to be proxied to the peer.

Since stream sessions can be long, it may take indefinite time for a peer to
recover, limiting the ability of the peer to receive new connections.

Now, a peer is considered recovered after a successful TCP connection is
established to it.  Balancers are notified of this event via the notify()
callback.