nginx.git/src/stream, branch release-1.19.9 nginx SSL: fixed build by Sun C with old OpenSSL versions. 2021-03-05T14:16:13+00:00 Maxim Dounin mdounin@mdounin.ru 2021-03-05T14:16:13+00:00 797ac536fe2cc0a311a72ddb861784f320991beb Sun C complains about "statement not reached" if a "return" is followed by additional statements. 
Sun C complains about "statement not reached" if a "return" is followed
by additional statements.
Upstream: excluded down servers from the next_upstream tries. 2020-11-26T21:01:20+00:00 Ruslan Ermilov ru@nginx.com 2020-11-26T21:01:20+00:00 cfa669151e605410cfb57cc70b0e4023f4777602 Previously, the number of next_upstream tries included servers marked as "down", resulting in "no live upstreams" with the code 502 instead of the code derived from an attempt to connect to the last tried "up" server (ticket #2096). 
Previously, the number of next_upstream tries included servers marked
as "down", resulting in "no live upstreams" with the code 502 instead
of the code derived from an attempt to connect to the last tried "up"
server (ticket #2096).
Stream: proxy_ssl_conf_command directive. 2020-10-22T15:00:27+00:00 Maxim Dounin mdounin@mdounin.ru 2020-10-22T15:00:27+00:00 f9a37243c9a86fcc318ee77fa49c2b1bfe35b6b5 Similarly to ssl_conf_command, proxy_ssl_conf_command can be used to set arbitrary OpenSSL configuration parameters as long as nginx is compiled with OpenSSL 1.0.2 or later, when connecting to upstream servers with SSL. Full list of available configuration commands can be found in the SSL_CONF_cmd manual page (https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html). 
Similarly to ssl_conf_command, proxy_ssl_conf_command can be used to
set arbitrary OpenSSL configuration parameters as long as nginx is
compiled with OpenSSL 1.0.2 or later, when connecting to upstream
servers with SSL.  Full list of available configuration commands
can be found in the SSL_CONF_cmd manual page
(https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).
SSL: ssl_conf_command directive. 2020-10-22T15:00:22+00:00 Maxim Dounin mdounin@mdounin.ru 2020-10-22T15:00:22+00:00 ac9c1622822260f81edcf582887a5f0271c2c4c6 With the ssl_conf_command directive it is now possible to set arbitrary OpenSSL configuration parameters as long as nginx is compiled with OpenSSL 1.0.2 or later. Full list of available configuration commands can be found in the SSL_CONF_cmd manual page (https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html). In particular, this allows configuring PrioritizeChaCha option (ticket #1445): ssl_conf_command Options PrioritizeChaCha; It can be also used to configure TLSv1.3 ciphers in OpenSSL, which fails to configure them via the SSL_CTX_set_cipher_list() interface (ticket #1529): ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256; Configuration commands are applied after nginx own configuration for SSL, so they can be used to override anything set by nginx. Note though that configuring OpenSSL directly with ssl_conf_command might result in a behaviour nginx does not expect, and should be done with care. 
With the ssl_conf_command directive it is now possible to set
arbitrary OpenSSL configuration parameters as long as nginx is compiled
with OpenSSL 1.0.2 or later.  Full list of available configuration
commands can be found in the SSL_CONF_cmd manual page
(https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).

In particular, this allows configuring PrioritizeChaCha option
(ticket #1445):

    ssl_conf_command Options PrioritizeChaCha;

It can be also used to configure TLSv1.3 ciphers in OpenSSL,
which fails to configure them via the SSL_CTX_set_cipher_list()
interface (ticket #1529):

    ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;

Configuration commands are applied after nginx own configuration
for SSL, so they can be used to override anything set by nginx.
Note though that configuring OpenSSL directly with ssl_conf_command
might result in a behaviour nginx does not expect, and should be
done with care.
Stream: set module. 2020-08-28T21:10:54+00:00 Pavel Pautov p.pautov@f5.com 2020-08-28T21:10:54+00:00 c85d6fec217d1b17291779542de20ad77ae68661 Adds 'set' directive to the stream server context. 
Adds 'set' directive to the stream server context.
Stream: fixed processing of zero length UDP packets (ticket #1982). 2020-06-08T08:40:34+00:00 Vladimir Homutov vl@nginx.com 2020-06-08T08:40:34+00:00 58d1412f0df08a90cc4df9bb3e5fb8a550daf63e 






Limit conn: added shared context.
2019-11-18T16:50:59+00:00

Roman Arutyunyan
arut@nginx.com

2019-11-18T16:50:59+00:00

5dc242e8f75eae718c1a941e663d7f483acf7c62

Previously only an rbtree was associated with a limit_conn.  To make it
possible to associate more data with a limit_conn, shared context is introduced
similar to limit_req.  Also, shared pool pointer is kept in a way similar to
limit_req.





Previously only an rbtree was associated with a limit_conn.  To make it
possible to associate more data with a limit_conn, shared context is introduced
similar to limit_req.  Also, shared pool pointer is kept in a way similar to
limit_req.







Limit conn: $limit_conn_status variable.
2019-11-18T14:48:32+00:00

Roman Arutyunyan
arut@nginx.com

2019-11-18T14:48:32+00:00

3a55d60d2d22788cd35cdd3f207d01d55984c1cf

The variable takes one of the values: PASSED, REJECTED or REJECTED_DRY_RUN.





The variable takes one of the values: PASSED, REJECTED or REJECTED_DRY_RUN.







Limit conn: limit_conn_dry_run directive.
2019-11-19T08:30:41+00:00

Roman Arutyunyan
arut@nginx.com

2019-11-19T08:30:41+00:00

b48c8718bf9b135368c8c9eb969db5dce6e0ed35

A new directive limit_conn_dry_run allows enabling the dry run mode.  In this
mode connections are not rejected, but reject status is logged as usual.





A new directive limit_conn_dry_run allows enabling the dry run mode.  In this
mode connections are not rejected, but reject status is logged as usual.







Parsing server PROXY protocol address and port (ticket #1206).
2019-10-21T17:22:30+00:00

Roman Arutyunyan
arut@nginx.com

2019-10-21T17:22:30+00:00

203898505ca4fde338d718960e485891ecd891f6

New variables $proxy_protocol_server_addr and $proxy_protocol_server_port are
added both to HTTP and Stream.





New variables $proxy_protocol_server_addr and $proxy_protocol_server_port are
added both to HTTP and Stream.