[nginx] support http2 per server
洪志道
hongzhidao at gmail.com
Thu Jun 8 04:07:29 UTC 2017
Hi!
Now, http2 is enabled globally for 'listen' directive with ip:port.
It seems it's possible to enable by server with sni, alpn, npn.
Take a look, please.
diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Mon May 29 23:33:38 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.c Wed Jun 07 12:17:34 2017 -0400
@@ -234,6 +234,13 @@
offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
NULL },
+ { ngx_string("ssl_h2"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+ ngx_http_ssl_enable,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_ssl_srv_conf_t, h2),
+ NULL },
+
ngx_null_command
};
@@ -343,16 +350,17 @@
unsigned char *outlen, const unsigned char *in, unsigned int inlen,
void *arg)
{
- unsigned int srvlen;
- unsigned char *srv;
+ unsigned int srvlen;
+ unsigned char *srv;
#if (NGX_DEBUG)
- unsigned int i;
+ unsigned int i;
#endif
#if (NGX_HTTP_V2)
- ngx_http_connection_t *hc;
+ ngx_http_connection_t *hc;
+ ngx_http_ssl_srv_conf_t *sscf;
#endif
#if (NGX_HTTP_V2 || NGX_DEBUG)
- ngx_connection_t *c;
+ ngx_connection_t *c;
c = ngx_ssl_get_connection(ssl_conn);
#endif
@@ -367,8 +375,9 @@
#if (NGX_HTTP_V2)
hc = c->data;
+ sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
- if (hc->addr_conf->http2) {
+ if (hc->addr_conf->http2 && sscf->h2) {
srv =
(unsigned char *) NGX_HTTP_V2_ALPN_ADVERTISE
NGX_HTTP_NPN_ADVERTISE;
srvlen = sizeof(NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE)
- 1;
@@ -411,11 +420,13 @@
#if (NGX_HTTP_V2)
{
- ngx_http_connection_t *hc;
+ ngx_http_connection_t *hc;
+ ngx_http_ssl_srv_conf_t *sscf;
hc = c->data;
+ sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
- if (hc->addr_conf->http2) {
+ if (hc->addr_conf->http2 && sscf->h2) {
*out =
(unsigned char *) NGX_HTTP_V2_NPN_ADVERTISE
NGX_HTTP_NPN_ADVERTISE;
*outlen = sizeof(NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE)
- 1;
@@ -555,6 +566,7 @@
sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
sscf->stapling = NGX_CONF_UNSET;
sscf->stapling_verify = NGX_CONF_UNSET;
+ sscf->h2 = NGX_CONF_UNSET;
return sscf;
}
@@ -620,6 +632,8 @@
ngx_conf_merge_str_value(conf->stapling_responder,
prev->stapling_responder, "");
+ ngx_conf_merge_value(conf->h2, prev->h2, 0);
+
conf->ssl.log = cf->log;
if (conf->enable) {
diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.h
--- a/src/http/modules/ngx_http_ssl_module.h Mon May 29 23:33:38 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.h Wed Jun 07 12:17:34 2017 -0400
@@ -57,6 +57,8 @@
u_char *file;
ngx_uint_t line;
+
+ ngx_flag_t h2;
} ngx_http_ssl_srv_conf_t;
Thanks.
B.R.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170608/ed3fc8f7/attachment-0001.html>
More information about the nginx-devel
mailing list