Contrib: http2 per server (was re: [nginx] support http2 per server)

David Freedman david.freedman at uk.clara.net
Mon Oct 2 15:29:55 UTC 2017


Not that anybody has responded yet, but please find an important improvement over this patch:

-        if (hc->addr_conf->http2 && !sscf->h2) {
+        if (r->http_version == NGX_HTTP_VERSION_20 && !sscf->h2) {

Full patch (with this improvement included) below:

diff -r 6b6e15bbda92 -r 2806e0ba8e91 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c    Tue Sep 05 17:59:31 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.c    Fri Sep 08 01:07:46 2017 +0000
@@ -234,6 +234,13 @@
       offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
       NULL },

+    { ngx_string("ssl_h2"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+      ngx_http_ssl_enable,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, h2),
+      NULL },
+
       ngx_null_command
 };

@@ -354,6 +361,7 @@
 #endif
 #if (NGX_HTTP_V2)
     ngx_http_connection_t  *hc;
+    ngx_http_ssl_srv_conf_t   *sscf;
 #endif
 #if (NGX_HTTP_V2 || NGX_DEBUG)
     ngx_connection_t       *c;
@@ -372,7 +380,9 @@
 #if (NGX_HTTP_V2)
     hc = c->data;

-    if (hc->addr_conf->http2) {
+    sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
+
+    if (hc->addr_conf->http2 && sscf->h2) {
         srv =
            (unsigned char *) NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
         srvlen = sizeof(NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
@@ -416,10 +426,13 @@
 #if (NGX_HTTP_V2)
     {
     ngx_http_connection_t  *hc;
+    ngx_http_ssl_srv_conf_t   *sscf;

     hc = c->data;

-    if (hc->addr_conf->http2) {
+    sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
+
+    if (hc->addr_conf->http2 && sscf->h2) {
         *out =
             (unsigned char *) NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
         *outlen = sizeof(NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
@@ -559,6 +572,7 @@
     sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
     sscf->stapling = NGX_CONF_UNSET;
     sscf->stapling_verify = NGX_CONF_UNSET;
+    sscf->h2 = NGX_CONF_UNSET;

     return sscf;
 }
@@ -624,6 +638,8 @@
     ngx_conf_merge_str_value(conf->stapling_responder,
                          prev->stapling_responder, "");

+    ngx_conf_merge_value(conf->h2, prev->h2, 1);
+
     conf->ssl.log = cf->log;

     if (conf->enable) {
diff -r 6b6e15bbda92 -r 2806e0ba8e91 src/http/modules/ngx_http_ssl_module.h
--- a/src/http/modules/ngx_http_ssl_module.h    Tue Sep 05 17:59:31 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.h    Fri Sep 08 01:07:46 2017 +0000
@@ -57,6 +57,9 @@

     u_char                         *file;
     ngx_uint_t                      line;
+
+    ngx_flag_t                      h2;
+
 } ngx_http_ssl_srv_conf_t;


diff -r 6b6e15bbda92 -r 2806e0ba8e91 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c       Tue Sep 05 17:59:31 2017 +0300
+++ b/src/http/ngx_http_request.c       Fri Sep 08 01:07:46 2017 +0000
@@ -795,6 +795,7 @@
         unsigned int            len;
         const unsigned char    *data;
         ngx_http_connection_t  *hc;
+        ngx_http_ssl_srv_conf_t  *sscf;

         hc = c->data;

@@ -813,9 +814,15 @@
             SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
 #endif

-            if (len == 2 && data[0] == 'h' && data[1] == '2') {
-                ngx_http_v2_init(c->read);
-                return;
+            sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
+
+            if (sscf->h2) {
+
+                if (len == 2 && data[0] == 'h' && data[1] == '2') {
+                    ngx_http_v2_init(c->read);
+                    return;
+                }
+
             }
         }
         }
@@ -2106,6 +2113,15 @@
             ngx_http_finalize_request(r, NGX_HTTP_MISDIRECTED_REQUEST);
             return NGX_ERROR;
         }
+#if (NGX_HTTP_V2)
+        if (r->http_version == NGX_HTTP_VERSION_20 && !sscf->h2) {
+            ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                          "client attempted to request a server name "
+                          "that does not have http2 enabled");
+            ngx_http_finalize_request(r, NGX_HTTP_MISDIRECTED_REQUEST);
+            return NGX_ERROR;
+        }
+#endif
     }

 #endif



More information about the nginx-devel mailing list