From vakul.garg at nxp.com Wed Feb 1 05:48:04 2017 From: vakul.garg at nxp.com (Vakul Garg) Date: Wed, 1 Feb 2017 05:48:04 +0000 Subject: NGINx async SSL handshake In-Reply-To: References: Message-ID: Hi Brian Sorry for the late response. I was on vacations. I understand the point that if I call SSL_* API again with a given SSL session, it will resume the ASYNC JOB associated with it. >From there we can dequeue in the engine the responses from the crypto hardware. But the moot point is how we are going to trigger nginx come out of epoll() so that it knows that SSL_ * API needs to be called for a given SSL session? Regards Vakul -----Original Message----- From: Will, Brian [mailto:brian.will at intel.com] Sent: Wednesday, January 25, 2017 4:08 AM To: Vakul Garg Cc: nginx-devel at nginx.org; Michael Kardonik ; Schuetze, Joel D ; Yu, Ping Y ; Finn, Coleman ; Pankaj Gupta ; Arun Pathak ; Chambers, Mark A Subject: RE: NGINx async SSL handshake Hi Vakul, I look at OpenSSL and the asynch framework as separate to how the engine handles its submissions and responses. If you call the SSL_* API's as you stated it will resume the JOB at the point where it was PAUSED, namely in the engine allowing it to dequeue the responses from the HW. If the HW causes reordering of the responses it can simply dequeue the existing responses, store the ones that are out of order for this connection and either keep dequeuing until the correct response is seen or PAUSE again until the right response is available. This also means there is no need for a polling thread to be created by the engine. You would also disable the event notifications and FD creation that the engine currently owns. I'm unable to post to the NGINX forum as I'm getting a permission error on this specific message. Thanks, Brian -----Original Message----- From: Vakul Garg [mailto:vakul.garg at nxp.com] Sent: Monday, January 16, 2017 8:43 AM To: Will, Brian Cc: nginx-devel at nginx.org; Michael Kardonik ; Schuetze, Joel D ; Yu, Ping Y ; Finn, Coleman ; Pankaj Gupta ; Arun Pathak ; Chambers, Mark A Subject: RE: NGINx async SSL handshake Hi Brian > For the engine response processing another alternative is to simply recall the appropriate SSL_* API which will switch to the correct JOB context and complete the crypto processing. IIUC, for this to work, the response from the accelerator corresponding to the paused job associate with SSL connection should have been dequeued prior. The engine's poll thread does just that. It dequeues accelerator responses and finds out wait_ctx to wakeup through its file descriptor. This in turn wakes triggers NGINx's epoll_wait() to return. It then calls SSL_* API for the connection wokenup. Now the SSL_* API would internally call ASYNC_start_job and it resumes previously paused job to complete the operation. Thus, IMO, simply recalling SSL_* API is not sufficient unless you meant to say that you would dequeue accelerator response directly from its command rings after job gets resumed. In that case, if we do this, then we would have a problem if accelerator reorders the responses. Regards Vakul -----Original Message----- From: Will, Brian [mailto:brian.will at intel.com] Sent: Saturday, January 14, 2017 1:51 AM To: Vakul Garg Cc: nginx-devel at nginx.org; Michael Kardonik ; Schuetze, Joel D ; Yu, Ping Y ; Finn, Coleman ; Pankaj Gupta ; Arun Pathak ; Chambers, Mark A Subject: RE: NGINx async SSL handshake Hi Vakul, This sounds interesting and would give the capability to do the "polling inline". I'd like to see the changes you are proposing to the event loop. For the engine response processing another alternative is to simply recall the appropriate SSL_* API which will switch to the correct JOB context and complete the crypto processing. This way you are able to continue using a standard OpenSSL API rather than having to create a new standardized ENGINE ctrl message. It shouldn't be much in the difference wrt performance as the context switch happens very soon after the SSL_* API invocations. Thanks, Brian -----Original Message----- From: Vakul Garg [mailto:vakul.garg at nxp.com] Sent: Friday, January 13, 2017 1:52 AM To: Will, Brian Cc: nginx-devel at nginx.org; Michael Kardonik ; Schuetze, Joel D ; Yu, Ping Y ; Finn, Coleman ; Pankaj Gupta ; Arun Pathak ; Chambers, Mark A Subject: RE: NGINx async SSL handshake Hi Brian Yes, one of the things I am looking for is a replacement for engine private receive thread with "poll inline" from nginx worker itself. It might not necessarily require timer based mechanism to get the nginx event loop to poll accelerator responses. The requirement is to give some time slice to the engine to do receive side processing from the accelerator. This time slice can be given after completing ready list of FDs in event loop. If any SSL connection is pending on WANT_ASYNC, then event poll loop should wakeup with zero timeout, because we know accelerator response would come soon and it makes sense to give timeslice for engine accelerator response processing. For engine accelerator response processing an ENGINE control api can be built and directly called from nginx event loop. Please let me know your comments. Regards Vakul -----Original Message----- From: Will, Brian [mailto:brian.will at intel.com] Sent: Friday, January 13, 2017 4:54 AM To: Vakul Garg Cc: nginx-devel at nginx.org; Michael Kardonik ; Schuetze, Joel D ; Yu, Ping Y ; Finn, Coleman ; Pankaj Gupta ; Arun Pathak ; Chambers, Mark A Subject: RE: NGINx async SSL handshake Hi Vakul, Sorry for not getting back sooner. We are currently in the process of working with NGINX to get our patch integrated into the development tree. This process may result in a very different patch to what we have currently published, resulting in closer integration and fit into the infrastructure. As of right now we do not have the patch posted either as a repo or a review request. Your work on the wakeup mechanism would be very interesting, specifically what are you looking at as a replacement for the activation thread which the engine would own? On the option to "poll inline" from the nginx worker itself this is something we had explored and does result in increased performance, but then you would require some timer based mechanism to get the NGINX event loop to poll the SSL* API in question. This can be added and is supported through the current OpenSSL async features, but seemed like a different processing model to the way NGINX handles all other activity. Thanks, Brian -----Original Message----- From: Vakul Garg [mailto:vakul.garg at nxp.com] Sent: Monday, January 09, 2017 12:52 AM To: Will, Brian Cc: nginx-devel at nginx.org; Michael Kardonik ; Schuetze, Joel D ; Yu, Ping Y ; Finn, Coleman ; Pankaj Gupta ; Arun Pathak Subject: RE: NGINx async SSL handshake Hi Brian We are using your nginx patch with our PKC accelerator (exposed through cryptodev-linux ioctls). The OpenSSL cryptodev engine has been enhanced to make async PKC calls. The system is running functionally well, but the performance is poor. Last year, we used older OpenSSL versions (without ASYNC job infrastructure) with Geoff Thorpe's https://github.com/libfibre to achieve async crypto acceleration. The performance was better than we are getting with OpenSSL-1.1.0 + Nginx patch in question. On studying the Intel nginx changes, I feel that the way the asynchronous APIs have been integrated are somewhat heavy and there is possibility of improvement. Specifically, the eventfd based job wakeup mechanism seems heavy. I am looking towards making changes over your nginx patch to introduce a newer job wakeup method. Further, I want to get rid of creating set of accelerator response poll threads in engine and provide an option to do this inline in nginx worker thread itself. For this, I hoped your patches are submitted upstream and in process of review or I can find your work in some github repo where we can submit our changes. Let me know your comments. Regards Vakul -----Original Message----- From: Will, Brian [mailto:brian.will at intel.com] Sent: Saturday, January 07, 2017 2:40 AM To: Vakul Garg Cc: nginx-devel at nginx.org; Michael Kardonik ; Schuetze, Joel D ; Yu, Ping Y ; Finn, Coleman Subject: RE: NGINx async SSL handshake Hello Vakul, The link you have included is the latest patch for NGINX to support OpenSSL-1.1.0 that we are maintaining. We are working to try and get these changes included into the mainline of NGINX, but in the interim this patch should work for the OpenSSL-1.1.0 branch of code. Were there specific issues that you have run into? Thanks, Brian -----Original Message----- From: Vakul Garg [mailto:vakul.garg at nxp.com] Sent: Friday, January 06, 2017 12:10 PM To: Will, Brian Cc: nginx-devel at nginx.org; Michael Kardonik Subject: RE: NGINx async SSL handshake Hi Brian I am using nginx openssl async: https://01.org/sites/default/files/page/nginx-1.10.0-async.l.0.3.0-001_0.tgz with my async RSA accelerator. Where can I find the updated version of this work? Can you share your plans to upstream this work? Regards Vakul -----Original Message----- From: nginx-devel [mailto:nginx-devel-bounces at nginx.org] On Behalf Of Alexey Ivanov Sent: Saturday, November 19, 2016 2:00 PM To: nginx-devel at nginx.org Cc: brian.will at intel.com Subject: Re: NGINx async SSL handshake +Brian Will from Intel, to correct me if I'm wrong. My two cents here(Intel Quick Assist specific, based on conversations during Nginx.Conf): 1) Even without hardware offload async handshake helps in cases where you have high TLS connection rates, because right now handshake is basically a 2ms+ blocking operation(specific timing depend on AVX/AVX2 support[0]) inside the event loop. Therefore after some TLS connection rate nginx performance falls off the cliff. 2) Hardware offload numbers look very impressive[1](TL;DR: 5x improvement for RSA 2048, for ECDSA, imho, it is neither impressive, nor needed). Also they prove asymmetric part of the accelerator to be future proof, so that it is possible to add new handshake types(e.g. Ed25519). Disclaimer: we did not test that hardware yet. As for patches, you can check 01.org for: a) nginx openssl async: https://01.org/sites/default/files/page/nginx-1.10.0-async.l.0.3.0-001_0.tgz b) zlib[2]: https://01.org/sites/default/files/page/zlib_shim_0.4.9-001.tgz (Full list of docs: https://01.org/packet-processing/intel%C2%AE-quickassist-technology-drivers-and-patches ) Question for Brian/Maxim: are you planning on integrating it into mainline nginx? 1000+ line diffs are usually rather hard to integrate. [0] FWIW, speaking about OpenSSL performance: using OpenSSL 1.0.2 + Intel Xeon v2 processors with AVX2 gives 2x performance boost(over OpenSSL 1.0.1 and v1). [1] https://twitter.com/SaveTheRbtz/status/773962669166428161 [2] There are also cloudflare and intel patches for zlib for faster deflation (i.e. compression only) > On Nov 18, 2016, at 8:12 PM, Vakul Garg wrote: > > Hi > > I am a newbie to nginx. > I am integrating a public key hardware accelerator in OpenSSL using engine interface. > The engine is async capable. > > Recently openssl-1.1.0 has added support for ASYNC_JOB. > IIUC, nginx would also require changes in order to do SSL handshake in async way. > > Any pointers where can I get the nginx code changes done for async > openssl > > Regards > > Vakul > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel From igor at sysoev.ru Wed Feb 1 08:33:33 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 01 Feb 2017 08:33:33 +0000 Subject: [njs] 2017 year. Message-ID: details: http://hg.nginx.org/njs/rev/c9308fed683e branches: changeset: 309:c9308fed683e user: Igor Sysoev date: Wed Feb 01 10:06:28 2017 +0300 description: 2017 year. diffstat: LICENSE | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (12 lines): diff -r 67d4bcb5823f -r c9308fed683e LICENSE --- a/LICENSE Tue Jan 31 20:22:01 2017 +0300 +++ b/LICENSE Wed Feb 01 10:06:28 2017 +0300 @@ -1,6 +1,6 @@ /* - * Copyright (C) 2015-2016 Igor Sysoev - * Copyright (C) 2015-2016 NGINX, Inc. + * Copyright (C) 2015-2017 Igor Sysoev + * Copyright (C) 2015-2017 NGINX, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without From igor at sysoev.ru Wed Feb 1 08:33:40 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 01 Feb 2017 08:33:40 +0000 Subject: [njs] Version 0.1.9. Message-ID: details: http://hg.nginx.org/njs/rev/5bd283398822 branches: changeset: 310:5bd283398822 user: Igor Sysoev date: Wed Feb 01 11:29:47 2017 +0300 description: Version 0.1.9. diffstat: CHANGES | 38 ++++++++++++++++++++++++++++++++++++++ Makefile | 2 +- 2 files changed, 39 insertions(+), 1 deletions(-) diffs (52 lines): diff -r c9308fed683e -r 5bd283398822 CHANGES --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/CHANGES Wed Feb 01 11:29:47 2017 +0300 @@ -0,0 +1,38 @@ + +Changes with nJScript 0.1.9 01 Feb 2017 + + *) Bugfix: global variables were not initialized when nJScript was used + in nginx. + +Changes with nJScript 0.1.8 24 Jan 2017 + + *) Change: the "strict" mode is enforced, variables must be explicitly + declared. + + *) Feature: "for" and "for-in" loops support variable declaration. + + *) Bugfix: global and function scopes have been fixed. + + *) Bugfix: now "for-in" loop does not discard the last value of property + variable. + + *) Bugfix: miscellaneous bugs and segmentation faults have been fixed. + +Changes with nJScript 0.1.7 27 Dec 2016 + + *) Change: the "js_include" directive has been disabled at server and + location levels. + + *) Feature: exponentiation operators. + + *) Bugfix: miscellaneous bugs and segmentation faults have been fixed. + +Changes with nJScript 0.1.6 13 Dec 2016 + + *) Change: the "js_set" directive has been disabled at server and + location levels. + + *) Feature: ES6 Math methods. + + *) Bugfix: miscellaneous bugs and segmentation faults have been fixed. + diff -r c9308fed683e -r 5bd283398822 Makefile --- a/Makefile Wed Feb 01 10:06:28 2017 +0300 +++ b/Makefile Wed Feb 01 11:29:47 2017 +0300 @@ -1,5 +1,5 @@ -NJS_VER = 0.1.8 +NJS_VER = 0.1.9 NXT_LIB = nxt From igor at sysoev.ru Wed Feb 1 08:33:42 2017 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 01 Feb 2017 08:33:42 +0000 Subject: [njs] Added tag 0.1.9 for changeset 5bd283398822 Message-ID: details: http://hg.nginx.org/njs/rev/214afa2466a0 branches: changeset: 311:214afa2466a0 user: Igor Sysoev date: Wed Feb 01 11:33:05 2017 +0300 description: Added tag 0.1.9 for changeset 5bd283398822 diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff -r 5bd283398822 -r 214afa2466a0 .hgtags --- a/.hgtags Wed Feb 01 11:29:47 2017 +0300 +++ b/.hgtags Wed Feb 01 11:33:05 2017 +0300 @@ -7,3 +7,4 @@ 9c813c2bb2acfd5b6e9d1e9b6699af928baea15a 44b524f7e313369cd062a387511ea6fdc427875f 0.1.6 15dc54100400f99c3ec044d8fb0175dd3d69adcb 0.1.7 a29f29d481125db6101ecdc23dc20187c143cdc9 0.1.8 +5bd2833988222900f60ad9b330ebc44df3b30662 0.1.9 From matwey.kornilov at gmail.com Wed Feb 1 11:56:14 2017 From: matwey.kornilov at gmail.com (Matwey V. Kornilov) Date: Wed, 1 Feb 2017 14:56:14 +0300 Subject: [PATCH] SSI: Implement #fsize SSI command In-Reply-To: <20170130142645.GD46625@mdounin.ru> References: <20170130142645.GD46625@mdounin.ru> Message-ID: 30.01.2017 17:26, Maxim Dounin ?????: > Hello! > > On Sat, Jan 28, 2017 at 02:08:29PM +0300, Matwey V. Kornilov wrote: > >> # HG changeset patch >> # User Matwey V. Kornilov >> # Date 1485600652 -10800 >> # Sat Jan 28 13:50:52 2017 +0300 >> # Branch fsize >> # Node ID f3bb0258beb24b975b94966a94d45e9a9f5c3c39 >> # Parent 640f035293959b2d4b0ba5939d954bc517f57f77 >> SSI: Implement #fsize SSI command > > Thanks, looks interesting, though certainly it needs more work. > Some comments below. Hello, Thank you for valuable comments. I probably missed something about header_only, it was tricky to understand how it was really supposed to be used. Probably I need other (or introduce new dedicated) way to achieve the same result. Frankly speaking, I don't like idea with waited subrequest because there could be many #fsize-s at the same page and simultaneous #fsize processing would be desired here due to lower page rendering time. > > [...] > >> +static ngx_int_t ngx_http_ssi_fsize(ngx_http_request_t *r, >> + ngx_http_ssi_ctx_t *ctx, ngx_str_t **params) > > Style: > The function type should be on a line by itself preceding the > function. That is, function name should start on its own line: > > static ngx_int_t > ngx_http_ssi_fsize(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx, > ngx_str_t **params) > > [...] > >> + psr->handler = ngx_http_ssi_fsize_output; >> + psr->data = ctx; >> + >> + if (ngx_http_subrequest(r, uri, &args, &sr, psr, flags) != NGX_OK) { >> + return NGX_HTTP_SSI_ERROR; >> + } >> + sr->header_only = 1; >> + >> + return NGX_OK; >> +} >> + >> + >> +static ngx_int_t ngx_http_ssi_fsize_output(ngx_http_request_t *r, void *data, >> + ngx_int_t rc) >> +{ >> + ngx_chain_t *out; >> + ngx_buf_t *b; >> + u_char *p; >> + size_t len, i; >> + ngx_http_ssi_ctx_t *ctx; >> + unsigned sizefmt_bytes; >> + >> + ctx = data; >> + sizefmt_bytes = (ctx ? ctx->sizefmt_bytes : 0); > > Just a side note: > It is not clear how ctx can be NULL here. > >> + >> + p = ngx_pnalloc(r->pool, NGX_OFF_T_LEN + 1); >> + if (p == NULL) { >> + return NGX_ERROR; >> + } >> + >> + len = ngx_sprintf(p, "%O", r->headers_out.content_length_n) - p; > > Note that r->headers_out.content_length_n may be -1 here. Either > because it is not known at all (this can happen for proxied > requests), or because it was cleared/modified by a filter > expecting to change the response. In either case "-1" is probably > not a correct value to print here. > > It might also be a good idea to find out how to prevent filters > from clearing the length and/or how to save it earlier. > >> + >> + if (!sizefmt_bytes) { >> + i = len / 3; >> + len = len % 3; >> + >> + p[len] = ngx_http_ssi_si_prefix[i]; >> + len++; >> + } >> + >> + b = ngx_calloc_buf(r->pool); >> + if (b == NULL) { >> + return NGX_ERROR; >> + } >> + >> + b->memory = 1; >> + b->pos = p; >> + b->last = p + len; > > Just a side note: > Using ngx_create_temp_buf() might be more appropriate here. > >> + >> + out= ngx_alloc_chain_link(r->pool); >> + if (out == NULL) { >> + return NGX_ERROR; >> + } >> + >> + out->buf = b; >> + out->next = NULL; >> + >> + return ngx_http_output_filter(r, out); > > Not sure if it's ok to declare a subrequest as a header_only one, > and then output a body for it. I suspect it may break in > unexpected places. > > Alternative approach would be to wait for the subrequest and then > output the result in the main request context, much like it is > done for "include set". > >> @@ -2400,6 +2529,22 @@ >> ctx->errmsg = *value; >> } >> >> + value = params[NGX_HTTP_SSI_CONFIG_SIZEFMT]; >> + >> + if (value) { >> + if (value->len == 5 >> + && ngx_strncasecmp(value->data, (u_char*)"bytes", 5) == 0) { >> + ctx->sizefmt_bytes = 1; > > Style: > The "{" should be on its own line. And the cast needs more > spaces, > > if (value->len == 5 > && ngx_strncasecmp(value->data, (u_char *) "bytes", 5) == 0) > { > ctx->sizefmt_bytes = 1; > From mdounin at mdounin.ru Wed Feb 1 12:54:33 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 1 Feb 2017 15:54:33 +0300 Subject: [PATCH] Proxy: make timeout directives accept variables In-Reply-To: References: <9d03643e-0798-3c7a-a793-5b739c28c2e2@fastmail.com> <20170131160041.GK46625@mdounin.ru> Message-ID: <20170201125432.GO46625@mdounin.ru> Hello! On Tue, Jan 31, 2017 at 10:17:36AM -0800, Thibault Charbonnier wrote: > On 1/31/17 8:00 AM, Maxim Dounin wrote: > > You may want to provide more details on what problem you are > > trying to solve. > > The use-case was originally to use a longer proxy_read_timeout on > certain upstream locations without duplicating too much configuration > (our location block). I then thought it would be nice to have for other > timeout directives as well, and eventually reuse the code in other > modules as you suggested, so timeout directives could support variables > anywhere. Clear enough, thank you. Using an additional location might be a better solution, at least until there is a way to introduce variables support with less effort. -- Maxim Dounin http://nginx.org/ From thibaultcha at fastmail.com Wed Feb 1 16:40:55 2017 From: thibaultcha at fastmail.com (Thibault Charbonnier) Date: Wed, 1 Feb 2017 08:40:55 -0800 Subject: [PATCH] Proxy: make timeout directives accept variables In-Reply-To: <20170201125432.GO46625@mdounin.ru> References: <9d03643e-0798-3c7a-a793-5b739c28c2e2@fastmail.com> <20170131160041.GK46625@mdounin.ru> <20170201125432.GO46625@mdounin.ru> Message-ID: Hello > On Feb 1, 2017, at 4:54 AM, Maxim Dounin wrote: > > until there is a way to introduce variables > support with less effort. What do you suggest to reduce the patch size? Should it take care of those other timeout directives in other modules? One of my other hunch was to add the complex field on the ngx_http_upstream_conf_t struct itself for widespread support. Would you suggest this? The intent behind my patch was to gather feedback and iterate over it with your suggestions. Thanks! From mdounin at mdounin.ru Wed Feb 1 16:58:38 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 1 Feb 2017 19:58:38 +0300 Subject: [PATCH] Proxy: make timeout directives accept variables In-Reply-To: References: <9d03643e-0798-3c7a-a793-5b739c28c2e2@fastmail.com> <20170131160041.GK46625@mdounin.ru> <20170201125432.GO46625@mdounin.ru> Message-ID: <20170201165837.GP46625@mdounin.ru> Hello! On Wed, Feb 01, 2017 at 08:40:55AM -0800, Thibault Charbonnier wrote: > > On Feb 1, 2017, at 4:54 AM, Maxim Dounin wrote: > > > > until there is a way to introduce variables > > support with less effort. > > What do you suggest to reduce the patch size? Should it take > care of those other timeout directives in other modules? > > One of my other hunch was to add the complex field on the > ngx_http_upstream_conf_t struct itself for widespread support. > Would you suggest this? > > The intent behind my patch was to gather feedback and iterate > over it with your suggestions. I'm highly sceptical about introducing variables support everywhere just to save some configuration complexity in very special cases. In most cases there better ways to organize things without using variables, as initial nginx configuration approach suggests. -- Maxim Dounin http://nginx.org/ From tim.birkett at devopsmakers.com Wed Feb 1 18:56:57 2017 From: tim.birkett at devopsmakers.com (Tim Birkett) Date: Thu, 02 Feb 2017 02:56:57 +0800 Subject: [PATCH] Add ability to remove Connection header completely Message-ID: <25129d5509b83f9c45a9.1485975417@MBP.local> # HG changeset patch # User Tim Birkett # Date 1485972846 -28800 # Thu Feb 02 02:14:06 2017 +0800 # Node ID 25129d5509b83f9c45a92c7508ebc1cd65592118 # Parent d2b2ff157da53260b2b1c414792100ff0cd1377d Add ability to remove Connection header completely In some cases it's desirable to strip response sizes down as much as possible. Consider an API that serves a huge number of small responses. You'd probably use ngx_headers_more to strip all headers except the "Connection: Close" header that's about 17 bytes can;t currently be stripped. If you're returning say, a phone number or IP address then that header accounts for about a 3rd of the traffic you serve. This patch allows you to remove the header completely by setting "keepalive_timeout 0 0;" it seemed to be the most straight forward and sane approach without adding another config directive. I realise that this would cause responses to not adhere strictly to HTTP/1.1 but I also feel it's a valuable edgecase for those in the ad-serving, tel. number replacement and other high volume "small data" API products out there where every byte counts (and costs). Any feedback appreciated. diff -r d2b2ff157da5 -r 25129d5509b8 src/http/ngx_http_header_filter_module.c --- a/src/http/ngx_http_header_filter_module.c Tue Jan 31 21:19:58 2017 +0300 +++ b/src/http/ngx_http_header_filter_module.c Thu Feb 02 02:14:06 2017 +0800 @@ -389,7 +389,9 @@ } } else { - len += sizeof("Connection: close" CRLF) - 1; + if (clcf->keepalive_header != 0) { + len += sizeof("Connection: close" CRLF) - 1; + } } #if (NGX_HTTP_GZIP) @@ -560,8 +562,10 @@ } } else { - b->last = ngx_cpymem(b->last, "Connection: close" CRLF, - sizeof("Connection: close" CRLF) - 1); + if (clcf->keepalive_header != 0){ + b->last = ngx_cpymem(b->last, "Connection: close" CRLF, + sizeof("Connection: close" CRLF) - 1); + } } #if (NGX_HTTP_GZIP) From thibaultcha at fastmail.com Wed Feb 1 19:40:53 2017 From: thibaultcha at fastmail.com (Thibault Charbonnier) Date: Wed, 1 Feb 2017 11:40:53 -0800 Subject: [PATCH] Proxy: make timeout directives accept variables In-Reply-To: <20170201165837.GP46625@mdounin.ru> References: <9d03643e-0798-3c7a-a793-5b739c28c2e2@fastmail.com> <20170131160041.GK46625@mdounin.ru> <20170201125432.GO46625@mdounin.ru> <20170201165837.GP46625@mdounin.ru> Message-ID: <5590f09b-9fda-ebe5-63bd-a1fd9a994d38@fastmail.com> On 2/1/17 8:58 AM, Maxim Dounin wrote: > I'm highly sceptical about introducing variables support > everywhere just to save some configuration complexity in very > special cases. In most cases there better ways to organize things > without using variables, as initial nginx configuration approach > suggests. Understood, thank you for your feedback. From pluknet at nginx.com Thu Feb 2 14:39:12 2017 From: pluknet at nginx.com (Sergey Kandaurov) Date: Thu, 02 Feb 2017 14:39:12 +0000 Subject: [nginx] Configure: removed execute bit from auto/unix. Message-ID: details: http://hg.nginx.org/nginx/rev/22cd2ce9fb44 branches: changeset: 6900:22cd2ce9fb44 user: Sergey Kandaurov date: Wed Feb 01 20:04:06 2017 +0300 description: Configure: removed execute bit from auto/unix. From amdeich at gmail.com Thu Feb 2 15:51:18 2017 From: amdeich at gmail.com (Andrey Kulikov) Date: Thu, 2 Feb 2017 18:51:18 +0300 Subject: [Q]: Why nginx stop feeding content to a custom filter module after processing 64K of data? Message-ID: Hello, I've implemented custom filter module for nginx. In fact, it does nothing, but copy input chain to output. The aim is to have placeholder for filter modules, what do little bit more intelligent processing. Wish it be useful for new nginx modules developers. Sources could be found here: https://github.com/amdei/dummy-filter-module It kind of stripped simplified version of ngx_http_sub_module module. Currently I can observe only one issue with this module: it can't process replies longer that 65536 bytes. Doesn't matter if it proxied reply, or content from a disk file. I can't identify source of this issue, so appealing to the collective intelligence. With the following location configuration: location / { dummy_filter on; root /root/devel/ngx_module/dummy-filter-module/t/servroot/html; index index.html; } if index.html contains more that 64K of data, request to / location hangs up after processing exactly, and after some time connection closing with timeout. (I use index.html containing 70000 of letter 'A'.) Debugging shows that input file feeded to my module with chains 32K long (in one buffer). But after second input chain it looks like feeding data to module just stops. In logs we may see following: ... 2017/02/02 13:55:57 [debug] 16389#0: *4 dummy out 2017/02/02 13:55:57 [debug] 16389#0: *4 dummy out: 0000000000750DB8 0000000000769860-0000000000771860 (32768) 2017/02/02 13:55:57 [debug] 16389#0: *4 http postpone filter "/index.html?" 0000000000750D38 2017/02/02 13:55:57 [debug] 16389#0: *4 http chunk: 32768 2017/02/02 13:55:57 [debug] 16389#0: *4 write new buf t:1 f:0 0000000000750E18, pos 0000000000750E18, size: 6 file: 0, size: 0 2017/02/02 13:55:57 [debug] 16389#0: *4 write new buf t:0 f:0 0000000000000000, pos 0000000000769860, size: 32768 file: 0, size: 0 2017/02/02 13:55:57 [debug] 16389#0: *4 write new buf t:0 f:0 0000000000750CB0, pos 00000000004DE2DD, size: 2 file: 0, size: 0 2017/02/02 13:55:57 [debug] 16389#0: *4 http write filter: l:0 f:1 s:32776 2017/02/02 13:55:57 [debug] 16389#0: *4 http write filter limit 0 2017/02/02 13:55:57 [debug] 16389#0: *4 writev: 32776 of 32776 2017/02/02 13:55:57 [debug] 16389#0: *4 http write filter 0000000000000000 2017/02/02 13:55:57 [debug] 16389#0: *4 http copy filter: -2 "/index.html?" 2017/02/02 13:55:57 [debug] 16389#0: *4 http finalize request: -2, "/index.html?" a:1, c:2 2017/02/02 13:55:57 [debug] 16389#0: *4 event timer add: 3: 60000:1486033017701 2017/02/02 13:55:57 [debug] 16389#0: *4 http finalize request: -4, "/index.html?" a:1, c:2 2017/02/02 13:55:57 [debug] 16389#0: *4 http request count:2 blk:0 2017/02/02 13:55:57 [debug] 16389#0: worker cycle ... At the same time, if input chain divided into few buffers, in total containing more that 64K of data, it processed normally. (as we may see in test https://github.com/amdei/dummy-filter-module/blob/master/t/07-long-reply.t ) What could be done in order to identify source (apart from damaged DNA) and eliminate described issue? Any help and advises will be appreciated. -- WBR, Andrey From me+lists.nginx at tomthorogood.co.uk Fri Feb 3 11:39:04 2017 From: me+lists.nginx at tomthorogood.co.uk (Tom Thorogood) Date: Fri, 03 Feb 2017 22:09:04 +1030 Subject: [PATCH] HTTP: NGINX_VER_BUILD in Server header and error page tail. In-Reply-To: <20170131093334.GA733@lo0.su> References: <1462703226.1314805.601366873.679532C0@webmail.messagingengine.com> <1485490598.2897802.861127232.499F85E0@webmail.messagingengine.com> <20170131093334.GA733@lo0.su> Message-ID: <1486121944.1488374.869110768.55AFB4FF@webmail.messagingengine.com> Hi Ruslan, Thanks for merging. Kind Regards, Tom Thorogood. On Tue, 31 Jan 2017, at 08:03 PM, Ruslan Ermilov wrote: > Hi Tom, > > On Fri, Jan 27, 2017 at 02:46:38PM +1030, Tom Thorogood wrote: > > Hi, > > > > Ping. Any chance this might be able to be merged? > > I've fixed some omissions in your patch, and committed the > support for new option. > > http://hg.nginx.org/nginx/rev/25203fc377fb > > > On Sun, 8 May 2016, at 08:57 PM, Tom Thorogood wrote: > > > Hi, > > > > > > This patch adds a build option to the server_tokens directive. When build is specified the Server header will have a value of NGINX_VER_BUILD. Also the tail of built in error pages will be NGINX_VER_BUILD. off and on are retained as valid values and behave as they always have. > > > > > > This makes it possible to specify semi-custom server tokens of the form "nginx/ ()". is specified with the --build flag for ./configure. > > > > > > A potential use case is including the name of a custom build for example with --build="super-nginx/0.1". This would give: nginx/1.9.15 (super-nginx/0.1). > > > > > > Another potential use case of this feature is to include the git revision of a parent build with --build="`git rev-parse --short HEAD`". This would give: nginx/1.9.15 (c3ebabd). In that case the feature can be used to enhance troubleshooting and/or provide more information to end users. > > > > > > Kind Regards, > > > Tom Thorogood. > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel From mdounin at mdounin.ru Fri Feb 3 12:34:10 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 3 Feb 2017 15:34:10 +0300 Subject: [Q]: Why nginx stop feeding content to a custom filter module after processing 64K of data? In-Reply-To: References: Message-ID: <20170203123410.GT46625@mdounin.ru> Hello! On Thu, Feb 02, 2017 at 06:51:18PM +0300, Andrey Kulikov wrote: > Hello, > > I've implemented custom filter module for nginx. > In fact, it does nothing, but copy input chain to output. > The aim is to have placeholder for filter modules, what do little bit > more intelligent processing. > Wish it be useful for new nginx modules developers. > > Sources could be found here: https://github.com/amdei/dummy-filter-module > It kind of stripped simplified version of ngx_http_sub_module module. > > Currently I can observe only one issue with this module: it can't > process replies longer that 65536 bytes. > Doesn't matter if it proxied reply, or content from a disk file. > I can't identify source of this issue, so appealing to the collective > intelligence. You are not freeing the buffers passed, but rather hold them for an infinite time in your filter. As a result once output_buffers are exhausted, the process stalls waiting for you to free some buffers. (Note well that your filter misuses NGX_HTTP_SUB_BUFFERED flag. This will cause undefined behaviour if the filter is used with the sub filter.) -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Fri Feb 3 13:58:09 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 03 Feb 2017 13:58:09 +0000 Subject: [nginx] SSL: fixed ssl_buffer_size on SNI virtual hosts (ticket #1192). Message-ID: details: http://hg.nginx.org/nginx/rev/72bb626484a4 branches: changeset: 6901:72bb626484a4 user: Maxim Dounin date: Thu Feb 02 20:29:16 2017 +0300 description: SSL: fixed ssl_buffer_size on SNI virtual hosts (ticket #1192). Previously, buffer size was not changed from the one saved during initial ngx_ssl_create_connection(), even if the buffer itself was not yet created. Fix is to change c->ssl->buffer_size in the SNI callback. Note that it should be also possible to update buffer size even in non-SNI virtual hosts as long as the buffer is not yet allocated. This looks like an overcomplication though. diffstat: src/http/ngx_http_request.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (12 lines): diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -884,6 +884,8 @@ ngx_http_ssl_servername(ngx_ssl_conn_t * sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); + c->ssl->buffer_size = sscf->buffer_size; + if (sscf->ssl.ctx) { SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); From pluknet at nginx.com Mon Feb 6 15:41:25 2017 From: pluknet at nginx.com (Sergey Kandaurov) Date: Mon, 06 Feb 2017 15:41:25 +0000 Subject: [nginx] SSL: clear error queue after OPENSSL_init_ssl(). Message-ID: details: http://hg.nginx.org/nginx/rev/5cb85b0ee00b branches: changeset: 6902:5cb85b0ee00b user: Sergey Kandaurov date: Mon Feb 06 18:38:06 2017 +0300 description: SSL: clear error queue after OPENSSL_init_ssl(). The function may leave error in the error queue while returning success, e.g., when taking a DSO reference to itself as of OpenSSL 1.1.0d: https://git.openssl.org/?p=openssl.git;a=commit;h=4af9f7f Notably, this fixes alert seen with statically linked OpenSSL on some platforms. While here, check OPENSSL_init_ssl() return value. diffstat: src/event/ngx_event_openssl.c | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletions(-) diffs (22 lines): diff -r 72bb626484a4 -r 5cb85b0ee00b src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Thu Feb 02 20:29:16 2017 +0300 +++ b/src/event/ngx_event_openssl.c Mon Feb 06 18:38:06 2017 +0300 @@ -121,7 +121,17 @@ ngx_ssl_init(ngx_log_t *log) { #if OPENSSL_VERSION_NUMBER >= 0x10100003L - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); + if (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) { + ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed"); + return NGX_ERROR; + } + + /* + * OPENSSL_init_ssl() may leave errors in the error queue + * while returning success + */ + + ERR_clear_error(); #else From amdeich at gmail.com Mon Feb 6 17:16:56 2017 From: amdeich at gmail.com (Andrey Kulikov) Date: Mon, 6 Feb 2017 20:16:56 +0300 Subject: [Q]: Why nginx stop feeding content to a custom filter module after processing 64K of data? In-Reply-To: <20170203123410.GT46625@mdounin.ru> References: <20170203123410.GT46625@mdounin.ru> Message-ID: Hello, > You are not freeing the buffers passed, but rather hold them for > an infinite time in your filter. As a result once output_buffers > are exhausted, the process stalls waiting for you to free some > buffers. Thanks for pointing out! I'll try to fix this issue... > > (Note well that your filter misuses NGX_HTTP_SUB_BUFFERED flag. > This will cause undefined behaviour if the filter is used with the > sub filter.) Is there are more elegant solution to achieve desired functionality? Without patching nginx sources by adding new NGX_HTTP_*_BUFFERED constant? There is only limited number of slots available, and if not with sub filter, it may cause incompatibility with other external modules, if they happens to use the same bit. -- WBR, Andrey From mdounin at mdounin.ru Tue Feb 7 13:14:45 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 7 Feb 2017 16:14:45 +0300 Subject: [Q]: Why nginx stop feeding content to a custom filter module after processing 64K of data? In-Reply-To: References: <20170203123410.GT46625@mdounin.ru> Message-ID: <20170207131445.GC46625@mdounin.ru> Hello! On Mon, Feb 06, 2017 at 08:16:56PM +0300, Andrey Kulikov wrote: > > (Note well that your filter misuses NGX_HTTP_SUB_BUFFERED flag. > > This will cause undefined behaviour if the filter is used with the > > sub filter.) > > Is there are more elegant solution to achieve desired functionality? > Without patching nginx sources by adding new NGX_HTTP_*_BUFFERED constant? > There is only limited number of slots available, and if not with sub > filter, it may cause incompatibility with > other external modules, if they happens to use the same bit. AFAIK, there is no good solution. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Wed Feb 8 18:29:01 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 08 Feb 2017 18:29:01 +0000 Subject: [nginx] Request body: c->error on "100 Continue" errors (ticket #1194). Message-ID: details: http://hg.nginx.org/nginx/rev/92e771de7d89 branches: changeset: 6903:92e771de7d89 user: Maxim Dounin date: Wed Feb 08 19:35:31 2017 +0300 description: Request body: c->error on "100 Continue" errors (ticket #1194). diffstat: src/http/ngx_http_request_body.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (12 lines): diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c --- a/src/http/ngx_http_request_body.c +++ b/src/http/ngx_http_request_body.c @@ -835,6 +835,8 @@ ngx_http_test_expect(ngx_http_request_t /* we assume that such small packet should be send successfully */ + r->connection->error = 1; + return NGX_ERROR; } From mdounin at mdounin.ru Wed Feb 8 18:29:04 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 08 Feb 2017 18:29:04 +0000 Subject: [nginx] Request body: commented out debug printing of old buffers. Message-ID: details: http://hg.nginx.org/nginx/rev/5e2423bce883 branches: changeset: 6904:5e2423bce883 user: Maxim Dounin date: Wed Feb 08 19:36:03 2017 +0300 description: Request body: commented out debug printing of old buffers. This is not really needed in practice, and causes excessive debug output in some of our tests. diffstat: src/http/ngx_http_request_body.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (19 lines): diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c --- a/src/http/ngx_http_request_body.c +++ b/src/http/ngx_http_request_body.c @@ -1087,6 +1087,7 @@ ngx_http_request_body_save_filter(ngx_ht #if (NGX_DEBUG) +#if 0 for (cl = rb->bufs; cl; cl = cl->next) { ngx_log_debug7(NGX_LOG_DEBUG_EVENT, r->connection->log, 0, "http body old buf t:%d f:%d %p, pos %p, size: %z " @@ -1097,6 +1098,7 @@ ngx_http_request_body_save_filter(ngx_ht cl->buf->file_pos, cl->buf->file_last - cl->buf->file_pos); } +#endif for (cl = in; cl; cl = cl->next) { ngx_log_debug7(NGX_LOG_DEBUG_EVENT, r->connection->log, 0, From arut at nginx.com Fri Feb 10 13:58:32 2017 From: arut at nginx.com (Roman Arutyunyan) Date: Fri, 10 Feb 2017 13:58:32 +0000 Subject: [nginx] Cache: support for stale-while-revalidate and stale-if-error. Message-ID: details: http://hg.nginx.org/nginx/rev/9a9e13686869 branches: changeset: 6905:9a9e13686869 user: Roman Arutyunyan date: Thu Dec 22 14:25:34 2016 +0300 description: Cache: support for stale-while-revalidate and stale-if-error. Previously, there was no way to enable the proxy_cache_use_stale behavior by reading the backend response. Now, stale-while-revalidate and stale-if-error Cache-Control extensions (RFC 5861) are supported. They specify, how long a stale response can be used when a cache entry is being updated, or in case of an error. diffstat: src/http/ngx_http_cache.h | 9 ++- src/http/ngx_http_file_cache.c | 8 ++ src/http/ngx_http_upstream.c | 117 ++++++++++++++++++++++++++++++---------- 3 files changed, 103 insertions(+), 31 deletions(-) diffs (261 lines): diff -r 5e2423bce883 -r 9a9e13686869 src/http/ngx_http_cache.h --- a/src/http/ngx_http_cache.h Wed Feb 08 19:36:03 2017 +0300 +++ b/src/http/ngx_http_cache.h Thu Dec 22 14:25:34 2016 +0300 @@ -27,7 +27,7 @@ #define NGX_HTTP_CACHE_ETAG_LEN 42 #define NGX_HTTP_CACHE_VARY_LEN 42 -#define NGX_HTTP_CACHE_VERSION 3 +#define NGX_HTTP_CACHE_VERSION 4 typedef struct { @@ -71,6 +71,8 @@ struct ngx_http_cache_s { ngx_file_uniq_t uniq; time_t valid_sec; + time_t updating_sec; + time_t error_sec; time_t last_modified; time_t date; @@ -114,12 +116,17 @@ struct ngx_http_cache_s { unsigned purged:1; unsigned reading:1; unsigned secondary:1; + + unsigned stale_updating:1; + unsigned stale_error:1; }; typedef struct { ngx_uint_t version; time_t valid_sec; + time_t updating_sec; + time_t error_sec; time_t last_modified; time_t date; uint32_t crc32; diff -r 5e2423bce883 -r 9a9e13686869 src/http/ngx_http_file_cache.c --- a/src/http/ngx_http_file_cache.c Wed Feb 08 19:36:03 2017 +0300 +++ b/src/http/ngx_http_file_cache.c Thu Dec 22 14:25:34 2016 +0300 @@ -601,6 +601,8 @@ ngx_http_file_cache_read(ngx_http_reques c->buf->last += n; c->valid_sec = h->valid_sec; + c->updating_sec = h->updating_sec; + c->error_sec = h->error_sec; c->last_modified = h->last_modified; c->date = h->date; c->valid_msec = h->valid_msec; @@ -632,6 +634,8 @@ ngx_http_file_cache_read(ngx_http_reques now = ngx_time(); if (c->valid_sec < now) { + c->stale_updating = c->valid_sec + c->updating_sec >= now; + c->stale_error = c->valid_sec + c->error_sec >= now; ngx_shmtx_lock(&cache->shpool->mutex); @@ -1252,6 +1256,8 @@ ngx_http_file_cache_set_header(ngx_http_ h->version = NGX_HTTP_CACHE_VERSION; h->valid_sec = c->valid_sec; + h->updating_sec = c->updating_sec; + h->error_sec = c->error_sec; h->last_modified = c->last_modified; h->date = c->date; h->crc32 = c->crc32; @@ -1513,6 +1519,8 @@ ngx_http_file_cache_update_header(ngx_ht h.version = NGX_HTTP_CACHE_VERSION; h.valid_sec = c->valid_sec; + h.updating_sec = c->updating_sec; + h.error_sec = c->error_sec; h.last_modified = c->last_modified; h.date = c->date; h.crc32 = c->crc32; diff -r 5e2423bce883 -r 9a9e13686869 src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c Wed Feb 08 19:36:03 2017 +0300 +++ b/src/http/ngx_http_upstream.c Thu Dec 22 14:25:34 2016 +0300 @@ -871,7 +871,9 @@ ngx_http_upstream_cache(ngx_http_request case NGX_HTTP_CACHE_UPDATING: - if (u->conf->cache_use_stale & NGX_HTTP_UPSTREAM_FT_UPDATING) { + if ((u->conf->cache_use_stale & NGX_HTTP_UPSTREAM_FT_UPDATING) + || c->stale_updating) + { u->cache_status = rc; rc = NGX_OK; @@ -894,6 +896,9 @@ ngx_http_upstream_cache(ngx_http_request case NGX_HTTP_CACHE_STALE: c->valid_sec = 0; + c->updating_sec = 0; + c->error_sec = 0; + u->buffer.start = NULL; u->cache_status = NGX_HTTP_CACHE_EXPIRED; @@ -2340,7 +2345,7 @@ ngx_http_upstream_test_next(ngx_http_req #if (NGX_HTTP_CACHE) if (u->cache_status == NGX_HTTP_CACHE_EXPIRED - && (u->conf->cache_use_stale & un->mask)) + && ((u->conf->cache_use_stale & un->mask) || r->cache->stale_error)) { ngx_int_t rc; @@ -2364,14 +2369,17 @@ ngx_http_upstream_test_next(ngx_http_req && u->cache_status == NGX_HTTP_CACHE_EXPIRED && u->conf->cache_revalidate) { - time_t now, valid; + time_t now, valid, updating, error; ngx_int_t rc; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http upstream not modified"); now = ngx_time(); + valid = r->cache->valid_sec; + updating = r->cache->updating_sec; + error = r->cache->error_sec; rc = u->reinit_request(r); @@ -2385,6 +2393,8 @@ ngx_http_upstream_test_next(ngx_http_req if (valid == 0) { valid = r->cache->valid_sec; + updating = r->cache->updating_sec; + error = r->cache->error_sec; } if (valid == 0) { @@ -2397,6 +2407,9 @@ ngx_http_upstream_test_next(ngx_http_req if (valid) { r->cache->valid_sec = valid; + r->cache->updating_sec = updating; + r->cache->error_sec = error; + r->cache->date = now; ngx_http_file_cache_update_header(r); @@ -4132,7 +4145,7 @@ ngx_http_upstream_next(ngx_http_request_ #if (NGX_HTTP_CACHE) if (u->cache_status == NGX_HTTP_CACHE_EXPIRED - && (u->conf->cache_use_stale & ft_type)) + && ((u->conf->cache_use_stale & ft_type) || r->cache->stale_error)) { ngx_int_t rc; @@ -4507,32 +4520,76 @@ ngx_http_upstream_process_cache_control( offset = 8; } - if (p == NULL) { - return NGX_OK; - } - - n = 0; - - for (p += offset; p < last; p++) { - if (*p == ',' || *p == ';' || *p == ' ') { - break; - } - - if (*p >= '0' && *p <= '9') { - n = n * 10 + *p - '0'; - continue; - } - - u->cacheable = 0; - return NGX_OK; - } - - if (n == 0) { - u->cacheable = 0; - return NGX_OK; - } - - r->cache->valid_sec = ngx_time() + n; + if (p) { + n = 0; + + for (p += offset; p < last; p++) { + if (*p == ',' || *p == ';' || *p == ' ') { + break; + } + + if (*p >= '0' && *p <= '9') { + n = n * 10 + *p - '0'; + continue; + } + + u->cacheable = 0; + return NGX_OK; + } + + if (n == 0) { + u->cacheable = 0; + return NGX_OK; + } + + r->cache->valid_sec = ngx_time() + n; + } + + p = ngx_strlcasestrn(start, last, (u_char *) "stale-while-revalidate=", + 23 - 1); + + if (p) { + n = 0; + + for (p += 23; p < last; p++) { + if (*p == ',' || *p == ';' || *p == ' ') { + break; + } + + if (*p >= '0' && *p <= '9') { + n = n * 10 + *p - '0'; + continue; + } + + u->cacheable = 0; + return NGX_OK; + } + + r->cache->updating_sec = n; + r->cache->error_sec = n; + } + + p = ngx_strlcasestrn(start, last, (u_char *) "stale-if-error=", 15 - 1); + + if (p) { + n = 0; + + for (p += 15; p < last; p++) { + if (*p == ',' || *p == ';' || *p == ' ') { + break; + } + + if (*p >= '0' && *p <= '9') { + n = n * 10 + *p - '0'; + continue; + } + + u->cacheable = 0; + return NGX_OK; + } + + r->cache->error_sec = n; + } } #endif From arut at nginx.com Fri Feb 10 13:58:35 2017 From: arut at nginx.com (Roman Arutyunyan) Date: Fri, 10 Feb 2017 13:58:35 +0000 Subject: [nginx] Upstream: proxy_cache_background_update and friends. Message-ID: details: http://hg.nginx.org/nginx/rev/1aeaae6e9446 branches: changeset: 6906:1aeaae6e9446 user: Roman Arutyunyan date: Fri Feb 10 15:13:41 2017 +0300 description: Upstream: proxy_cache_background_update and friends. The directives enable cache updates in subrequests. diffstat: src/http/modules/ngx_http_fastcgi_module.c | 11 +++++++ src/http/modules/ngx_http_proxy_module.c | 11 +++++++ src/http/modules/ngx_http_scgi_module.c | 11 +++++++ src/http/modules/ngx_http_uwsgi_module.c | 11 +++++++ src/http/ngx_http_cache.h | 1 + src/http/ngx_http_core_module.c | 11 +++++++ src/http/ngx_http_file_cache.c | 2 +- src/http/ngx_http_request.h | 5 ++- src/http/ngx_http_upstream.c | 47 ++++++++++++++++++++++++++++- src/http/ngx_http_upstream.h | 1 + 10 files changed, 107 insertions(+), 4 deletions(-) diffs (297 lines): diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/modules/ngx_http_fastcgi_module.c --- a/src/http/modules/ngx_http_fastcgi_module.c Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/modules/ngx_http_fastcgi_module.c Fri Feb 10 15:13:41 2017 +0300 @@ -469,6 +469,13 @@ static ngx_command_t ngx_http_fastcgi_c offsetof(ngx_http_fastcgi_loc_conf_t, upstream.cache_revalidate), NULL }, + { ngx_string("fastcgi_cache_background_update"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_fastcgi_loc_conf_t, upstream.cache_background_update), + NULL }, + #endif { ngx_string("fastcgi_temp_path"), @@ -2769,6 +2776,7 @@ ngx_http_fastcgi_create_loc_conf(ngx_con conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC; conf->upstream.cache_lock_age = NGX_CONF_UNSET_MSEC; conf->upstream.cache_revalidate = NGX_CONF_UNSET; + conf->upstream.cache_background_update = NGX_CONF_UNSET; #endif conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; @@ -3061,6 +3069,9 @@ ngx_http_fastcgi_merge_loc_conf(ngx_conf ngx_conf_merge_value(conf->upstream.cache_revalidate, prev->upstream.cache_revalidate, 0); + ngx_conf_merge_value(conf->upstream.cache_background_update, + prev->upstream.cache_background_update, 0); + #endif ngx_conf_merge_value(conf->upstream.pass_request_headers, diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Fri Feb 10 15:13:41 2017 +0300 @@ -548,6 +548,13 @@ static ngx_command_t ngx_http_proxy_com offsetof(ngx_http_proxy_loc_conf_t, upstream.cache_convert_head), NULL }, + { ngx_string("proxy_cache_background_update"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_proxy_loc_conf_t, upstream.cache_background_update), + NULL }, + #endif { ngx_string("proxy_temp_path"), @@ -2863,6 +2870,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_ conf->upstream.cache_lock_age = NGX_CONF_UNSET_MSEC; conf->upstream.cache_revalidate = NGX_CONF_UNSET; conf->upstream.cache_convert_head = NGX_CONF_UNSET; + conf->upstream.cache_background_update = NGX_CONF_UNSET; #endif conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; @@ -3168,6 +3176,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t ngx_conf_merge_value(conf->upstream.cache_convert_head, prev->upstream.cache_convert_head, 1); + ngx_conf_merge_value(conf->upstream.cache_background_update, + prev->upstream.cache_background_update, 0); + #endif if (conf->method == NULL) { diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/modules/ngx_http_scgi_module.c --- a/src/http/modules/ngx_http_scgi_module.c Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/modules/ngx_http_scgi_module.c Fri Feb 10 15:13:41 2017 +0300 @@ -319,6 +319,13 @@ static ngx_command_t ngx_http_scgi_comma offsetof(ngx_http_scgi_loc_conf_t, upstream.cache_revalidate), NULL }, + { ngx_string("scgi_cache_background_update"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_scgi_loc_conf_t, upstream.cache_background_update), + NULL }, + #endif { ngx_string("scgi_temp_path"), @@ -1219,6 +1226,7 @@ ngx_http_scgi_create_loc_conf(ngx_conf_t conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC; conf->upstream.cache_lock_age = NGX_CONF_UNSET_MSEC; conf->upstream.cache_revalidate = NGX_CONF_UNSET; + conf->upstream.cache_background_update = NGX_CONF_UNSET; #endif conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; @@ -1506,6 +1514,9 @@ ngx_http_scgi_merge_loc_conf(ngx_conf_t ngx_conf_merge_value(conf->upstream.cache_revalidate, prev->upstream.cache_revalidate, 0); + ngx_conf_merge_value(conf->upstream.cache_background_update, + prev->upstream.cache_background_update, 0); + #endif ngx_conf_merge_value(conf->upstream.pass_request_headers, diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/modules/ngx_http_uwsgi_module.c --- a/src/http/modules/ngx_http_uwsgi_module.c Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/modules/ngx_http_uwsgi_module.c Fri Feb 10 15:13:41 2017 +0300 @@ -379,6 +379,13 @@ static ngx_command_t ngx_http_uwsgi_comm offsetof(ngx_http_uwsgi_loc_conf_t, upstream.cache_revalidate), NULL }, + { ngx_string("uwsgi_cache_background_update"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_uwsgi_loc_conf_t, upstream.cache_background_update), + NULL }, + #endif { ngx_string("uwsgi_temp_path"), @@ -1425,6 +1432,7 @@ ngx_http_uwsgi_create_loc_conf(ngx_conf_ conf->upstream.cache_lock_timeout = NGX_CONF_UNSET_MSEC; conf->upstream.cache_lock_age = NGX_CONF_UNSET_MSEC; conf->upstream.cache_revalidate = NGX_CONF_UNSET; + conf->upstream.cache_background_update = NGX_CONF_UNSET; #endif conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; @@ -1720,6 +1728,9 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t ngx_conf_merge_value(conf->upstream.cache_revalidate, prev->upstream.cache_revalidate, 0); + ngx_conf_merge_value(conf->upstream.cache_background_update, + prev->upstream.cache_background_update, 0); + #endif ngx_conf_merge_value(conf->upstream.pass_request_headers, diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/ngx_http_cache.h --- a/src/http/ngx_http_cache.h Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/ngx_http_cache.h Fri Feb 10 15:13:41 2017 +0300 @@ -116,6 +116,7 @@ struct ngx_http_cache_s { unsigned purged:1; unsigned reading:1; unsigned secondary:1; + unsigned background:1; unsigned stale_updating:1; unsigned stale_error:1; diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/ngx_http_core_module.c Fri Feb 10 15:13:41 2017 +0300 @@ -2566,6 +2566,17 @@ ngx_http_subrequest(ngx_http_request_t * *psr = sr; + if (flags & NGX_HTTP_SUBREQUEST_CLONE) { + sr->method = r->method; + sr->method_name = r->method_name; + sr->loc_conf = r->loc_conf; + sr->valid_location = r->valid_location; + sr->phase_handler = r->phase_handler; + sr->write_event_handler = ngx_http_core_run_phases; + + ngx_http_update_location_config(sr); + } + return ngx_http_post_request(sr, NULL); } diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/ngx_http_file_cache.c --- a/src/http/ngx_http_file_cache.c Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/ngx_http_file_cache.c Fri Feb 10 15:13:41 2017 +0300 @@ -1688,7 +1688,7 @@ ngx_http_file_cache_cleanup(void *data) ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->file.log, 0, "http file cache cleanup"); - if (c->updating) { + if (c->updating && !c->background) { ngx_log_error(NGX_LOG_ALERT, c->file.log, 0, "stalled cache updating, error:%ui", c->error); } diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/ngx_http_request.h Fri Feb 10 15:13:41 2017 +0300 @@ -62,7 +62,9 @@ /* unused 1 */ #define NGX_HTTP_SUBREQUEST_IN_MEMORY 2 #define NGX_HTTP_SUBREQUEST_WAITED 4 -#define NGX_HTTP_LOG_UNSAFE 8 +#define NGX_HTTP_SUBREQUEST_CLONE 8 + +#define NGX_HTTP_LOG_UNSAFE 1 #define NGX_HTTP_CONTINUE 100 @@ -481,6 +483,7 @@ struct ngx_http_request_s { #if (NGX_HTTP_CACHE) unsigned cached:1; + unsigned cache_updater:1; #endif #if (NGX_HTTP_GZIP) diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/ngx_http_upstream.c Fri Feb 10 15:13:41 2017 +0300 @@ -17,6 +17,8 @@ static ngx_int_t ngx_http_upstream_cache ngx_http_upstream_t *u, ngx_http_file_cache_t **cache); static ngx_int_t ngx_http_upstream_cache_send(ngx_http_request_t *r, ngx_http_upstream_t *u); +static ngx_int_t ngx_http_upstream_cache_background_update( + ngx_http_request_t *r, ngx_http_upstream_t *u); static ngx_int_t ngx_http_upstream_cache_check_range(ngx_http_request_t *r, ngx_http_upstream_t *u); static ngx_int_t ngx_http_upstream_cache_status(ngx_http_request_t *r, @@ -578,6 +580,10 @@ ngx_http_upstream_init_request(ngx_http_ rc = NGX_DECLINED; r->cached = 0; } + + if (ngx_http_upstream_cache_background_update(r, u) != NGX_OK) { + rc = NGX_ERROR; + } } if (rc != NGX_DECLINED) { @@ -869,10 +875,23 @@ ngx_http_upstream_cache(ngx_http_request switch (rc) { + case NGX_HTTP_CACHE_STALE: + + if (((u->conf->cache_use_stale & NGX_HTTP_UPSTREAM_FT_UPDATING) + || c->stale_updating) && !r->cache_updater + && u->conf->cache_background_update) + { + r->cache->background = 1; + u->cache_status = rc; + rc = NGX_OK; + } + + break; + case NGX_HTTP_CACHE_UPDATING: - if ((u->conf->cache_use_stale & NGX_HTTP_UPSTREAM_FT_UPDATING) - || c->stale_updating) + if (((u->conf->cache_use_stale & NGX_HTTP_UPSTREAM_FT_UPDATING) + || c->stale_updating) && !r->cache_updater) { u->cache_status = rc; rc = NGX_OK; @@ -1046,6 +1065,30 @@ ngx_http_upstream_cache_send(ngx_http_re static ngx_int_t +ngx_http_upstream_cache_background_update(ngx_http_request_t *r, + ngx_http_upstream_t *u) +{ + ngx_http_request_t *sr; + + if (!r->cached || !r->cache->background) { + return NGX_OK; + } + + if (ngx_http_subrequest(r, &r->uri, &r->args, &sr, NULL, + NGX_HTTP_SUBREQUEST_CLONE) + != NGX_OK) + { + return NGX_ERROR; + } + + sr->header_only = 1; + sr->cache_updater = 1; + + return NGX_OK; +} + + +static ngx_int_t ngx_http_upstream_cache_check_range(ngx_http_request_t *r, ngx_http_upstream_t *u) { diff -r 9a9e13686869 -r 1aeaae6e9446 src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h Thu Dec 22 14:25:34 2016 +0300 +++ b/src/http/ngx_http_upstream.h Fri Feb 10 15:13:41 2017 +0300 @@ -202,6 +202,7 @@ typedef struct { ngx_flag_t cache_revalidate; ngx_flag_t cache_convert_head; + ngx_flag_t cache_background_update; ngx_array_t *cache_valid; ngx_array_t *cache_bypass; From arut at nginx.com Fri Feb 10 13:58:38 2017 From: arut at nginx.com (Roman Arutyunyan) Date: Fri, 10 Feb 2017 13:58:38 +0000 Subject: [nginx] Slice filter: fetch slices in cloned subrequests. Message-ID: details: http://hg.nginx.org/nginx/rev/d16ba0ea3434 branches: changeset: 6907:d16ba0ea3434 user: Roman Arutyunyan date: Fri Feb 10 16:33:12 2017 +0300 description: Slice filter: fetch slices in cloned subrequests. Previously, slice subrequest location was selected based on request URI. If request is then redirected to a new location, its context array is cleared, making the slice module loose current slice range information. This lead to broken output. Now subrequests with the NGX_HTTP_SUBREQUEST_CLONE flag are created for slices. Such subrequests stay in the same location as the parent request and keep the right slice context. diffstat: src/http/modules/ngx_http_slice_filter_module.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diffs (15 lines): diff -r 1aeaae6e9446 -r d16ba0ea3434 src/http/modules/ngx_http_slice_filter_module.c --- a/src/http/modules/ngx_http_slice_filter_module.c Fri Feb 10 15:13:41 2017 +0300 +++ b/src/http/modules/ngx_http_slice_filter_module.c Fri Feb 10 16:33:12 2017 +0300 @@ -244,7 +244,10 @@ ngx_http_slice_body_filter(ngx_http_requ return rc; } - if (ngx_http_subrequest(r, &r->uri, &r->args, &sr, NULL, 0) != NGX_OK) { + if (ngx_http_subrequest(r, &r->uri, &r->args, &sr, NULL, + NGX_HTTP_SUBREQUEST_CLONE) + != NGX_OK) + { return NGX_ERROR; } From mdounin at mdounin.ru Fri Feb 10 15:11:52 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 10 Feb 2017 15:11:52 +0000 Subject: [nginx] Cache: increased cache header Vary and ETag lengths to 128. Message-ID: details: http://hg.nginx.org/nginx/rev/609daeb3b48b branches: changeset: 6908:609daeb3b48b user: Maxim Dounin date: Fri Feb 10 17:49:19 2017 +0300 description: Cache: increased cache header Vary and ETag lengths to 128. This allows to store larger ETag values for proxy_cache_revalidate, including ones generated as SHA256, and cache responses with longer Vary (ticket #826). In particular, this fixes caching of Amazon S3 responses with CORS enabled, which now use "Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method". Cache version bumped accordingly. diffstat: src/http/ngx_http_cache.h | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diffs (17 lines): diff --git a/src/http/ngx_http_cache.h b/src/http/ngx_http_cache.h --- a/src/http/ngx_http_cache.h +++ b/src/http/ngx_http_cache.h @@ -24,10 +24,10 @@ #define NGX_HTTP_CACHE_SCARCE 8 #define NGX_HTTP_CACHE_KEY_LEN 16 -#define NGX_HTTP_CACHE_ETAG_LEN 42 -#define NGX_HTTP_CACHE_VARY_LEN 42 +#define NGX_HTTP_CACHE_ETAG_LEN 128 +#define NGX_HTTP_CACHE_VARY_LEN 128 -#define NGX_HTTP_CACHE_VERSION 4 +#define NGX_HTTP_CACHE_VERSION 5 typedef struct { From mdounin at mdounin.ru Fri Feb 10 17:30:23 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 10 Feb 2017 17:30:23 +0000 Subject: [nginx] Upstream: read handler cleared on upstream finalization. Message-ID: details: http://hg.nginx.org/nginx/rev/5850fed24639 branches: changeset: 6909:5850fed24639 user: Maxim Dounin date: Fri Feb 10 20:24:26 2017 +0300 description: Upstream: read handler cleared on upstream finalization. With "proxy_ignore_client_abort off" (the default), upstream module changes r->read_event_handler to ngx_http_upstream_rd_check_broken_connection(). If the handler is not cleared during upstream finalization, it can be triggered later, causing unexpected effects, if, for example, a request was redirected to a different location using error_page or X-Accel-Redirect. In particular, it makes "proxy_ignore_client_abort on" non-working after a redirection in a configuration like this: location = / { error_page 502 = /error; proxy_pass http://127.0.0.1:8082; } location /error { proxy_pass http://127.0.0.1:8083; proxy_ignore_client_abort on; } It is also known to cause segmentation faults with aio used, see http://mailman.nginx.org/pipermail/nginx-ru/2015-August/056570.html. Fix is to explicitly set r->read_event_handler to ngx_http_block_reading() during upstream finalization, similar to how it is done in the request body reading code and in the limit_req module. diffstat: src/http/ngx_http_upstream.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diffs (12 lines): diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -4366,6 +4366,8 @@ ngx_http_upstream_finalize_request(ngx_h u->buffer.last = u->buffer.pos; } + r->read_event_handler = ngx_http_block_reading; + if (rc == NGX_DECLINED) { return; } From vl at nginx.com Mon Feb 13 09:38:26 2017 From: vl at nginx.com (Vladimir Homutov) Date: Mon, 13 Feb 2017 12:38:26 +0300 Subject: nginx development guide Message-ID: <20170213093825.GA27852@vlpc.nginx.com> Hello all! We are glad to share with first results of our ongoing efforts to create documentation for nginx developers: the development guide document [1]. The guide is not yet 100% complete and more parts to follow. Of course, your feedback is welcome. [1] http://nginx.org/en/docs/dev/development_guide.html From hungnv at opensource.com.vn Mon Feb 13 12:07:10 2017 From: hungnv at opensource.com.vn (Hung Nguyen) Date: Mon, 13 Feb 2017 19:07:10 +0700 Subject: nginx development guide In-Reply-To: <20170213093825.GA27852@vlpc.nginx.com> References: <20170213093825.GA27852@vlpc.nginx.com> Message-ID: Many thanks on taking steps for this guide. I?ve been waiting for it for so long. Good job! On 2/13/17, 4:38 PM, "nginx-devel on behalf of Vladimir Homutov" wrote: >Hello all! > >We are glad to share with first results of our ongoing efforts to create >documentation for nginx developers: the development guide document [1]. > >The guide is not yet 100% complete and more parts to follow. > >Of course, your feedback is welcome. > >[1] http://nginx.org/en/docs/dev/development_guide.html >_______________________________________________ >nginx-devel mailing list >nginx-devel at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx-devel From amdeich at gmail.com Mon Feb 13 16:24:05 2017 From: amdeich at gmail.com (Andrey Kulikov) Date: Mon, 13 Feb 2017 19:24:05 +0300 Subject: nginx development guide In-Reply-To: <20170213093825.GA27852@vlpc.nginx.com> References: <20170213093825.GA27852@vlpc.nginx.com> Message-ID: Hooray! What the doctor ordered. Looking forward for more parts, especially dedicated to chains management and corresponding API description. So far saw a possible typo: In section "I/O events": > that the functions ngx_handle_read_event(rev, flags) and ngx_handle_read_event(wev,flags) are called should it be > that the functions ngx_handle_read_event(rev, flags) and ngx_handle_write_event(wev,flags) are called ? On 13 February 2017 at 12:38, Vladimir Homutov wrote: > Hello all! > > We are glad to share with first results of our ongoing efforts to create > documentation for nginx developers: the development guide document [1]. > > The guide is not yet 100% complete and more parts to follow. > > Of course, your feedback is welcome. > > [1] http://nginx.org/en/docs/dev/development_guide.html > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel From arut at nginx.com Mon Feb 13 16:46:08 2017 From: arut at nginx.com (Roman Arutyunyan) Date: Mon, 13 Feb 2017 19:46:08 +0300 Subject: nginx development guide In-Reply-To: References: <20170213093825.GA27852@vlpc.nginx.com> Message-ID: <20170213164608.GB63314@Romans-MacBook-Air.local> On Mon, Feb 13, 2017 at 07:24:05PM +0300, Andrey Kulikov wrote: > Hooray! > > What the doctor ordered. > Looking forward for more parts, especially dedicated to chains > management and corresponding API description. We already have that published in the Pool and Buffer sections. http://nginx.org/en/docs/dev/development_guide.html#pool http://nginx.org/en/docs/dev/development_guide.html#buffer > So far saw a possible typo: > In section "I/O events": > > that the functions ngx_handle_read_event(rev, flags) and ngx_handle_read_event(wev,flags) are called > should it be > > that the functions ngx_handle_read_event(rev, flags) and ngx_handle_write_event(wev,flags) are called > ? Yes, thanks. > On 13 February 2017 at 12:38, Vladimir Homutov wrote: > > Hello all! > > > > We are glad to share with first results of our ongoing efforts to create > > documentation for nginx developers: the development guide document [1]. > > > > The guide is not yet 100% complete and more parts to follow. > > > > Of course, your feedback is welcome. > > > > [1] http://nginx.org/en/docs/dev/development_guide.html > > _______________________________________________ > > nginx-devel mailing list > > nginx-devel at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx-devel > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- Roman Arutyunyan From vl at nginx.com Mon Feb 13 16:47:50 2017 From: vl at nginx.com (Vladimir Homutov) Date: Mon, 13 Feb 2017 19:47:50 +0300 Subject: nginx development guide In-Reply-To: References: <20170213093825.GA27852@vlpc.nginx.com> Message-ID: <20170213164749.GA9432@vlpc.nginx.com> On Mon, Feb 13, 2017 at 07:24:05PM +0300, Andrey Kulikov wrote: > Hooray! > > What the doctor ordered. > Looking forward for more parts, especially dedicated to chains > management and corresponding API description. > > So far saw a possible typo: > In section "I/O events": > > that the functions ngx_handle_read_event(rev, flags) and ngx_handle_read_event(wev,flags) are called > should it be > > that the functions ngx_handle_read_event(rev, flags) and ngx_handle_write_event(wev,flags) are called > ? > good catch, fixed! (note second arg for write event is different, not flags as you supposed) From cbranch at cloudflare.com Mon Feb 13 16:50:39 2017 From: cbranch at cloudflare.com (Chris Branch) Date: Mon, 13 Feb 2017 16:50:39 +0000 Subject: [PATCH] Tests: respecting Cache-Control stale-while-revalidate directive Message-ID: # HG changeset patch # User Chris Branch # Date 1487004211 0 # Mon Feb 13 16:43:31 2017 +0000 # Node ID cc76d621a5f95e9297cf38fd3e721f4a392c9bd2 # Parent bef8be8a622429f4ce07753f9133b15e5f08cac1 Tests: respecting Cache-Control stale-while-revalidate directive. diff -r bef8be8a6224 -r cc76d621a5f9 proxy_cache_stale.t --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/proxy_cache_stale.t Mon Feb 13 16:43:31 2017 +0000 @@ -0,0 +1,197 @@ +#!/usr/bin/perl + +# Tests for http proxy cache use stale. + +############################################################################### + +use warnings; +use strict; + +use Test::More; + +BEGIN { use FindBin; chdir($FindBin::Bin); } + +use lib 'lib'; +use Test::Nginx qw/ :DEFAULT http_end /; + +############################################################################### + +select STDERR; $| = 1; +select STDOUT; $| = 1; + +my $t = Test::Nginx->new()->has(qw/http proxy cache/)->plan(22) + ->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +daemon off; + +events { +} + +http { + %%TEST_GLOBALS_HTTP%% + + proxy_cache_path %%TESTDIR%%/cache levels=1:2 + keys_zone=NAME:1m; + + server { + listen 127.0.0.1:8080; + server_name localhost; + + location / { + proxy_pass http://127.0.0.1:8081; + proxy_cache NAME; + + proxy_cache_lock on; + proxy_cache_use_stale updating; + proxy_cache_background_update on; + } + + location /nolock { + proxy_pass http://127.0.0.1:8081; + proxy_cache NAME; + + proxy_cache_use_stale updating; + proxy_cache_background_update on; + } + } +} + +EOF + +$t->run_daemon(\&http_fake_daemon); + +$t->run(); + +$t->waitforsocket('127.0.0.1:' . port(8081)); + +############################################################################### + +# sequential requests +for my $i (1 .. 3) { + like(http_get('/seq'), qr/response 1/, 'sequential request ' . $i); + # response 1 to request 1 is cached + # requests 2 & 3 can be served from cache instantly +} + +# wait for first cached request to become stale (max age = 2) +sleep 3; + +# request 4 should get stale response while revalidating in background +like(http_get('/seq'), qr/response 1/, 'stale response'); + +# wait for revalidated response to enter cache +sleep 1; + +# response to request 4 enters cache and is younger than max age +for my $i (1 .. 3) { + # request 5-7 should get response to request 4 from cache + like(http_get('/seq'), qr/response 2/, 'fresh response after stale'); +} + +# wait for response to exceed max-age and stale time (2 + 2 seconds) +sleep 5; + +# response must come from origin +like(http_get('/seq'), qr/response 3/, 'fresh response after invalidation'); + +# tests without cache lock + +my @sockets; + +# start 3 concurrent requests without locking; all go to origin simultaneously +for my $i (1 .. 3) { + $sockets[$i] = http_get('/nolock', start => 1); +} + +# combine results into one string, because we cannot assume ordering +my $rest = join '', map { http_end($sockets[$_]) } (1 .. 3); + +# each request should get a unique response as they missed cache +like($rest, qr/response 1/, 'nolock - first'); +like($rest, qr/response 2/, 'nolock - second'); +like($rest, qr/response 3/, 'nolock - third'); + +# making a new request immediately should get a cached response +like(http_get('/nolock'), qr/response 3/, 'nolock - last cached'); + +# wait for last cached request to become stale (max age = 2) +sleep 4; + +# start 3 concurrent requests without locking; all should get stale responses +# while revalidating, but go to origin in the background. +for my $i (1 .. 3) { + $sockets[$i] = http_get('/nolock', start => 1); +} +for my $i (1 .. 3) { + like(http_end($sockets[$i]), qr/response 3/, 'nolock - stale ' . $i); +} + +# wait for revalidated response to first request to enter cache +sleep 1; +like(http_get('/nolock'), qr/response 4/, 'nolock - one revalidated'); + +# wait for response to exceed max-age and stale time (2 + 2 seconds, and we +# slept for 1 second earlier) +sleep 4; + +# start 3 concurrent requests without locking; all go to origin simultaneously +for my $i (1 .. 3) { + $sockets[$i] = http_get('/nolock', start => 1); +} + +# combine results into one string, because we cannot assume ordering +$rest = join '', map { http_end($sockets[$_]) } (1 .. 3); + +# each request should get a unique response as they missed cache +like($rest, qr/response 5/, 'nolock - first after invalidation'); +like($rest, qr/response 6/, 'nolock - second after invalidation'); +like($rest, qr/response 7/, 'nolock - third after invalidation'); + +# making a new request immediately should get a cached response +like(http_get('/nolock'), qr/response 7/, 'nolock - last cached after invalidation'); + +############################################################################### + +sub http_fake_daemon { + my $server = IO::Socket::INET->new( + Proto => 'tcp', + LocalAddr => '127.0.0.1:' . port(8081), + Listen => 5, + Reuse => 1 + ) + or die "Can't create listening socket: $!\n"; + + my $num = 0; + my $uri = ''; + + while (my $client = $server->accept()) { + $client->autoflush(1); + + while (<$client>) { + if (/GET (.*) HTTP/ && $1 ne $uri) { + $uri = $1; + $num = 0; + } + + $uri = $1 if /GET (.*) HTTP/; + last if /^\x0d?\x0a?$/; + } + + next unless $uri; + + select(undef, undef, undef, 0.3); + + $num++; + print $client <<"EOF"; +HTTP/1.1 200 OK +Cache-Control: max-age=2; stale-while-revalidate=2; +Connection: close + +response $num +EOF + } +} + +############################################################################### From cbranch at cloudflare.com Mon Feb 13 17:07:15 2017 From: cbranch at cloudflare.com (Chris Branch) Date: Mon, 13 Feb 2017 17:07:15 +0000 Subject: [nginx] Cache: support for stale-while-revalidate and stale-if-error. In-Reply-To: References: Message-ID: I noticed there was no test suite for this new feature. I?m not expecting my patch to be approved as time-based tests slow down test suites - but I think it warrants some testing. I have a conflicting requirement that isn?t easily supported by nginx currently; I want to enable ?proxy_cache_use_stale updating? for responses that do not include stale-while-revalidate. Unfortunately using this directive breaks the stale-while-revalidate functionality. See the tests patch for an example. Removing the 'proxy_cache_use_stale updating? directive makes the tests pass as expected. Should ?updating? support both cases, or should a new directive be added to handle this case? AIUI, stale-while-revalidate is an explicit instruction from upstream not to serve the content after the stale period expires. Without that directive, we are allowed to serve stale for an indefinite amount of time (subject to exceptions in an HTTP request per RFC 2616?). > On 10 Feb 2017, at 17:30, nginx-devel-request at nginx.org wrote: > > [nginx] Cache: support for stale-while-revalidate and > stale-if-error. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP URL: From mdounin at mdounin.ru Mon Feb 13 18:57:30 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 13 Feb 2017 18:57:30 +0000 Subject: [nginx] Gzip: free chain links on the hot path (ticket #1046). Message-ID: details: http://hg.nginx.org/nginx/rev/da46bfc484ef branches: changeset: 6910:da46bfc484ef user: Maxim Dounin date: Mon Feb 13 21:45:01 2017 +0300 description: Gzip: free chain links on the hot path (ticket #1046). diffstat: src/http/modules/ngx_http_gzip_filter_module.c | 22 ++++++++++++++++------ 1 files changed, 16 insertions(+), 6 deletions(-) diffs (57 lines): diff --git a/src/http/modules/ngx_http_gzip_filter_module.c b/src/http/modules/ngx_http_gzip_filter_module.c --- a/src/http/modules/ngx_http_gzip_filter_module.c +++ b/src/http/modules/ngx_http_gzip_filter_module.c @@ -671,6 +671,8 @@ ngx_http_gzip_filter_gzheader(ngx_http_r static ngx_int_t ngx_http_gzip_filter_add_data(ngx_http_request_t *r, ngx_http_gzip_ctx_t *ctx) { + ngx_chain_t *cl; + if (ctx->zstream.avail_in || ctx->flush != Z_NO_FLUSH || ctx->redo) { return NGX_OK; } @@ -694,14 +696,17 @@ ngx_http_gzip_filter_add_data(ngx_http_r ctx->copy_buf = NULL; } - ctx->in_buf = ctx->in->buf; + cl = ctx->in; + ctx->in_buf = cl->buf; + ctx->in = cl->next; if (ctx->in_buf->tag == (ngx_buf_tag_t) &ngx_http_gzip_filter_module) { - ctx->copy_buf = ctx->in; + ctx->copy_buf = cl; + + } else { + ngx_free_chain(r->pool, cl); } - ctx->in = ctx->in->next; - ctx->zstream.next_in = ctx->in_buf->pos; ctx->zstream.avail_in = ctx->in_buf->last - ctx->in_buf->pos; @@ -733,6 +738,7 @@ ngx_http_gzip_filter_add_data(ngx_http_r static ngx_int_t ngx_http_gzip_filter_get_buf(ngx_http_request_t *r, ngx_http_gzip_ctx_t *ctx) { + ngx_chain_t *cl; ngx_http_gzip_conf_t *conf; if (ctx->zstream.avail_out) { @@ -742,8 +748,12 @@ ngx_http_gzip_filter_get_buf(ngx_http_re conf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_filter_module); if (ctx->free) { - ctx->out_buf = ctx->free->buf; - ctx->free = ctx->free->next; + + cl = ctx->free; + ctx->out_buf = cl->buf; + ctx->free = cl->next; + + ngx_free_chain(r->pool, cl); } else if (ctx->bufs < conf->bufs.num) { From hongzhidao at gmail.com Tue Feb 14 07:54:35 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Tue, 14 Feb 2017 15:54:35 +0800 Subject: [nginx] limit_rate_after Message-ID: Hi! Dose nginx consider support setting variable about limit_rate_after? We can limit rate after $n bytes received from upstream. --- a/src/http/ngx_http_variables.c Mon Feb 13 21:45:01 2017 +0300 +++ b/src/http/ngx_http_variables.c Tue Feb 07 05:15:51 2017 +0800 @@ -321,6 +321,11 @@ offsetof(ngx_http_request_t, limit_rate), NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, + { ngx_string("limit_rate_after"), ngx_http_variable_request_set_size, + ngx_http_variable_request_get_size, + offsetof(ngx_http_request_t, limit_rate_after), + NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 }, + { ngx_string("connection"), NULL, ngx_http_variable_connection, 0, 0, 0 }, Thanks. B.R. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Feb 14 13:11:14 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Feb 2017 16:11:14 +0300 Subject: [nginx] limit_rate_after In-Reply-To: References: Message-ID: <20170214131114.GV46625@mdounin.ru> Hello! On Tue, Feb 14, 2017 at 03:54:35PM +0800, ??? wrote: > Dose nginx consider support setting variable about limit_rate_after? > We can limit rate after $n bytes received from upstream. No. A patch to introduce the $limit_rate_after variable was made several years ago, see this ticket: https://trac.nginx.org/nginx/ticket/293 This approach is considered wrong though, and the patch wasn't committed. Proper way to go is believed to be variables support in the limit_rate_after directive, see here: https://trac.nginx.org/nginx/ticket/293#comment:5 -- Maxim Dounin http://nginx.org/ From hongzhidao at gmail.com Tue Feb 14 14:40:06 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Tue, 14 Feb 2017 22:40:06 +0800 Subject: [nginx] limit_rate_after In-Reply-To: <20170214131114.GV46625@mdounin.ru> References: <20170214131114.GV46625@mdounin.ru> Message-ID: Thanks a lot for your reply. So we can regard the patch is right, but it's not recommended. Because it's more easily to break the request behavior in limiting rate. And the limit_rate variable is also deprecated though it's so useful that we can dynamically change the rate. 2017-02-14 21:11 GMT+08:00 Maxim Dounin : > Hello! > > On Tue, Feb 14, 2017 at 03:54:35PM +0800, ??? wrote: > > > Dose nginx consider support setting variable about limit_rate_after? > > We can limit rate after $n bytes received from upstream. > > No. A patch to introduce the $limit_rate_after variable was made > several years ago, see this ticket: > > https://trac.nginx.org/nginx/ticket/293 > > This approach is considered wrong though, and the patch wasn't > committed. Proper way to go is believed to be variables support > in the limit_rate_after directive, see here: > > https://trac.nginx.org/nginx/ticket/293#comment:5 > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -------------- next part -------------- An HTML attachment was scrubbed... URL: From saju.pillai at concur.com Tue Feb 14 15:25:49 2017 From: saju.pillai at concur.com (Pillai, Saju) Date: Tue, 14 Feb 2017 07:25:49 -0800 Subject: Handling module ctx reset on internal redirect Message-ID: Hello, I am new to nginx and will appreciate some insight on handling the resetting of module ctx during internal redirects. Specifically, I have a module that runs in the HTTP_POST_READ_PHASE to build some objects in memory, which it hangs off the request object via ngx_http_set_ctx(r,..). These memory objects back new variables created by this module. After an internal redirect, when a filter tries to access the variables, my handler is unable to find the ctx object via a ngx_http_get_module_ctx(). I see that ngx_http_core_module.c:ngx_http_internal_redirect() zeros out all module contexts during an internal redirect, and that makes sense. The (appropriate) contexts will have to be rebuilt by modules that run for that internal redirect. Since HTTP_POST_READ_PHASE handlers dont run on a redirect, how should I setup my ctx so I can still access it after a redirect? I could create a r->pool cleanup function and hang my ctx in the ngx_pool_cleanup_t->data slot; but that seems like a workaround. -srp ________________________________ This e-mail message is authorized for use by the intended recipient only and may contain information that is privileged and confidential. If you received this message in error, please call us immediately at (425) 590-5000 and ask to speak to the message sender. Please do not copy, disseminate, or retain this message unless you are the intended recipient. In addition, to ensure the security of your data, please do not send any unencrypted credit card or personally identifiable information to this email address. Thank you. From mdounin at mdounin.ru Tue Feb 14 15:40:34 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Feb 2017 15:40:34 +0000 Subject: [nginx] nginx-1.11.10-RELEASE Message-ID: details: http://hg.nginx.org/nginx/rev/1ad0999a7ded branches: changeset: 6911:1ad0999a7ded user: Maxim Dounin date: Tue Feb 14 18:36:04 2017 +0300 description: nginx-1.11.10-RELEASE diffstat: docs/xml/nginx/changes.xml | 102 +++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 102 insertions(+), 0 deletions(-) diffs (112 lines): diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -5,6 +5,108 @@ + + + + +?????? ????????? ???? ??? ???????, +????? ?????????????? ?????? ????? ????????? ??????. + + +cache header format has been changed, +previously cached responses will be invalidated. + + + + + +????????? ?????????? stale-while-revalidate ? stale-if-error +? ?????? "Cache-Control" ? ????????? ?????? ???????. + + +support of "stale-while-revalidate" and "stale-if-error" extensions +in the "Cache-Control" backend response header line. + + + + + +????????? proxy_cache_background_update, fastcgi_cache_background_update, +scgi_cache_background_update ? uwsgi_cache_background_update. + + +the "proxy_cache_background_update", "fastcgi_cache_background_update", +"scgi_cache_background_update", and "uwsgi_cache_background_update" directives. + + + + + +?????? nginx ????? ?????????? ?????? +?? ??????? Vary ????????? ?????? ?? 128 ???????? +(?????? 42 ???????? ? ?????????? ???????). + + +nginx is now able to cache responses +with the "Vary" header line up to 128 characters long +(instead of 42 characters in previous versions). + + + + + +???????? build ????????? server_tokens.
+??????? Tom Thorogood. + + +the "build" parameter of the "server_tokens" directive.
+Thanks to Tom Thorogood. + + + + + +??? ????????? ???????? ?? ??????? "Expect: 100-continue" ? ????????? ??????? +? ????? ????? ?????????? ????????? "[crit] SSL_write() failed". + + +"[crit] SSL_write() failed" messages might appear in logs +when handling requests with the "Expect: 100-continue" request header line. + + + + + +?????? ngx_http_slice_module ?? ??????? ? ??????????? location'??. + + +the ngx_http_slice_module did not work in named locations. + + + + + +??? ????????????? AIO ????? ??????????????? ??????? ? ??????? X-Accel-Redirect +? ??????? ???????? ??? ????????? segmentation fault. + + +a segmentation fault might occur in a worker process +when using AIO after an "X-Accel-Redirect" redirection. + + + + + +????????? ??????????? ?????? ??? ???????????? ????????, ???????????? ??????. + + +reduced memory consumption for long-lived requests using gzipping. + + + + + + From mdounin at mdounin.ru Tue Feb 14 15:40:38 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Feb 2017 15:40:38 +0000 Subject: [nginx] release-1.11.10 tag Message-ID: details: http://hg.nginx.org/nginx/rev/d99a7f0062ad branches: changeset: 6912:d99a7f0062ad user: Maxim Dounin date: Tue Feb 14 18:36:04 2017 +0300 description: release-1.11.10 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff --git a/.hgtags b/.hgtags --- a/.hgtags +++ b/.hgtags @@ -408,3 +408,4 @@ 5e371426b3bcba4312ce08606194b89b758927d1 5c8f60faf33ca8926473d2da27b4c3c417bd4630 release-1.11.7 4591da489a30f790def29bc5987f43409b503cae release-1.11.8 20a45c768e5ed26b740679d0e22045c98727c3cc release-1.11.9 +1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e release-1.11.10 From arut at nginx.com Tue Feb 14 15:41:43 2017 From: arut at nginx.com (Roman Arutyunyan) Date: Tue, 14 Feb 2017 18:41:43 +0300 Subject: Handling module ctx reset on internal redirect In-Reply-To: References: Message-ID: <20170214154143.GJ63314@Romans-MacBook-Air.local> Hello, On Tue, Feb 14, 2017 at 07:25:49AM -0800, Pillai, Saju wrote: > > Hello, > > I am new to nginx and will appreciate some insight on handling the resetting of > module ctx during internal redirects. > > Specifically, I have a module that runs in the HTTP_POST_READ_PHASE to build > some objects in memory, which it hangs off the request object via > ngx_http_set_ctx(r,..). These memory objects back new variables created by this > module. > > After an internal redirect, when a filter tries to access the variables, my > handler is unable to find the ctx object via a ngx_http_get_module_ctx(). I see > that ngx_http_core_module.c:ngx_http_internal_redirect() zeros out all module > contexts during an internal redirect, and that makes sense. The (appropriate) > contexts will have to be rebuilt by modules that run for that internal redirect. > > Since HTTP_POST_READ_PHASE handlers dont run on a redirect, how should I setup > my ctx so I can still access it after a redirect? I could create a r->pool > cleanup function and hang my ctx in the ngx_pool_cleanup_t->data slot; but that > seems like a workaround. Take a look at the standard nginx realip module. It falls back to pool cleanup when ngx_http_get_module_ctx() returns nothing. While this solution does look like a workaround, it's ok for this particular case. -- Roman Arutyunyan From eran.kornblau at kaltura.com Tue Feb 14 15:50:38 2017 From: eran.kornblau at kaltura.com (Eran Kornblau) Date: Tue, 14 Feb 2017 15:50:38 +0000 Subject: Handling module ctx reset on internal redirect In-Reply-To: References: Message-ID: If I understand your description correctly, I had the same problem - I wanted to expose an internal error code of my module as an nginx variable, so that I could write it to the access log. But after the redirect to the error page, the context was erased and the handler could not retrieve it. The solution I implemented in my case was that when an error occurs, instead of saving it on the module context, I explicitly set the value of the nginx variable (r->variables). This way the variable can be evaluated without any dependency on my module. This is the code that sets the value - https://github.com/kaltura/nginx-vod-module/blob/master/ngx_http_vod_utils.c#L126 The variable index is initialized right after creating the variable, here: https://github.com/kaltura/nginx-vod-module/blob/3c3cf6bbcd08f8cd6af2f5d21d7e8d384f293e9e/ngx_http_vod_module.c#L597 And the handler of this variable is now just an empty placeholder: https://github.com/kaltura/nginx-vod-module/blob/3c3cf6bbcd08f8cd6af2f5d21d7e8d384f293e9e/ngx_http_vod_module.c#L268 Hope this helps, Eran -----Original Message----- From: nginx-devel [mailto:nginx-devel-bounces at nginx.org] On Behalf Of Pillai, Saju Sent: Tuesday, February 14, 2017 5:26 PM To: nginx-devel at nginx.org Subject: Handling module ctx reset on internal redirect Hello, I am new to nginx and will appreciate some insight on handling the resetting of module ctx during internal redirects. Specifically, I have a module that runs in the HTTP_POST_READ_PHASE to build some objects in memory, which it hangs off the request object via ngx_http_set_ctx(r,..). These memory objects back new variables created by this module. After an internal redirect, when a filter tries to access the variables, my handler is unable to find the ctx object via a ngx_http_get_module_ctx(). I see that ngx_http_core_module.c:ngx_http_internal_redirect() zeros out all module contexts during an internal redirect, and that makes sense. The (appropriate) contexts will have to be rebuilt by modules that run for that internal redirect. Since HTTP_POST_READ_PHASE handlers dont run on a redirect, how should I setup my ctx so I can still access it after a redirect? I could create a r->pool cleanup function and hang my ctx in the ngx_pool_cleanup_t->data slot; but that seems like a workaround. -srp ________________________________ This e-mail message is authorized for use by the intended recipient only and may contain information that is privileged and confidential. If you received this message in error, please call us immediately at (425) 590-5000 and ask to speak to the message sender. Please do not copy, disseminate, or retain this message unless you are the intended recipient. In addition, to ensure the security of your data, please do not send any unencrypted credit card or personally identifiable information to this email address. Thank you. _______________________________________________ nginx-devel mailing list nginx-devel at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel From saju.pillai at concur.com Tue Feb 14 19:20:20 2017 From: saju.pillai at concur.com (Pillai, Saju) Date: Tue, 14 Feb 2017 11:20:20 -0800 Subject: Handling module ctx reset on internal redirect In-Reply-To: References: Message-ID: On Tue, 14 Feb 2017, Eran Kornblau wrote: > If I understand your description correctly, I had the same problem - I wanted to expose an internal error code > of my module as an nginx variable, so that I could write it to the access log. But after the redirect to the error page, > the context was erased and the handler could not retrieve it. > > The solution I implemented in my case was that when an error occurs, instead of saving it on the module context, > I explicitly set the value of the nginx variable (r->variables). This way the variable can be evaluated without any > dependency on my module. > > This is the code that sets the value - > https://github.com/kaltura/nginx-vod-module/blob/master/ngx_http_vod_utils.c#L126 > > The variable index is initialized right after creating the variable, here: > https://github.com/kaltura/nginx-vod-module/blob/3c3cf6bbcd08f8cd6af2f5d21d7e8d384f293e9e/ngx_http_vod_module.c#L597 > > And the handler of this variable is now just an empty placeholder: > https://github.com/kaltura/nginx-vod-module/blob/3c3cf6bbcd08f8cd6af2f5d21d7e8d384f293e9e/ngx_http_vod_module.c#L268 > > Hope this helps, Yes. My calculations for the variable are done once upfront in my handler, so I can use your plan of filling in the variable right after those calculations are done. -srp > > Eran > > -----Original Message----- > From: nginx-devel [mailto:nginx-devel-bounces at nginx.org] On Behalf Of Pillai, Saju > Sent: Tuesday, February 14, 2017 5:26 PM > To: nginx-devel at nginx.org > Subject: Handling module ctx reset on internal redirect > > > Hello, > > I am new to nginx and will appreciate some insight on handling the resetting of module ctx during internal redirects. > > Specifically, I have a module that runs in the HTTP_POST_READ_PHASE to build some objects in memory, which it hangs off the request object via ngx_http_set_ctx(r,..). These memory objects back new variables created by this module. > > After an internal redirect, when a filter tries to access the variables, my handler is unable to find the ctx object via a ngx_http_get_module_ctx(). I see that ngx_http_core_module.c:ngx_http_internal_redirect() zeros out all module contexts during an internal redirect, and that makes sense. The (appropriate) contexts will have to be rebuilt by modules that run for that internal redirect. > > Since HTTP_POST_READ_PHASE handlers dont run on a redirect, how should I setup my ctx so I can still access it after a redirect? I could create a r->pool cleanup function and hang my ctx in the ngx_pool_cleanup_t->data slot; but that seems like a workaround. > > -srp > > > ________________________________ > > This e-mail message is authorized for use by the intended recipient only and may contain information that is privileged and confidential. If you received this message in error, please call us immediately at (425) 590-5000 and ask to speak to the message sender. Please do not copy, disseminate, or retain this message unless you are the intended recipient. In addition, to ensure the security of your data, please do not send any unencrypted credit card or personally identifiable information to this email address. Thank you. > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > > ________________________________ This e-mail message is authorized for use by the intended recipient only and may contain information that is privileged and confidential. If you received this message in error, please call us immediately at (425) 590-5000 and ask to speak to the message sender. Please do not copy, disseminate, or retain this message unless you are the intended recipient. In addition, to ensure the security of your data, please do not send any unencrypted credit card or personally identifiable information to this email address. Thank you. From kaustubh.deo at gmail.com Wed Feb 15 07:57:53 2017 From: kaustubh.deo at gmail.com (Kaustubh Deorukhkar) Date: Wed, 15 Feb 2017 13:27:53 +0530 Subject: input required on proxy_next_upstream Message-ID: Hi, We are using nginx as reverse proxy and have a set of upstream servers configured with upstream next enabled for few error conditions to try next upstream server. For some reason this is not working. Can someone suggest if am missing something? http { ... upstream myservice { server localhost:8081; server localhost:8082; } server { ... location / { proxy_pass http://myservice; proxy_next_upstream error timeout invalid_header http_502 http_503 http_504; } } } So what i want is if any upstream server gives the above errors, it should try the next upstream instance, but it does not and just reports error to clients. Note that, in my case one of the upstream server responds early for some PUT request with 503 before entire request is read by upstream. I understand that nginx closes the current upstream connection where it received early response, but i expect it to try the next upstream server as configured for the same request before it responds with error to client. Am I missing some nginx trick here? Thanks in advance! -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Feb 15 13:23:28 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 15 Feb 2017 16:23:28 +0300 Subject: input required on proxy_next_upstream In-Reply-To: References: Message-ID: <20170215132328.GG46625@mdounin.ru> Hello! On Wed, Feb 15, 2017 at 01:27:53PM +0530, Kaustubh Deorukhkar wrote: > We are using nginx as reverse proxy and have a set of upstream servers > configured > with upstream next enabled for few error conditions to try next upstream > server. > For some reason this is not working. Can someone suggest if am missing > something? [...] This question looks irrelevant to the nginx-devel@ mailing list. Please keep user-level questions in the nginx@ mailing list. Thank you. -- Maxim Dounin http://nginx.org/ From boaz.john at juspay.in Thu Feb 16 06:39:38 2017 From: boaz.john at juspay.in (Boaz John) Date: Thu, 16 Feb 2017 12:09:38 +0530 Subject: Reg. Using reverse proxy for Apple APN Message-ID: Hi, I'm trying to setup a reverse proxy for apple APN (uses http2) using a TCP proxy to a sever which doesn't have internet. (nginx version: nginx/1.10.2). When I connect directly from my application, it works, but when I switch to the TCP proxy over nginx, it connects and then gets "upstream temporarily disabled" error Any idea why this could happen? Tried both http and stream. 2017/02/14 20:09:07 [error] 21614#21614: *4506 upstream timed out (110: Connection timed out) while connecting to upstream, client: 172.16.80.22, server: 172.16.80.22:1044 3, upstream: " 17.188.136.28:443", bytes from/to client:0/0, bytes from/to upstream:0/0 -- Boaz -------------- next part -------------- An HTML attachment was scrubbed... URL: From hongzhidao at gmail.com Thu Feb 16 07:47:27 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Thu, 16 Feb 2017 15:47:27 +0800 Subject: [nginx] setting variable cause core when used by lua Message-ID: Hi. diff -r da46bfc484ef src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c Mon Feb 13 21:45:01 2017 +0300 +++ b/src/http/ngx_http_variables.c Wed Feb 08 10:31:53 2017 +0800 @@ -783,6 +783,10 @@ ssize_t s, *sp; ngx_str_t val; + if (v->data == NULL) { + return; + } + val.len = v->len; val.data = v->data; The following will cause core file, I think it's better to deal with in nginx. server { listen 8000; location / { content_by_lua_block { ngx.var.limit_rate = size; # size is undefined. ngx.say('hello lua'); } } ============== set handler in lua-module ============ if (value_type == LUA_TNIL) { vv->valid = 0; vv->not_found = 1; vv->no_cacheable = 0; vv->data = NULL; vv->len = 0; } else { vv->valid = 1; vv->not_found = 0; vv->no_cacheable = 0; vv->data = val; vv->len = len; } v->set_handler(r, vv, v->data); =============================================== Thanks. B.R. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hongzhidao at gmail.com Thu Feb 16 07:51:24 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Thu, 16 Feb 2017 15:51:24 +0800 Subject: [nginx] setting variable cause core when used by lua Message-ID: Hi. diff -r da46bfc484ef src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c Mon Feb 13 21:45:01 2017 +0300 +++ b/src/http/ngx_http_variables.c Wed Feb 08 10:31:53 2017 +0800 @@ -783,6 +783,10 @@ ssize_t s, *sp; ngx_str_t val; + if (v->data == NULL) { + return; + } + val.len = v->len; val.data = v->data; The following will cause core file, I think it's better to deal with in nginx. server { listen 8000; location / { content_by_lua_block { ngx.var.limit_rate = size; # size is undefined. ngx.say('hello lua'); } } ============== set handler in lua-module ============ if (value_type == LUA_TNIL) { vv->valid = 0; vv->not_found = 1; vv->no_cacheable = 0; vv->data = NULL; vv->len = 0; } else { vv->valid = 1; vv->not_found = 0; vv->no_cacheable = 0; vv->data = val; vv->len = len; } v->set_handler(r, vv, v->data); =============================================== Thanks. B.R. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hongzhidao at gmail.com Thu Feb 16 08:00:51 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Thu, 16 Feb 2017 16:00:51 +0800 Subject: [nginx] setting variable cause core when used by lua In-Reply-To: References: Message-ID: Hi! diff -r da46bfc484ef src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c Mon Feb 13 21:45:01 2017 +0300 +++ b/src/http/ngx_http_variables.c Wed Feb 08 10:31:53 2017 +0800 @@ -783,6 +783,10 @@ ssize_t s, *sp; ngx_str_t val; + if (v->data == NULL) { + return; + } + val.len = v->len; val.data = v->data; The following will cause core file, I think it's better to deal with in nginx. server { listen 8000; location / { content_by_lua_block { ngx.var.limit_rate = size; # size is undefined. ngx.say('hello lua'); } } ============== set handler in lua-module ============ if (value_type == LUA_TNIL) { vv->valid = 0; vv->not_found = 1; vv->no_cacheable = 0; vv->data = NULL; vv->len = 0; } else { vv->valid = 1; vv->not_found = 0; vv->no_cacheable = 0; vv->data = val; vv->len = len; } v->set_handler(r, vv, v->data); =============================================== Thanks. B.R. -------------- next part -------------- An HTML attachment was scrubbed... URL: From hongzhidao at gmail.com Thu Feb 16 08:01:34 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Thu, 16 Feb 2017 16:01:34 +0800 Subject: [nginx] setting variable cause core when used by lua In-Reply-To: References: Message-ID: Sorry, sent too much. 2017-02-16 16:00 GMT+08:00 ??? : > Hi! > > diff -r da46bfc484ef src/http/ngx_http_variables.c > --- a/src/http/ngx_http_variables.c Mon Feb 13 21:45:01 2017 +0300 > +++ b/src/http/ngx_http_variables.c Wed Feb 08 10:31:53 2017 +0800 > @@ -783,6 +783,10 @@ > ssize_t s, *sp; > ngx_str_t val; > > + if (v->data == NULL) { > + return; > + } > + > val.len = v->len; > val.data = v->data; > > > The following will cause core file, I think it's better to deal with in > nginx. > > server { > listen 8000; > > location / { > content_by_lua_block { > ngx.var.limit_rate = size; # size is undefined. > ngx.say('hello lua'); > } > } > > > ============== set handler in lua-module ============ > if (value_type == LUA_TNIL) { > vv->valid = 0; > vv->not_found = 1; > vv->no_cacheable = 0; > vv->data = NULL; > vv->len = 0; > > } else { > vv->valid = 1; > vv->not_found = 0; > vv->no_cacheable = 0; > > vv->data = val; > vv->len = len; > } > > v->set_handler(r, vv, v->data); > =============================================== > > Thanks. > B.R. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From soul11201 at gmail.com Thu Feb 16 09:26:40 2017 From: soul11201 at gmail.com (soul11201) Date: Thu, 16 Feb 2017 17:26:40 +0800 Subject: [nginx] setting variable cause core when used by lua In-Reply-To: References: Message-ID: i think this is a feature not a bug 2017-02-16 16:01 GMT+08:00 ??? : > Sorry, sent too much. > > 2017-02-16 16:00 GMT+08:00 ??? : > >> Hi! >> >> diff -r da46bfc484ef src/http/ngx_http_variables.c >> --- a/src/http/ngx_http_variables.c Mon Feb 13 21:45:01 2017 +0300 >> +++ b/src/http/ngx_http_variables.c Wed Feb 08 10:31:53 2017 +0800 >> @@ -783,6 +783,10 @@ >> ssize_t s, *sp; >> ngx_str_t val; >> >> + if (v->data == NULL) { >> + return; >> + } >> + >> val.len = v->len; >> val.data = v->data; >> >> >> The following will cause core file, I think it's better to deal with in >> nginx. >> >> server { >> listen 8000; >> >> location / { >> content_by_lua_block { >> ngx.var.limit_rate = size; # size is undefined. >> ngx.say('hello lua'); >> } >> } >> >> >> ============== set handler in lua-module ============ >> if (value_type == LUA_TNIL) { >> vv->valid = 0; >> vv->not_found = 1; >> vv->no_cacheable = 0; >> vv->data = NULL; >> vv->len = 0; >> >> } else { >> vv->valid = 1; >> vv->not_found = 0; >> vv->no_cacheable = 0; >> >> vv->data = val; >> vv->len = len; >> } >> >> v->set_handler(r, vv, v->data); >> =============================================== >> >> Thanks. >> B.R. >> > > > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -- ----- http://blog.soul11201.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Thu Feb 16 13:27:38 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 16 Feb 2017 16:27:38 +0300 Subject: Reg. Using reverse proxy for Apple APN In-Reply-To: References: Message-ID: <20170216132738.GK46625@mdounin.ru> Hello! On Thu, Feb 16, 2017 at 12:09:38PM +0530, Boaz John wrote: > Hi, > > I'm trying to setup a reverse proxy for apple APN (uses http2) using a TCP > proxy to a sever which doesn't have internet. (nginx version: nginx/1.10.2). > > When I connect directly from my application, it works, but when I switch to > the TCP proxy over nginx, it connects and then gets "upstream temporarily > disabled" error > > Any idea why this could happen? This question doesn't seems to be related to the nginx-devel@ mailing list. Please use the nginx@ mailing list instead. Thank you. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Feb 16 14:14:47 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 16 Feb 2017 17:14:47 +0300 Subject: [nginx] setting variable cause core when used by lua In-Reply-To: References: Message-ID: <20170216141447.GL46625@mdounin.ru> Hello! On Thu, Feb 16, 2017 at 03:51:24PM +0800, ??? wrote: > Hi. > > diff -r da46bfc484ef src/http/ngx_http_variables.c > --- a/src/http/ngx_http_variables.c Mon Feb 13 21:45:01 2017 +0300 > +++ b/src/http/ngx_http_variables.c Wed Feb 08 10:31:53 2017 +0800 > @@ -783,6 +783,10 @@ > ssize_t s, *sp; > ngx_str_t val; > > + if (v->data == NULL) { > + return; > + } > + > val.len = v->len; > val.data = v->data; > > > The following will cause core file, I think it's better to deal with in > nginx. > > server { > listen 8000; > > location / { > content_by_lua_block { > ngx.var.limit_rate = size; # size is undefined. > ngx.say('hello lua'); > } > } This looks like a bug in ngx_parse_size(), it incorrectly assumes that the input string is at least 1 character long. And I believe it can be triggered without Lua too. Please test if the following patch fixes things for you: # HG changeset patch # User Maxim Dounin # Date 1487253948 -10800 # Thu Feb 16 17:05:48 2017 +0300 # Node ID 51c8df305d083bc57828f68cd6e709cacdcc41c0 # Parent be00ca08e41a69e585b6aff70a725ed6c9e1a876 Fixed ngx_parse_size() / ngx_parse_offset() with 0-length strings. diff --git a/src/core/ngx_parse.c b/src/core/ngx_parse.c --- a/src/core/ngx_parse.c +++ b/src/core/ngx_parse.c @@ -17,6 +17,11 @@ ngx_parse_size(ngx_str_t *line) ssize_t size, scale, max; len = line->len; + + if (len == 0) { + return NGX_ERROR; + } + unit = line->data[len - 1]; switch (unit) { @@ -58,6 +63,11 @@ ngx_parse_offset(ngx_str_t *line) size_t len; len = line->len; + + if (len == 0) { + return NGX_ERROR; + } + unit = line->data[len - 1]; switch (unit) { -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Feb 16 15:35:09 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 16 Feb 2017 15:35:09 +0000 Subject: [nginx] Version bump. Message-ID: details: http://hg.nginx.org/nginx/rev/f6ca2cfd79fb branches: changeset: 6913:f6ca2cfd79fb user: Maxim Dounin date: Thu Feb 16 18:20:14 2017 +0300 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff --git a/src/core/nginx.h b/src/core/nginx.h --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1011010 -#define NGINX_VERSION "1.11.10" +#define nginx_version 1011011 +#define NGINX_VERSION "1.11.11" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD From mdounin at mdounin.ru Thu Feb 16 15:35:12 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 16 Feb 2017 15:35:12 +0000 Subject: [nginx] Docs: changes.xml dates converted to ISO 8601 format. Message-ID: details: http://hg.nginx.org/nginx/rev/529f10f7757c branches: changeset: 6914:529f10f7757c user: Maxim Dounin date: Thu Feb 16 18:32:49 2017 +0300 description: Docs: changes.xml dates converted to ISO 8601 format. Dates in ISO 8601 format are in line with what is used in nginx.org news, and are generally less ambiguous and easier to work with. The changes.xml was converted using sed: $ sed 's/date="\(..\)\.\(..\)\.\(....\)"/date="\3-\2-\1"/g' changes.xml Appropriate changes to changes.xsls were introduced. diffstat: docs/xml/nginx/changes.xml | 850 ++++++++++++++++++++++---------------------- docs/xsls/changes.xsls | 14 +- 2 files changed, 435 insertions(+), 429 deletions(-) diffs (truncated from 3743 to 1000 lines): diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -5,7 +5,7 @@ - + @@ -107,7 +107,7 @@ reduced memory consumption for long-live - + @@ -202,7 +202,7 @@ when using the "aio_write" directive. - + @@ -309,7 +309,7 @@ nginx/Windows could not be built with Op - + @@ -403,7 +403,7 @@ in the ngx_http_perl_module. - + @@ -533,7 +533,7 @@ when a timeout occurred during an SSL ha - + @@ -667,7 +667,7 @@ with the "-" character in the HTTP metho - + @@ -772,7 +772,7 @@ the bug had appeared in 1.9.13. - + @@ -853,7 +853,7 @@ Thanks to Piotr Sikora. - + @@ -966,7 +966,7 @@ the issue had appeared in 1.9.4. - + @@ -986,7 +986,7 @@ the bug had appeared in 1.3.9. - + @@ -1142,7 +1142,7 @@ when using the "proxy_cache_bypass" dire - + @@ -1197,7 +1197,7 @@ Thanks to Mindaugas Rasiukevicius. - + @@ -1255,7 +1255,7 @@ of minor bugs in logging. - + @@ -1420,7 +1420,7 @@ regardless of the proxy_next_upstream di - + @@ -1522,7 +1522,7 @@ in the ngx_http_v2_module. - + @@ -1565,7 +1565,7 @@ in the ngx_http_v2_module. - + @@ -1668,7 +1668,7 @@ after an "X-Accel-Redirect" redirection. - + @@ -1684,7 +1684,7 @@ the bug had appeared in 1.9.8. - + @@ -1738,7 +1738,7 @@ nginx could not be built on OS X in some - + @@ -1814,7 +1814,7 @@ in the ngx_http_v2_module. - + @@ -1898,7 +1898,7 @@ Thanks to Markus Linnala, Kurtis Nusbaum - + @@ -1995,7 +1995,7 @@ the bug had appeared in 1.9.4. - + @@ -2106,7 +2106,7 @@ nginx could not be built with Visual Stu - + @@ -2197,7 +2197,7 @@ Thanks to Matthew Baldwin. - + @@ -2280,7 +2280,7 @@ OCSP stapling might return an expired OC - + @@ -2354,7 +2354,7 @@ Thanks to Sergey Polovko. - + @@ -2432,7 +2432,7 @@ if not specified in the first "listen" d - + @@ -2495,7 +2495,7 @@ in the ngx_http_spdy_module. - + @@ -2663,7 +2663,7 @@ to automatically construct certificate c - + @@ -2755,7 +2755,7 @@ Thanks to Goetz T. Fischer. - + @@ -2859,7 +2859,7 @@ Thanks to Lukas Tribus. - + @@ -3025,7 +3025,7 @@ Thanks to Yichun Zhang. - + @@ -3135,7 +3135,7 @@ Thanks to Kouhei Sutou. - + @@ -3180,7 +3180,7 @@ in logging to syslog. - + @@ -3325,7 +3325,7 @@ Thanks to Markus Linnala and Feng Gu. - + @@ -3454,7 +3454,7 @@ Thanks to Tatsuhiko Kubo and Piotr Sikor - + @@ -3534,7 +3534,7 @@ if caching was used. - + @@ -3603,7 +3603,7 @@ in the ngx_http_spdy_module. - + @@ -3721,7 +3721,7 @@ nginx could not be built with the --with - + @@ -3762,7 +3762,7 @@ the "if" parameter of the "access_log" d - + @@ -3855,7 +3855,7 @@ in the ngx_http_spdy_module. - + @@ -3901,7 +3901,7 @@ Thanks to Lucas Molas. - + @@ -4011,7 +4011,7 @@ nginx/Windows could not be built with Vi - + @@ -4090,7 +4090,7 @@ Thanks to Piotr Sikora. - + @@ -4232,7 +4232,7 @@ incorrectly handled IPv6 client addresse - + @@ -4317,7 +4317,7 @@ in the ngx_http_spdy_module. - + @@ -4453,7 +4453,7 @@ memory leak in nginx/Windows. - + @@ -4551,7 +4551,7 @@ in the ngx_http_spdy_module. - + @@ -4630,7 +4630,7 @@ Thanks to Piotr Sikora. - + @@ -4732,7 +4732,7 @@ in the ngx_http_spdy_module. - + @@ -4807,7 +4807,7 @@ in the ngx_http_sub_filter_module. - + @@ -4856,7 +4856,7 @@ Thanks to Serguei Ivantsov. - + @@ -4979,7 +4979,7 @@ if several worker processes were used. - + @@ -5001,7 +5001,7 @@ Thanks to Greg MacManus, iSIGHT Partners - + @@ -5030,7 +5030,7 @@ the bug had appeared in 1.3.9. - + @@ -5081,7 +5081,7 @@ in the eventport and /dev/poll methods. - + @@ -5198,7 +5198,7 @@ in backend usage accounting. - + @@ -5271,7 +5271,7 @@ Thanks to Gernot Vormayr. - + @@ -5309,7 +5309,7 @@ Thanks to Louis Opter. - + @@ -5409,7 +5409,7 @@ in the "fastcgi_keep_conn" directive. - + @@ -5462,7 +5462,7 @@ for IPv6 addresses. - + @@ -5640,7 +5640,7 @@ if the "gzip" directive was used. - + @@ -5685,7 +5685,7 @@ in the ngx_http_dav_module. - + @@ -5750,7 +5750,7 @@ in the "ssl_stapling" directive. - + @@ -5797,7 +5797,7 @@ OpenSSL 0.9.7 compatibility. - + @@ -5853,7 +5853,7 @@ if the --with-ipv6 option was used. - + @@ -5935,7 +5935,7 @@ Thanks to HAYASHI Kentaro. - + @@ -5998,7 +5998,7 @@ might be inherited incorrectly. - + @@ -6036,7 +6036,7 @@ before an internal redirect to a named l - + @@ -6141,7 +6141,7 @@ while reconfiguration. - + @@ -6271,7 +6271,7 @@ in the "proxy_cookie_domain" and "proxy_ - + @@ -6410,7 +6410,7 @@ in the ngx_http_fastcgi_module. - + @@ -6450,7 +6450,7 @@ Thanks to Maxim Bublis. - + @@ -6532,7 +6532,7 @@ in the ngx_http_mp4_module. - + @@ -6615,7 +6615,7 @@ nginx could not be built on Debian GNU/H - + @@ -6653,7 +6653,7 @@ in the ngx_http_uwsgi_module. - + @@ -6766,7 +6766,7 @@ the bug had appeared in 1.1.15. - + @@ -6869,7 +6869,7 @@ the bug had appeared in 0.7.25. - + @@ -6930,7 +6930,7 @@ memory leak during reconfiguration if th - + @@ -7006,7 +7006,7 @@ in the ngx_http_mp4_module. - + @@ -7146,7 +7146,7 @@ the bug had appeared in 1.1.9. - + @@ -7244,7 +7244,7 @@ responses from cache might hang. - + @@ -7260,7 +7260,7 @@ the bug had appeared in 1.1.9. - + @@ -7426,7 +7426,7 @@ nginx could not be built on AIX. - + @@ -7521,7 +7521,7 @@ Thanks to Piotr Sikora. - + @@ -7581,7 +7581,7 @@ in the "expires @time" directive. - + @@ -7701,7 +7701,7 @@ the module ngx_http_mp4_module did not s - + @@ -7782,7 +7782,7 @@ the bug had appeared in 1.1.1. - + @@ -7865,7 +7865,7 @@ the module ngx_http_mp4_module did not s - + @@ -7908,7 +7908,7 @@ nginx could not be built on MacOSX 10.7. - + @@ -7953,7 +7953,7 @@ in the "proxy/fastcgi/scgi/uwsgi_ignore_ - + @@ -8097,7 +8097,7 @@ the bug had appeared in 0.8.40. - + @@ -8230,7 +8230,7 @@ SSL modules could not be built by gcc 4. - + @@ -8306,7 +8306,7 @@ Thanks to Maxim Dounin. - + @@ -8353,7 +8353,7 @@ the bug had appeared in 1.0.3. - + @@ -8422,7 +8422,7 @@ the bug had appeared in 0.8.46. - + @@ -8458,7 +8458,7 @@ the bug had appeared in 1.0.1. - + @@ -8566,7 +8566,7 @@ Thanks to Igor A. Valcov. - + @@ -8603,7 +8603,7 @@ a "satisfy any" directive disabled custo - + @@ -8643,7 +8643,7 @@ directives is given by expression and re - + @@ -8670,7 +8670,7 @@ Thanks to Michael Lustfield. - + @@ -8724,7 +8724,7 @@ Thanks to Maxim Dounin. - + @@ -8747,7 +8747,7 @@ 494 code for "Request Header Too Large" - + @@ -8774,7 +8774,7 @@ the bug had appeared in 0.9.0. - + @@ -8821,7 +8821,7 @@ Thanks to Maxim Dounin. - + @@ -8837,7 +8837,7 @@ the bug had appeared in 0.9.0. - + @@ -8936,7 +8936,7 @@ the bug had appeared in 0.8.42. - + @@ -8985,7 +8985,7 @@ the bug had appeared in 0.8.21. - + @@ -9002,7 +9002,7 @@ the bug had appeared in 0.8.51. - + @@ -9034,7 +9034,7 @@ now a listen socket "ssl" parameter may - + From mdounin at mdounin.ru Thu Feb 16 15:35:15 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 16 Feb 2017 15:35:15 +0000 Subject: [nginx] Docs: changes.xslt regenerated. Message-ID: details: http://hg.nginx.org/nginx/rev/b7e02f47a339 branches: changeset: 6915:b7e02f47a339 user: Maxim Dounin date: Thu Feb 16 18:33:03 2017 +0300 description: Docs: changes.xslt regenerated. diffstat: docs/xslt/changes.xslt | 14 ++++++++++---- 1 files changed, 10 insertions(+), 4 deletions(-) diffs (27 lines): diff --git a/docs/xslt/changes.xslt b/docs/xslt/changes.xslt --- a/docs/xslt/changes.xslt +++ b/docs/xslt/changes.xslt @@ -26,13 +26,19 @@ ' '), 1, $conf/changes[@lang=$lang]/length)"/> - + + + . + + . + + - + - + 6, 2))]"/> + From mdounin at mdounin.ru Thu Feb 16 15:38:20 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 16 Feb 2017 15:38:20 +0000 Subject: [nginx] Trailing space removed. Message-ID: details: http://hg.nginx.org/nginx/rev/05fd0dc8f0dc branches: changeset: 6916:05fd0dc8f0dc user: Maxim Dounin date: Thu Feb 16 18:37:22 2017 +0300 description: Trailing space removed. diffstat: docs/xml/nginx/changes.xml | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diffs (12 lines): diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -66,7 +66,7 @@ Thanks to Tom Thorogood. -??? ????????? ???????? ?? ??????? "Expect: 100-continue" ? ????????? ??????? +??? ????????? ???????? ?? ??????? "Expect: 100-continue" ? ????????? ??????? ? ????? ????? ?????????? ????????? "[crit] SSL_write() failed". From arut at nginx.com Thu Feb 16 15:44:11 2017 From: arut at nginx.com (Roman Arutyunyan) Date: Thu, 16 Feb 2017 18:44:11 +0300 Subject: Fixing ngx_http_slice_module use with named locations In-Reply-To: <20160504142030.bfda7a14d949ef6536604db0@noxt.eu> References: <20160504142030.bfda7a14d949ef6536604db0@noxt.eu> Message-ID: <20170216154411.GP63314@Romans-MacBook-Air.local> Hello Mindaugas, On Wed, May 04, 2016 at 02:20:30PM +0100, Mindaugas Rasiukevicius wrote: > Hi, > > There is a problem with ngx_http_slice_module when it is used together > with an internal redirection to a named location. It results in Nginx > workers caching incorrect content and spinning in an infinite loop. > Consider the following fragment: > > location /foo { > error_page 550 = @bar; > return 550; > } > location @bar { > slice ...; > proxy_pass ...; > proxy_cache ...; > ... > } > > In ngx_http_slice_body_filter(), the slice context is associated with > the subrequest: > > ngx_http_set_ctx(sr, ctx, ngx_http_slice_filter_module); > > However, the location re-match is triggered for the subrequests trying > to fetch each slice. In the ngx_http_named_location() function: > > /* clear the modules contexts */ > ngx_memzero(r->ctx, sizeof(void *) * ngx_http_max_module); > > So, the slice context gets lost. There are several ways to fix this. > Unless you want an API to preserve the context, one simple fix would be > to get the context via r->parent (if ctx == NULL && r != r->main). > > What would be the preferred way to fix this? We have fixed the issue in http://hg.nginx.org/nginx/rev/d16ba0ea3434 Thanks for reporting this. -- Roman Arutyunyan From othree at gmail.com Thu Feb 16 15:57:35 2017 From: othree at gmail.com (OOO) Date: Thu, 16 Feb 2017 23:57:35 +0800 Subject: [PATCH] Contrib: update vim syntax script Message-ID: Hi This patch improves vim syntax file for nginx conf. Major changes: * Fix regexp in string might breaks location ngxBlock * Use syntax iskeyword instead of modify real Vim iskeyword (new Vim feature, can avoid change user behavior) * Update keywords, based on document[1][2] * Add/Update all 3rd party module keywords based on wiki[3][4] Full change history is on github[5]. [1]:https://nginx.org/en/docs/ [2]:https://github.com/othree/nginx-contrib-vim/issues/4 [3]:https://www.nginx.com/resources/wiki/modules/ [4]:https://github.com/othree/nginx-contrib-vim/issues/1 [5]:https://github.com/othree/nginx-contrib-vim # HG changeset patch # User othree # Date 1487259832 -28800 # Thu Feb 16 23:43:52 2017 +0800 # Node ID 3f74fe213e98697c932b20b86dfdaab505a8f89b # Parent 05fd0dc8f0dc808219f727dd18a5da2f078c4073 Update contrib/vim/syntax * Fix regexp in string might breaks location ngxBlock * Highlight rewrite flags * Update keywords based on latest document * Include all 3rd party modules listed on wiki * Use syntax iskeyword instead of modify iskeyword diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -1,97 +1,130 @@ " Vim syntax file " Language: nginx.conf if exists("b:current_syntax") finish end -setlocal iskeyword+=. -setlocal iskeyword+=/ -setlocal iskeyword+=: +if has("patch-7.4-1142") + if has("win32") + syn iskeyword @,48-57,_,128-167,224-235,.,/,: + else + syn iskeyword @,48-57,_,192-255,.,/,: + endif +else + setlocal iskeyword+=. + setlocal iskeyword+=/ + setlocal iskeyword+=: +endif syn match ngxVariable '\$\(\w\+\|{\w\+}\)' -syn match ngxVariableBlock '\$\(\w\+\|{\w\+}\)' contained syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained -syn region ngxBlock start=+^+ end=+{+ skip=+\${+ contains=ngxComment,ngxDirectiveBlock,ngxVariableBlock,ngxString oneline +syn match ngxComment ' *#.*$' +syn match ngxRewriteURI /\S\+/ contained contains=ngxVariableString nextgroup=ngxURI skipwhite +syn match ngxURI /\S\+/ contained contains=ngxVariableString skipwhite +syn match ngxLocationPath /[^ {]\+/ contained syn region ngxString start=+\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString -syn match ngxComment ' *#.*$' syn keyword ngxBoolean on syn keyword ngxBoolean off -syn keyword ngxDirectiveBlock http contained -syn keyword ngxDirectiveBlock mail contained -syn keyword ngxDirectiveBlock events contained -syn keyword ngxDirectiveBlock server contained -syn keyword ngxDirectiveBlock types contained -syn keyword ngxDirectiveBlock location contained -syn keyword ngxDirectiveBlock upstream contained -syn keyword ngxDirectiveBlock charset_map contained -syn keyword ngxDirectiveBlock limit_except contained -syn keyword ngxDirectiveBlock if contained -syn keyword ngxDirectiveBlock geo contained -syn keyword ngxDirectiveBlock map contained -syn keyword ngxDirectiveBlock split_clients contained + +syn keyword ngxDirectiveBlock http +syn keyword ngxDirectiveBlock mail +syn keyword ngxDirectiveBlock events +syn keyword ngxDirectiveBlock server +syn keyword ngxDirectiveBlock stream +syn keyword ngxDirectiveBlock types +syn match ngxLocationOperator /\(=\|\~\*\|\^\~\|\~\)/ contained nextgroup=ngxLocationPath,ngxString skipwhite +syn match ngxLocationNamedLoc /@\w\+/ +syn keyword ngxDirectiveBlock location nextgroup=ngxLocationNamedLoc,ngxLocationOperator,ngxLocationPath,ngxString skipwhite +syn keyword ngxDirectiveBlock upstream +syn keyword ngxDirectiveBlock charset_map +syn keyword ngxDirectiveBlock limit_except +syn keyword ngxDirectiveBlock if +syn keyword ngxDirectiveBlock geo +syn keyword ngxDirectiveBlock map +syn keyword ngxDirectiveBlock split_clients syn keyword ngxDirectiveImportant include syn keyword ngxDirectiveImportant root syn keyword ngxDirectiveImportant server syn keyword ngxDirectiveImportant server_name syn keyword ngxDirectiveImportant listen syn keyword ngxDirectiveImportant internal syn keyword ngxDirectiveImportant proxy_pass syn keyword ngxDirectiveImportant memcached_pass syn keyword ngxDirectiveImportant fastcgi_pass syn keyword ngxDirectiveImportant scgi_pass syn keyword ngxDirectiveImportant uwsgi_pass syn keyword ngxDirectiveImportant try_files syn keyword ngxDirectiveControl break syn keyword ngxDirectiveControl return -syn keyword ngxDirectiveControl rewrite +syn keyword ngxDirectiveControl rewrite nextgroup=ngxRewriteURI skipwhite syn keyword ngxDirectiveControl set +syn keyword ngxRewriteFlag last +syn keyword ngxRewriteFlag break +syn keyword ngxRewriteFlag redirect +syn keyword ngxRewriteFlag permanent + syn keyword ngxDirectiveError error_page syn keyword ngxDirectiveError post_action syn keyword ngxDirectiveDeprecated connections syn keyword ngxDirectiveDeprecated imap syn keyword ngxDirectiveDeprecated limit_zone syn keyword ngxDirectiveDeprecated mysql_test syn keyword ngxDirectiveDeprecated open_file_cache_retest syn keyword ngxDirectiveDeprecated optimize_server_names syn keyword ngxDirectiveDeprecated satisfy_any syn keyword ngxDirectiveDeprecated so_keepalive +syn keyword ngxDirectiveDeprecated spdy_chunk_size +syn keyword ngxDirectiveDeprecated spdy_headers_comp +syn keyword ngxDirectiveDeprecated spdy_keepalive_timeout +syn keyword ngxDirectiveDeprecated spdy_max_concurrent_streams +syn keyword ngxDirectiveDeprecated spdy_pool_size +syn keyword ngxDirectiveDeprecated spdy_recv_buffer_size +syn keyword ngxDirectiveDeprecated spdy_recv_timeout +syn keyword ngxDirectiveDeprecated spdy_streams_index_size +syn keyword ngxDirective absolute_redirect syn keyword ngxDirective accept_mutex syn keyword ngxDirective accept_mutex_delay syn keyword ngxDirective acceptex_read syn keyword ngxDirective access_log syn keyword ngxDirective add_after_body syn keyword ngxDirective add_before_body syn keyword ngxDirective add_header syn keyword ngxDirective addition_types syn keyword ngxDirective aio +syn keyword ngxDirective aio_write syn keyword ngxDirective alias syn keyword ngxDirective allow syn keyword ngxDirective ancient_browser syn keyword ngxDirective ancient_browser_value syn keyword ngxDirective auth_basic syn keyword ngxDirective auth_basic_user_file syn keyword ngxDirective auth_http syn keyword ngxDirective auth_http_header +syn keyword ngxDirective auth_http_pass_client_cert syn keyword ngxDirective auth_http_timeout +syn keyword ngxDirective auth_jwt +syn keyword ngxDirective auth_jwt_key_file syn keyword ngxDirective auth_request syn keyword ngxDirective auth_request_set syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size +syn keyword ngxDirective autoindex_format syn keyword ngxDirective autoindex_localtime syn keyword ngxDirective charset +syn keyword ngxDirective charset_map syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding syn keyword ngxDirective client_body_buffer_size syn keyword ngxDirective client_body_in_file_only syn keyword ngxDirective client_body_in_single_buffer syn keyword ngxDirective client_body_temp_path syn keyword ngxDirective client_body_timeout syn keyword ngxDirective client_header_buffer_size @@ -115,51 +148,58 @@ syn keyword ngxDirective directio_alignm syn keyword ngxDirective disable_symlinks syn keyword ngxDirective empty_gif syn keyword ngxDirective env syn keyword ngxDirective epoll_events syn keyword ngxDirective error_log syn keyword ngxDirective etag syn keyword ngxDirective eventport_events syn keyword ngxDirective expires +syn keyword ngxDirective f4f +syn keyword ngxDirective f4f_buffer_size syn keyword ngxDirective fastcgi_bind syn keyword ngxDirective fastcgi_buffer_size syn keyword ngxDirective fastcgi_buffering syn keyword ngxDirective fastcgi_buffers syn keyword ngxDirective fastcgi_busy_buffers_size syn keyword ngxDirective fastcgi_cache syn keyword ngxDirective fastcgi_cache_bypass syn keyword ngxDirective fastcgi_cache_key syn keyword ngxDirective fastcgi_cache_lock +syn keyword ngxDirective fastcgi_cache_lock_age syn keyword ngxDirective fastcgi_cache_lock_timeout +syn keyword ngxDirective fastcgi_cache_max_range_offset syn keyword ngxDirective fastcgi_cache_methods syn keyword ngxDirective fastcgi_cache_min_uses syn keyword ngxDirective fastcgi_cache_path +syn keyword ngxDirective fastcgi_cache_purge syn keyword ngxDirective fastcgi_cache_revalidate syn keyword ngxDirective fastcgi_cache_use_stale syn keyword ngxDirective fastcgi_cache_valid syn keyword ngxDirective fastcgi_catch_stderr syn keyword ngxDirective fastcgi_connect_timeout syn keyword ngxDirective fastcgi_force_ranges syn keyword ngxDirective fastcgi_hide_header syn keyword ngxDirective fastcgi_ignore_client_abort syn keyword ngxDirective fastcgi_ignore_headers syn keyword ngxDirective fastcgi_index syn keyword ngxDirective fastcgi_intercept_errors syn keyword ngxDirective fastcgi_keep_conn +syn keyword ngxDirective fastcgi_limit_rate syn keyword ngxDirective fastcgi_max_temp_file_size syn keyword ngxDirective fastcgi_next_upstream syn keyword ngxDirective fastcgi_next_upstream_timeout syn keyword ngxDirective fastcgi_next_upstream_tries syn keyword ngxDirective fastcgi_no_cache syn keyword ngxDirective fastcgi_param syn keyword ngxDirective fastcgi_pass_header syn keyword ngxDirective fastcgi_pass_request_body syn keyword ngxDirective fastcgi_pass_request_headers syn keyword ngxDirective fastcgi_read_timeout +syn keyword ngxDirective fastcgi_request_buffering syn keyword ngxDirective fastcgi_send_lowat syn keyword ngxDirective fastcgi_send_timeout syn keyword ngxDirective fastcgi_split_path_info syn keyword ngxDirective fastcgi_store syn keyword ngxDirective fastcgi_store_access syn keyword ngxDirective fastcgi_temp_file_write_size syn keyword ngxDirective fastcgi_temp_path syn keyword ngxDirective flv @@ -180,78 +220,110 @@ syn keyword ngxDirective gzip_http_versi syn keyword ngxDirective gzip_min_length syn keyword ngxDirective gzip_no_buffer syn keyword ngxDirective gzip_proxied syn keyword ngxDirective gzip_static syn keyword ngxDirective gzip_types syn keyword ngxDirective gzip_vary syn keyword ngxDirective gzip_window syn keyword ngxDirective hash +syn keyword ngxDirective health_check +syn keyword ngxDirective health_check_timeout +syn keyword ngxDirective hls +syn keyword ngxDirective hls_buffers +syn keyword ngxDirective hls_forward_args +syn keyword ngxDirective hls_fragment +syn keyword ngxDirective hls_mp4_buffer_size +syn keyword ngxDirective hls_mp4_max_buffer_size +syn keyword ngxDirective http2 " Not a real directive +syn keyword ngxDirective http2_chunk_size +syn keyword ngxDirective http2_body_preread_size +syn keyword ngxDirective http2_idle_timeout +syn keyword ngxDirective http2_max_concurrent_streams +syn keyword ngxDirective http2_max_field_size +syn keyword ngxDirective http2_max_header_size +syn keyword ngxDirective http2_max_requests +syn keyword ngxDirective http2_recv_buffer_size +syn keyword ngxDirective http2_recv_timeout syn keyword ngxDirective if_modified_since syn keyword ngxDirective ignore_invalid_headers syn keyword ngxDirective image_filter syn keyword ngxDirective image_filter_buffer syn keyword ngxDirective image_filter_interlace syn keyword ngxDirective image_filter_jpeg_quality syn keyword ngxDirective image_filter_sharpen syn keyword ngxDirective image_filter_transparency +syn keyword ngxDirective image_filter_webp_quality syn keyword ngxDirective imap_auth syn keyword ngxDirective imap_capabilities syn keyword ngxDirective imap_client_buffer syn keyword ngxDirective index syn keyword ngxDirective iocp_threads syn keyword ngxDirective ip_hash +syn keyword ngxDirective js_access +syn keyword ngxDirective js_content +syn keyword ngxDirective js_filter +syn keyword ngxDirective js_include +syn keyword ngxDirective js_preread +syn keyword ngxDirective js_set syn keyword ngxDirective keepalive syn keyword ngxDirective keepalive_disable syn keyword ngxDirective keepalive_requests syn keyword ngxDirective keepalive_timeout syn keyword ngxDirective kqueue_changes syn keyword ngxDirective kqueue_events syn keyword ngxDirective large_client_header_buffers syn keyword ngxDirective least_conn +syn keyword ngxDirective least_time syn keyword ngxDirective limit_conn syn keyword ngxDirective limit_conn_log_level syn keyword ngxDirective limit_conn_status syn keyword ngxDirective limit_conn_zone syn keyword ngxDirective limit_rate syn keyword ngxDirective limit_rate_after syn keyword ngxDirective limit_req syn keyword ngxDirective limit_req_log_level syn keyword ngxDirective limit_req_status syn keyword ngxDirective limit_req_zone syn keyword ngxDirective lingering_close syn keyword ngxDirective lingering_time syn keyword ngxDirective lingering_timeout +syn keyword ngxDirective load_module syn keyword ngxDirective lock_file syn keyword ngxDirective log_format syn keyword ngxDirective log_not_found syn keyword ngxDirective log_subrequest syn keyword ngxDirective map_hash_bucket_size syn keyword ngxDirective map_hash_max_size +syn keyword ngxDirective match syn keyword ngxDirective master_process syn keyword ngxDirective max_ranges syn keyword ngxDirective memcached_bind syn keyword ngxDirective memcached_buffer_size syn keyword ngxDirective memcached_connect_timeout +syn keyword ngxDirective memcached_force_ranges syn keyword ngxDirective memcached_gzip_flag syn keyword ngxDirective memcached_next_upstream syn keyword ngxDirective memcached_next_upstream_timeout syn keyword ngxDirective memcached_next_upstream_tries syn keyword ngxDirective memcached_read_timeout syn keyword ngxDirective memcached_send_timeout syn keyword ngxDirective merge_slashes syn keyword ngxDirective min_delete_depth syn keyword ngxDirective modern_browser syn keyword ngxDirective modern_browser_value syn keyword ngxDirective mp4 syn keyword ngxDirective mp4_buffer_size syn keyword ngxDirective mp4_max_buffer_size +syn keyword ngxDirective mp4_limit_rate +syn keyword ngxDirective mp4_limit_rate_after syn keyword ngxDirective msie_padding syn keyword ngxDirective msie_refresh syn keyword ngxDirective multi_accept +syn keyword ngxDirective ntlm syn keyword ngxDirective open_file_cache syn keyword ngxDirective open_file_cache_errors syn keyword ngxDirective open_file_cache_events syn keyword ngxDirective open_file_cache_min_uses syn keyword ngxDirective open_file_cache_valid syn keyword ngxDirective open_log_file_cache syn keyword ngxDirective output_buffers syn keyword ngxDirective override_charset @@ -262,76 +334,94 @@ syn keyword ngxDirective perl_require syn keyword ngxDirective perl_set syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output -syn keyword ngxDirective protocol +syn keyword ngxDirective preread_buffer_size +syn keyword ngxDirective preread_timeout +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite +syn keyword ngxMailProtocol imap pop3 smtp syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size syn keyword ngxDirective proxy_cache syn keyword ngxDirective proxy_cache_bypass +syn keyword ngxDirective proxy_cache_convert_head syn keyword ngxDirective proxy_cache_key syn keyword ngxDirective proxy_cache_lock +syn keyword ngxDirective proxy_cache_lock_age syn keyword ngxDirective proxy_cache_lock_timeout +syn keyword ngxDirective proxy_cache_max_range_offset syn keyword ngxDirective proxy_cache_methods syn keyword ngxDirective proxy_cache_min_uses syn keyword ngxDirective proxy_cache_path +syn keyword ngxDirective proxy_cache_purge syn keyword ngxDirective proxy_cache_revalidate syn keyword ngxDirective proxy_cache_use_stale syn keyword ngxDirective proxy_cache_valid syn keyword ngxDirective proxy_connect_timeout syn keyword ngxDirective proxy_cookie_domain syn keyword ngxDirective proxy_cookie_path +syn keyword ngxDirective proxy_download_rate syn keyword ngxDirective proxy_force_ranges syn keyword ngxDirective proxy_headers_hash_bucket_size syn keyword ngxDirective proxy_headers_hash_max_size syn keyword ngxDirective proxy_hide_header syn keyword ngxDirective proxy_http_version syn keyword ngxDirective proxy_ignore_client_abort syn keyword ngxDirective proxy_ignore_headers syn keyword ngxDirective proxy_intercept_errors +syn keyword ngxDirective proxy_limit_rate syn keyword ngxDirective proxy_max_temp_file_size syn keyword ngxDirective proxy_method syn keyword ngxDirective proxy_next_upstream syn keyword ngxDirective proxy_next_upstream_timeout syn keyword ngxDirective proxy_next_upstream_tries syn keyword ngxDirective proxy_no_cache syn keyword ngxDirective proxy_pass_error_message syn keyword ngxDirective proxy_pass_header syn keyword ngxDirective proxy_pass_request_body syn keyword ngxDirective proxy_pass_request_headers +syn keyword ngxDirective proxy_protocol +syn keyword ngxDirective proxy_protocol_timeout syn keyword ngxDirective proxy_read_timeout syn keyword ngxDirective proxy_redirect +syn keyword ngxDirective proxy_request_buffering +syn keyword ngxDirective proxy_responses syn keyword ngxDirective proxy_send_lowat syn keyword ngxDirective proxy_send_timeout syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header +syn keyword ngxDirective proxy_ssl_certificate +syn keyword ngxDirective proxy_ssl_certificate_key syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name -syn keyword ngxDirective proxy_ssl_protocols +syn keyword ngxDirective proxy_ssl_password_file +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size syn keyword ngxDirective proxy_temp_path syn keyword ngxDirective proxy_timeout +syn keyword ngxDirective proxy_upload_rate +syn keyword ngxDirective queue syn keyword ngxDirective random_index syn keyword ngxDirective read_ahead syn keyword ngxDirective real_ip_header syn keyword ngxDirective real_ip_recursive syn keyword ngxDirective recursive_error_pages syn keyword ngxDirective referer_hash_bucket_size syn keyword ngxDirective referer_hash_max_size syn keyword ngxDirective request_pool_size @@ -348,69 +438,70 @@ syn keyword ngxDirective scgi_bind syn keyword ngxDirective scgi_buffer_size syn keyword ngxDirective scgi_buffering syn keyword ngxDirective scgi_buffers syn keyword ngxDirective scgi_busy_buffers_size syn keyword ngxDirective scgi_cache syn keyword ngxDirective scgi_cache_bypass syn keyword ngxDirective scgi_cache_key syn keyword ngxDirective scgi_cache_lock +syn keyword ngxDirective scgi_cache_lock_age syn keyword ngxDirective scgi_cache_lock_timeout +syn keyword ngxDirective scgi_cache_max_range_offset syn keyword ngxDirective scgi_cache_methods syn keyword ngxDirective scgi_cache_min_uses syn keyword ngxDirective scgi_cache_path +syn keyword ngxDirective scgi_cache_purge syn keyword ngxDirective scgi_cache_revalidate syn keyword ngxDirective scgi_cache_use_stale syn keyword ngxDirective scgi_cache_valid syn keyword ngxDirective scgi_connect_timeout syn keyword ngxDirective scgi_force_ranges syn keyword ngxDirective scgi_hide_header syn keyword ngxDirective scgi_ignore_client_abort syn keyword ngxDirective scgi_ignore_headers syn keyword ngxDirective scgi_intercept_errors +syn keyword ngxDirective scgi_limit_rate syn keyword ngxDirective scgi_max_temp_file_size syn keyword ngxDirective scgi_next_upstream syn keyword ngxDirective scgi_next_upstream_timeout syn keyword ngxDirective scgi_next_upstream_tries syn keyword ngxDirective scgi_no_cache syn keyword ngxDirective scgi_param syn keyword ngxDirective scgi_pass_header syn keyword ngxDirective scgi_pass_request_body syn keyword ngxDirective scgi_pass_request_headers syn keyword ngxDirective scgi_read_timeout +syn keyword ngxDirective scgi_request_buffering syn keyword ngxDirective scgi_send_timeout syn keyword ngxDirective scgi_store syn keyword ngxDirective scgi_store_access syn keyword ngxDirective scgi_temp_file_write_size syn keyword ngxDirective scgi_temp_path syn keyword ngxDirective secure_link syn keyword ngxDirective secure_link_md5 syn keyword ngxDirective secure_link_secret syn keyword ngxDirective send_lowat syn keyword ngxDirective send_timeout syn keyword ngxDirective sendfile syn keyword ngxDirective sendfile_max_chunk syn keyword ngxDirective server_name_in_redirect syn keyword ngxDirective server_names_hash_bucket_size syn keyword ngxDirective server_names_hash_max_size syn keyword ngxDirective server_tokens +syn keyword ngxDirective session_log +syn keyword ngxDirective session_log_format +syn keyword ngxDirective session_log_zone syn keyword ngxDirective set_real_ip_from +syn keyword ngxDirective slice syn keyword ngxDirective smtp_auth syn keyword ngxDirective smtp_capabilities syn keyword ngxDirective smtp_client_buffer syn keyword ngxDirective smtp_greeting_delay syn keyword ngxDirective source_charset -syn keyword ngxDirective spdy_chunk_size -syn keyword ngxDirective spdy_headers_comp -syn keyword ngxDirective spdy_keepalive_timeout -syn keyword ngxDirective spdy_max_concurrent_streams -syn keyword ngxDirective spdy_pool_size -syn keyword ngxDirective spdy_recv_buffer_size -syn keyword ngxDirective spdy_recv_timeout -syn keyword ngxDirective spdy_streams_index_size syn keyword ngxDirective ssi syn keyword ngxDirective ssi_ignore_recycled_buffers syn keyword ngxDirective ssi_last_modified syn keyword ngxDirective ssi_min_file_chunk syn keyword ngxDirective ssi_silent_errors syn keyword ngxDirective ssi_types syn keyword ngxDirective ssi_value_length syn keyword ngxDirective ssl @@ -418,45 +509,56 @@ syn keyword ngxDirective ssl_buffer_size syn keyword ngxDirective ssl_certificate syn keyword ngxDirective ssl_certificate_key syn keyword ngxDirective ssl_ciphers syn keyword ngxDirective ssl_client_certificate syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine +syn keyword ngxDirective ssl_handshake_timeout syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers -syn keyword ngxDirective ssl_protocols +syn keyword ngxDirective ssl_preread +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify syn keyword ngxDirective ssl_trusted_certificate syn keyword ngxDirective ssl_verify_client syn keyword ngxDirective ssl_verify_depth syn keyword ngxDirective starttls +syn keyword ngxDirective state +syn keyword ngxDirective status +syn keyword ngxDirective status_format +syn keyword ngxDirective status_zone +syn keyword ngxDirective sticky +syn keyword ngxDirective sticky_cookie_insert syn keyword ngxDirective stub_status syn keyword ngxDirective sub_filter syn keyword ngxDirective sub_filter_last_modified syn keyword ngxDirective sub_filter_once syn keyword ngxDirective sub_filter_types syn keyword ngxDirective tcp_nodelay syn keyword ngxDirective tcp_nopush +syn keyword ngxDirective thread_pool syn keyword ngxDirective thread_stack_size syn keyword ngxDirective timeout syn keyword ngxDirective timer_resolution syn keyword ngxDirective types_hash_bucket_size syn keyword ngxDirective types_hash_max_size syn keyword ngxDirective underscores_in_headers syn keyword ngxDirective uninitialized_variable_warn +syn keyword ngxDirective upstream_conf syn keyword ngxDirective use syn keyword ngxDirective user syn keyword ngxDirective userid syn keyword ngxDirective userid_domain syn keyword ngxDirective userid_expires syn keyword ngxDirective userid_mark syn keyword ngxDirective userid_name syn keyword ngxDirective userid_p3p @@ -466,46 +568,54 @@ syn keyword ngxDirective uwsgi_bind syn keyword ngxDirective uwsgi_buffer_size syn keyword ngxDirective uwsgi_buffering syn keyword ngxDirective uwsgi_buffers syn keyword ngxDirective uwsgi_busy_buffers_size syn keyword ngxDirective uwsgi_cache syn keyword ngxDirective uwsgi_cache_bypass syn keyword ngxDirective uwsgi_cache_key syn keyword ngxDirective uwsgi_cache_lock +syn keyword ngxDirective uwsgi_cache_lock_age syn keyword ngxDirective uwsgi_cache_lock_timeout syn keyword ngxDirective uwsgi_cache_methods syn keyword ngxDirective uwsgi_cache_min_uses syn keyword ngxDirective uwsgi_cache_path +syn keyword ngxDirective uwsgi_cache_purge syn keyword ngxDirective uwsgi_cache_revalidate syn keyword ngxDirective uwsgi_cache_use_stale syn keyword ngxDirective uwsgi_cache_valid syn keyword ngxDirective uwsgi_connect_timeout syn keyword ngxDirective uwsgi_force_ranges syn keyword ngxDirective uwsgi_hide_header syn keyword ngxDirective uwsgi_ignore_client_abort syn keyword ngxDirective uwsgi_ignore_headers syn keyword ngxDirective uwsgi_intercept_errors +syn keyword ngxDirective uwsgi_limit_rate syn keyword ngxDirective uwsgi_max_temp_file_size syn keyword ngxDirective uwsgi_modifier1 syn keyword ngxDirective uwsgi_modifier2 syn keyword ngxDirective uwsgi_next_upstream syn keyword ngxDirective uwsgi_next_upstream_timeout syn keyword ngxDirective uwsgi_next_upstream_tries syn keyword ngxDirective uwsgi_no_cache syn keyword ngxDirective uwsgi_param +syn keyword ngxDirective uwsgi_pass syn keyword ngxDirective uwsgi_pass_header syn keyword ngxDirective uwsgi_pass_request_body syn keyword ngxDirective uwsgi_pass_request_headers syn keyword ngxDirective uwsgi_read_timeout +syn keyword ngxDirective uwsgi_request_buffering syn keyword ngxDirective uwsgi_send_timeout +syn keyword ngxDirective uwsgi_ssl_certificate +syn keyword ngxDirective uwsgi_ssl_certificate_key syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name -syn keyword ngxDirective uwsgi_ssl_protocols +syn keyword ngxDirective uwsgi_ssl_password_file +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access syn keyword ngxDirective uwsgi_string @@ -526,311 +636,1507 @@ syn keyword ngxDirective worker_threads syn keyword ngxDirective working_directory syn keyword ngxDirective xclient syn keyword ngxDirective xml_entities syn keyword ngxDirective xslt_last_modified syn keyword ngxDirective xslt_param syn keyword ngxDirective xslt_string_param syn keyword ngxDirective xslt_stylesheet syn keyword ngxDirective xslt_types +syn keyword ngxDirective zone " 3rd party module list: -" http://wiki.nginx.org/Nginx3rdPartyModules +" https://www.nginx.com/resources/wiki/modules/ -" Accept Language Module +" Accept Language Module " Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. syn keyword ngxDirectiveThirdParty set_from_accept_language -" Access Key Module +" Access Key Module (DEPRECATED) " Denies access unless the request URL contains an access key. -syn keyword ngxDirectiveThirdParty accesskey -syn keyword ngxDirectiveThirdParty accesskey_arg -syn keyword ngxDirectiveThirdParty accesskey_hashmethod -syn keyword ngxDirectiveThirdParty accesskey_signature +syn keyword ngxDirectiveDeprecated accesskey +syn keyword ngxDirectiveDeprecated accesskey_arg +syn keyword ngxDirectiveDeprecated accesskey_hashmethod +syn keyword ngxDirectiveDeprecated accesskey_signature -" Auth PAM Module -" HTTP Basic Authentication using PAM. -syn keyword ngxDirectiveThirdParty auth_pam -syn keyword ngxDirectiveThirdParty auth_pam_service_name +" Asynchronous FastCGI Module +" Primarily a modified version of the Nginx FastCGI module which implements multiplexing of connections, allowing a single FastCGI server to handle many concurrent requests. +" syn keyword ngxDirectiveThirdParty fastcgi_bind +" syn keyword ngxDirectiveThirdParty fastcgi_buffer_size +" syn keyword ngxDirectiveThirdParty fastcgi_buffers +" syn keyword ngxDirectiveThirdParty fastcgi_busy_buffers_size +" syn keyword ngxDirectiveThirdParty fastcgi_cache +" syn keyword ngxDirectiveThirdParty fastcgi_cache_key +" syn keyword ngxDirectiveThirdParty fastcgi_cache_methods +" syn keyword ngxDirectiveThirdParty fastcgi_cache_min_uses +" syn keyword ngxDirectiveThirdParty fastcgi_cache_path +" syn keyword ngxDirectiveThirdParty fastcgi_cache_use_stale +" syn keyword ngxDirectiveThirdParty fastcgi_cache_valid +" syn keyword ngxDirectiveThirdParty fastcgi_catch_stderr +" syn keyword ngxDirectiveThirdParty fastcgi_connect_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_hide_header +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_client_abort +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_headers +" syn keyword ngxDirectiveThirdParty fastcgi_index +" syn keyword ngxDirectiveThirdParty fastcgi_intercept_errors +" syn keyword ngxDirectiveThirdParty fastcgi_max_temp_file_size +" syn keyword ngxDirectiveThirdParty fastcgi_next_upstream +" syn keyword ngxDirectiveThirdParty fastcgi_param +" syn keyword ngxDirectiveThirdParty fastcgi_pass +" syn keyword ngxDirectiveThirdParty fastcgi_pass_header +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_body +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_headers +" syn keyword ngxDirectiveThirdParty fastcgi_read_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_send_lowat +" syn keyword ngxDirectiveThirdParty fastcgi_send_timeout +" syn keyword ngxDirectiveThirdParty fastcgi_split_path_info +" syn keyword ngxDirectiveThirdParty fastcgi_store +" syn keyword ngxDirectiveThirdParty fastcgi_store_access +" syn keyword ngxDirectiveThirdParty fastcgi_temp_file_write_size +" syn keyword ngxDirectiveThirdParty fastcgi_temp_path +syn keyword ngxDirectiveThirdParty fastcgi_upstream_fail_timeout +syn keyword ngxDirectiveThirdParty fastcgi_upstream_max_fails -" Cache Purge Module -" Module adding ability to purge content from FastCGI and proxy caches. +" Akamai G2O Module +" Nginx Module for Authenticating Akamai G2O requests +syn keyword ngxDirectiveThirdParty g2o +syn keyword ngxDirectiveThirdParty g2o_nonce +syn keyword ngxDirectiveThirdParty g2o_key + +" Lua Module +" You can be very simple to execute lua code for nginx +syn keyword ngxDirectiveThirdParty lua_file + +" Array Variable Module +" Add support for array-typed variables to nginx config files +syn keyword ngxDirectiveThirdParty array_split +syn keyword ngxDirectiveThirdParty array_join +syn keyword ngxDirectiveThirdParty array_map +syn keyword ngxDirectiveThirdParty array_map_op + +" Nginx Audio Track for HTTP Live Streaming +" This nginx module generates audio track for hls streams on the fly. +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_rootpath +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_output_format +syn keyword ngxDirectiveThirdParty ngx_hls_audio_track_output_header + +" AWS Proxy Module +" Nginx module to proxy to authenticated AWS services +syn keyword ngxDirectiveThirdParty aws_access_key +syn keyword ngxDirectiveThirdParty aws_key_scope +syn keyword ngxDirectiveThirdParty aws_signing_key +syn keyword ngxDirectiveThirdParty aws_endpoint +syn keyword ngxDirectiveThirdParty aws_s3_bucket +syn keyword ngxDirectiveThirdParty aws_sign + +" Backtrace module +" A Nginx module to dump backtrace when a worker process exits abnormally +syn keyword ngxDirectiveThirdParty backtrace_log +syn keyword ngxDirectiveThirdParty backtrace_max_stack_size + +" Brotli Module +" Nginx module for Brotli compression +syn keyword ngxDirectiveThirdParty brotli_static +syn keyword ngxDirectiveThirdParty brotli +syn keyword ngxDirectiveThirdParty brotli_types +syn keyword ngxDirectiveThirdParty brotli_buffers +syn keyword ngxDirectiveThirdParty brotli_comp_level +syn keyword ngxDirectiveThirdParty brotli_window +syn keyword ngxDirectiveThirdParty brotli_min_length + +" Cache Purge Module +" Adds ability to purge content from FastCGI, proxy, SCGI and uWSGI caches. syn keyword ngxDirectiveThirdParty fastcgi_cache_purge syn keyword ngxDirectiveThirdParty proxy_cache_purge +" syn keyword ngxDirectiveThirdParty scgi_cache_purge +" syn keyword ngxDirectiveThirdParty uwsgi_cache_purge -" Chunkin Module +" Chunkin Module (DEPRECATED) " HTTP 1.1 chunked-encoding request body support for Nginx. -syn keyword ngxDirectiveThirdParty chunkin -syn keyword ngxDirectiveThirdParty chunkin_keepalive -syn keyword ngxDirectiveThirdParty chunkin_max_chunks_per_buf -syn keyword ngxDirectiveThirdParty chunkin_resume +syn keyword ngxDirectiveDeprecated chunkin +syn keyword ngxDirectiveDeprecated chunkin_keepalive +syn keyword ngxDirectiveDeprecated chunkin_max_chunks_per_buf +syn keyword ngxDirectiveDeprecated chunkin_resume -" Circle GIF Module +" Circle GIF Module " Generates simple circle images with the colors and size specified in the URL. syn keyword ngxDirectiveThirdParty circle_gif syn keyword ngxDirectiveThirdParty circle_gif_max_radius syn keyword ngxDirectiveThirdParty circle_gif_min_radius syn keyword ngxDirectiveThirdParty circle_gif_step_radius -" Drizzle Module -" Make nginx talk directly to mysql, drizzle, and sqlite3 by libdrizzle. +" Nginx-Clojure Module +" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +syn keyword ngxDirectiveThirdParty jvm_path +syn keyword ngxDirectiveThirdParty jvm_var +syn keyword ngxDirectiveThirdParty jvm_classpath +syn keyword ngxDirectiveThirdParty jvm_classpath_check +syn keyword ngxDirectiveThirdParty jvm_workers +syn keyword ngxDirectiveThirdParty jvm_options +syn keyword ngxDirectiveThirdParty jvm_handler_type +syn keyword ngxDirectiveThirdParty jvm_init_handler_name +syn keyword ngxDirectiveThirdParty jvm_init_handler_code +syn keyword ngxDirectiveThirdParty jvm_exit_handler_name +syn keyword ngxDirectiveThirdParty jvm_exit_handler_code +syn keyword ngxDirectiveThirdParty handlers_lazy_init +syn keyword ngxDirectiveThirdParty auto_upgrade_ws +syn keyword ngxDirectiveThirdParty content_handler_type +syn keyword ngxDirectiveThirdParty content_handler_name +syn keyword ngxDirectiveThirdParty content_handler_code +syn keyword ngxDirectiveThirdParty rewrite_handler_type +syn keyword ngxDirectiveThirdParty rewrite_handler_name +syn keyword ngxDirectiveThirdParty rewrite_handler_code +syn keyword ngxDirectiveThirdParty access_handler_type +syn keyword ngxDirectiveThirdParty access_handler_name +syn keyword ngxDirectiveThirdParty access_handler_code +syn keyword ngxDirectiveThirdParty header_filter_type +syn keyword ngxDirectiveThirdParty header_filter_name +syn keyword ngxDirectiveThirdParty header_filter_code +syn keyword ngxDirectiveThirdParty content_handler_property +syn keyword ngxDirectiveThirdParty rewrite_handler_property +syn keyword ngxDirectiveThirdParty access_handler_property +syn keyword ngxDirectiveThirdParty header_filter_property +syn keyword ngxDirectiveThirdParty always_read_body +syn keyword ngxDirectiveThirdParty shared_map +syn keyword ngxDirectiveThirdParty write_page_size + +" Upstream Consistent Hash +" A load balancer that uses an internal consistent hash ring to select the right backend node. +syn keyword ngxDirectiveThirdParty consistent_hash + +" Nginx Development Kit +" The NDK is an Nginx module that is designed to extend the core functionality of the excellent Nginx webserver in a way that can be used as a basis of other Nginx modules. +" NDK_UPSTREAM_LIST +" This submodule provides a directive that creates a list of upstreams, with optional weighting. This list can then be used by other modules to hash over the upstreams however they choose. +syn keyword ngxDirectiveThirdParty upstream_list + +" Drizzle Module +" Upstream module for talking to MySQL and Drizzle directly +syn keyword ngxDirectiveThirdParty drizzle_server +syn keyword ngxDirectiveThirdParty drizzle_keepalive +syn keyword ngxDirectiveThirdParty drizzle_query +syn keyword ngxDirectiveThirdParty drizzle_pass syn keyword ngxDirectiveThirdParty drizzle_connect_timeout -syn keyword ngxDirectiveThirdParty drizzle_dbname -syn keyword ngxDirectiveThirdParty drizzle_keepalive -syn keyword ngxDirectiveThirdParty drizzle_module_header -syn keyword ngxDirectiveThirdParty drizzle_pass -syn keyword ngxDirectiveThirdParty drizzle_query +syn keyword ngxDirectiveThirdParty drizzle_send_query_timeout syn keyword ngxDirectiveThirdParty drizzle_recv_cols_timeout syn keyword ngxDirectiveThirdParty drizzle_recv_rows_timeout -syn keyword ngxDirectiveThirdParty drizzle_send_query_timeout -syn keyword ngxDirectiveThirdParty drizzle_server +syn keyword ngxDirectiveThirdParty drizzle_buffer_size +syn keyword ngxDirectiveThirdParty drizzle_module_header +syn keyword ngxDirectiveThirdParty drizzle_status -" Echo Module -" Brings 'echo', 'sleep', 'time', 'exec' and more shell-style goodies to Nginx config file. +" Dynamic ETags Module +" Attempt at handling ETag / If-None-Match on proxied content. +syn keyword ngxDirectiveThirdParty dynamic_etags + +" Echo Module +" Bringing the power of "echo", "sleep", "time" and more to Nginx's config file syn keyword ngxDirectiveThirdParty echo -syn keyword ngxDirectiveThirdParty echo_after_body -syn keyword ngxDirectiveThirdParty echo_before_body +syn keyword ngxDirectiveThirdParty echo_duplicate +syn keyword ngxDirectiveThirdParty echo_flush +syn keyword ngxDirectiveThirdParty echo_sleep syn keyword ngxDirectiveThirdParty echo_blocking_sleep -syn keyword ngxDirectiveThirdParty echo_duplicate -syn keyword ngxDirectiveThirdParty echo_end -syn keyword ngxDirectiveThirdParty echo_exec -syn keyword ngxDirectiveThirdParty echo_flush +syn keyword ngxDirectiveThirdParty echo_reset_timer +syn keyword ngxDirectiveThirdParty echo_read_request_body +syn keyword ngxDirectiveThirdParty echo_location_async +syn keyword ngxDirectiveThirdParty echo_location +syn keyword ngxDirectiveThirdParty echo_subrequest_async +syn keyword ngxDirectiveThirdParty echo_subrequest syn keyword ngxDirectiveThirdParty echo_foreach_split -syn keyword ngxDirectiveThirdParty echo_location -syn keyword ngxDirectiveThirdParty echo_location_async -syn keyword ngxDirectiveThirdParty echo_read_request_body +syn keyword ngxDirectiveThirdParty echo_end syn keyword ngxDirectiveThirdParty echo_request_body -syn keyword ngxDirectiveThirdParty echo_reset_timer -syn keyword ngxDirectiveThirdParty echo_sleep -syn keyword ngxDirectiveThirdParty echo_subrequest -syn keyword ngxDirectiveThirdParty echo_subrequest_async +syn keyword ngxDirectiveThirdParty echo_exec +syn keyword ngxDirectiveThirdParty echo_status +syn keyword ngxDirectiveThirdParty echo_before_body +syn keyword ngxDirectiveThirdParty echo_after_body -" Events Module +" Encrypted Session Module +" Encrypt and decrypt nginx variable values +syn keyword ngxDirectiveThirdParty encrypted_session_key +syn keyword ngxDirectiveThirdParty encrypted_session_iv +syn keyword ngxDirectiveThirdParty encrypted_session_expires +syn keyword ngxDirectiveThirdParty set_encrypt_session +syn keyword ngxDirectiveThirdParty set_decrypt_session + +" Enhanced Memcached Module +" This module is based on the standard Nginx Memcached module, with some additonal features +syn keyword ngxDirectiveThirdParty enhanced_memcached_pass +syn keyword ngxDirectiveThirdParty enhanced_memcached_hash_keys_with_md5 +syn keyword ngxDirectiveThirdParty enhanced_memcached_allow_put +syn keyword ngxDirectiveThirdParty enhanced_memcached_allow_delete +syn keyword ngxDirectiveThirdParty enhanced_memcached_stats +syn keyword ngxDirectiveThirdParty enhanced_memcached_flush +syn keyword ngxDirectiveThirdParty enhanced_memcached_flush_namespace +syn keyword ngxDirectiveThirdParty enhanced_memcached_bind +syn keyword ngxDirectiveThirdParty enhanced_memcached_connect_timeout +syn keyword ngxDirectiveThirdParty enhanced_memcached_send_timeout +syn keyword ngxDirectiveThirdParty enhanced_memcached_buffer_size +syn keyword ngxDirectiveThirdParty enhanced_memcached_read_timeout + +" Events Module (DEPRECATED) " Provides options for start/stop events. -syn keyword ngxDirectiveThirdParty on_start -syn keyword ngxDirectiveThirdParty on_stop +syn keyword ngxDirectiveDeprecated on_start +syn keyword ngxDirectiveDeprecated on_stop -" EY Balancer Module +" EY Balancer Module " Adds a request queue to Nginx that allows the limiting of concurrent requests passed to the upstream. syn keyword ngxDirectiveThirdParty max_connections syn keyword ngxDirectiveThirdParty max_connections_max_queue_length syn keyword ngxDirectiveThirdParty max_connections_queue_timeout -" Fancy Indexes Module +" Upstream Fair Balancer +" Sends an incoming request to the least-busy backend server, rather than distributing requests round-robin. +syn keyword ngxDirectiveThirdParty fair +syn keyword ngxDirectiveThirdParty upstream_fair_shm_size + +" Fancy Indexes Module " Like the built-in autoindex module, but fancier. syn keyword ngxDirectiveThirdParty fancyindex +syn keyword ngxDirectiveThirdParty fancyindex_default_sort +syn keyword ngxDirectiveThirdParty fancyindex_directories_first +syn keyword ngxDirectiveThirdParty fancyindex_css_href syn keyword ngxDirectiveThirdParty fancyindex_exact_size +syn keyword ngxDirectiveThirdParty fancyindex_name_length syn keyword ngxDirectiveThirdParty fancyindex_footer syn keyword ngxDirectiveThirdParty fancyindex_header +syn keyword ngxDirectiveThirdParty fancyindex_show_path +syn keyword ngxDirectiveThirdParty fancyindex_ignore +syn keyword ngxDirectiveThirdParty fancyindex_hide_symlinks syn keyword ngxDirectiveThirdParty fancyindex_localtime -syn keyword ngxDirectiveThirdParty fancyindex_readme -syn keyword ngxDirectiveThirdParty fancyindex_readme_mode +syn keyword ngxDirectiveThirdParty fancyindex_time_format + +" Form Auth Module +" Provides authentication and authorization with credentials submitted via POST request +syn keyword ngxDirectiveThirdParty form_auth +syn keyword ngxDirectiveThirdParty form_auth_pam_service +syn keyword ngxDirectiveThirdParty form_auth_login +syn keyword ngxDirectiveThirdParty form_auth_password +syn keyword ngxDirectiveThirdParty form_auth_remote_user + +" Form Input Module +" Reads HTTP POST and PUT request body encoded in "application/x-www-form-urlencoded" and parses the arguments into nginx variables. +syn keyword ngxDirectiveThirdParty set_form_input +syn keyword ngxDirectiveThirdParty set_form_input_multi " GeoIP Module (DEPRECATED) " Country code lookups via the MaxMind GeoIP API. -syn keyword ngxDirectiveThirdParty geoip_country_file +syn keyword ngxDirectiveDeprecated geoip_country_file -" Headers More Module +" GeoIP 2 Module +" Creates variables with values from the maxmind geoip2 databases based on the client IP +syn keyword ngxDirectiveThirdParty geoip2 + +" GridFS Module +" Nginx module for serving files from MongoDB's GridFS +syn keyword ngxDirectiveThirdParty gridfs + +" Headers More Module " Set and clear input and output headers...more than "add"! syn keyword ngxDirectiveThirdParty more_clear_headers syn keyword ngxDirectiveThirdParty more_clear_input_headers syn keyword ngxDirectiveThirdParty more_set_headers syn keyword ngxDirectiveThirdParty more_set_input_headers -" HTTP Push Module -" Turn Nginx into an adept long-polling HTTP Push (Comet) server. -syn keyword ngxDirectiveThirdParty push_buffer_size -syn keyword ngxDirectiveThirdParty push_listener -syn keyword ngxDirectiveThirdParty push_message_timeout -syn keyword ngxDirectiveThirdParty push_queue_messages -syn keyword ngxDirectiveThirdParty push_sender +" Health Checks Upstreams Module +" Polls backends and if they respond with HTTP 200 + an optional request body, they are marked good. Otherwise, they are marked bad. +syn keyword ngxDirectiveThirdParty healthcheck_enabled +syn keyword ngxDirectiveThirdParty healthcheck_delay +syn keyword ngxDirectiveThirdParty healthcheck_timeout +syn keyword ngxDirectiveThirdParty healthcheck_failcount +syn keyword ngxDirectiveThirdParty healthcheck_send +syn keyword ngxDirectiveThirdParty healthcheck_expected +syn keyword ngxDirectiveThirdParty healthcheck_buffer +syn keyword ngxDirectiveThirdParty healthcheck_status -" HTTP Redis Module > -" Redis support.> -syn keyword ngxDirectiveThirdParty redis_bind -syn keyword ngxDirectiveThirdParty redis_buffer_size -syn keyword ngxDirectiveThirdParty redis_connect_timeout -syn keyword ngxDirectiveThirdParty redis_next_upstream -syn keyword ngxDirectiveThirdParty redis_pass -syn keyword ngxDirectiveThirdParty redis_read_timeout -syn keyword ngxDirectiveThirdParty redis_send_timeout +" HTTP Accounting Module +" Add traffic stat function to nginx. Useful for http accounting based on nginx configuration logic +syn keyword ngxDirectiveThirdParty http_accounting +syn keyword ngxDirectiveThirdParty http_accounting_log +syn keyword ngxDirectiveThirdParty http_accounting_id +syn keyword ngxDirectiveThirdParty http_accounting_interval +syn keyword ngxDirectiveThirdParty http_accounting_perturb -" HTTP JavaScript Module +" Nginx Digest Authentication module +" Digest Authentication for Nginx +syn keyword ngxDirectiveThirdParty auth_digest +syn keyword ngxDirectiveThirdParty auth_digest_user_file +syn keyword ngxDirectiveThirdParty auth_digest_timeout +syn keyword ngxDirectiveThirdParty auth_digest_expires +syn keyword ngxDirectiveThirdParty auth_digest_replays +syn keyword ngxDirectiveThirdParty auth_digest_shm_size + +" Auth PAM Module +" HTTP Basic Authentication using PAM. +syn keyword ngxDirectiveThirdParty auth_pam +syn keyword ngxDirectiveThirdParty auth_pam_service_name + +" HTTP Auth Request Module +" Implements client authorization based on the result of a subrequest +" syn keyword ngxDirectiveThirdParty auth_request +" syn keyword ngxDirectiveThirdParty auth_request_set + +" HTTP Concatenation module for Nginx +" A Nginx module for concatenating files in a given context: CSS and JS files usually +syn keyword ngxDirectiveThirdParty concat +syn keyword ngxDirectiveThirdParty concat_types +syn keyword ngxDirectiveThirdParty concat_unique +syn keyword ngxDirectiveThirdParty concat_max_files +syn keyword ngxDirectiveThirdParty concat_delimiter +syn keyword ngxDirectiveThirdParty concat_ignore_file_error + +" HTTP Dynamic Upstream Module +" Update upstreams' config by restful interface +syn keyword ngxDirectiveThirdParty dyups_interface +syn keyword ngxDirectiveThirdParty dyups_read_msg_timeout +syn keyword ngxDirectiveThirdParty dyups_shm_zone_size +syn keyword ngxDirectiveThirdParty dyups_upstream_conf +syn keyword ngxDirectiveThirdParty dyups_trylock + +" HTTP Footer If Filter Module +" The ngx_http_footer_if_filter_module is used to add given content to the end of the response according to the condition specified. +syn keyword ngxDirectiveThirdParty footer_if + +" HTTP Footer Filter Module +" This module implements a body filter that adds a given string to the page footer. +syn keyword ngxDirectiveThirdParty footer +syn keyword ngxDirectiveThirdParty footer_types + +" HTTP Internal Redirect Module +" Make an internal redirect to the uri specified according to the condition specified. +syn keyword ngxDirectiveThirdParty internal_redirect_if +syn keyword ngxDirectiveThirdParty internal_redirect_if_no_postponed + +" HTTP JavaScript Module " Embedding SpiderMonkey. Nearly full port on Perl module. syn keyword ngxDirectiveThirdParty js syn keyword ngxDirectiveThirdParty js_filter syn keyword ngxDirectiveThirdParty js_filter_types syn keyword ngxDirectiveThirdParty js_load syn keyword ngxDirectiveThirdParty js_maxmem syn keyword ngxDirectiveThirdParty js_require syn keyword ngxDirectiveThirdParty js_set syn keyword ngxDirectiveThirdParty js_utf8 -" Log Request Speed +" HTTP Push Module (DEPRECATED) +" Turn Nginx into an adept long-polling HTTP Push (Comet) server. +syn keyword ngxDirectiveDeprecated push_buffer_size +syn keyword ngxDirectiveDeprecated push_listener +syn keyword ngxDirectiveDeprecated push_message_timeout +syn keyword ngxDirectiveDeprecated push_queue_messages +syn keyword ngxDirectiveDeprecated push_sender + +" HTTP Redis Module +" Redis support. +syn keyword ngxDirectiveThirdParty redis_bind +syn keyword ngxDirectiveThirdParty redis_buffer_size +syn keyword ngxDirectiveThirdParty redis_connect_timeout +syn keyword ngxDirectiveThirdParty redis_next_upstream +syn keyword ngxDirectiveThirdParty redis_pass +syn keyword ngxDirectiveThirdParty redis_read_timeout +syn keyword ngxDirectiveThirdParty redis_send_timeout + +" Iconv Module +" A character conversion nginx module using libiconv +syn keyword ngxDirectiveThirdParty set_iconv +syn keyword ngxDirectiveThirdParty iconv_buffer_size +syn keyword ngxDirectiveThirdParty iconv_filter + +" IP Blocker Module +" An efficient shared memory IP blocking system for nginx. +syn keyword ngxDirectiveThirdParty ip_blocker + +" IP2Location Module +" Allows user to lookup for geolocation information using IP2Location database +syn keyword ngxDirectiveThirdParty ip2location_database + +" JS Module +" Reflect the nginx functionality in JS +syn keyword ngxDirectiveThirdParty js +syn keyword ngxDirectiveThirdParty js_access +syn keyword ngxDirectiveThirdParty js_load +syn keyword ngxDirectiveThirdParty js_set + +" Limit Upload Rate Module +" Limit client-upload rate when they are sending request bodies to you +syn keyword ngxDirectiveThirdParty limit_upload_rate +syn keyword ngxDirectiveThirdParty limit_upload_rate_after + +" Limit Upstream Module +" Limit the number of connections to upstream for NGINX +syn keyword ngxDirectiveThirdParty limit_upstream_zone +syn keyword ngxDirectiveThirdParty limit_upstream_conn +syn keyword ngxDirectiveThirdParty limit_upstream_log_level + +" Log If Module +" Conditional accesslog for nginx +syn keyword ngxDirectiveThirdParty access_log_bypass_if + +" Log Request Speed (DEPRECATED) " Log the time it took to process each request. -syn keyword ngxDirectiveThirdParty log_request_speed_filter -syn keyword ngxDirectiveThirdParty log_request_speed_filter_timeout +syn keyword ngxDirectiveDeprecated log_request_speed_filter +syn keyword ngxDirectiveDeprecated log_request_speed_filter_timeout -" Memc Module +" Log ZeroMQ Module +" ZeroMQ logger module for nginx +syn keyword ngxDirectiveThirdParty log_zmq_server +syn keyword ngxDirectiveThirdParty log_zmq_endpoint +syn keyword ngxDirectiveThirdParty log_zmq_format +syn keyword ngxDirectiveThirdParty log_zmq_off + +" Lower/UpperCase Module +" This module simply uppercases or lowercases a string and saves it into a new variable. +syn keyword ngxDirectiveThirdParty lower +syn keyword ngxDirectiveThirdParty upper + +" Lua Upstream Module +" Nginx C module to expose Lua API to ngx_lua for Nginx upstreams + +" Lua Module +" Embed the Power of Lua into NGINX HTTP servers +syn keyword ngxDirectiveThirdParty lua_use_default_type +syn keyword ngxDirectiveThirdParty lua_malloc_trim +syn keyword ngxDirectiveThirdParty lua_code_cache +syn keyword ngxDirectiveThirdParty lua_regex_cache_max_entries +syn keyword ngxDirectiveThirdParty lua_regex_match_limit +syn keyword ngxDirectiveThirdParty lua_package_path +syn keyword ngxDirectiveThirdParty lua_package_cpath +syn keyword ngxDirectiveThirdParty init_by_lua +syn keyword ngxDirectiveThirdParty init_by_lua_block +syn keyword ngxDirectiveThirdParty init_by_lua_file +syn keyword ngxDirectiveThirdParty init_worker_by_lua +syn keyword ngxDirectiveThirdParty init_worker_by_lua_block +syn keyword ngxDirectiveThirdParty init_worker_by_lua_file +syn keyword ngxDirectiveThirdParty set_by_lua +syn keyword ngxDirectiveThirdParty set_by_lua_block +syn keyword ngxDirectiveThirdParty set_by_lua_file +syn keyword ngxDirectiveThirdParty content_by_lua +syn keyword ngxDirectiveThirdParty content_by_lua_block +syn keyword ngxDirectiveThirdParty content_by_lua_file +syn keyword ngxDirectiveThirdParty rewrite_by_lua +syn keyword ngxDirectiveThirdParty rewrite_by_lua_block +syn keyword ngxDirectiveThirdParty rewrite_by_lua_file +syn keyword ngxDirectiveThirdParty access_by_lua +syn keyword ngxDirectiveThirdParty access_by_lua_block +syn keyword ngxDirectiveThirdParty access_by_lua_file +syn keyword ngxDirectiveThirdParty header_filter_by_lua +syn keyword ngxDirectiveThirdParty header_filter_by_lua_block +syn keyword ngxDirectiveThirdParty header_filter_by_lua_file +syn keyword ngxDirectiveThirdParty body_filter_by_lua +syn keyword ngxDirectiveThirdParty body_filter_by_lua_block +syn keyword ngxDirectiveThirdParty body_filter_by_lua_file +syn keyword ngxDirectiveThirdParty log_by_lua +syn keyword ngxDirectiveThirdParty log_by_lua_block +syn keyword ngxDirectiveThirdParty log_by_lua_file +syn keyword ngxDirectiveThirdParty balancer_by_lua_block +syn keyword ngxDirectiveThirdParty balancer_by_lua_file +syn keyword ngxDirectiveThirdParty lua_need_request_body +syn keyword ngxDirectiveThirdParty ssl_certificate_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_certificate_by_lua_file +syn keyword ngxDirectiveThirdParty ssl_session_fetch_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_session_fetch_by_lua_file +syn keyword ngxDirectiveThirdParty ssl_session_store_by_lua_block +syn keyword ngxDirectiveThirdParty ssl_session_store_by_lua_file +syn keyword ngxDirectiveThirdParty lua_shared_dict +syn keyword ngxDirectiveThirdParty lua_socket_connect_timeout +syn keyword ngxDirectiveThirdParty lua_socket_send_timeout +syn keyword ngxDirectiveThirdParty lua_socket_send_lowat +syn keyword ngxDirectiveThirdParty lua_socket_read_timeout +syn keyword ngxDirectiveThirdParty lua_socket_buffer_size +syn keyword ngxDirectiveThirdParty lua_socket_pool_size +syn keyword ngxDirectiveThirdParty lua_socket_keepalive_timeout +syn keyword ngxDirectiveThirdParty lua_socket_log_errors +syn keyword ngxDirectiveThirdParty lua_ssl_ciphers +syn keyword ngxDirectiveThirdParty lua_ssl_crl +syn keyword ngxDirectiveThirdParty lua_ssl_protocols +syn keyword ngxDirectiveThirdParty lua_ssl_trusted_certificate +syn keyword ngxDirectiveThirdParty lua_ssl_verify_depth +syn keyword ngxDirectiveThirdParty lua_http10_buffering +syn keyword ngxDirectiveThirdParty rewrite_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty access_by_lua_no_postpone +syn keyword ngxDirectiveThirdParty lua_transform_underscores_in_response_headers +syn keyword ngxDirectiveThirdParty lua_check_client_abort +syn keyword ngxDirectiveThirdParty lua_max_pending_timers +syn keyword ngxDirectiveThirdParty lua_max_running_timers + +" MD5 Filter Module +" A content filter for nginx, which returns the md5 hash of the content otherwise returned. +syn keyword ngxDirectiveThirdParty md5_filter + +" Memc Module " An extended version of the standard memcached module that supports set, add, delete, and many more memcached commands. syn keyword ngxDirectiveThirdParty memc_buffer_size syn keyword ngxDirectiveThirdParty memc_cmds_allowed syn keyword ngxDirectiveThirdParty memc_connect_timeout syn keyword ngxDirectiveThirdParty memc_flags_to_last_modified syn keyword ngxDirectiveThirdParty memc_next_upstream syn keyword ngxDirectiveThirdParty memc_pass syn keyword ngxDirectiveThirdParty memc_read_timeout syn keyword ngxDirectiveThirdParty memc_send_timeout syn keyword ngxDirectiveThirdParty memc_upstream_fail_timeout syn keyword ngxDirectiveThirdParty memc_upstream_max_fails +" Mod Security Module +" ModSecurity is an open source, cross platform web application firewall (WAF) engine +syn keyword ngxDirectiveThirdParty ModSecurityConfig +syn keyword ngxDirectiveThirdParty ModSecurityEnabled +syn keyword ngxDirectiveThirdParty pool_context +syn keyword ngxDirectiveThirdParty pool_context_hash_size + " Mogilefs Module -" Implements a MogileFS client, provides a replace to the Perlbal reverse proxy of the original MogileFS. +" MogileFS client for nginx web server. +syn keyword ngxDirectiveThirdParty mogilefs_pass +syn keyword ngxDirectiveThirdParty mogilefs_methods +syn keyword ngxDirectiveThirdParty mogilefs_domain +syn keyword ngxDirectiveThirdParty mogilefs_class +syn keyword ngxDirectiveThirdParty mogilefs_tracker +syn keyword ngxDirectiveThirdParty mogilefs_noverify syn keyword ngxDirectiveThirdParty mogilefs_connect_timeout -syn keyword ngxDirectiveThirdParty mogilefs_domain -syn keyword ngxDirectiveThirdParty mogilefs_methods -syn keyword ngxDirectiveThirdParty mogilefs_noverify -syn keyword ngxDirectiveThirdParty mogilefs_pass +syn keyword ngxDirectiveThirdParty mogilefs_send_timeout syn keyword ngxDirectiveThirdParty mogilefs_read_timeout -syn keyword ngxDirectiveThirdParty mogilefs_send_timeout -syn keyword ngxDirectiveThirdParty mogilefs_tracker -" MP4 Streaming Lite Module +" Mongo Module +" Upstream module that allows nginx to communicate directly with MongoDB database. +syn keyword ngxDirectiveThirdParty mongo_auth +syn keyword ngxDirectiveThirdParty mongo_pass +syn keyword ngxDirectiveThirdParty mongo_query +syn keyword ngxDirectiveThirdParty mongo_json +syn keyword ngxDirectiveThirdParty mongo_bind +syn keyword ngxDirectiveThirdParty mongo_connect_timeout +syn keyword ngxDirectiveThirdParty mongo_send_timeout +syn keyword ngxDirectiveThirdParty mongo_read_timeout +syn keyword ngxDirectiveThirdParty mongo_buffering +syn keyword ngxDirectiveThirdParty mongo_buffer_size +syn keyword ngxDirectiveThirdParty mongo_buffers +syn keyword ngxDirectiveThirdParty mongo_busy_buffers_size +syn keyword ngxDirectiveThirdParty mongo_next_upstream + +" MP4 Streaming Lite Module " Will seek to a certain time within H.264/MP4 files when provided with a 'start' parameter in the URL. -syn keyword ngxDirectiveThirdParty mp4 +" syn keyword ngxDirectiveThirdParty mp4 -" Nginx Notice Module +" NAXSI Module +" NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX +syn keyword ngxDirectiveThirdParty DeniedUrl denied_url +syn keyword ngxDirectiveThirdParty LearningMode learning_mode +syn keyword ngxDirectiveThirdParty SecRulesEnabled rules_enabled +syn keyword ngxDirectiveThirdParty SecRulesDisabled rules_disabled +syn keyword ngxDirectiveThirdParty CheckRule check_rule +syn keyword ngxDirectiveThirdParty BasicRule basic_rule +syn keyword ngxDirectiveThirdParty MainRule main_rule +syn keyword ngxDirectiveThirdParty LibInjectionSql libinjection_sql +syn keyword ngxDirectiveThirdParty LibInjectionXss libinjection_xss + +" Nchan Module +" Fast, horizontally scalable, multiprocess pub/sub queuing server and proxy for HTTP, long-polling, Websockets and EventSource (SSE) +syn keyword ngxDirectiveThirdParty nchan_channel_id +syn keyword ngxDirectiveThirdParty nchan_channel_id_split_delimiter +syn keyword ngxDirectiveThirdParty nchan_eventsource_event +syn keyword ngxDirectiveThirdParty nchan_longpoll_multipart_response +syn keyword ngxDirectiveThirdParty nchan_publisher +syn keyword ngxDirectiveThirdParty nchan_publisher_channel_id +syn keyword ngxDirectiveThirdParty nchan_publisher_upstream_request +syn keyword ngxDirectiveThirdParty nchan_pubsub +syn keyword ngxDirectiveThirdParty nchan_subscribe_request +syn keyword ngxDirectiveThirdParty nchan_subscriber +syn keyword ngxDirectiveThirdParty nchan_subscriber_channel_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_compound_etag_message_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_first_message +syn keyword ngxDirectiveThirdParty nchan_subscriber_http_raw_stream_separator +syn keyword ngxDirectiveThirdParty nchan_subscriber_last_message_id +syn keyword ngxDirectiveThirdParty nchan_subscriber_message_id_custom_etag_header +syn keyword ngxDirectiveThirdParty nchan_subscriber_timeout +syn keyword ngxDirectiveThirdParty nchan_unsubscribe_request +syn keyword ngxDirectiveThirdParty nchan_websocket_ping_interval +syn keyword ngxDirectiveThirdParty nchan_authorize_request +syn keyword ngxDirectiveThirdParty nchan_max_reserved_memory +syn keyword ngxDirectiveThirdParty nchan_message_buffer_length +syn keyword ngxDirectiveThirdParty nchan_message_timeout +syn keyword ngxDirectiveThirdParty nchan_redis_idle_channel_cache_timeout +syn keyword ngxDirectiveThirdParty nchan_redis_namespace +syn keyword ngxDirectiveThirdParty nchan_redis_pass +syn keyword ngxDirectiveThirdParty nchan_redis_ping_interval +syn keyword ngxDirectiveThirdParty nchan_redis_server +syn keyword ngxDirectiveThirdParty nchan_redis_storage_mode +syn keyword ngxDirectiveThirdParty nchan_redis_url +syn keyword ngxDirectiveThirdParty nchan_store_messages +syn keyword ngxDirectiveThirdParty nchan_use_redis +syn keyword ngxDirectiveThirdParty nchan_access_control_allow_origin +syn keyword ngxDirectiveThirdParty nchan_channel_group +syn keyword ngxDirectiveThirdParty nchan_channel_group_accounting +syn keyword ngxDirectiveThirdParty nchan_group_location +syn keyword ngxDirectiveThirdParty nchan_group_max_channels +syn keyword ngxDirectiveThirdParty nchan_group_max_messages +syn keyword ngxDirectiveThirdParty nchan_group_max_messages_disk +syn keyword ngxDirectiveThirdParty nchan_group_max_messages_memory +syn keyword ngxDirectiveThirdParty nchan_group_max_subscribers +syn keyword ngxDirectiveThirdParty nchan_subscribe_existing_channels_only +syn keyword ngxDirectiveThirdParty nchan_channel_event_string +syn keyword ngxDirectiveThirdParty nchan_channel_events_channel_id +syn keyword ngxDirectiveThirdParty nchan_stub_status +syn keyword ngxDirectiveThirdParty nchan_max_channel_id_length +syn keyword ngxDirectiveThirdParty nchan_max_channel_subscribers +syn keyword ngxDirectiveThirdParty nchan_channel_timeout +syn keyword ngxDirectiveThirdParty nchan_storage_engine + +" Nginx Notice Module " Serve static file to POST requests. syn keyword ngxDirectiveThirdParty notice syn keyword ngxDirectiveThirdParty notice_type -" Phusion Passenger -" Easy and robust deployment of Ruby on Rails application on Apache and Nginx webservers. -syn keyword ngxDirectiveThirdParty passenger_base_uri -syn keyword ngxDirectiveThirdParty passenger_default_user +" OCSP Proxy Module +" Nginx OCSP processing module designed for response caching +syn keyword ngxDirectiveThirdParty ocsp_proxy +syn keyword ngxDirectiveThirdParty ocsp_cache_timeout + +" Eval Module +" Module for nginx web server evaluates response of proxy or memcached module into variables. +syn keyword ngxDirectiveThirdParty eval +syn keyword ngxDirectiveThirdParty eval_escalate +syn keyword ngxDirectiveThirdParty eval_buffer_size +syn keyword ngxDirectiveThirdParty eval_override_content_type +syn keyword ngxDirectiveThirdParty eval_subrequest_in_memory + +" OpenSSL Version Module +" Nginx OpenSSL version check at startup +syn keyword ngxDirectiveThirdParty openssl_version_minimum +syn keyword ngxDirectiveThirdParty openssl_builddate_minimum + +" Owner Match Module +" Control access for specific owners and groups of files +syn keyword ngxDirectiveThirdParty omallow +syn keyword ngxDirectiveThirdParty omdeny + +" Accept Language Module +" Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. +syn keyword ngxDirectiveThirdParty pagespeed + +" PHP Memcache Standard Balancer Module +" Loadbalancer that is compatible to the standard loadbalancer in the php-memcache module +syn keyword ngxDirectiveThirdParty hash_key + +" PHP Session Module +" Nginx module to parse php sessions +syn keyword ngxDirectiveThirdParty php_session_parse +syn keyword ngxDirectiveThirdParty php_session_strip_formatting + +" Phusion Passenger Module +" Passenger is an open source web application server. +syn keyword ngxDirectiveThirdParty passenger_root syn keyword ngxDirectiveThirdParty passenger_enabled -syn keyword ngxDirectiveThirdParty passenger_log_level -syn keyword ngxDirectiveThirdParty passenger_max_instances_per_app -syn keyword ngxDirectiveThirdParty passenger_max_pool_size -syn keyword ngxDirectiveThirdParty passenger_pool_idle_time -syn keyword ngxDirectiveThirdParty passenger_root +syn keyword ngxDirectiveThirdParty passenger_base_uri +syn keyword ngxDirectiveThirdParty passenger_document_root syn keyword ngxDirectiveThirdParty passenger_ruby -syn keyword ngxDirectiveThirdParty passenger_use_global_queue +syn keyword ngxDirectiveThirdParty passenger_python +syn keyword ngxDirectiveThirdParty passenger_nodejs +syn keyword ngxDirectiveThirdParty passenger_meteor_app_settings +syn keyword ngxDirectiveThirdParty passenger_app_env +syn keyword ngxDirectiveThirdParty passenger_app_root +syn keyword ngxDirectiveThirdParty passenger_app_group_name +syn keyword ngxDirectiveThirdParty passenger_app_type +syn keyword ngxDirectiveThirdParty passenger_startup_file +syn keyword ngxDirectiveThirdParty passenger_restart_dir +syn keyword ngxDirectiveThirdParty passenger_spawn_method +syn keyword ngxDirectiveThirdParty passenger_env_var +syn keyword ngxDirectiveThirdParty passenger_load_shell_envvars +syn keyword ngxDirectiveThirdParty passenger_rolling_restarts +syn keyword ngxDirectiveThirdParty passenger_resist_deployment_errors syn keyword ngxDirectiveThirdParty passenger_user_switching -syn keyword ngxDirectiveThirdParty rack_env -syn keyword ngxDirectiveThirdParty rails_app_spawner_idle_time -syn keyword ngxDirectiveThirdParty rails_env -syn keyword ngxDirectiveThirdParty rails_framework_spawner_idle_time -syn keyword ngxDirectiveThirdParty rails_spawn_method +syn keyword ngxDirectiveThirdParty passenger_user +syn keyword ngxDirectiveThirdParty passenger_group +syn keyword ngxDirectiveThirdParty passenger_default_user +syn keyword ngxDirectiveThirdParty passenger_default_group +syn keyword ngxDirectiveThirdParty passenger_show_version_in_header +syn keyword ngxDirectiveThirdParty passenger_friendly_error_pages +syn keyword ngxDirectiveThirdParty passenger_disable_security_update_check +syn keyword ngxDirectiveThirdParty passenger_security_update_check_proxy +syn keyword ngxDirectiveThirdParty passenger_max_pool_size +syn keyword ngxDirectiveThirdParty passenger_min_instances +syn keyword ngxDirectiveThirdParty passenger_max_instances +syn keyword ngxDirectiveThirdParty passenger_max_instances_per_app +syn keyword ngxDirectiveThirdParty passenger_pool_idle_time +syn keyword ngxDirectiveThirdParty passenger_max_preloader_idle_time +syn keyword ngxDirectiveThirdParty passenger_force_max_concurrent_requests_per_process +syn keyword ngxDirectiveThirdParty passenger_start_timeout +syn keyword ngxDirectiveThirdParty passenger_concurrency_model +syn keyword ngxDirectiveThirdParty passenger_thread_count +syn keyword ngxDirectiveThirdParty passenger_max_requests +syn keyword ngxDirectiveThirdParty passenger_max_request_time +syn keyword ngxDirectiveThirdParty passenger_memory_limit +syn keyword ngxDirectiveThirdParty passenger_stat_throttle_rate +syn keyword ngxDirectiveThirdParty passenger_core_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty passenger_app_file_descriptor_ulimit +syn keyword ngxDirectiveThirdParty passenger_pre_start +syn keyword ngxDirectiveThirdParty passenger_set_header +syn keyword ngxDirectiveThirdParty passenger_max_request_queue_size +syn keyword ngxDirectiveThirdParty passenger_request_queue_overflow_status_code +syn keyword ngxDirectiveThirdParty passenger_sticky_sessions +syn keyword ngxDirectiveThirdParty passenger_sticky_sessions_cookie_name +syn keyword ngxDirectiveThirdParty passenger_abort_websockets_on_process_shutdown +syn keyword ngxDirectiveThirdParty passenger_ignore_client_abort +syn keyword ngxDirectiveThirdParty passenger_intercept_errors +syn keyword ngxDirectiveThirdParty passenger_pass_header +syn keyword ngxDirectiveThirdParty passenger_ignore_headers +syn keyword ngxDirectiveThirdParty passenger_headers_hash_bucket_size +syn keyword ngxDirectiveThirdParty passenger_headers_hash_max_size +syn keyword ngxDirectiveThirdParty passenger_buffer_response +syn keyword ngxDirectiveThirdParty passenger_response_buffer_high_watermark +syn keyword ngxDirectiveThirdParty passenger_buffer_size, passenger_buffers, passenger_busy_buffers_size +syn keyword ngxDirectiveThirdParty passenger_socket_backlog +syn keyword ngxDirectiveThirdParty passenger_log_level +syn keyword ngxDirectiveThirdParty passenger_log_file +syn keyword ngxDirectiveThirdParty passenger_file_descriptor_log_file +syn keyword ngxDirectiveThirdParty passenger_debugger +syn keyword ngxDirectiveThirdParty passenger_instance_registry_dir +syn keyword ngxDirectiveThirdParty passenger_data_buffer_dir +syn keyword ngxDirectiveThirdParty passenger_fly_with +syn keyword ngxDirectiveThirdParty union_station_support +syn keyword ngxDirectiveThirdParty union_station_key +syn keyword ngxDirectiveThirdParty union_station_proxy_address +syn keyword ngxDirectiveThirdParty union_station_filter +syn keyword ngxDirectiveThirdParty union_station_gateway_address +syn keyword ngxDirectiveThirdParty union_station_gateway_port +syn keyword ngxDirectiveThirdParty union_station_gateway_cert +syn keyword ngxDirectiveDeprecated rails_spawn_method +syn keyword ngxDirectiveDeprecated passenger_debug_log_file -" RDS JSON Module -" Help ngx_drizzle and other DBD modules emit JSON data. +" Postgres Module +" Upstream module that allows nginx to communicate directly with PostgreSQL database. +syn keyword ngxDirectiveThirdParty postgres_server +syn keyword ngxDirectiveThirdParty postgres_keepalive +syn keyword ngxDirectiveThirdParty postgres_pass +syn keyword ngxDirectiveThirdParty postgres_query +syn keyword ngxDirectiveThirdParty postgres_rewrite +syn keyword ngxDirectiveThirdParty postgres_output +syn keyword ngxDirectiveThirdParty postgres_set +syn keyword ngxDirectiveThirdParty postgres_escape +syn keyword ngxDirectiveThirdParty postgres_connect_timeout +syn keyword ngxDirectiveThirdParty postgres_result_timeout + +" Pubcookie Module +" Authorizes users using encrypted cookies +syn keyword ngxDirectiveThirdParty pubcookie_inactive_expire +syn keyword ngxDirectiveThirdParty pubcookie_hard_expire +syn keyword ngxDirectiveThirdParty pubcookie_app_id +syn keyword ngxDirectiveThirdParty pubcookie_dir_depth +syn keyword ngxDirectiveThirdParty pubcookie_catenate_app_ids +syn keyword ngxDirectiveThirdParty pubcookie_app_srv_id +syn keyword ngxDirectiveThirdParty pubcookie_login +syn keyword ngxDirectiveThirdParty pubcookie_login_method +syn keyword ngxDirectiveThirdParty pubcookie_post +syn keyword ngxDirectiveThirdParty pubcookie_domain +syn keyword ngxDirectiveThirdParty pubcookie_granting_cert_file +syn keyword ngxDirectiveThirdParty pubcookie_session_key_file +syn keyword ngxDirectiveThirdParty pubcookie_session_cert_file +syn keyword ngxDirectiveThirdParty pubcookie_crypt_key_file +syn keyword ngxDirectiveThirdParty pubcookie_end_session +syn keyword ngxDirectiveThirdParty pubcookie_encryption +syn keyword ngxDirectiveThirdParty pubcookie_session_reauth +syn keyword ngxDirectiveThirdParty pubcookie_auth_type_names +syn keyword ngxDirectiveThirdParty pubcookie_no_prompt +syn keyword ngxDirectiveThirdParty pubcookie_on_demand +syn keyword ngxDirectiveThirdParty pubcookie_addl_request +syn keyword ngxDirectiveThirdParty pubcookie_no_obscure_cookies +syn keyword ngxDirectiveThirdParty pubcookie_no_clean_creds +syn keyword ngxDirectiveThirdParty pubcookie_egd_device +syn keyword ngxDirectiveThirdParty pubcookie_no_blank +syn keyword ngxDirectiveThirdParty pubcookie_super_debug +syn keyword ngxDirectiveThirdParty pubcookie_set_remote_user + +" Push Stream Module +" A pure stream http push technology for your Nginx setup +syn keyword ngxDirectiveThirdParty push_stream_channels_statistics +syn keyword ngxDirectiveThirdParty push_stream_publisher +syn keyword ngxDirectiveThirdParty push_stream_subscriber +syn keyword ngxDirectiveThirdParty push_stream_shared_memory_size +syn keyword ngxDirectiveThirdParty push_stream_channel_deleted_message_text +syn keyword ngxDirectiveThirdParty push_stream_channel_inactivity_time +syn keyword ngxDirectiveThirdParty push_stream_ping_message_text +syn keyword ngxDirectiveThirdParty push_stream_timeout_with_body +syn keyword ngxDirectiveThirdParty push_stream_message_ttl +syn keyword ngxDirectiveThirdParty push_stream_max_subscribers_per_channel +syn keyword ngxDirectiveThirdParty push_stream_max_messages_stored_per_channel +syn keyword ngxDirectiveThirdParty push_stream_max_channel_id_length +syn keyword ngxDirectiveThirdParty push_stream_max_number_of_channels +syn keyword ngxDirectiveThirdParty push_stream_max_number_of_wildcard_channels +syn keyword ngxDirectiveThirdParty push_stream_wildcard_channel_prefix +syn keyword ngxDirectiveThirdParty push_stream_events_channel_id +syn keyword ngxDirectiveThirdParty push_stream_channels_path +syn keyword ngxDirectiveThirdParty push_stream_store_messages +syn keyword ngxDirectiveThirdParty push_stream_channel_info_on_publish +syn keyword ngxDirectiveThirdParty push_stream_authorized_channels_only +syn keyword ngxDirectiveThirdParty push_stream_header_template_file +syn keyword ngxDirectiveThirdParty push_stream_header_template +syn keyword ngxDirectiveThirdParty push_stream_message_template +syn keyword ngxDirectiveThirdParty push_stream_footer_template +syn keyword ngxDirectiveThirdParty push_stream_wildcard_channel_max_qtd +syn keyword ngxDirectiveThirdParty push_stream_ping_message_interval +syn keyword ngxDirectiveThirdParty push_stream_subscriber_connection_ttl +syn keyword ngxDirectiveThirdParty push_stream_longpolling_connection_ttl +syn keyword ngxDirectiveThirdParty push_stream_websocket_allow_publish +syn keyword ngxDirectiveThirdParty push_stream_last_received_message_time +syn keyword ngxDirectiveThirdParty push_stream_last_received_message_tag +syn keyword ngxDirectiveThirdParty push_stream_last_event_id +syn keyword ngxDirectiveThirdParty push_stream_user_agent +syn keyword ngxDirectiveThirdParty push_stream_padding_by_user_agent +syn keyword ngxDirectiveThirdParty push_stream_allowed_origins +syn keyword ngxDirectiveThirdParty push_stream_allow_connections_to_events_channel + +" rDNS Module +" Make a reverse DNS (rDNS) lookup for incoming connection and provides simple access control of incoming hostname by allow/deny rules +syn keyword ngxDirectiveThirdParty rdns +syn keyword ngxDirectiveThirdParty rdns_allow +syn keyword ngxDirectiveThirdParty rdns_deny + +" RDS CSV Module +" Nginx output filter module to convert Resty-DBD-Streams (RDS) to Comma-Separated Values (CSV) +syn keyword ngxDirectiveThirdParty rds_csv +syn keyword ngxDirectiveThirdParty rds_csv_row_terminator +syn keyword ngxDirectiveThirdParty rds_csv_field_separator +syn keyword ngxDirectiveThirdParty rds_csv_field_name_header +syn keyword ngxDirectiveThirdParty rds_csv_content_type +syn keyword ngxDirectiveThirdParty rds_csv_buffer_size + +" RDS JSON Module +" An output filter that formats Resty DBD Streams generated by ngx_drizzle and others to JSON syn keyword ngxDirectiveThirdParty rds_json +syn keyword ngxDirectiveThirdParty rds_json_buffer_size +syn keyword ngxDirectiveThirdParty rds_json_format +syn keyword ngxDirectiveThirdParty rds_json_root +syn keyword ngxDirectiveThirdParty rds_json_success_property +syn keyword ngxDirectiveThirdParty rds_json_user_property +syn keyword ngxDirectiveThirdParty rds_json_errcode_key +syn keyword ngxDirectiveThirdParty rds_json_errstr_key +syn keyword ngxDirectiveThirdParty rds_json_ret syn keyword ngxDirectiveThirdParty rds_json_content_type -syn keyword ngxDirectiveThirdParty rds_json_format -syn keyword ngxDirectiveThirdParty rds_json_ret -" RRD Graph Module +" Redis Module +" Use this module to perform simple caching +syn keyword ngxDirectiveThirdParty redis_pass +syn keyword ngxDirectiveThirdParty redis_bind +syn keyword ngxDirectiveThirdParty redis_connect_timeout +syn keyword ngxDirectiveThirdParty redis_read_timeout +syn keyword ngxDirectiveThirdParty redis_send_timeout +syn keyword ngxDirectiveThirdParty redis_buffer_size +syn keyword ngxDirectiveThirdParty redis_next_upstream +syn keyword ngxDirectiveThirdParty redis_gzip_flag + +" Redis 2 Module +" Nginx upstream module for the Redis 2.0 protocol +syn keyword ngxDirectiveThirdParty redis2_query +syn keyword ngxDirectiveThirdParty redis2_raw_query +syn keyword ngxDirectiveThirdParty redis2_raw_queries +syn keyword ngxDirectiveThirdParty redis2_literal_raw_query +syn keyword ngxDirectiveThirdParty redis2_pass +syn keyword ngxDirectiveThirdParty redis2_connect_timeout +syn keyword ngxDirectiveThirdParty redis2_send_timeout +syn keyword ngxDirectiveThirdParty redis2_read_timeout +syn keyword ngxDirectiveThirdParty redis2_buffer_size +syn keyword ngxDirectiveThirdParty redis2_next_upstream + +" Replace Filter Module +" Streaming regular expression replacement in response bodies +syn keyword ngxDirectiveThirdParty replace_filter +syn keyword ngxDirectiveThirdParty replace_filter_types +syn keyword ngxDirectiveThirdParty replace_filter_max_buffered_size +syn keyword ngxDirectiveThirdParty replace_filter_last_modified +syn keyword ngxDirectiveThirdParty replace_filter_skip + +" Roboo Module +" HTTP Robot Mitigator + +" RRD Graph Module " This module provides an HTTP interface to RRDtool's graphing facilities. syn keyword ngxDirectiveThirdParty rrd_graph syn keyword ngxDirectiveThirdParty rrd_graph_root -" Secure Download -" Create expiring links. +" RTMP Module +" NGINX-based Media Streaming Server +syn keyword ngxDirectiveThirdParty rtmp +" syn keyword ngxDirectiveThirdParty server +" syn keyword ngxDirectiveThirdParty listen +syn keyword ngxDirectiveThirdParty application +" syn keyword ngxDirectiveThirdParty timeout +syn keyword ngxDirectiveThirdParty ping +syn keyword ngxDirectiveThirdParty ping_timeout +syn keyword ngxDirectiveThirdParty max_streams +syn keyword ngxDirectiveThirdParty ack_window +syn keyword ngxDirectiveThirdParty chunk_size +syn keyword ngxDirectiveThirdParty max_queue +syn keyword ngxDirectiveThirdParty max_message +syn keyword ngxDirectiveThirdParty out_queue +syn keyword ngxDirectiveThirdParty out_cork +" syn keyword ngxDirectiveThirdParty allow +" syn keyword ngxDirectiveThirdParty deny +syn keyword ngxDirectiveThirdParty exec_push +syn keyword ngxDirectiveThirdParty exec_pull +syn keyword ngxDirectiveThirdParty exec +syn keyword ngxDirectiveThirdParty exec_options +syn keyword ngxDirectiveThirdParty exec_static +syn keyword ngxDirectiveThirdParty exec_kill_signal +syn keyword ngxDirectiveThirdParty respawn +syn keyword ngxDirectiveThirdParty respawn_timeout +syn keyword ngxDirectiveThirdParty exec_publish +syn keyword ngxDirectiveThirdParty exec_play +syn keyword ngxDirectiveThirdParty exec_play_done +syn keyword ngxDirectiveThirdParty exec_publish_done +syn keyword ngxDirectiveThirdParty exec_record_done +syn keyword ngxDirectiveThirdParty live +syn keyword ngxDirectiveThirdParty meta +syn keyword ngxDirectiveThirdParty interleave +syn keyword ngxDirectiveThirdParty wait_key +syn keyword ngxDirectiveThirdParty wait_video +syn keyword ngxDirectiveThirdParty publish_notify +syn keyword ngxDirectiveThirdParty drop_idle_publisher +syn keyword ngxDirectiveThirdParty sync +syn keyword ngxDirectiveThirdParty play_restart +syn keyword ngxDirectiveThirdParty idle_streams +syn keyword ngxDirectiveThirdParty record +syn keyword ngxDirectiveThirdParty record_path +syn keyword ngxDirectiveThirdParty record_suffix +syn keyword ngxDirectiveThirdParty record_unique +syn keyword ngxDirectiveThirdParty record_append +syn keyword ngxDirectiveThirdParty record_lock +syn keyword ngxDirectiveThirdParty record_max_size +syn keyword ngxDirectiveThirdParty record_max_frames +syn keyword ngxDirectiveThirdParty record_interval +syn keyword ngxDirectiveThirdParty recorder +syn keyword ngxDirectiveThirdParty record_notify +syn keyword ngxDirectiveThirdParty play +syn keyword ngxDirectiveThirdParty play_temp_path +syn keyword ngxDirectiveThirdParty play_local_path +syn keyword ngxDirectiveThirdParty pull +syn keyword ngxDirectiveThirdParty push +syn keyword ngxDirectiveThirdParty push_reconnect +syn keyword ngxDirectiveThirdParty session_relay +syn keyword ngxDirectiveThirdParty on_connect +syn keyword ngxDirectiveThirdParty on_play +syn keyword ngxDirectiveThirdParty on_publish +syn keyword ngxDirectiveThirdParty on_done +syn keyword ngxDirectiveThirdParty on_play_done +syn keyword ngxDirectiveThirdParty on_publish_done +syn keyword ngxDirectiveThirdParty on_record_done +syn keyword ngxDirectiveThirdParty on_update +syn keyword ngxDirectiveThirdParty notify_update_timeout +syn keyword ngxDirectiveThirdParty notify_update_strict +syn keyword ngxDirectiveThirdParty notify_relay_redirect +syn keyword ngxDirectiveThirdParty notify_method +syn keyword ngxDirectiveThirdParty hls +syn keyword ngxDirectiveThirdParty hls_path +syn keyword ngxDirectiveThirdParty hls_fragment +syn keyword ngxDirectiveThirdParty hls_playlist_length +syn keyword ngxDirectiveThirdParty hls_sync +syn keyword ngxDirectiveThirdParty hls_continuous +syn keyword ngxDirectiveThirdParty hls_nested +syn keyword ngxDirectiveThirdParty hls_base_url +syn keyword ngxDirectiveThirdParty hls_cleanup +syn keyword ngxDirectiveThirdParty hls_fragment_naming +syn keyword ngxDirectiveThirdParty hls_fragment_slicing +syn keyword ngxDirectiveThirdParty hls_variant +syn keyword ngxDirectiveThirdParty hls_type +syn keyword ngxDirectiveThirdParty hls_keys +syn keyword ngxDirectiveThirdParty hls_key_path +syn keyword ngxDirectiveThirdParty hls_key_url +syn keyword ngxDirectiveThirdParty hls_fragments_per_key +syn keyword ngxDirectiveThirdParty dash +syn keyword ngxDirectiveThirdParty dash_path +syn keyword ngxDirectiveThirdParty dash_fragment +syn keyword ngxDirectiveThirdParty dash_playlist_length +syn keyword ngxDirectiveThirdParty dash_nested +syn keyword ngxDirectiveThirdParty dash_cleanup +" syn keyword ngxDirectiveThirdParty access_log +" syn keyword ngxDirectiveThirdParty log_format +syn keyword ngxDirectiveThirdParty max_connections +syn keyword ngxDirectiveThirdParty rtmp_stat +syn keyword ngxDirectiveThirdParty rtmp_stat_stylesheet +syn keyword ngxDirectiveThirdParty rtmp_auto_push +syn keyword ngxDirectiveThirdParty rtmp_auto_push_reconnect +syn keyword ngxDirectiveThirdParty rtmp_socket_dir +syn keyword ngxDirectiveThirdParty rtmp_control + +" RTMPT Module +" Module for nginx to proxy rtmp using http protocol +syn keyword ngxDirectiveThirdParty rtmpt_proxy_target +syn keyword ngxDirectiveThirdParty rtmpt_proxy_rtmp_timeout +syn keyword ngxDirectiveThirdParty rtmpt_proxy_http_timeout +syn keyword ngxDirectiveThirdParty rtmpt_proxy +syn keyword ngxDirectiveThirdParty rtmpt_proxy_stat +syn keyword ngxDirectiveThirdParty rtmpt_proxy_stylesheet + +" Syntactically Awesome Module +" Providing on-the-fly compiling of Sass files as an NGINX module. +syn keyword ngxDirectiveThirdParty sass_compile +syn keyword ngxDirectiveThirdParty sass_error_log +syn keyword ngxDirectiveThirdParty sass_include_path +syn keyword ngxDirectiveThirdParty sass_indent +syn keyword ngxDirectiveThirdParty sass_is_indented_syntax +syn keyword ngxDirectiveThirdParty sass_linefeed +syn keyword ngxDirectiveThirdParty sass_precision +syn keyword ngxDirectiveThirdParty sass_output_style +syn keyword ngxDirectiveThirdParty sass_source_comments +syn keyword ngxDirectiveThirdParty sass_source_map_embed + +" Secure Download Module +" Enables you to create links which are only valid until a certain datetime is reached syn keyword ngxDirectiveThirdParty secure_download -syn keyword ngxDirectiveThirdParty secure_download_fail_location +syn keyword ngxDirectiveThirdParty secure_download_secret syn keyword ngxDirectiveThirdParty secure_download_path_mode -syn keyword ngxDirectiveThirdParty secure_download_secret -" SlowFS Cache Module +" Selective Cache Purge Module +" A module to purge cache by GLOB patterns. The supported patterns are the same as supported by Redis. +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_unix_socket +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_host +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_port +syn keyword ngxDirectiveThirdParty selective_cache_purge_redis_database +syn keyword ngxDirectiveThirdParty selective_cache_purge_query + +" Set cconv Module +" Cconv rewrite set commands +syn keyword ngxDirectiveThirdParty set_cconv_to_simp +syn keyword ngxDirectiveThirdParty set_cconv_to_trad +syn keyword ngxDirectiveThirdParty set_pinyin_to_normal + +" Set Hash Module +" Nginx module that allows the setting of variables to the value of a variety of hashes +syn keyword ngxDirectiveThirdParty set_md5 +syn keyword ngxDirectiveThirdParty set_md5_upper +syn keyword ngxDirectiveThirdParty set_murmur2 +syn keyword ngxDirectiveThirdParty set_murmur2_upper +syn keyword ngxDirectiveThirdParty set_sha1 +syn keyword ngxDirectiveThirdParty set_sha1_upper + +" Set Lang Module +" Provides a variety of ways for setting a variable denoting the langauge that content should be returned in. +syn keyword ngxDirectiveThirdParty set_lang +syn keyword ngxDirectiveThirdParty set_lang_method +syn keyword ngxDirectiveThirdParty lang_cookie +syn keyword ngxDirectiveThirdParty lang_get_var +syn keyword ngxDirectiveThirdParty lang_list +syn keyword ngxDirectiveThirdParty lang_post_var +syn keyword ngxDirectiveThirdParty lang_host +syn keyword ngxDirectiveThirdParty lang_referer + +" Set Misc Module +" Various set_xxx directives added to nginx's rewrite module +syn keyword ngxDirectiveThirdParty set_if_empty +syn keyword ngxDirectiveThirdParty set_quote_sql_str +syn keyword ngxDirectiveThirdParty set_quote_pgsql_str +syn keyword ngxDirectiveThirdParty set_quote_json_str +syn keyword ngxDirectiveThirdParty set_unescape_uri +syn keyword ngxDirectiveThirdParty set_escape_uri +syn keyword ngxDirectiveThirdParty set_hashed_upstream +syn keyword ngxDirectiveThirdParty set_encode_base32 +syn keyword ngxDirectiveThirdParty set_base32_padding +syn keyword ngxDirectiveThirdParty set_misc_base32_padding +syn keyword ngxDirectiveThirdParty set_base32_alphabet +syn keyword ngxDirectiveThirdParty set_decode_base32 +syn keyword ngxDirectiveThirdParty set_encode_base64 +syn keyword ngxDirectiveThirdParty set_decode_base64 +syn keyword ngxDirectiveThirdParty set_encode_hex +syn keyword ngxDirectiveThirdParty set_decode_hex +syn keyword ngxDirectiveThirdParty set_sha1 +syn keyword ngxDirectiveThirdParty set_md5 +syn keyword ngxDirectiveThirdParty set_hmac_sha1 +syn keyword ngxDirectiveThirdParty set_random +syn keyword ngxDirectiveThirdParty set_secure_random_alphanum +syn keyword ngxDirectiveThirdParty set_secure_random_lcalpha +syn keyword ngxDirectiveThirdParty set_rotate +syn keyword ngxDirectiveThirdParty set_local_today +syn keyword ngxDirectiveThirdParty set_formatted_gmt_time +syn keyword ngxDirectiveThirdParty set_formatted_local_time + +" SFlow Module +" A binary, random-sampling nginx module designed for: lightweight, centralized, continuous, real-time monitoring of very large and very busy web farms. +syn keyword ngxDirectiveThirdParty sflow + +" Shibboleth Module +" Shibboleth auth request module for nginx +syn keyword ngxDirectiveThirdParty shib_request +syn keyword ngxDirectiveThirdParty shib_request_set +syn keyword ngxDirectiveThirdParty shib_request_use_headers + +" Slice Module +" Nginx module for serving a file in slices (reverse byte-range) +" syn keyword ngxDirectiveThirdParty slice +syn keyword ngxDirectiveThirdParty slice_arg_begin +syn keyword ngxDirectiveThirdParty slice_arg_end +syn keyword ngxDirectiveThirdParty slice_header +syn keyword ngxDirectiveThirdParty slice_footer +syn keyword ngxDirectiveThirdParty slice_header_first +syn keyword ngxDirectiveThirdParty slice_footer_last + +" SlowFS Cache Module " Module adding ability to cache static files. syn keyword ngxDirectiveThirdParty slowfs_big_file_size syn keyword ngxDirectiveThirdParty slowfs_cache syn keyword ngxDirectiveThirdParty slowfs_cache_key syn keyword ngxDirectiveThirdParty slowfs_cache_min_uses syn keyword ngxDirectiveThirdParty slowfs_cache_path syn keyword ngxDirectiveThirdParty slowfs_cache_purge syn keyword ngxDirectiveThirdParty slowfs_cache_valid syn keyword ngxDirectiveThirdParty slowfs_temp_path -" Strip Module +" Small Light Module +" Dynamic Image Transformation Module For nginx. +syn keyword ngxDirectiveThirdParty small_light +syn keyword ngxDirectiveThirdParty small_light_getparam_mode +syn keyword ngxDirectiveThirdParty small_light_material_dir +syn keyword ngxDirectiveThirdParty small_light_pattern_define +syn keyword ngxDirectiveThirdParty small_light_radius_max +syn keyword ngxDirectiveThirdParty small_light_sigma_max +syn keyword ngxDirectiveThirdParty small_light_imlib2_temp_dir +syn keyword ngxDirectiveThirdParty small_light_buffer + +" Sorted Querystring Filter Module +" Nginx module to expose querystring parameters sorted in a variable to be used on cache_key as example +syn keyword ngxDirectiveThirdParty sorted_querystring_filter_parameter + +" Sphinx2 Module +" Nginx upstream module for Sphinx 2.x +syn keyword ngxDirectiveThirdParty sphinx2_pass +syn keyword ngxDirectiveThirdParty sphinx2_bind +syn keyword ngxDirectiveThirdParty sphinx2_connect_timeout +syn keyword ngxDirectiveThirdParty sphinx2_send_timeout +syn keyword ngxDirectiveThirdParty sphinx2_buffer_size +syn keyword ngxDirectiveThirdParty sphinx2_read_timeout +syn keyword ngxDirectiveThirdParty sphinx2_next_upstream + +" HTTP SPNEGO auth Module +" This module implements adds SPNEGO support to nginx(http://nginx.org). It currently supports only Kerberos authentication via GSSAPI +syn keyword ngxDirectiveThirdParty auth_gss +syn keyword ngxDirectiveThirdParty auth_gss_keytab +syn keyword ngxDirectiveThirdParty auth_gss_realm +syn keyword ngxDirectiveThirdParty auth_gss_service_name +syn keyword ngxDirectiveThirdParty auth_gss_authorized_principal +syn keyword ngxDirectiveThirdParty auth_gss_allow_basic_fallback + +" SR Cache Module +" Transparent subrequest-based caching layout for arbitrary nginx locations +syn keyword ngxDirectiveThirdParty srcache_fetch +syn keyword ngxDirectiveThirdParty srcache_fetch_skip +syn keyword ngxDirectiveThirdParty srcache_store +syn keyword ngxDirectiveThirdParty srcache_store_max_size +syn keyword ngxDirectiveThirdParty srcache_store_skip +syn keyword ngxDirectiveThirdParty srcache_store_statuses +syn keyword ngxDirectiveThirdParty srcache_store_ranges +syn keyword ngxDirectiveThirdParty srcache_header_buffer_size +syn keyword ngxDirectiveThirdParty srcache_store_hide_header +syn keyword ngxDirectiveThirdParty srcache_store_pass_header +syn keyword ngxDirectiveThirdParty srcache_methods +syn keyword ngxDirectiveThirdParty srcache_ignore_content_encoding +syn keyword ngxDirectiveThirdParty srcache_request_cache_control +syn keyword ngxDirectiveThirdParty srcache_response_cache_control +syn keyword ngxDirectiveThirdParty srcache_store_no_store +syn keyword ngxDirectiveThirdParty srcache_store_no_cache +syn keyword ngxDirectiveThirdParty srcache_store_private +syn keyword ngxDirectiveThirdParty srcache_default_expire +syn keyword ngxDirectiveThirdParty srcache_max_expire + +" SSSD Info Module +" Retrives additional attributes from SSSD for current authentizated user +syn keyword ngxDirectiveThirdParty sssd_info +syn keyword ngxDirectiveThirdParty sssd_info_output_to +syn keyword ngxDirectiveThirdParty sssd_info_groups +syn keyword ngxDirectiveThirdParty sssd_info_group +syn keyword ngxDirectiveThirdParty sssd_info_group_separator +syn keyword ngxDirectiveThirdParty sssd_info_attributes +syn keyword ngxDirectiveThirdParty sssd_info_attribute +syn keyword ngxDirectiveThirdParty sssd_info_attribute_separator + +" Static Etags Module +" Generate etags for static content +syn keyword ngxDirectiveThirdParty FileETag + +" Statsd Module +" An nginx module for sending statistics to statsd +syn keyword ngxDirectiveThirdParty statsd_server +syn keyword ngxDirectiveThirdParty statsd_sample_rate +syn keyword ngxDirectiveThirdParty statsd_count +syn keyword ngxDirectiveThirdParty statsd_timing + +" Sticky Module +" Add a sticky cookie to be always forwarded to the same upstream server +" syn keyword ngxDirectiveThirdParty sticky + +" Stream Echo Module +" TCP/stream echo module for NGINX (a port of ngx_http_echo_module) +syn keyword ngxDirectiveThirdParty echo +syn keyword ngxDirectiveThirdParty echo_duplicate +syn keyword ngxDirectiveThirdParty echo_flush_wait +syn keyword ngxDirectiveThirdParty echo_sleep +syn keyword ngxDirectiveThirdParty echo_send_timeout +syn keyword ngxDirectiveThirdParty echo_read_bytes +syn keyword ngxDirectiveThirdParty echo_read_line +syn keyword ngxDirectiveThirdParty echo_request_data +syn keyword ngxDirectiveThirdParty echo_discard_request +syn keyword ngxDirectiveThirdParty echo_read_buffer_size +syn keyword ngxDirectiveThirdParty echo_read_timeout +syn keyword ngxDirectiveThirdParty echo_client_error_log_level +syn keyword ngxDirectiveThirdParty echo_lingering_close +syn keyword ngxDirectiveThirdParty echo_lingering_time +syn keyword ngxDirectiveThirdParty echo_lingering_timeout + +" Stream Lua Module +" Embed the power of Lua into Nginx stream/TCP Servers. +syn keyword ngxDirectiveThirdParty lua_resolver +syn keyword ngxDirectiveThirdParty lua_resolver_timeout +syn keyword ngxDirectiveThirdParty lua_lingering_close +syn keyword ngxDirectiveThirdParty lua_lingering_time +syn keyword ngxDirectiveThirdParty lua_lingering_timeout + +" Stream Upsync Module +" Sync upstreams from consul or others, dynamiclly modify backend-servers attribute(weight, max_fails,...), needn't reload nginx. +syn keyword ngxDirectiveThirdParty upsync +syn keyword ngxDirectiveThirdParty upsync_dump_path +syn keyword ngxDirectiveThirdParty upsync_lb +syn keyword ngxDirectiveThirdParty upsync_show + +" Strip Module " Whitespace remover. syn keyword ngxDirectiveThirdParty strip -" Substitutions Module +" Subrange Module +" Split one big HTTP/Range request to multiple subrange requesets +syn keyword ngxDirectiveThirdParty subrange + +" Substitutions Module " A filter module which can do both regular expression and fixed string substitutions on response bodies. syn keyword ngxDirectiveThirdParty subs_filter syn keyword ngxDirectiveThirdParty subs_filter_types -" Supervisord Module +" Summarizer Module +" Upstream nginx module to get summaries of documents using the summarizer daemon service +syn keyword ngxDirectiveThirdParty smrzr_filename +syn keyword ngxDirectiveThirdParty smrzr_ratio + +" Supervisord Module " Module providing nginx with API to communicate with supervisord and manage (start/stop) backends on-demand. syn keyword ngxDirectiveThirdParty supervisord syn keyword ngxDirectiveThirdParty supervisord_inherit_backend_status syn keyword ngxDirectiveThirdParty supervisord_name syn keyword ngxDirectiveThirdParty supervisord_start syn keyword ngxDirectiveThirdParty supervisord_stop -" Upload Module -" Parses multipart/form-data allowing arbitrary handling of uploaded files. -syn keyword ngxDirectiveThirdParty upload_aggregate_form_field -syn keyword ngxDirectiveThirdParty upload_buffer_size -syn keyword ngxDirectiveThirdParty upload_cleanup -syn keyword ngxDirectiveThirdParty upload_limit_rate -syn keyword ngxDirectiveThirdParty upload_max_file_size -syn keyword ngxDirectiveThirdParty upload_max_output_body_len -syn keyword ngxDirectiveThirdParty upload_max_part_header_len -syn keyword ngxDirectiveThirdParty upload_pass -syn keyword ngxDirectiveThirdParty upload_pass_args -syn keyword ngxDirectiveThirdParty upload_pass_form_field -syn keyword ngxDirectiveThirdParty upload_set_form_field -syn keyword ngxDirectiveThirdParty upload_store -syn keyword ngxDirectiveThirdParty upload_store_access +" Tarantool Upstream Module +" Tarantool NginX upstream module (REST, JSON API, websockets, load balancing) +syn keyword ngxDirectiveThirdParty tnt_pass +syn keyword ngxDirectiveThirdParty tnt_http_methods +syn keyword ngxDirectiveThirdParty tnt_http_rest_methods +syn keyword ngxDirectiveThirdParty tnt_pass_http_request +syn keyword ngxDirectiveThirdParty tnt_pass_http_request_buffer_size +syn keyword ngxDirectiveThirdParty tnt_method +syn keyword ngxDirectiveThirdParty tnt_http_allowed_methods - experemental +syn keyword ngxDirectiveThirdParty tnt_send_timeout +syn keyword ngxDirectiveThirdParty tnt_read_timeout +syn keyword ngxDirectiveThirdParty tnt_buffer_size +syn keyword ngxDirectiveThirdParty tnt_next_upstream +syn keyword ngxDirectiveThirdParty tnt_connect_timeout +syn keyword ngxDirectiveThirdParty tnt_next_upstream +syn keyword ngxDirectiveThirdParty tnt_next_upstream_tries +syn keyword ngxDirectiveThirdParty tnt_next_upstream_timeout -" Upload Progress Module -" Tracks and reports upload progress. +" TCP Proxy Module +" Add the feature of tcp proxy with nginx, with health check and status monitor +syn keyword ngxDirectiveBlock tcp +" syn keyword ngxDirectiveThirdParty server +" syn keyword ngxDirectiveThirdParty listen +" syn keyword ngxDirectiveThirdParty allow +" syn keyword ngxDirectiveThirdParty deny +" syn keyword ngxDirectiveThirdParty so_keepalive +" syn keyword ngxDirectiveThirdParty tcp_nodelay +" syn keyword ngxDirectiveThirdParty timeout +" syn keyword ngxDirectiveThirdParty server_name +" syn keyword ngxDirectiveThirdParty resolver +" syn keyword ngxDirectiveThirdParty resolver_timeout +" syn keyword ngxDirectiveThirdParty upstream +syn keyword ngxDirectiveThirdParty check +syn keyword ngxDirectiveThirdParty check_http_send +syn keyword ngxDirectiveThirdParty check_http_expect_alive +syn keyword ngxDirectiveThirdParty check_smtp_send +syn keyword ngxDirectiveThirdParty check_smtp_expect_alive +syn keyword ngxDirectiveThirdParty check_shm_size +syn keyword ngxDirectiveThirdParty check_status +" syn keyword ngxDirectiveThirdParty ip_hash +" syn keyword ngxDirectiveThirdParty proxy_pass +" syn keyword ngxDirectiveThirdParty proxy_buffer +" syn keyword ngxDirectiveThirdParty proxy_connect_timeout +" syn keyword ngxDirectiveThirdParty proxy_read_timeout +syn keyword ngxDirectiveThirdParty proxy_write_timeout + +" Testcookie Module +" NGINX module for L7 DDoS attack mitigation +syn keyword ngxDirectiveThirdParty testcookie +syn keyword ngxDirectiveThirdParty testcookie_name +syn keyword ngxDirectiveThirdParty testcookie_domain +syn keyword ngxDirectiveThirdParty testcookie_expires +syn keyword ngxDirectiveThirdParty testcookie_path +syn keyword ngxDirectiveThirdParty testcookie_secret +syn keyword ngxDirectiveThirdParty testcookie_session +syn keyword ngxDirectiveThirdParty testcookie_arg +syn keyword ngxDirectiveThirdParty testcookie_max_attempts +syn keyword ngxDirectiveThirdParty testcookie_p3p +syn keyword ngxDirectiveThirdParty testcookie_fallback +syn keyword ngxDirectiveThirdParty testcookie_whitelist +syn keyword ngxDirectiveThirdParty testcookie_pass +syn keyword ngxDirectiveThirdParty testcookie_redirect_via_refresh +syn keyword ngxDirectiveThirdParty testcookie_refresh_template +syn keyword ngxDirectiveThirdParty testcookie_refresh_status +syn keyword ngxDirectiveThirdParty testcookie_deny_keepalive +syn keyword ngxDirectiveThirdParty testcookie_get_only +syn keyword ngxDirectiveThirdParty testcookie_https_location +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_cookie +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_cookie_key +syn keyword ngxDirectiveThirdParty testcookie_refresh_encrypt_iv +syn keyword ngxDirectiveThirdParty testcookie_internal +syn keyword ngxDirectiveThirdParty testcookie_httponly_flag +syn keyword ngxDirectiveThirdParty testcookie_secure_flag + +" Types Filter Module +" Change the `Content-Type` output header depending on an extension variable according to a condition specified in the 'if' clause. +syn keyword ngxDirectiveThirdParty types_filter +syn keyword ngxDirectiveThirdParty types_filter_use_default + +" Unzip Module +" Enabling fetching of files that are stored in zipped archives. +syn keyword ngxDirectiveThirdParty file_in_unzip_archivefile +syn keyword ngxDirectiveThirdParty file_in_unzip_extract +syn keyword ngxDirectiveThirdParty file_in_unzip + +" Upload Progress Module +" An upload progress system, that monitors RFC1867 POST upload as they are transmitted to upstream servers +syn keyword ngxDirectiveThirdParty upload_progress +syn keyword ngxDirectiveThirdParty track_uploads syn keyword ngxDirectiveThirdParty report_uploads -syn keyword ngxDirectiveThirdParty track_uploads -syn keyword ngxDirectiveThirdParty upload_progress syn keyword ngxDirectiveThirdParty upload_progress_content_type syn keyword ngxDirectiveThirdParty upload_progress_header +syn keyword ngxDirectiveThirdParty upload_progress_jsonp_parameter syn keyword ngxDirectiveThirdParty upload_progress_json_output +syn keyword ngxDirectiveThirdParty upload_progress_jsonp_output syn keyword ngxDirectiveThirdParty upload_progress_template -" Upstream Fair Balancer -" Sends an incoming request to the least-busy backend server, rather than distributing requests round-robin. +" Upload Module +" Parses request body storing all files being uploaded to a directory specified by upload_store directive +syn keyword ngxDirectiveThirdParty upload_pass +syn keyword ngxDirectiveThirdParty upload_resumable +syn keyword ngxDirectiveThirdParty upload_store +syn keyword ngxDirectiveThirdParty upload_state_store +syn keyword ngxDirectiveThirdParty upload_store_access +syn keyword ngxDirectiveThirdParty upload_set_form_field +syn keyword ngxDirectiveThirdParty upload_aggregate_form_field +syn keyword ngxDirectiveThirdParty upload_pass_form_field +syn keyword ngxDirectiveThirdParty upload_cleanup +syn keyword ngxDirectiveThirdParty upload_buffer_size +syn keyword ngxDirectiveThirdParty upload_max_part_header_len +syn keyword ngxDirectiveThirdParty upload_max_file_size +syn keyword ngxDirectiveThirdParty upload_limit_rate +syn keyword ngxDirectiveThirdParty upload_max_output_body_len +syn keyword ngxDirectiveThirdParty upload_tame_arrays +syn keyword ngxDirectiveThirdParty upload_pass_args + +" Upstream Fair Module +" The fair load balancer module for nginx http://nginx.localdomain.pl syn keyword ngxDirectiveThirdParty fair syn keyword ngxDirectiveThirdParty upstream_fair_shm_size -" Upstream Consistent Hash -" Select backend based on Consistent hash ring. -syn keyword ngxDirectiveThirdParty consistent_hash - -" Upstream Hash Module +" Upstream Hash Module (DEPRECATED) " Provides simple upstream load distribution by hashing a configurable variable. -syn keyword ngxDirectiveThirdParty hash -syn keyword ngxDirectiveThirdParty hash_again +" syn keyword ngxDirectiveDeprecated hash +syn keyword ngxDirectiveDeprecated hash_again -" XSS Module +" Upstream Domain Resolve Module +" A load-balancer that resolves an upstream domain name asynchronously. +syn keyword ngxDirectiveThirdParty jdomain + +" Upsync Module +" Sync upstreams from consul or others, dynamiclly modify backend-servers attribute(weight, max_fails,...), needn't reload nginx +syn keyword ngxDirectiveThirdParty upsync +syn keyword ngxDirectiveThirdParty upsync_dump_path +syn keyword ngxDirectiveThirdParty upsync_lb +syn keyword ngxDirectiveThirdParty upstream_show + +" URL Module +" Nginx url encoding converting module +syn keyword ngxDirectiveThirdParty url_encoding_convert +syn keyword ngxDirectiveThirdParty url_encoding_convert_from +syn keyword ngxDirectiveThirdParty url_encoding_convert_to + +" User Agent Module +" Match browsers and crawlers +syn keyword ngxDirectiveThirdParty user_agent + +" Upstrema Ketama Chash Module +" Nginx load-balancer module implementing ketama consistent hashing. +syn keyword ngxDirectiveThirdParty ketama_chash + +" Video Thumbextractor Module +" Extract thumbs from a video file +syn keyword ngxDirectiveThirdParty video_thumbextractor +syn keyword ngxDirectiveThirdParty video_thumbextractor_video_filename +syn keyword ngxDirectiveThirdParty video_thumbextractor_video_second +syn keyword ngxDirectiveThirdParty video_thumbextractor_image_width +syn keyword ngxDirectiveThirdParty video_thumbextractor_image_height +syn keyword ngxDirectiveThirdParty video_thumbextractor_only_keyframe +syn keyword ngxDirectiveThirdParty video_thumbextractor_next_time +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_rows +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_cols +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_max_rows +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_max_cols +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_sample_interval +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_color +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_margin +syn keyword ngxDirectiveThirdParty video_thumbextractor_tile_padding +syn keyword ngxDirectiveThirdParty video_thumbextractor_threads +syn keyword ngxDirectiveThirdParty video_thumbextractor_processes_per_worker + +" Eval Module +" Module for nginx web server evaluates response of proxy or memcached module into variables. +syn keyword ngxDirectiveThirdParty eval +syn keyword ngxDirectiveThirdParty eval_escalate +syn keyword ngxDirectiveThirdParty eval_override_content_type + +" VTS Module +" Nginx virtual host traffic status module +syn keyword ngxDirectiveThirdParty vhost_traffic_status +syn keyword ngxDirectiveThirdParty vhost_traffic_status_zone +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display_format +syn keyword ngxDirectiveThirdParty vhost_traffic_status_display_jsonp +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_by_host +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_by_set_key +syn keyword ngxDirectiveThirdParty vhost_traffic_status_filter_check_duplicate +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_traffic +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_traffic_by_set_key +syn keyword ngxDirectiveThirdParty vhost_traffic_status_limit_check_duplicate + +" XSS Module " Native support for cross-site scripting (XSS) in an nginx. +syn keyword ngxDirectiveThirdParty xss_get syn keyword ngxDirectiveThirdParty xss_callback_arg -syn keyword ngxDirectiveThirdParty xss_get +syn keyword ngxDirectiveThirdParty xss_override_status +syn keyword ngxDirectiveThirdParty xss_check_status syn keyword ngxDirectiveThirdParty xss_input_types -syn keyword ngxDirectiveThirdParty xss_output_type + +" ZIP Module +" ZIP archiver for nginx + " highlight hi link ngxComment Comment hi link ngxVariable Identifier -hi link ngxVariableBlock Identifier hi link ngxVariableString PreProc -hi link ngxBlock Normal hi link ngxString String +hi link ngxLocationPath String +hi link ngxLocationNamedLoc Identifier hi link ngxBoolean Boolean +hi link ngxRewriteFlag Boolean hi link ngxDirectiveBlock Statement hi link ngxDirectiveImportant Type hi link ngxDirectiveControl Keyword hi link ngxDirectiveError Constant hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special let b:current_syntax = "nginx" + -- OOO From wowaname at volatile.ch Thu Feb 16 20:12:40 2017 From: wowaname at volatile.ch (opal hart) Date: Thu, 16 Feb 2017 20:12:40 +0000 Subject: [PATCH] Add chroot option and functionality Message-ID: <58A607B8.1010403@volatile.ch> Hi, This patch adds a chroot feature to nginx, which lighttpd and Apache have had for a while, and which would be useful to allow for the nginx binary and config files to live outside the jail directory. # HG changeset patch # User opal hart # Date 1487274704 0 # Thu Feb 16 19:51:44 2017 +0000 # Node ID 58e50038746aecdad10518afeccbfee66f91ac22 # Parent 05fd0dc8f0dc808219f727dd18a5da2f078c4073 Add 'chroot' config option and functionality diff -r 05fd0dc8f0dc -r 58e50038746a src/core/nginx.c --- a/src/core/nginx.c Thu Feb 16 18:37:22 2017 +0300 +++ b/src/core/nginx.c Thu Feb 16 19:51:44 2017 +0000 @@ -89,6 +89,13 @@ offsetof(ngx_core_conf_t, debug_points), &ngx_debug_points }, + { ngx_string("chroot"), + NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + 0, + offsetof(ngx_core_conf_t, chroot), + NULL }, + { ngx_string("user"), NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE12, ngx_set_user, @@ -1009,6 +1016,7 @@ * ccf->cpu_affinity_auto = 0; * ccf->cpu_affinity_n = 0; * ccf->cpu_affinity = NULL; + * ccf->chroot = NULL; */ ccf->daemon = NGX_CONF_UNSET; diff -r 05fd0dc8f0dc -r 58e50038746a src/core/ngx_cycle.h --- a/src/core/ngx_cycle.h Thu Feb 16 18:37:22 2017 +0300 +++ b/src/core/ngx_cycle.h Thu Feb 16 19:51:44 2017 +0000 @@ -101,6 +101,7 @@ ngx_uint_t cpu_affinity_n; ngx_cpuset_t *cpu_affinity; + ngx_str_t chroot; char *username; ngx_uid_t user; ngx_gid_t group; diff -r 05fd0dc8f0dc -r 58e50038746a src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c Thu Feb 16 18:37:22 2017 +0300 +++ b/src/os/unix/ngx_process_cycle.c Thu Feb 16 19:51:44 2017 +0000 @@ -829,6 +829,20 @@ } if (geteuid() == 0) { + if (ccf->chroot.len) { + if (chdir((char *) ccf->chroot.data) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "chdir(%s) failed", ccf->chroot); + /* fatal */ + exit(2); + } + if (chroot((char *) ccf->chroot.data) == -1) { + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, + "chroot(%s) failed", (char *) ccf->chroot.data); + /* fatal */ + exit(2); + } + } if (setgid(ccf->group) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "setgid(%d) failed", ccf->group); -- wowaname http://wowana.me/pgp.htm From xonatius at gmail.com Fri Feb 17 01:00:20 2017 From: xonatius at gmail.com (Daniil Bondarev) Date: Thu, 16 Feb 2017 17:00:20 -0800 Subject: [PATCH] Always use default server configs for large buffers allocation Message-ID: # HG changeset patch # User Daniil Bondarev # Date 1485286710 28800 # Tue Jan 24 11:38:30 2017 -0800 # Node ID 8cd694e06443aaa1ed0601108681fa1c6f7297e0 # Parent d84f48e571e449ee6c072a8d52cdea8e06b88ef7 Always use default server configs for large buffers allocation Single http connection can flip between default server and virtual servers: depending on parsed Host header for a current request nginx changes current request configs. Currently this behavior might cause buffer overrun while adding new buffer to hc->busy, if hc->busy was allocated with config containing fewer large_client_header_buffers than the current one. This change makes nginx to always use large_client_header_buffers from http_connection config, which is default server config. diff -r d84f48e571e4 -r 8cd694e06443 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Tue Jan 24 17:02:19 2017 +0300 +++ b/src/http/ngx_http_request.c Tue Jan 24 11:38:30 2017 -0800 @@ -1447,7 +1447,9 @@ ngx_http_alloc_large_header_buffer(ngx_h old = request_line ? r->request_start : r->header_name_start; - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); + hc = r->http_connection; + + cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); if (r->state != 0 && (size_t) (r->header_in->pos - old) @@ -1456,8 +1458,6 @@ ngx_http_alloc_large_header_buffer(ngx_h return NGX_DECLINED; } - hc = r->http_connection; - if (hc->nfree) { b = hc->free[--hc->nfree]; From hucong.c at foxmail.com Fri Feb 17 03:18:48 2017 From: hucong.c at foxmail.com (=?utf-8?B?6IOh6IGqIChodWNjKQ==?=) Date: Fri, 17 Feb 2017 11:18:48 +0800 Subject: [PATCH][bugfix] Upstream: clear the delayed flag to prevent blocking from sending. Message-ID: Hi, To reproduce the scene of send blocking, there must be more than twosubrequest, and the more the better. When I encounter this problem, my config is as follows (roughly): slice 1M; limit_rate 2M; proxy_buffering on proxy_buffer_size 32K; proxy_buffers 4 64K; proxy_pass http://domain/uri; And my system: Linux ** 2.6.32-642.13.1.el6.x86_64 #1 SMP Wed Jan 11 20:56:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Patchs bellow: # HG changeset patch # User hucongcong # Date 1487298087 -28800 # Fri Feb 17 10:21:27 2017 +0800 # Node ID 37b376790ecf83eaaff2f024eb3093a079091d93 # Parent 05fd0dc8f0dc808219f727dd18a5da2f078c4073 Upstream: clear the delayed flag to prevent blocking from sending. Suppose that proxy_buffering is on and limit_rate is defined, the send will be blocked in write filter when the following two conditions are met: First, the previous upstream request sets the write->delayed flag and starts the timer of downstream, and then finalized. Second, the timer timed out before the next subrequest enters the function ngx_http_upstream_send_response(), which means the delayed flag is not be cleared properly. Thus, the data transmission from upstream to downstream will be blocked in subrequest. By clearing the delayed flag of c->write in ngx_http_upstream_send_response() when the timer of write event is deleted, to solve this problem. diff -r 05fd0dc8f0dc -r 37b376790ecf src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c Thu Feb 16 18:37:22 2017 +0300 +++ b/src/http/ngx_http_upstream.c Fri Feb 17 10:21:27 2017 +0800 @@ -2848,6 +2848,10 @@ ngx_http_upstream_send_response(ngx_http c = r->connection; + if (c->write->delayed && !c->write->timer_set) { + c->write->delayed = 0; + } + if (r->header_only) { if (!u->buffering) { -------------- next part -------------- An HTML attachment was scrubbed... URL: From hongzhidao at gmail.com Fri Feb 17 03:36:59 2017 From: hongzhidao at gmail.com (=?UTF-8?B?5rSq5b+X6YGT?=) Date: Fri, 17 Feb 2017 11:36:59 +0800 Subject: [nginx] setting variable cause core when used by lua In-Reply-To: <20170216141447.GL46625@mdounin.ru> References: <20170216141447.GL46625@mdounin.ru> Message-ID: It works well now, thank you! 2017-02-16 22:14 GMT+08:00 Maxim Dounin : > Hello! > > On Thu, Feb 16, 2017 at 03:51:24PM +0800, ??? wrote: > > > Hi. > > > > diff -r da46bfc484ef src/http/ngx_http_variables.c > > --- a/src/http/ngx_http_variables.c Mon Feb 13 21:45:01 2017 +0300 > > +++ b/src/http/ngx_http_variables.c Wed Feb 08 10:31:53 2017 +0800 > > @@ -783,6 +783,10 @@ > > ssize_t s, *sp; > > ngx_str_t val; > > > > + if (v->data == NULL) { > > + return; > > + } > > + > > val.len = v->len; > > val.data = v->data; > > > > > > The following will cause core file, I think it's better to deal with in > > nginx. > > > > server { > > listen 8000; > > > > location / { > > content_by_lua_block { > > ngx.var.limit_rate = size; # size is undefined. > > ngx.say('hello lua'); > > } > > } > > This looks like a bug in ngx_parse_size(), it incorrectly assumes > that the input string is at least 1 character long. And I believe > it can be triggered without Lua too. > > Please test if the following patch fixes things for you: > > # HG changeset patch > # User Maxim Dounin > # Date 1487253948 -10800 > # Thu Feb 16 17:05:48 2017 +0300 > # Node ID 51c8df305d083bc57828f68cd6e709cacdcc41c0 > # Parent be00ca08e41a69e585b6aff70a725ed6c9e1a876 > Fixed ngx_parse_size() / ngx_parse_offset() with 0-length strings. > > diff --git a/src/core/ngx_parse.c b/src/core/ngx_parse.c > --- a/src/core/ngx_parse.c > +++ b/src/core/ngx_parse.c > @@ -17,6 +17,11 @@ ngx_parse_size(ngx_str_t *line) > ssize_t size, scale, max; > > len = line->len; > + > + if (len == 0) { > + return NGX_ERROR; > + } > + > unit = line->data[len - 1]; > > switch (unit) { > @@ -58,6 +63,11 @@ ngx_parse_offset(ngx_str_t *line) > size_t len; > > len = line->len; > + > + if (len == 0) { > + return NGX_ERROR; > + } > + > unit = line->data[len - 1]; > > switch (unit) { > > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Fri Feb 17 13:46:14 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 17 Feb 2017 16:46:14 +0300 Subject: [PATCH] Add chroot option and functionality In-Reply-To: <58A607B8.1010403@volatile.ch> References: <58A607B8.1010403@volatile.ch> Message-ID: <20170217134614.GA45862@mdounin.ru> Hello! On Thu, Feb 16, 2017 at 08:12:40PM +0000, opal hart wrote: > This patch adds a chroot feature to nginx, which lighttpd and Apache > have had for a while, and which would be useful to allow for the nginx > binary and config files to live outside the jail directory. > > # HG changeset patch > # User opal hart > # Date 1487274704 0 > # Thu Feb 16 19:51:44 2017 +0000 > # Node ID 58e50038746aecdad10518afeccbfee66f91ac22 > # Parent 05fd0dc8f0dc808219f727dd18a5da2f078c4073 > Add 'chroot' config option and functionality [...] > diff -r 05fd0dc8f0dc -r 58e50038746a src/os/unix/ngx_process_cycle.c > --- a/src/os/unix/ngx_process_cycle.c Thu Feb 16 18:37:22 2017 +0300 > +++ b/src/os/unix/ngx_process_cycle.c Thu Feb 16 19:51:44 2017 +0000 > @@ -829,6 +829,20 @@ > } > > if (geteuid() == 0) { > + if (ccf->chroot.len) { > + if (chdir((char *) ccf->chroot.data) == -1) { > + ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, > + "chdir(%s) failed", ccf->chroot); > + /* fatal */ > + exit(2); > + } > + if (chroot((char *) ccf->chroot.data) == -1) { Thank you for your patch. Unfortunately, there is a huge usability problem with such apporach: it introduces different meaning for paths in master and worker processes. Meanwhile, many paths are used in both master and workers, some paths are used only in master, and some - only in workers. And currently there is no way for a user to find out where paths are going to be used - without digging into the source code. This all leads to unavoidable confusion of users and very bad user experience. Earlier attempts to introduce such an option also tried to seamlessly convert paths if it is possible, this may be slightly better approach. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Fri Feb 17 15:24:29 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 17 Feb 2017 18:24:29 +0300 Subject: [PATCH] Contrib: update vim syntax script In-Reply-To: References: Message-ID: <20170217152429.GC45862@mdounin.ru> Hello! On Thu, Feb 16, 2017 at 11:57:35PM +0800, OOO wrote: > Hi > > This patch improves vim syntax file for nginx conf. > > Major changes: > > * Fix regexp in string might breaks location ngxBlock > * Use syntax iskeyword instead of modify real Vim iskeyword (new Vim > feature, can avoid change user behavior) > * Update keywords, based on document[1][2] > * Add/Update all 3rd party module keywords based on wiki[3][4] > > Full change history is on github[5]. > > [1]:https://nginx.org/en/docs/ > [2]:https://github.com/othree/nginx-contrib-vim/issues/4 > [3]:https://www.nginx.com/resources/wiki/modules/ > [4]:https://github.com/othree/nginx-contrib-vim/issues/1 > [5]:https://github.com/othree/nginx-contrib-vim > > # HG changeset patch > # User othree > # Date 1487259832 -28800 > # Thu Feb 16 23:43:52 2017 +0800 > # Node ID 3f74fe213e98697c932b20b86dfdaab505a8f89b > # Parent 05fd0dc8f0dc808219f727dd18a5da2f078c4073 > Update contrib/vim/syntax > > * Fix regexp in string might breaks location ngxBlock > * Highlight rewrite flags > * Update keywords based on latest document > * Include all 3rd party modules listed on wiki > * Use syntax iskeyword instead of modify iskeyword Thank you for the patch. Unfortunately, it fails to apply here, as it was word-wrapped by your mail client. Please consider using "hg email" to make sure the patch won't be corrupted in transit, see http://nginx.org/en/docs/contributing_changes.html. Note well that it would be much better to submit separate patches for different changes. Some additional comments below. > -setlocal iskeyword+=. > -setlocal iskeyword+=/ > -setlocal iskeyword+=: > +if has("patch-7.4-1142") > + if has("win32") > + syn iskeyword @,48-57,_,128-167,224-235,.,/,: > + else > + syn iskeyword @,48-57,_,192-255,.,/,: > + endif > +else > + setlocal iskeyword+=. > + setlocal iskeyword+=/ > + setlocal iskeyword+=: > +endif Is it at all needed? As far as I see, syntax highliting doesn't directly depends on keyword chars, so it might be better idea to just remove iskeyword modifications. It will have some negative effects by incorrectly matching directives in some file paths, for example: error_log /path/to/error_log; will have "error_log" highlighted in the path, but this is something already happens on "-" in a configuration like: error_log /path/to/foo-error_log; So probably this isn't something serious enough to worry about, and just removing iskeyword modifications may be a better option. If you think it is really needed, it might be a better idea to use something like if has("patch-7.4-1142") exe "syn iskeyword ".&iskeyword.",.,/,:" else ... endif (Seen at https://github.com/vim/vim/blob/master/runtime/syntax/sh.vim#L91). [...] > +" Asynchronous FastCGI Module > +" Primarily a modified version of the Nginx FastCGI module which > implements multiplexing of connections, allowing a single FastCGI > server to handle many concurrent requests. > +" syn keyword ngxDirectiveThirdParty fastcgi_bind > +" syn keyword ngxDirectiveThirdParty fastcgi_buffer_size > +" syn keyword ngxDirectiveThirdParty fastcgi_buffers > +" syn keyword ngxDirectiveThirdParty fastcgi_busy_buffers_size > +" syn keyword ngxDirectiveThirdParty fastcgi_cache > +" syn keyword ngxDirectiveThirdParty fastcgi_cache_key > +" syn keyword ngxDirectiveThirdParty fastcgi_cache_methods > +" syn keyword ngxDirectiveThirdParty fastcgi_cache_min_uses > +" syn keyword ngxDirectiveThirdParty fastcgi_cache_path > +" syn keyword ngxDirectiveThirdParty fastcgi_cache_use_stale > +" syn keyword ngxDirectiveThirdParty fastcgi_cache_valid > +" syn keyword ngxDirectiveThirdParty fastcgi_catch_stderr > +" syn keyword ngxDirectiveThirdParty fastcgi_connect_timeout > +" syn keyword ngxDirectiveThirdParty fastcgi_hide_header > +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_client_abort > +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_headers > +" syn keyword ngxDirectiveThirdParty fastcgi_index > +" syn keyword ngxDirectiveThirdParty fastcgi_intercept_errors > +" syn keyword ngxDirectiveThirdParty fastcgi_max_temp_file_size > +" syn keyword ngxDirectiveThirdParty fastcgi_next_upstream > +" syn keyword ngxDirectiveThirdParty fastcgi_param > +" syn keyword ngxDirectiveThirdParty fastcgi_pass > +" syn keyword ngxDirectiveThirdParty fastcgi_pass_header > +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_body > +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_headers > +" syn keyword ngxDirectiveThirdParty fastcgi_read_timeout > +" syn keyword ngxDirectiveThirdParty fastcgi_send_lowat > +" syn keyword ngxDirectiveThirdParty fastcgi_send_timeout > +" syn keyword ngxDirectiveThirdParty fastcgi_split_path_info > +" syn keyword ngxDirectiveThirdParty fastcgi_store > +" syn keyword ngxDirectiveThirdParty fastcgi_store_access > +" syn keyword ngxDirectiveThirdParty fastcgi_temp_file_write_size > +" syn keyword ngxDirectiveThirdParty fastcgi_temp_path > +syn keyword ngxDirectiveThirdParty fastcgi_upstream_fail_timeout > +syn keyword ngxDirectiveThirdParty fastcgi_upstream_max_fails This module seems to be a (likely non-working) copy of stock fastcgi module with no additional features. It provides no additional directives. The fastcgi_upstream_fail_timeout / fastcgi_upstream_max_fails directives you've listed here are long deprecated and will only print result in an error (including in this module). [...] -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Fri Feb 17 15:27:25 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 17 Feb 2017 15:27:25 +0000 Subject: [nginx] Fixed ngx_parse_size() / ngx_parse_offset() with 0-length strings. Message-ID: details: http://hg.nginx.org/nginx/rev/87cf6ddb41c2 branches: changeset: 6917:87cf6ddb41c2 user: Maxim Dounin date: Fri Feb 17 17:01:27 2017 +0300 description: Fixed ngx_parse_size() / ngx_parse_offset() with 0-length strings. diffstat: src/core/ngx_parse.c | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) diffs (27 lines): diff --git a/src/core/ngx_parse.c b/src/core/ngx_parse.c --- a/src/core/ngx_parse.c +++ b/src/core/ngx_parse.c @@ -17,6 +17,11 @@ ngx_parse_size(ngx_str_t *line) ssize_t size, scale, max; len = line->len; + + if (len == 0) { + return NGX_ERROR; + } + unit = line->data[len - 1]; switch (unit) { @@ -58,6 +63,11 @@ ngx_parse_offset(ngx_str_t *line) size_t len; len = line->len; + + if (len == 0) { + return NGX_ERROR; + } + unit = line->data[len - 1]; switch (unit) { From mdounin at mdounin.ru Fri Feb 17 15:28:51 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 17 Feb 2017 18:28:51 +0300 Subject: [nginx] setting variable cause core when used by lua In-Reply-To: References: <20170216141447.GL46625@mdounin.ru> Message-ID: <20170217152851.GD45862@mdounin.ru> Hello! On Fri, Feb 17, 2017 at 11:36:59AM +0800, ??? wrote: > It works well now, thank you! Committed, thanks for testing. http://hg.nginx.org/nginx/rev/87cf6ddb41c2 -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Sun Feb 19 02:10:24 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 19 Feb 2017 05:10:24 +0300 Subject: [PATCH] Always use default server configs for large buffers allocation In-Reply-To: References: Message-ID: <20170219021023.GE45862@mdounin.ru> Hello! On Thu, Feb 16, 2017 at 05:00:20PM -0800, Daniil Bondarev wrote: > # HG changeset patch > # User Daniil Bondarev > # Date 1485286710 28800 > # Tue Jan 24 11:38:30 2017 -0800 > # Node ID 8cd694e06443aaa1ed0601108681fa1c6f7297e0 > # Parent d84f48e571e449ee6c072a8d52cdea8e06b88ef7 > Always use default server configs for large buffers allocation > > Single http connection can flip between default server and virtual > servers: depending on parsed Host header for a current request nginx > changes current request configs. Currently this behavior might cause > buffer overrun while adding new buffer to hc->busy, if hc->busy was > allocated with config containing fewer large_client_header_buffers than > the current one. > > This change makes nginx to always use large_client_header_buffers from > http_connection config, which is default server config. > > diff -r d84f48e571e4 -r 8cd694e06443 src/http/ngx_http_request.c > --- a/src/http/ngx_http_request.c Tue Jan 24 17:02:19 2017 +0300 > +++ b/src/http/ngx_http_request.c Tue Jan 24 11:38:30 2017 -0800 > @@ -1447,7 +1447,9 @@ ngx_http_alloc_large_header_buffer(ngx_h > > old = request_line ? r->request_start : r->header_name_start; > > - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); > + hc = r->http_connection; > + > + cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); > > if (r->state != 0 > && (size_t) (r->header_in->pos - old) > @@ -1456,8 +1458,6 @@ ngx_http_alloc_large_header_buffer(ngx_h > return NGX_DECLINED; > } > > - hc = r->http_connection; > - > if (hc->nfree) { > b = hc->free[--hc->nfree]; Thanks for spotting this. Another part of this problem is with hc->free. If a number of large header buffers configured in a virtual server is less than the one in the default server, saving buffers from hc->busy to hc->free for pipelined requests will also overflow allocated buffer. To fix this as well, the patch should be extend with something like this: @@ -2876,7 +2875,7 @@ ngx_http_set_keepalive(ngx_http_request_ * Now we would move the large header buffers to the free list. */ - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); + cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); if (hc->free == NULL) { hc->free = ngx_palloc(c->pool, An alternative approach would be to convert hc->busy / hc->free to use chain links. This will preserve the possibility to have different large_client_header_buffers in different virtual hosts as long as the host is known before the limit is reached. Patch: # HG changeset patch # User Maxim Dounin # Date 1487467695 -10800 # Sun Feb 19 04:28:15 2017 +0300 # Node ID 3412c0c019f0f24432bac8b3e65ec03ba69073cb # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c Converted hc->busy/hc->free to use chain links. Most notably, this fixes possible buffer overflows if number of buffers in a virtual server is different from the one in the default server. Reported by Daniil Bondarev. diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -549,7 +549,7 @@ ngx_http_create_request(ngx_connection_t ngx_set_connection_log(r->connection, clcf->error_log); - r->header_in = hc->nbusy ? hc->busy[0] : c->buffer; + r->header_in = hc->busy ? hc->busy->buf : c->buffer; if (ngx_list_init(&r->headers_out.headers, r->pool, 20, sizeof(ngx_table_elt_t)) @@ -1431,6 +1431,7 @@ ngx_http_alloc_large_header_buffer(ngx_h { u_char *old, *new; ngx_buf_t *b; + ngx_chain_t *cl; ngx_http_connection_t *hc; ngx_http_core_srv_conf_t *cscf; @@ -1460,8 +1461,11 @@ ngx_http_alloc_large_header_buffer(ngx_h hc = r->http_connection; - if (hc->nfree) { - b = hc->free[--hc->nfree]; + if (hc->free) { + cl = hc->free; + hc->free = cl->next; + + b = cl->buf; ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http large header free: %p %uz", @@ -1469,20 +1473,19 @@ ngx_http_alloc_large_header_buffer(ngx_h } else if (hc->nbusy < cscf->large_client_header_buffers.num) { - if (hc->busy == NULL) { - hc->busy = ngx_palloc(r->connection->pool, - cscf->large_client_header_buffers.num * sizeof(ngx_buf_t *)); - if (hc->busy == NULL) { - return NGX_ERROR; - } - } - b = ngx_create_temp_buf(r->connection->pool, cscf->large_client_header_buffers.size); if (b == NULL) { return NGX_ERROR; } + cl = ngx_alloc_chain_link(r->connection->pool); + if (cl == NULL) { + return NGX_ERROR; + } + + cl->buf = b; + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http large header alloc: %p %uz", b->pos, b->end - b->last); @@ -1491,7 +1494,9 @@ ngx_http_alloc_large_header_buffer(ngx_h return NGX_DECLINED; } - hc->busy[hc->nbusy++] = b; + cl->next = hc->busy; + hc->busy = cl; + hc->nbusy++; if (r->state == 0) { /* @@ -2835,12 +2840,11 @@ static void ngx_http_set_keepalive(ngx_http_request_t *r) { int tcp_nodelay; - ngx_int_t i; ngx_buf_t *b, *f; + ngx_chain_t *cl, *ln; ngx_event_t *rev, *wev; ngx_connection_t *c; ngx_http_connection_t *hc; - ngx_http_core_srv_conf_t *cscf; ngx_http_core_loc_conf_t *clcf; c = r->connection; @@ -2876,27 +2880,15 @@ ngx_http_set_keepalive(ngx_http_request_ * Now we would move the large header buffers to the free list. */ - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); - - if (hc->free == NULL) { - hc->free = ngx_palloc(c->pool, - cscf->large_client_header_buffers.num * sizeof(ngx_buf_t *)); - - if (hc->free == NULL) { - ngx_http_close_request(r, 0); - return; - } - } - - for (i = 0; i < hc->nbusy - 1; i++) { - f = hc->busy[i]; - hc->free[hc->nfree++] = f; + for (cl = hc->busy; cl->next; cl = cl->next) { + f = cl->next->buf; f->pos = f->start; f->last = f->start; } - hc->busy[0] = b; - hc->nbusy = 1; + cl->next = hc->free; + hc->free = hc->busy->next; + hc->busy->next = NULL; } } @@ -2966,28 +2958,24 @@ ngx_http_set_keepalive(ngx_http_request_ b->last = b->start; } - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc free: %p %i", - hc->free, hc->nfree); - - if (hc->free) { - for (i = 0; i < hc->nfree; i++) { - ngx_pfree(c->pool, hc->free[i]->start); - hc->free[i] = NULL; - } - - hc->nfree = 0; + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc free: %p", + hc->free); + + for (cl = hc->free; cl; /* void */) { + ln = cl; + cl = cl->next; + ngx_pfree(c->pool, ln->buf->start); + ngx_free_chain(r->pool, ln); } ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc busy: %p %i", hc->busy, hc->nbusy); - if (hc->busy) { - for (i = 0; i < hc->nbusy; i++) { - ngx_pfree(c->pool, hc->busy[i]->start); - hc->busy[i] = NULL; - } - - hc->nbusy = 0; + for (cl = hc->busy; cl; /* void */) { + ln = cl; + cl = cl->next; + ngx_pfree(c->pool, ln->buf->start); + ngx_free_chain(r->pool, ln); } #if (NGX_HTTP_SSL) diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -309,11 +309,10 @@ typedef struct { #endif #endif - ngx_buf_t **busy; + ngx_chain_t *busy; ngx_int_t nbusy; - ngx_buf_t **free; - ngx_int_t nfree; + ngx_chain_t *free; unsigned ssl:1; unsigned proxy_protocol:1; -- Maxim Dounin http://nginx.org/ From othree at gmail.com Mon Feb 20 04:26:52 2017 From: othree at gmail.com (OOO) Date: Mon, 20 Feb 2017 12:26:52 +0800 Subject: [PATCH] Contrib: update vim syntax script In-Reply-To: <20170217152429.GC45862@mdounin.ru> References: <20170217152429.GC45862@mdounin.ru> Message-ID: Hi Dounin The reason I send all changes in one patch is that I thought Vim syntax is very minor part of the entire repository. So I want to reduce commit. It's ok to send separate commits. I will use Patchbomb to resend patches. Reply to additional comments: * iskeyword I don't really know why the original author want to change iskeyword. What I can confirm is, this is for URL. Several months ago, I think I figure out why, but I cant remember the reason now. And iskeyword will change behavior of syntax highlight, but only for `syntax keyword`. I use `.` in keyword for TLSv1.1. So I suggest keep them if possible. Use `syntax iskeyword` in syntax file. And move iskeyword to ftplugin. I don't want to use the existing `&iskeyword` value like: exe "syn iskeyword ".&iskeyword.",.,/,:" Is because this value might be modified by other script or user. It might breaks syntax highlight. * fastcgi Yes, I think this is not active 3rd party module. Currently, my rule to deal with 3rd party module is: 1. List from https://www.nginx.com/resources/wiki/modules/ 2. One module one file ref: https://github.com/othree/nginx-contrib-vim/tree/master/syntax/modules 3. If I can find any word make sure this is deprecated, mark as Deprecated and use ngxDirectiveDeprecated 4. If the moduile don't have any dirctive, still keep the file, ex: https://www.nginx.com/resources/wiki/modules/zip/ I think this rule need some modify. There are more modules seems not active now. But I can't confirm which is not really deprecated. Or I can just modify syntax when I know what is deprecated by user report. 2017-02-17 23:24 GMT+08:00 Maxim Dounin : > Hello! > > On Thu, Feb 16, 2017 at 11:57:35PM +0800, OOO wrote: > >> Hi >> >> This patch improves vim syntax file for nginx conf. >> >> Major changes: >> >> * Fix regexp in string might breaks location ngxBlock >> * Use syntax iskeyword instead of modify real Vim iskeyword (new Vim >> feature, can avoid change user behavior) >> * Update keywords, based on document[1][2] >> * Add/Update all 3rd party module keywords based on wiki[3][4] >> >> Full change history is on github[5]. >> >> [1]:https://nginx.org/en/docs/ >> [2]:https://github.com/othree/nginx-contrib-vim/issues/4 >> [3]:https://www.nginx.com/resources/wiki/modules/ >> [4]:https://github.com/othree/nginx-contrib-vim/issues/1 >> [5]:https://github.com/othree/nginx-contrib-vim >> >> # HG changeset patch >> # User othree >> # Date 1487259832 -28800 >> # Thu Feb 16 23:43:52 2017 +0800 >> # Node ID 3f74fe213e98697c932b20b86dfdaab505a8f89b >> # Parent 05fd0dc8f0dc808219f727dd18a5da2f078c4073 >> Update contrib/vim/syntax >> >> * Fix regexp in string might breaks location ngxBlock >> * Highlight rewrite flags >> * Update keywords based on latest document >> * Include all 3rd party modules listed on wiki >> * Use syntax iskeyword instead of modify iskeyword > > Thank you for the patch. Unfortunately, it fails to apply here, > as it was word-wrapped by your mail client. Please consider using "hg > email" to make sure the patch won't be corrupted in transit, see > http://nginx.org/en/docs/contributing_changes.html. > > Note well that it would be much better to submit separate patches > for different changes. > > Some additional comments below. > >> -setlocal iskeyword+=. >> -setlocal iskeyword+=/ >> -setlocal iskeyword+=: >> +if has("patch-7.4-1142") >> + if has("win32") >> + syn iskeyword @,48-57,_,128-167,224-235,.,/,: >> + else >> + syn iskeyword @,48-57,_,192-255,.,/,: >> + endif >> +else >> + setlocal iskeyword+=. >> + setlocal iskeyword+=/ >> + setlocal iskeyword+=: >> +endif > > Is it at all needed? As far as I see, syntax highliting doesn't > directly depends on keyword chars, so it might be better idea to just > remove iskeyword modifications. It will have some negative > effects by incorrectly matching directives in some file paths, > for example: > > error_log /path/to/error_log; > > will have "error_log" highlighted in the path, but this is > something already happens on "-" in a configuration like: > > error_log /path/to/foo-error_log; > > So probably this isn't something serious enough to worry about, > and just removing iskeyword modifications may be a better option. > > If you think it is really needed, it might be a better idea to use > something like > > if has("patch-7.4-1142") > exe "syn iskeyword ".&iskeyword.",.,/,:" > else > ... > endif > > (Seen at https://github.com/vim/vim/blob/master/runtime/syntax/sh.vim#L91). > > [...] > >> +" Asynchronous FastCGI Module >> +" Primarily a modified version of the Nginx FastCGI module which >> implements multiplexing of connections, allowing a single FastCGI >> server to handle many concurrent requests. >> +" syn keyword ngxDirectiveThirdParty fastcgi_bind >> +" syn keyword ngxDirectiveThirdParty fastcgi_buffer_size >> +" syn keyword ngxDirectiveThirdParty fastcgi_buffers >> +" syn keyword ngxDirectiveThirdParty fastcgi_busy_buffers_size >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_key >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_methods >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_min_uses >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_path >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_use_stale >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_valid >> +" syn keyword ngxDirectiveThirdParty fastcgi_catch_stderr >> +" syn keyword ngxDirectiveThirdParty fastcgi_connect_timeout >> +" syn keyword ngxDirectiveThirdParty fastcgi_hide_header >> +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_client_abort >> +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_headers >> +" syn keyword ngxDirectiveThirdParty fastcgi_index >> +" syn keyword ngxDirectiveThirdParty fastcgi_intercept_errors >> +" syn keyword ngxDirectiveThirdParty fastcgi_max_temp_file_size >> +" syn keyword ngxDirectiveThirdParty fastcgi_next_upstream >> +" syn keyword ngxDirectiveThirdParty fastcgi_param >> +" syn keyword ngxDirectiveThirdParty fastcgi_pass >> +" syn keyword ngxDirectiveThirdParty fastcgi_pass_header >> +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_body >> +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_headers >> +" syn keyword ngxDirectiveThirdParty fastcgi_read_timeout >> +" syn keyword ngxDirectiveThirdParty fastcgi_send_lowat >> +" syn keyword ngxDirectiveThirdParty fastcgi_send_timeout >> +" syn keyword ngxDirectiveThirdParty fastcgi_split_path_info >> +" syn keyword ngxDirectiveThirdParty fastcgi_store >> +" syn keyword ngxDirectiveThirdParty fastcgi_store_access >> +" syn keyword ngxDirectiveThirdParty fastcgi_temp_file_write_size >> +" syn keyword ngxDirectiveThirdParty fastcgi_temp_path >> +syn keyword ngxDirectiveThirdParty fastcgi_upstream_fail_timeout >> +syn keyword ngxDirectiveThirdParty fastcgi_upstream_max_fails > > This module seems to be a (likely non-working) copy of stock > fastcgi module with no additional features. It provides no > additional directives. The fastcgi_upstream_fail_timeout / > fastcgi_upstream_max_fails directives you've listed here are long > deprecated and will only print result in an error (including in > this module). > > [...] > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- OOO From xonatius at gmail.com Mon Feb 20 07:51:02 2017 From: xonatius at gmail.com (Daniil Bondarev) Date: Sun, 19 Feb 2017 23:51:02 -0800 Subject: [PATCH] Always use default server configs for large buffers allocation In-Reply-To: <20170219021023.GE45862@mdounin.ru> References: <20170219021023.GE45862@mdounin.ru> Message-ID: Hello, On Sat, Feb 18, 2017 at 6:10 PM, Maxim Dounin wrote: > Hello! > > On Thu, Feb 16, 2017 at 05:00:20PM -0800, Daniil Bondarev wrote: > >> # HG changeset patch >> # User Daniil Bondarev >> # Date 1485286710 28800 >> # Tue Jan 24 11:38:30 2017 -0800 >> # Node ID 8cd694e06443aaa1ed0601108681fa1c6f7297e0 >> # Parent d84f48e571e449ee6c072a8d52cdea8e06b88ef7 >> Always use default server configs for large buffers allocation >> >> Single http connection can flip between default server and virtual >> servers: depending on parsed Host header for a current request nginx >> changes current request configs. Currently this behavior might cause >> buffer overrun while adding new buffer to hc->busy, if hc->busy was >> allocated with config containing fewer large_client_header_buffers than >> the current one. >> >> This change makes nginx to always use large_client_header_buffers from >> http_connection config, which is default server config. >> >> diff -r d84f48e571e4 -r 8cd694e06443 src/http/ngx_http_request.c >> --- a/src/http/ngx_http_request.c Tue Jan 24 17:02:19 2017 +0300 >> +++ b/src/http/ngx_http_request.c Tue Jan 24 11:38:30 2017 -0800 >> @@ -1447,7 +1447,9 @@ ngx_http_alloc_large_header_buffer(ngx_h >> >> old = request_line ? r->request_start : r->header_name_start; >> >> - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); >> + hc = r->http_connection; >> + >> + cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); >> >> if (r->state != 0 >> && (size_t) (r->header_in->pos - old) >> @@ -1456,8 +1458,6 @@ ngx_http_alloc_large_header_buffer(ngx_h >> return NGX_DECLINED; >> } >> >> - hc = r->http_connection; >> - >> if (hc->nfree) { >> b = hc->free[--hc->nfree]; > > Thanks for spotting this. > > Another part of this problem is with hc->free. If a number of > large header buffers configured in a virtual server is less than > the one in the default server, saving buffers from hc->busy to > hc->free for pipelined requests will also overflow allocated > buffer. To fix this as well, the patch should be extend with > something like this: > > @@ -2876,7 +2875,7 @@ ngx_http_set_keepalive(ngx_http_request_ > * Now we would move the large header buffers to the free list. > */ > > - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); > + cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); > > if (hc->free == NULL) { > hc->free = ngx_palloc(c->pool, > Ah, good catch! > An alternative approach would be to convert hc->busy / hc->free to > use chain links. This will preserve the possibility to have > different large_client_header_buffers in different virtual hosts > as long as the host is known before the limit is reached. Patch: > > # HG changeset patch > # User Maxim Dounin > # Date 1487467695 -10800 > # Sun Feb 19 04:28:15 2017 +0300 > # Node ID 3412c0c019f0f24432bac8b3e65ec03ba69073cb > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > Converted hc->busy/hc->free to use chain links. > > Most notably, this fixes possible buffer overflows if number of buffers > in a virtual server is different from the one in the default server. > > Reported by Daniil Bondarev. > > diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c > --- a/src/http/ngx_http_request.c > +++ b/src/http/ngx_http_request.c > @@ -549,7 +549,7 @@ ngx_http_create_request(ngx_connection_t > > ngx_set_connection_log(r->connection, clcf->error_log); > > - r->header_in = hc->nbusy ? hc->busy[0] : c->buffer; > + r->header_in = hc->busy ? hc->busy->buf : c->buffer; > > if (ngx_list_init(&r->headers_out.headers, r->pool, 20, > sizeof(ngx_table_elt_t)) > @@ -1431,6 +1431,7 @@ ngx_http_alloc_large_header_buffer(ngx_h > { > u_char *old, *new; > ngx_buf_t *b; > + ngx_chain_t *cl; > ngx_http_connection_t *hc; > ngx_http_core_srv_conf_t *cscf; > > @@ -1460,8 +1461,11 @@ ngx_http_alloc_large_header_buffer(ngx_h > > hc = r->http_connection; > > - if (hc->nfree) { > - b = hc->free[--hc->nfree]; > + if (hc->free) { > + cl = hc->free; > + hc->free = cl->next; > + > + b = cl->buf; > > ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, > "http large header free: %p %uz", > @@ -1469,20 +1473,19 @@ ngx_http_alloc_large_header_buffer(ngx_h > > } else if (hc->nbusy < cscf->large_client_header_buffers.num) { > > - if (hc->busy == NULL) { > - hc->busy = ngx_palloc(r->connection->pool, > - cscf->large_client_header_buffers.num * sizeof(ngx_buf_t *)); > - if (hc->busy == NULL) { > - return NGX_ERROR; > - } > - } > - > b = ngx_create_temp_buf(r->connection->pool, > cscf->large_client_header_buffers.size); > if (b == NULL) { > return NGX_ERROR; > } > > + cl = ngx_alloc_chain_link(r->connection->pool); > + if (cl == NULL) { > + return NGX_ERROR; > + } > + > + cl->buf = b; > + > ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, > "http large header alloc: %p %uz", > b->pos, b->end - b->last); > @@ -1491,7 +1494,9 @@ ngx_http_alloc_large_header_buffer(ngx_h > return NGX_DECLINED; > } > > - hc->busy[hc->nbusy++] = b; > + cl->next = hc->busy; > + hc->busy = cl; > + hc->nbusy++; > > if (r->state == 0) { > /* > @@ -2835,12 +2840,11 @@ static void > ngx_http_set_keepalive(ngx_http_request_t *r) > { > int tcp_nodelay; > - ngx_int_t i; > ngx_buf_t *b, *f; > + ngx_chain_t *cl, *ln; > ngx_event_t *rev, *wev; > ngx_connection_t *c; > ngx_http_connection_t *hc; > - ngx_http_core_srv_conf_t *cscf; > ngx_http_core_loc_conf_t *clcf; > > c = r->connection; > @@ -2876,27 +2880,15 @@ ngx_http_set_keepalive(ngx_http_request_ > * Now we would move the large header buffers to the free list. > */ > > - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); > - > - if (hc->free == NULL) { > - hc->free = ngx_palloc(c->pool, > - cscf->large_client_header_buffers.num * sizeof(ngx_buf_t *)); > - > - if (hc->free == NULL) { > - ngx_http_close_request(r, 0); > - return; > - } > - } > - > - for (i = 0; i < hc->nbusy - 1; i++) { > - f = hc->busy[i]; > - hc->free[hc->nfree++] = f; > + for (cl = hc->busy; cl->next; cl = cl->next) { > + f = cl->next->buf; > f->pos = f->start; > f->last = f->start; > } > > - hc->busy[0] = b; > - hc->nbusy = 1; > + cl->next = hc->free; > + hc->free = hc->busy->next; > + hc->busy->next = NULL; > } > } > > @@ -2966,28 +2958,24 @@ ngx_http_set_keepalive(ngx_http_request_ > b->last = b->start; > } > > - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc free: %p %i", > - hc->free, hc->nfree); > - > - if (hc->free) { > - for (i = 0; i < hc->nfree; i++) { > - ngx_pfree(c->pool, hc->free[i]->start); > - hc->free[i] = NULL; > - } > - > - hc->nfree = 0; > + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc free: %p", > + hc->free); > + > + for (cl = hc->free; cl; /* void */) { > + ln = cl; > + cl = cl->next; > + ngx_pfree(c->pool, ln->buf->start); > + ngx_free_chain(r->pool, ln); > } > > ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, "hc busy: %p %i", > hc->busy, hc->nbusy); > > - if (hc->busy) { > - for (i = 0; i < hc->nbusy; i++) { > - ngx_pfree(c->pool, hc->busy[i]->start); > - hc->busy[i] = NULL; > - } > - > - hc->nbusy = 0; > + for (cl = hc->busy; cl; /* void */) { > + ln = cl; > + cl = cl->next; > + ngx_pfree(c->pool, ln->buf->start); > + ngx_free_chain(r->pool, ln); > } > > #if (NGX_HTTP_SSL) > diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h > --- a/src/http/ngx_http_request.h > +++ b/src/http/ngx_http_request.h > @@ -309,11 +309,10 @@ typedef struct { > #endif > #endif > > - ngx_buf_t **busy; > + ngx_chain_t *busy; > ngx_int_t nbusy; > > - ngx_buf_t **free; > - ngx_int_t nfree; > + ngx_chain_t *free; > > unsigned ssl:1; > unsigned proxy_protocol:1; > Sure, that works (: Thanks! > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel From dave.bevan at bbc.co.uk Mon Feb 20 10:20:07 2017 From: dave.bevan at bbc.co.uk (Dave Bevan) Date: Mon, 20 Feb 2017 10:20:07 +0000 Subject: Add new, corporate friendly, SSL client certificate variables. Message-ID: <8B4260EB2A248F47B816B86AAB389ECD8CB7B674@bgb01xud1008> # HG changeset patch # User Dave Bevan # Date 1487584846 0 # Mon Feb 20 10:00:46 2017 +0000 # Node ID 06bd70321e25e01574e406095ff5f21f56b571da # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c Add new, corporate friendly, SSL client certificate variables. Introduce three new SSL variables: * ssl_client_ms_upn (extracts Microsoft UserPrincipleName from client cert) * ssl_client_email (extracts email from client cert) * ssl_client_s_cn (extracts Subject Common Name from client cert) These are particularly useful in corporate environments, and bring some parity with Apache facilities (particularly ms_upn extract). diff -r 87cf6ddb41c2 -r 06bd70321e25 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/event/ngx_event_openssl.c Mon Feb 20 10:00:46 2017 +0000 @@ -4081,6 +4081,150 @@ } +ngx_int_t +ngx_ssl_get_client_ms_upn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + int i; + BIO *bio; + X509 *cert; + GENERAL_NAME *altname; + STACK_OF(GENERAL_NAME) *altnames; + + s->len = 0; + + cert = SSL_get_peer_certificate(c->ssl->connection); + if (cert == NULL) { + return NGX_OK; + } + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + altnames = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + + if (altnames) { + for (i = 0; i < sk_GENERAL_NAME_num(altnames); i++) { + altname = sk_GENERAL_NAME_value(altnames, i); + + if (altname->type != GEN_OTHERNAME) { + continue; + } + + if (NID_ms_upn != OBJ_obj2nid(altname->d.otherName->type_id)) { + continue; + } + + BIO_printf(bio, "%s", + (char*)ASN1_STRING_data(altname->d.otherName->value->value.asn1_string)); + } + } + + s->len = BIO_pending(bio); + s->data = ngx_pnalloc(pool, s->len); + + BIO_read(bio, s->data, s->len); + BIO_free(bio); + X509_free(cert); + GENERAL_NAMES_free(altnames); + + return NGX_OK; +} + + +ngx_int_t +ngx_ssl_get_client_email(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + unsigned int i; + BIO *bio; + X509 *cert; + STACK_OF(OPENSSL_STRING) *emails; + + s->len = 0; + + cert = SSL_get_peer_certificate(c->ssl->connection); + if (cert == NULL) { + return NGX_OK; + } + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + emails = X509_get1_email(cert); + + for (i = 0; i < (unsigned int)sk_OPENSSL_STRING_num(emails); i++) { + BIO_printf(bio, "%s", + sk_OPENSSL_STRING_value(emails, i)); + break; + } + + s->len = BIO_pending(bio); + s->data = ngx_pnalloc(pool, s->len); + + BIO_read(bio, s->data, s->len); + BIO_free(bio); + X509_free(cert); + X509_email_free(emails); + + return NGX_OK; +} + + +ngx_int_t +ngx_ssl_get_client_s_cn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + int i; + BIO *bio; + X509 *cert; + X509_NAME *name; + X509_NAME_ENTRY *cn; + + s->len = 0; + + cert = SSL_get_peer_certificate(c->ssl->connection); + if (cert == NULL) { + return NGX_OK; + } + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + name = X509_get_subject_name(cert); + + if (name != NULL) { + i = -1; + for ( ;; ) { + i = X509_NAME_get_index_by_NID(name, NID_commonName, i); + + if (i < 0) { + break; + } + + cn = X509_NAME_get_entry(name, i); + BIO_printf(bio, "%s", + ASN1_STRING_data(X509_NAME_ENTRY_get_data(cn))); + } + } + + s->len = BIO_pending(bio); + s->data = ngx_pnalloc(pool, s->len); + + BIO_read(bio, s->data, s->len); + BIO_free(bio); + X509_free(cert); + + return NGX_OK; +} + + static time_t ngx_ssl_parse_time( #if OPENSSL_VERSION_NUMBER > 0x10100000L diff -r 87cf6ddb41c2 -r 06bd70321e25 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Fri Feb 17 17:01:27 2017 +0300 +++ b/src/event/ngx_event_openssl.h Mon Feb 20 10:00:46 2017 +0000 @@ -226,6 +226,12 @@ ngx_str_t *s); ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_client_ms_upn(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s); +ngx_int_t ngx_ssl_get_client_email(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s); +ngx_int_t ngx_ssl_get_client_s_cn(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s); ngx_int_t ngx_ssl_handshake(ngx_connection_t *c); diff -r 87cf6ddb41c2 -r 06bd70321e25 src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Mon Feb 20 10:00:46 2017 +0000 @@ -328,6 +328,15 @@ { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_ms_upn"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_client_ms_upn, NGX_HTTP_VAR_CHANGEABLE, 0 }, + + { ngx_string("ssl_client_email"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_client_email, NGX_HTTP_VAR_CHANGEABLE, 0 }, + + { ngx_string("ssl_client_s_cn"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_client_s_cn, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; diff -r 87cf6ddb41c2 -r 06bd70321e25 src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/stream/ngx_stream_ssl_module.c Mon Feb 20 10:00:46 2017 +0000 @@ -272,6 +272,15 @@ { ngx_string("ssl_client_v_remain"), NULL, ngx_stream_ssl_variable, (uintptr_t) ngx_ssl_get_client_v_remain, NGX_STREAM_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_ms_upn"), NULL, ngx_stream_ssl_variable, + (uintptr_t) ngx_ssl_get_client_ms_upn, NGX_STREAM_VAR_CHANGEABLE, 0 }, + + { ngx_string("ssl_client_email"), NULL, ngx_stream_ssl_variable, + (uintptr_t) ngx_ssl_get_client_email, NGX_STREAM_VAR_CHANGEABLE, 0 }, + + { ngx_string("ssl_client_s_cn"), NULL, ngx_stream_ssl_variable, + (uintptr_t) ngx_ssl_get_client_s_cn, NGX_STREAM_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; From mdounin at mdounin.ru Mon Feb 20 13:20:27 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 20 Feb 2017 16:20:27 +0300 Subject: Add new, corporate friendly, SSL client certificate variables. In-Reply-To: <8B4260EB2A248F47B816B86AAB389ECD8CB7B674@bgb01xud1008> References: <8B4260EB2A248F47B816B86AAB389ECD8CB7B674@bgb01xud1008> Message-ID: <20170220132027.GA62032@mdounin.ru> Hello! On Mon, Feb 20, 2017 at 10:20:07AM +0000, Dave Bevan wrote: > # HG changeset patch > # User Dave Bevan > # Date 1487584846 0 > # Mon Feb 20 10:00:46 2017 +0000 > # Node ID 06bd70321e25e01574e406095ff5f21f56b571da > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > Add new, corporate friendly, SSL client certificate variables. > > Introduce three new SSL variables: > > * ssl_client_ms_upn (extracts Microsoft UserPrincipleName from client cert) > * ssl_client_email (extracts email from client cert) Implementations of these doesn't seem to take into account that there may be more than one such name in a certificate. > * ssl_client_s_cn (extracts Subject Common Name from client cert) There is $ssl_client_s_dn variable which contains CN. If for some reason only the CN is needed, it can be extracted using map{}, see https://trac.nginx.org/nginx/ticket/1091. And it may be a better solution to use the DN instead. > These are particularly useful in corporate environments, and bring some parity > with Apache facilities (particularly ms_upn extract). I can't say this explains how these are "useful in corporate environments". In particular, we've never seen any user requests about client certficate alternative names, neither email nor Microsoft-specific ones. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Feb 20 14:39:04 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 20 Feb 2017 17:39:04 +0300 Subject: [PATCH] Contrib: update vim syntax script In-Reply-To: References: <20170217152429.GC45862@mdounin.ru> Message-ID: <20170220143904.GB62032@mdounin.ru> Hello! On Mon, Feb 20, 2017 at 12:26:52PM +0800, OOO wrote: > The reason I send all changes in one patch is that > I thought Vim syntax is very minor part of the entire repository. > So I want to reduce commit. > It's ok to send separate commits. I certainly don't want you to send all the commits from your git repository as separate patches, but providing separate patches for different major changes will simplify the review. Thanks. > * iskeyword > > I don't really know why the original author want to change iskeyword. > What I can confirm is, this is for URL. > Several months ago, I think I figure out why, but I cant remember the > reason now. It may make sense to ask the author directly (cc'd). To Evan: could you please comment on this? Thanks! > And iskeyword will change behavior of syntax highlight, but only for > `syntax keyword`. > I use `.` in keyword for TLSv1.1. > So I suggest keep them if possible. > Use `syntax iskeyword` in syntax file. > And move iskeyword to ftplugin. Ok, this make sense for at least "." then. > I don't want to use the existing `&iskeyword` value like: > > exe "syn iskeyword ".&iskeyword.",.,/,:" > > Is because this value might be modified by other script or user. > It might breaks syntax highlight. Ok, agree. Is the distinction between win32 / non-win32 is needed then? Just using something like "@,48-57,_,.,/,:" might be a better option. > > * fastcgi > > Yes, I think this is not active 3rd party module. > Currently, my rule to deal with 3rd party module is: > > 1. List from https://www.nginx.com/resources/wiki/modules/ > 2. One module one file ref: > https://github.com/othree/nginx-contrib-vim/tree/master/syntax/modules > 3. If I can find any word make sure this is deprecated, mark as > Deprecated and use ngxDirectiveDeprecated > 4. If the moduile don't have any dirctive, still keep the file, ex: > https://www.nginx.com/resources/wiki/modules/zip/ > > I think this rule need some modify. > There are more modules seems not active now. > But I can't confirm which is not really deprecated. > > Or I can just modify syntax when I know what is deprecated by user report. > > 2017-02-17 23:24 GMT+08:00 Maxim Dounin : > > Hello! > > > > On Thu, Feb 16, 2017 at 11:57:35PM +0800, OOO wrote: > > > >> Hi > >> > >> This patch improves vim syntax file for nginx conf. > >> > >> Major changes: > >> > >> * Fix regexp in string might breaks location ngxBlock > >> * Use syntax iskeyword instead of modify real Vim iskeyword (new Vim > >> feature, can avoid change user behavior) > >> * Update keywords, based on document[1][2] > >> * Add/Update all 3rd party module keywords based on wiki[3][4] > >> > >> Full change history is on github[5]. > >> > >> [1]:https://nginx.org/en/docs/ > >> [2]:https://github.com/othree/nginx-contrib-vim/issues/4 > >> [3]:https://www.nginx.com/resources/wiki/modules/ > >> [4]:https://github.com/othree/nginx-contrib-vim/issues/1 > >> [5]:https://github.com/othree/nginx-contrib-vim > >> > >> # HG changeset patch > >> # User othree > >> # Date 1487259832 -28800 > >> # Thu Feb 16 23:43:52 2017 +0800 > >> # Node ID 3f74fe213e98697c932b20b86dfdaab505a8f89b > >> # Parent 05fd0dc8f0dc808219f727dd18a5da2f078c4073 > >> Update contrib/vim/syntax > >> > >> * Fix regexp in string might breaks location ngxBlock > >> * Highlight rewrite flags > >> * Update keywords based on latest document > >> * Include all 3rd party modules listed on wiki > >> * Use syntax iskeyword instead of modify iskeyword > > > > Thank you for the patch. Unfortunately, it fails to apply here, > > as it was word-wrapped by your mail client. Please consider using "hg > > email" to make sure the patch won't be corrupted in transit, see > > http://nginx.org/en/docs/contributing_changes.html. > > > > Note well that it would be much better to submit separate patches > > for different changes. > > > > Some additional comments below. > > > >> -setlocal iskeyword+=. > >> -setlocal iskeyword+=/ > >> -setlocal iskeyword+=: > >> +if has("patch-7.4-1142") > >> + if has("win32") > >> + syn iskeyword @,48-57,_,128-167,224-235,.,/,: > >> + else > >> + syn iskeyword @,48-57,_,192-255,.,/,: > >> + endif > >> +else > >> + setlocal iskeyword+=. > >> + setlocal iskeyword+=/ > >> + setlocal iskeyword+=: > >> +endif > > > > Is it at all needed? As far as I see, syntax highliting doesn't > > directly depends on keyword chars, so it might be better idea to just > > remove iskeyword modifications. It will have some negative > > effects by incorrectly matching directives in some file paths, > > for example: > > > > error_log /path/to/error_log; > > > > will have "error_log" highlighted in the path, but this is > > something already happens on "-" in a configuration like: > > > > error_log /path/to/foo-error_log; > > > > So probably this isn't something serious enough to worry about, > > and just removing iskeyword modifications may be a better option. > > > > If you think it is really needed, it might be a better idea to use > > something like > > > > if has("patch-7.4-1142") > > exe "syn iskeyword ".&iskeyword.",.,/,:" > > else > > ... > > endif > > > > (Seen at https://github.com/vim/vim/blob/master/runtime/syntax/sh.vim#L91). > > > > [...] > > > >> +" Asynchronous FastCGI Module > >> +" Primarily a modified version of the Nginx FastCGI module which > >> implements multiplexing of connections, allowing a single FastCGI > >> server to handle many concurrent requests. > >> +" syn keyword ngxDirectiveThirdParty fastcgi_bind > >> +" syn keyword ngxDirectiveThirdParty fastcgi_buffer_size > >> +" syn keyword ngxDirectiveThirdParty fastcgi_buffers > >> +" syn keyword ngxDirectiveThirdParty fastcgi_busy_buffers_size > >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache > >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_key > >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_methods > >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_min_uses > >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_path > >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_use_stale > >> +" syn keyword ngxDirectiveThirdParty fastcgi_cache_valid > >> +" syn keyword ngxDirectiveThirdParty fastcgi_catch_stderr > >> +" syn keyword ngxDirectiveThirdParty fastcgi_connect_timeout > >> +" syn keyword ngxDirectiveThirdParty fastcgi_hide_header > >> +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_client_abort > >> +" syn keyword ngxDirectiveThirdParty fastcgi_ignore_headers > >> +" syn keyword ngxDirectiveThirdParty fastcgi_index > >> +" syn keyword ngxDirectiveThirdParty fastcgi_intercept_errors > >> +" syn keyword ngxDirectiveThirdParty fastcgi_max_temp_file_size > >> +" syn keyword ngxDirectiveThirdParty fastcgi_next_upstream > >> +" syn keyword ngxDirectiveThirdParty fastcgi_param > >> +" syn keyword ngxDirectiveThirdParty fastcgi_pass > >> +" syn keyword ngxDirectiveThirdParty fastcgi_pass_header > >> +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_body > >> +" syn keyword ngxDirectiveThirdParty fastcgi_pass_request_headers > >> +" syn keyword ngxDirectiveThirdParty fastcgi_read_timeout > >> +" syn keyword ngxDirectiveThirdParty fastcgi_send_lowat > >> +" syn keyword ngxDirectiveThirdParty fastcgi_send_timeout > >> +" syn keyword ngxDirectiveThirdParty fastcgi_split_path_info > >> +" syn keyword ngxDirectiveThirdParty fastcgi_store > >> +" syn keyword ngxDirectiveThirdParty fastcgi_store_access > >> +" syn keyword ngxDirectiveThirdParty fastcgi_temp_file_write_size > >> +" syn keyword ngxDirectiveThirdParty fastcgi_temp_path > >> +syn keyword ngxDirectiveThirdParty fastcgi_upstream_fail_timeout > >> +syn keyword ngxDirectiveThirdParty fastcgi_upstream_max_fails > > > > This module seems to be a (likely non-working) copy of stock > > fastcgi module with no additional features. It provides no > > additional directives. The fastcgi_upstream_fail_timeout / > > fastcgi_upstream_max_fails directives you've listed here are long > > deprecated and will only print result in an error (including in > > this module). > > > > [...] > > > > -- > > Maxim Dounin > > http://nginx.org/ > > _______________________________________________ > > nginx-devel mailing list > > nginx-devel at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx-devel > > > > -- > OOO > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Feb 20 15:20:13 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 20 Feb 2017 18:20:13 +0300 Subject: [PATCH] Contrib: update vim syntax script In-Reply-To: <20170220143904.GB62032@mdounin.ru> References: <20170217152429.GC45862@mdounin.ru> <20170220143904.GB62032@mdounin.ru> Message-ID: <20170220152013.GD62032@mdounin.ru> Hello! On Mon, Feb 20, 2017 at 05:39:04PM +0300, Maxim Dounin wrote: [...] > > * iskeyword > > > > I don't really know why the original author want to change iskeyword. > > What I can confirm is, this is for URL. > > Several months ago, I think I figure out why, but I cant remember the > > reason now. > > It may make sense to ask the author directly (cc'd). > > To Evan: could you please comment on this? Thanks! Just for the record: as per Evan's response, this was done to prevent keyword withing URLs from being highlighted, and there is likely a better way to accomplish this. -- Maxim Dounin http://nginx.org/ From othree at gmail.com Mon Feb 20 15:24:04 2017 From: othree at gmail.com (OOO) Date: Mon, 20 Feb 2017 23:24:04 +0800 Subject: [PATCH] Contrib: update vim syntax script In-Reply-To: <20170220143904.GB62032@mdounin.ru> References: <20170217152429.GC45862@mdounin.ru> <20170220143904.GB62032@mdounin.ru> Message-ID: Hi 2017-02-20 22:39 GMT+08:00 Maxim Dounin : > Hello! > > On Mon, Feb 20, 2017 at 12:26:52PM +0800, OOO wrote: > >> The reason I send all changes in one patch is that >> I thought Vim syntax is very minor part of the entire repository. >> So I want to reduce commit. >> It's ok to send separate commits. > > I certainly don't want you to send all the commits from your git > repository as separate patches, but providing separate patches for > different major changes will simplify the review. Thanks. Of course, I just created a new repo to doing this. >> * iskeyword >> >> I don't really know why the original author want to change iskeyword. >> What I can confirm is, this is for URL. >> Several months ago, I think I figure out why, but I cant remember the >> reason now. > > It may make sense to ask the author directly (cc'd). > > To Evan: could you please comment on this? Thanks! > >> And iskeyword will change behavior of syntax highlight, but only for >> `syntax keyword`. >> I use `.` in keyword for TLSv1.1. >> So I suggest keep them if possible. >> Use `syntax iskeyword` in syntax file. >> And move iskeyword to ftplugin. > > Ok, this make sense for at least "." then. > >> I don't want to use the existing `&iskeyword` value like: >> >> exe "syn iskeyword ".&iskeyword.",.,/,:" >> >> Is because this value might be modified by other script or user. >> It might breaks syntax highlight. > > Ok, agree. Is the distinction between win32 / non-win32 is needed > then? Just using something like "@,48-57,_,.,/,:" might be a > better option. This is default option value on Vim's document -- OOO From othree at gmail.com Mon Feb 20 15:34:35 2017 From: othree at gmail.com (OOO) Date: Mon, 20 Feb 2017 23:34:35 +0800 Subject: [PATCH] Contrib: update vim syntax script In-Reply-To: <20170220152013.GD62032@mdounin.ru> References: <20170217152429.GC45862@mdounin.ru> <20170220143904.GB62032@mdounin.ru> <20170220152013.GD62032@mdounin.ru> Message-ID: This is very clever method to do it. Write a Vim pattern to match the URL or location is much more idealy. But the performance might be much worse than current solution. 2017-02-20 23:20 GMT+08:00 Maxim Dounin : > Hello! > > On Mon, Feb 20, 2017 at 05:39:04PM +0300, Maxim Dounin wrote: > > [...] > >> > * iskeyword >> > >> > I don't really know why the original author want to change iskeyword. >> > What I can confirm is, this is for URL. >> > Several months ago, I think I figure out why, but I cant remember the >> > reason now. >> >> It may make sense to ask the author directly (cc'd). >> >> To Evan: could you please comment on this? Thanks! > > Just for the record: as per Evan's response, this was done to > prevent keyword withing URLs from being highlighted, and there is > likely a better way to accomplish this. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- OOO From hucong.c at foxmail.com Mon Feb 20 16:05:56 2017 From: hucong.c at foxmail.com (=?utf-8?B?6IOh6IGqIChodWNjKQ==?=) Date: Tue, 21 Feb 2017 00:05:56 +0800 Subject: [PATCH][bugfix] Upstream: clear the delayed flag to prevent blocking from sending. In-Reply-To: References: Message-ID: Hi, If the problem reproduction is hard, the use of OpenResty can make it easier, and may be too easy. But the bug do exists, and belongs to nginx. ------------------ Original ------------------ From: "?? (hucc)";; Send time: Friday, Feb 17, 2017 11:18 AM To: "nginx-devel"; Subject: [PATCH][bugfix] Upstream: clear the delayed flag to prevent blockingfrom sending. Hi, To reproduce the scene of send blocking, there must be more than two subrequest, and the more the better. When I encounter this problem, my config is as follows (roughly): slice 1M; limit_rate 2M; proxy_buffering on proxy_buffer_size 32K; proxy_buffers 4 64K; proxy_pass http://domain/uri; And my system: Linux ** 2.6.32-642.13.1.el6.x86_64 #1 SMP Wed Jan 11 20:56:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Patchs bellow: # HG changeset patch # User hucongcong # Date 1487298087 -28800 # Fri Feb 17 10:21:27 2017 +0800 # Node ID 37b376790ecf83eaaff2f024eb3093a079091d93 # Parent 05fd0dc8f0dc808219f727dd18a5da2f078c4073 Upstream: clear the delayed flag to prevent blocking from sending. Suppose that proxy_buffering is on and limit_rate is defined, the send will be blocked in write filter when the following two conditions are met: First, the previous upstream request sets the write->delayed flag and starts the timer of downstream, and then finalized. Second, the timer timed out before the next subrequest enters the function ngx_http_upstream_send_response(), which means the delayed flag is not be cleared properly. Thus, the data transmission from upstream to downstream will be blocked in subrequest. By clearing the delayed flag of c->write in ngx_http_upstream_send_response() when the timer of write event is deleted, to solve this problem. diff -r 05fd0dc8f0dc -r 37b376790ecf src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c Thu Feb 16 18:37:22 2017 +0300 +++ b/src/http/ngx_http_upstream.c Fri Feb 17 10:21:27 2017 +0800 @@ -2848,6 +2848,10 @@ ngx_http_upstream_send_response(ngx_http c = r->connection; + if (c->write->delayed && !c->write->timer_set) { + c->write->delayed = 0; + } + if (r->header_only) { if (!u->buffering) { From mdounin at mdounin.ru Mon Feb 20 16:08:21 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 20 Feb 2017 19:08:21 +0300 Subject: [PATCH] Contrib: update vim syntax script In-Reply-To: References: <20170217152429.GC45862@mdounin.ru> <20170220143904.GB62032@mdounin.ru> <20170220152013.GD62032@mdounin.ru> Message-ID: <20170220160821.GE62032@mdounin.ru> Hello! On Mon, Feb 20, 2017 at 11:34:35PM +0800, OOO wrote: > This is very clever method to do it. > Write a Vim pattern to match the URL or location is much more idealy. > But the performance might be much worse than current solution. I think a more generic solution would be to just skip all parameters of directives, regardless of whether it is URL or not. But this is certainly a separate task, and will likely result in major changes to the whole syntax highliting logic. -- Maxim Dounin http://nginx.org/ From othree at gmail.com Mon Feb 20 16:10:22 2017 From: othree at gmail.com (othree) Date: Tue, 21 Feb 2017 00:10:22 +0800 Subject: [PATCH] [PATCH] Contrib: vim-syntax, add listen option and SSL/Mail protocol keywords Message-ID: <86edcdd053d07055b477.1487607022@othreedeMacBook-Pro.local> # HG changeset patch # User othree # Date 1487606986 -28800 # Tue Feb 21 00:09:46 2017 +0800 # Node ID 86edcdd053d07055b4773d144ddf78edea60af79 # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c [PATCH] Contrib: vim-syntax, add listen option and SSL/Mail protocol keywords diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -32,25 +32,43 @@ syn keyword ngxDirectiveBlock if syn keyword ngxDirectiveBlock geo contained syn keyword ngxDirectiveBlock map contained syn keyword ngxDirectiveBlock split_clients contained syn keyword ngxDirectiveImportant include syn keyword ngxDirectiveImportant root syn keyword ngxDirectiveImportant server syn keyword ngxDirectiveImportant server_name -syn keyword ngxDirectiveImportant listen +syn keyword ngxDirectiveImportant listen contained +syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=/listen/ end=/;\zs/ contains=ngxListenOptions syn keyword ngxDirectiveImportant internal syn keyword ngxDirectiveImportant proxy_pass syn keyword ngxDirectiveImportant memcached_pass syn keyword ngxDirectiveImportant fastcgi_pass syn keyword ngxDirectiveImportant scgi_pass syn keyword ngxDirectiveImportant uwsgi_pass syn keyword ngxDirectiveImportant try_files +syn keyword ngxListenOptions ssl contained +syn keyword ngxListenOptions http2 contained +syn keyword ngxListenOptions spdy contained +syn keyword ngxListenOptions proxy_protocol contained +syn keyword ngxListenOptions setfib contained +syn keyword ngxListenOptions fastopen contained +syn keyword ngxListenOptions backlog contained +syn keyword ngxListenOptions rcvbuf contained +syn keyword ngxListenOptions sndbuf contained +syn keyword ngxListenOptions accept_filter contained +syn keyword ngxListenOptions deferred contained +syn keyword ngxListenOptions bind contained +syn keyword ngxListenOptions ipv6only contained +syn keyword ngxListenOptions reuseport contained +syn keyword ngxListenOptions so_keepalive contained +syn keyword ngxListenOptions keepidle contained + syn keyword ngxDirectiveControl break syn keyword ngxDirectiveControl return syn keyword ngxDirectiveControl rewrite syn keyword ngxDirectiveControl set syn keyword ngxDirectiveError error_page syn keyword ngxDirectiveError post_action @@ -262,17 +280,18 @@ syn keyword ngxDirective perl_require syn keyword ngxDirective perl_set syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output -syn keyword ngxDirective protocol +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite +syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size syn keyword ngxDirective proxy_cache @@ -311,17 +330,17 @@ syn keyword ngxDirective proxy_read_time syn keyword ngxDirective proxy_redirect syn keyword ngxDirective proxy_send_lowat syn keyword ngxDirective proxy_send_timeout syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name -syn keyword ngxDirective proxy_ssl_protocols +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size @@ -420,17 +439,18 @@ syn keyword ngxDirective ssl_certificate syn keyword ngxDirective ssl_ciphers syn keyword ngxDirective ssl_client_certificate syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers -syn keyword ngxDirective ssl_protocols +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify @@ -495,17 +515,17 @@ syn keyword ngxDirective uwsgi_param syn keyword ngxDirective uwsgi_pass_header syn keyword ngxDirective uwsgi_pass_request_body syn keyword ngxDirective uwsgi_pass_request_headers syn keyword ngxDirective uwsgi_read_timeout syn keyword ngxDirective uwsgi_send_timeout syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name -syn keyword ngxDirective uwsgi_ssl_protocols +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access syn keyword ngxDirective uwsgi_string @@ -828,9 +848,13 @@ hi link ngxBoolean Boolean hi link ngxDirectiveBlock Statement hi link ngxDirectiveImportant Type hi link ngxDirectiveControl Keyword hi link ngxDirectiveError Constant hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special +hi link ngxListenOptions Keyword +hi link ngxMailProtocol Keyword +hi link ngxSSLProtocol Keyword + let b:current_syntax = "nginx" From mdounin at mdounin.ru Mon Feb 20 16:59:10 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 20 Feb 2017 19:59:10 +0300 Subject: [PATCH] [PATCH] Contrib: vim-syntax, add listen option and SSL/Mail protocol keywords In-Reply-To: <86edcdd053d07055b477.1487607022@othreedeMacBook-Pro.local> References: <86edcdd053d07055b477.1487607022@othreedeMacBook-Pro.local> Message-ID: <20170220165910.GF62032@mdounin.ru> Hello! On Tue, Feb 21, 2017 at 12:10:22AM +0800, othree wrote: > # HG changeset patch > # User othree > # Date 1487606986 -28800 > # Tue Feb 21 00:09:46 2017 +0800 > # Node ID 86edcdd053d07055b4773d144ddf78edea60af79 > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > [PATCH] Contrib: vim-syntax, add listen option and SSL/Mail protocol keywords The '[PATCH]' here is certainly not needed. More minor nits: summary line too long, and doesn't end with dot. Suggested variant: Contrib: vim syntax, listen option and SSL/Mail protocol keywords. > > diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim > +++ b/contrib/vim/syntax/nginx.vim > @@ -32,25 +32,43 @@ syn keyword ngxDirectiveBlock if > syn keyword ngxDirectiveBlock geo contained > syn keyword ngxDirectiveBlock map contained > syn keyword ngxDirectiveBlock split_clients contained > > syn keyword ngxDirectiveImportant include > syn keyword ngxDirectiveImportant root > syn keyword ngxDirectiveImportant server > syn keyword ngxDirectiveImportant server_name > -syn keyword ngxDirectiveImportant listen > +syn keyword ngxDirectiveImportant listen contained > +syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=/listen/ end=/;\zs/ contains=ngxListenOptions Note that this breaks on the following valid listen directives: listen "unix:/tmp/foo;bar"; listen 'unix:/tmp/foo;bar'; listen unix:/tmp/foo\;bar; > syn keyword ngxDirectiveImportant internal > syn keyword ngxDirectiveImportant proxy_pass > syn keyword ngxDirectiveImportant memcached_pass > syn keyword ngxDirectiveImportant fastcgi_pass > syn keyword ngxDirectiveImportant scgi_pass > syn keyword ngxDirectiveImportant uwsgi_pass > syn keyword ngxDirectiveImportant try_files > > +syn keyword ngxListenOptions ssl contained > +syn keyword ngxListenOptions http2 contained > +syn keyword ngxListenOptions spdy contained > +syn keyword ngxListenOptions proxy_protocol contained > +syn keyword ngxListenOptions setfib contained > +syn keyword ngxListenOptions fastopen contained > +syn keyword ngxListenOptions backlog contained > +syn keyword ngxListenOptions rcvbuf contained > +syn keyword ngxListenOptions sndbuf contained > +syn keyword ngxListenOptions accept_filter contained > +syn keyword ngxListenOptions deferred contained > +syn keyword ngxListenOptions bind contained > +syn keyword ngxListenOptions ipv6only contained > +syn keyword ngxListenOptions reuseport contained > +syn keyword ngxListenOptions so_keepalive contained > +syn keyword ngxListenOptions keepidle contained The "default_server" parameter missing. -- Maxim Dounin http://nginx.org/ From othree at gmail.com Tue Feb 21 03:11:20 2017 From: othree at gmail.com (othree) Date: Tue, 21 Feb 2017 11:11:20 +0800 Subject: [PATCH] Contrib: vim syntax, listen option and SSL/Mail protocol keywords Message-ID: <41224bb087061a246fe6.1487646680@othree.local> # HG changeset patch # User othree # Date 1487646550 -28800 # Tue Feb 21 11:09:10 2017 +0800 # Node ID 41224bb087061a246fe67aa4c0e123a1107ae4cf # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c Contrib: vim syntax, listen option and SSL/Mail protocol keywords. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -32,25 +32,44 @@ syn keyword ngxDirectiveBlock if syn keyword ngxDirectiveBlock geo contained syn keyword ngxDirectiveBlock map contained syn keyword ngxDirectiveBlock split_clients contained syn keyword ngxDirectiveImportant include syn keyword ngxDirectiveImportant root syn keyword ngxDirectiveImportant server syn keyword ngxDirectiveImportant server_name -syn keyword ngxDirectiveImportant listen +syn keyword ngxDirectiveImportant listen contained +syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=/listen/ skip=/\\\;/ end=/;\zs/ contains=ngxListenOptions,ngxString syn keyword ngxDirectiveImportant internal syn keyword ngxDirectiveImportant proxy_pass syn keyword ngxDirectiveImportant memcached_pass syn keyword ngxDirectiveImportant fastcgi_pass syn keyword ngxDirectiveImportant scgi_pass syn keyword ngxDirectiveImportant uwsgi_pass syn keyword ngxDirectiveImportant try_files +syn keyword ngxListenOptions default_server contained +syn keyword ngxListenOptions ssl contained +syn keyword ngxListenOptions http2 contained +syn keyword ngxListenOptions spdy contained +syn keyword ngxListenOptions proxy_protocol contained +syn keyword ngxListenOptions setfib contained +syn keyword ngxListenOptions fastopen contained +syn keyword ngxListenOptions backlog contained +syn keyword ngxListenOptions rcvbuf contained +syn keyword ngxListenOptions sndbuf contained +syn keyword ngxListenOptions accept_filter contained +syn keyword ngxListenOptions deferred contained +syn keyword ngxListenOptions bind contained +syn keyword ngxListenOptions ipv6only contained +syn keyword ngxListenOptions reuseport contained +syn keyword ngxListenOptions so_keepalive contained +syn keyword ngxListenOptions keepidle contained + syn keyword ngxDirectiveControl break syn keyword ngxDirectiveControl return syn keyword ngxDirectiveControl rewrite syn keyword ngxDirectiveControl set syn keyword ngxDirectiveError error_page syn keyword ngxDirectiveError post_action @@ -262,17 +281,18 @@ syn keyword ngxDirective perl_require syn keyword ngxDirective perl_set syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output -syn keyword ngxDirective protocol +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite +syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size syn keyword ngxDirective proxy_cache @@ -311,17 +331,17 @@ syn keyword ngxDirective proxy_read_time syn keyword ngxDirective proxy_redirect syn keyword ngxDirective proxy_send_lowat syn keyword ngxDirective proxy_send_timeout syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name -syn keyword ngxDirective proxy_ssl_protocols +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size @@ -420,17 +440,18 @@ syn keyword ngxDirective ssl_certificate syn keyword ngxDirective ssl_ciphers syn keyword ngxDirective ssl_client_certificate syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers -syn keyword ngxDirective ssl_protocols +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify @@ -495,17 +516,17 @@ syn keyword ngxDirective uwsgi_param syn keyword ngxDirective uwsgi_pass_header syn keyword ngxDirective uwsgi_pass_request_body syn keyword ngxDirective uwsgi_pass_request_headers syn keyword ngxDirective uwsgi_read_timeout syn keyword ngxDirective uwsgi_send_timeout syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name -syn keyword ngxDirective uwsgi_ssl_protocols +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access syn keyword ngxDirective uwsgi_string @@ -828,9 +849,13 @@ hi link ngxBoolean Boolean hi link ngxDirectiveBlock Statement hi link ngxDirectiveImportant Type hi link ngxDirectiveControl Keyword hi link ngxDirectiveError Constant hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special +hi link ngxListenOptions Keyword +hi link ngxMailProtocol Keyword +hi link ngxSSLProtocol Keyword + let b:current_syntax = "nginx" From mdounin at mdounin.ru Tue Feb 21 14:04:35 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 21 Feb 2017 17:04:35 +0300 Subject: [PATCH] Contrib: vim syntax, listen option and SSL/Mail protocol keywords In-Reply-To: <41224bb087061a246fe6.1487646680@othree.local> References: <41224bb087061a246fe6.1487646680@othree.local> Message-ID: <20170221140435.GI62032@mdounin.ru> Hello! On Tue, Feb 21, 2017 at 11:11:20AM +0800, othree wrote: > # HG changeset patch > # User othree > # Date 1487646550 -28800 > # Tue Feb 21 11:09:10 2017 +0800 > # Node ID 41224bb087061a246fe67aa4c0e123a1107ae4cf > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > Contrib: vim syntax, listen option and SSL/Mail protocol keywords. > > diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim > +++ b/contrib/vim/syntax/nginx.vim > @@ -32,25 +32,44 @@ syn keyword ngxDirectiveBlock if > syn keyword ngxDirectiveBlock geo contained > syn keyword ngxDirectiveBlock map contained > syn keyword ngxDirectiveBlock split_clients contained > > syn keyword ngxDirectiveImportant include > syn keyword ngxDirectiveImportant root > syn keyword ngxDirectiveImportant server > syn keyword ngxDirectiveImportant server_name > -syn keyword ngxDirectiveImportant listen > +syn keyword ngxDirectiveImportant listen contained > +syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=/listen/ skip=/\\\;/ end=/;\zs/ contains=ngxListenOptions,ngxString Note that this incorrectly parses constructs with escaped backslash, e.g.: listen unix:/tmp/foo\\; index http2; As well as quote characters in the middle of a parameter: listen unix:/tmp/foo"bar http2; listen unix:/tmp/foo'bar http2; It's probably minor enough to don't care, and existing string matching can't handle this as well, but if you know a simple way to fix it - it might worth fixing. -- Maxim Dounin http://nginx.org/ From othree at gmail.com Tue Feb 21 15:31:41 2017 From: othree at gmail.com (OOO) Date: Tue, 21 Feb 2017 23:31:41 +0800 Subject: [PATCH] Contrib: vim syntax, listen option and SSL/Mail protocol keywords In-Reply-To: <20170221140435.GI62032@mdounin.ru> References: <41224bb087061a246fe6.1487646680@othree.local> <20170221140435.GI62032@mdounin.ru> Message-ID: Yes, have simple way to fix. One question before commit. Does string in nginx conf supports multiline? Or only single line string is valid? 2017-02-21 22:04 GMT+08:00 Maxim Dounin : > Hello! > > On Tue, Feb 21, 2017 at 11:11:20AM +0800, othree wrote: > >> # HG changeset patch >> # User othree >> # Date 1487646550 -28800 >> # Tue Feb 21 11:09:10 2017 +0800 >> # Node ID 41224bb087061a246fe67aa4c0e123a1107ae4cf >> # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c >> Contrib: vim syntax, listen option and SSL/Mail protocol keywords. >> >> diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim >> --- a/contrib/vim/syntax/nginx.vim >> +++ b/contrib/vim/syntax/nginx.vim >> @@ -32,25 +32,44 @@ syn keyword ngxDirectiveBlock if >> syn keyword ngxDirectiveBlock geo contained >> syn keyword ngxDirectiveBlock map contained >> syn keyword ngxDirectiveBlock split_clients contained >> >> syn keyword ngxDirectiveImportant include >> syn keyword ngxDirectiveImportant root >> syn keyword ngxDirectiveImportant server >> syn keyword ngxDirectiveImportant server_name >> -syn keyword ngxDirectiveImportant listen >> +syn keyword ngxDirectiveImportant listen contained >> +syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=/listen/ skip=/\\\;/ end=/;\zs/ contains=ngxListenOptions,ngxString > > Note that this incorrectly parses constructs with escaped > backslash, e.g.: > > listen unix:/tmp/foo\\; > index http2; > > As well as quote characters in the middle of a parameter: > > listen unix:/tmp/foo"bar http2; > listen unix:/tmp/foo'bar http2; > > It's probably minor enough to don't care, and existing string > matching can't handle this as well, but if you know a simple way > to fix it - it might worth fixing. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- OOO From mdounin at mdounin.ru Tue Feb 21 18:13:30 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 21 Feb 2017 21:13:30 +0300 Subject: [PATCH] Contrib: vim syntax, listen option and SSL/Mail protocol keywords In-Reply-To: References: <41224bb087061a246fe6.1487646680@othree.local> <20170221140435.GI62032@mdounin.ru> Message-ID: <20170221181330.GL62032@mdounin.ru> Hello! On Tue, Feb 21, 2017 at 11:31:41PM +0800, OOO wrote: > Yes, have simple way to fix. > > One question before commit. > Does string in nginx conf supports multiline? > Or only single line string is valid? Configuration directives can span multiple lines. LF and CR can appear anywhere where whitespaces are allowed. Only comments are single-line, starting from "#" and to the end of the string (from "#" to LF). Parsing code is available here: http://hg.nginx.org/nginx/file/tip/src/core/ngx_conf_file.c#l502 A formal description of grammar used can be found in OpenBSD manual pages at http://man.openbsd.org/OpenBSD-5.5/nginx.conf.5. It looks mostly correct as far as I can tell, but doesn't describe all nuances - in particular, it doesn't seem to tell anything about quoted strings. Refer to the code if in doubt. -- Maxim Dounin http://nginx.org/ From othree at gmail.com Wed Feb 22 06:16:59 2017 From: othree at gmail.com (othree) Date: Wed, 22 Feb 2017 14:16:59 +0800 Subject: [PATCH] Contrib: vim syntax, listen option and SSL/Mail protocol keywords Message-ID: <00903b2132edb863e8ae.1487744219@othree.local> # HG changeset patch # User othree # Date 1487737601 -28800 # Wed Feb 22 12:26:41 2017 +0800 # Node ID 00903b2132edb863e8aed2e84e216817fcc07c90 # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c Contrib: vim syntax, listen option and SSL/Mail protocol keywords. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -8,17 +8,17 @@ end setlocal iskeyword+=. setlocal iskeyword+=/ setlocal iskeyword+=: syn match ngxVariable '\$\(\w\+\|{\w\+}\)' syn match ngxVariableBlock '\$\(\w\+\|{\w\+}\)' contained syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained syn region ngxBlock start=+^+ end=+{+ skip=+\${+ contains=ngxComment,ngxDirectiveBlock,ngxVariableBlock,ngxString oneline -syn region ngxString start=+\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString +syn region ngxString start=+[^:a-zA-Z>!\\@]\z(["']\)+lc=1 end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString syn match ngxComment ' *#.*$' syn keyword ngxBoolean on syn keyword ngxBoolean off syn keyword ngxDirectiveBlock http contained syn keyword ngxDirectiveBlock mail contained syn keyword ngxDirectiveBlock events contained @@ -32,25 +32,44 @@ syn keyword ngxDirectiveBlock if syn keyword ngxDirectiveBlock geo contained syn keyword ngxDirectiveBlock map contained syn keyword ngxDirectiveBlock split_clients contained syn keyword ngxDirectiveImportant include syn keyword ngxDirectiveImportant root syn keyword ngxDirectiveImportant server syn keyword ngxDirectiveImportant server_name -syn keyword ngxDirectiveImportant listen +syn keyword ngxDirectiveImportant listen contained +syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=+listen+ skip=+\\\\\|\\\;+ end=+;+he=e-1 contains=ngxListenOptions,ngxString syn keyword ngxDirectiveImportant internal syn keyword ngxDirectiveImportant proxy_pass syn keyword ngxDirectiveImportant memcached_pass syn keyword ngxDirectiveImportant fastcgi_pass syn keyword ngxDirectiveImportant scgi_pass syn keyword ngxDirectiveImportant uwsgi_pass syn keyword ngxDirectiveImportant try_files +syn keyword ngxListenOptions default_server contained +syn keyword ngxListenOptions ssl contained +syn keyword ngxListenOptions http2 contained +syn keyword ngxListenOptions spdy contained +syn keyword ngxListenOptions proxy_protocol contained +syn keyword ngxListenOptions setfib contained +syn keyword ngxListenOptions fastopen contained +syn keyword ngxListenOptions backlog contained +syn keyword ngxListenOptions rcvbuf contained +syn keyword ngxListenOptions sndbuf contained +syn keyword ngxListenOptions accept_filter contained +syn keyword ngxListenOptions deferred contained +syn keyword ngxListenOptions bind contained +syn keyword ngxListenOptions ipv6only contained +syn keyword ngxListenOptions reuseport contained +syn keyword ngxListenOptions so_keepalive contained +syn keyword ngxListenOptions keepidle contained + syn keyword ngxDirectiveControl break syn keyword ngxDirectiveControl return syn keyword ngxDirectiveControl rewrite syn keyword ngxDirectiveControl set syn keyword ngxDirectiveError error_page syn keyword ngxDirectiveError post_action @@ -262,17 +281,18 @@ syn keyword ngxDirective perl_require syn keyword ngxDirective perl_set syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output -syn keyword ngxDirective protocol +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite +syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size syn keyword ngxDirective proxy_cache @@ -311,17 +331,17 @@ syn keyword ngxDirective proxy_read_time syn keyword ngxDirective proxy_redirect syn keyword ngxDirective proxy_send_lowat syn keyword ngxDirective proxy_send_timeout syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name -syn keyword ngxDirective proxy_ssl_protocols +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size @@ -420,17 +440,18 @@ syn keyword ngxDirective ssl_certificate syn keyword ngxDirective ssl_ciphers syn keyword ngxDirective ssl_client_certificate syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers -syn keyword ngxDirective ssl_protocols +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify @@ -495,17 +516,17 @@ syn keyword ngxDirective uwsgi_param syn keyword ngxDirective uwsgi_pass_header syn keyword ngxDirective uwsgi_pass_request_body syn keyword ngxDirective uwsgi_pass_request_headers syn keyword ngxDirective uwsgi_read_timeout syn keyword ngxDirective uwsgi_send_timeout syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name -syn keyword ngxDirective uwsgi_ssl_protocols +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access syn keyword ngxDirective uwsgi_string @@ -828,9 +849,13 @@ hi link ngxBoolean Boolean hi link ngxDirectiveBlock Statement hi link ngxDirectiveImportant Type hi link ngxDirectiveControl Keyword hi link ngxDirectiveError Constant hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special +hi link ngxListenOptions Keyword +hi link ngxMailProtocol Keyword +hi link ngxSSLProtocol Keyword + let b:current_syntax = "nginx" From eustas.ru at gmail.com Wed Feb 22 12:58:57 2017 From: eustas.ru at gmail.com (Eugene Kluchnikov) Date: Wed, 22 Feb 2017 13:58:57 +0100 Subject: [PATCH] Add static brotli module Message-ID: # HG changeset patch # User Evgenii Kliuchnikov # Date 1487764873 -3600 # Wed Feb 22 13:01:13 2017 +0100 # Node ID 81eacab152efa88d1296cc04dfd110a168a6b1fb # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c Add brotli static serving module Brotli static serving module is a copy of gzip static serving module with "gzip" and derivatives replaced with "brotli" and derivatives. This module does not add any dependencies. It allows serving offline-compressed content when browser specifies that "br" content encoding is supported. For lower binary overhead ngx_http_gzip_accept_encoding and ngx_http_gzip_quantity were refactored and to be used both by gzip and brotli modules. diff -r 87cf6ddb41c2 -r 81eacab152ef auto/modules --- a/auto/modules Fri Feb 17 17:01:27 2017 +0300 +++ b/auto/modules Wed Feb 22 13:01:13 2017 +0100 @@ -124,6 +124,7 @@ # the module order is important # ngx_http_static_module +# ngx_http_brotli_static_module # ngx_http_gzip_static_module # ngx_http_dav_module # ngx_http_autoindex_module @@ -160,6 +161,7 @@ HTTP_FILTER_MODULES= ngx_module_order="ngx_http_static_module \ + ngx_http_brotli_static_module \ ngx_http_gzip_static_module \ ngx_http_dav_module \ ngx_http_autoindex_module \ @@ -451,6 +453,19 @@ . auto/module fi +if [ $HTTP_BROTLI_STATIC = YES ]; then + have=NGX_HTTP_BROTLI . auto/have + + ngx_module_name=ngx_http_brotli_static_module + ngx_module_incs= + ngx_module_deps= + ngx_module_srcs=src/http/modules/ngx_http_brotli_static_module.c + ngx_module_libs= + ngx_module_link=$HTTP_BROTLI_STATIC + + . auto/module +fi + if [ $HTTP_GZIP_STATIC = YES ]; then have=NGX_HTTP_GZIP . auto/have diff -r 87cf6ddb41c2 -r 81eacab152ef auto/options --- a/auto/options Fri Feb 17 17:01:27 2017 +0300 +++ b/auto/options Wed Feb 22 13:01:13 2017 +0100 @@ -96,6 +96,7 @@ HTTP_FLV=NO HTTP_MP4=NO HTTP_GUNZIP=NO +HTTP_BROTLI_STATIC=NO HTTP_GZIP_STATIC=NO HTTP_UPSTREAM_HASH=YES HTTP_UPSTREAM_IP_HASH=YES @@ -236,6 +237,7 @@ --with-http_flv_module) HTTP_FLV=YES ;; --with-http_mp4_module) HTTP_MP4=YES ;; --with-http_gunzip_module) HTTP_GUNZIP=YES ;; + --with-http_brotli_static_module) HTTP_BROTLI_STATIC=YES ;; --with-http_gzip_static_module) HTTP_GZIP_STATIC=YES ;; --with-http_auth_request_module) HTTP_AUTH_REQUEST=YES ;; --with-http_random_index_module) HTTP_RANDOM_INDEX=YES ;; @@ -444,6 +446,7 @@ --with-http_flv_module enable ngx_http_flv_module --with-http_mp4_module enable ngx_http_mp4_module --with-http_gunzip_module enable ngx_http_gunzip_module + --with-http_brotli_static_module enable ngx_http_brotli_static_module --with-http_gzip_static_module enable ngx_http_gzip_static_module --with-http_auth_request_module enable ngx_http_auth_request_module --with-http_random_index_module enable ngx_http_random_index_module diff -r 87cf6ddb41c2 -r 81eacab152ef contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 @@ -86,6 +86,7 @@ syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size syn keyword ngxDirective autoindex_localtime +syn keyword ngxDirective brotli_static syn keyword ngxDirective charset syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding diff -r 87cf6ddb41c2 -r 81eacab152ef misc/GNUmakefile --- a/misc/GNUmakefile Fri Feb 17 17:01:27 2017 +0300 +++ b/misc/GNUmakefile Wed Feb 22 13:01:13 2017 +0100 @@ -74,6 +74,7 @@ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ + --with-http_brotli_static_module \ --with-http_gzip_static_module \ --with-http_auth_request_module \ --with-http_random_index_module \ diff -r 87cf6ddb41c2 -r 81eacab152ef src/http/modules/ngx_http_brotli_static_module.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/http/modules/ngx_http_brotli_static_module.c Wed Feb 22 13:01:13 2017 +0100 @@ -0,0 +1,331 @@ + +/* + * Copyright (C) Igor Sysoev + * Copyright (C) Nginx, Inc. + */ + + +#include +#include +#include + + +#define NGX_HTTP_BROTLI_STATIC_OFF 0 +#define NGX_HTTP_BROTLI_STATIC_ON 1 +#define NGX_HTTP_BROTLI_STATIC_ALWAYS 2 + + +typedef struct { + ngx_uint_t enable; +} ngx_http_brotli_static_conf_t; + + +static ngx_int_t ngx_http_brotli_static_handler(ngx_http_request_t *r); +static void *ngx_http_brotli_static_create_conf(ngx_conf_t *cf); +static char *ngx_http_brotli_static_merge_conf(ngx_conf_t *cf, void *parent, + void *child); +static ngx_int_t ngx_http_brotli_static_init(ngx_conf_t *cf); + + +static ngx_conf_enum_t ngx_http_brotli_static[] = { + { ngx_string("off"), NGX_HTTP_BROTLI_STATIC_OFF }, + { ngx_string("on"), NGX_HTTP_BROTLI_STATIC_ON }, + { ngx_string("always"), NGX_HTTP_BROTLI_STATIC_ALWAYS }, + { ngx_null_string, 0 } +}; + + +static ngx_command_t ngx_http_brotli_static_commands[] = { + + { ngx_string("brotli_static"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_brotli_static_conf_t, enable), + &ngx_http_brotli_static }, + + ngx_null_command +}; + + +ngx_http_module_t ngx_http_brotli_static_module_ctx = { + NULL, /* preconfiguration */ + ngx_http_brotli_static_init, /* postconfiguration */ + + NULL, /* create main configuration */ + NULL, /* init main configuration */ + + NULL, /* create server configuration */ + NULL, /* merge server configuration */ + + ngx_http_brotli_static_create_conf, /* create location configuration */ + ngx_http_brotli_static_merge_conf /* merge location configuration */ +}; + + +ngx_module_t ngx_http_brotli_static_module = { + NGX_MODULE_V1, + &ngx_http_brotli_static_module_ctx, /* module context */ + ngx_http_brotli_static_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ + NGX_MODULE_V1_PADDING +}; + + +static ngx_int_t +ngx_http_brotli_static_handler(ngx_http_request_t *r) +{ + u_char *p; + size_t root; + ngx_str_t path; + ngx_int_t rc; + ngx_uint_t level; + ngx_log_t *log; + ngx_buf_t *b; + ngx_chain_t out; + ngx_table_elt_t *h; + ngx_open_file_info_t of; + ngx_http_core_loc_conf_t *clcf; + ngx_http_brotli_static_conf_t *bscf; + + if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD))) { + return NGX_DECLINED; + } + + if (r->uri.data[r->uri.len - 1] == '/') { + return NGX_DECLINED; + } + + bscf = ngx_http_get_module_loc_conf(r, ngx_http_brotli_static_module); + + if (bscf->enable == NGX_HTTP_BROTLI_STATIC_OFF) { + return NGX_DECLINED; + } + + if (bscf->enable == NGX_HTTP_BROTLI_STATIC_ON) { + rc = ngx_http_brotli_ok(r); + + } else { + /* always */ + rc = NGX_OK; + } + + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + if (!clcf->gzip_vary && rc != NGX_OK) { + return NGX_DECLINED; + } + + log = r->connection->log; + + p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".br") - 1); + if (p == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + *p++ = '.'; + *p++ = 'b'; + *p++ = 'r'; + *p = '\0'; + + path.len = p - path.data; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0, + "http filename: \"%s\"", path.data); + + ngx_memzero(&of, sizeof(ngx_open_file_info_t)); + + of.read_ahead = clcf->read_ahead; + of.directio = clcf->directio; + of.valid = clcf->open_file_cache_valid; + of.min_uses = clcf->open_file_cache_min_uses; + of.errors = clcf->open_file_cache_errors; + of.events = clcf->open_file_cache_events; + + if (ngx_http_set_disable_symlinks(r, clcf, &path, &of) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool) + != NGX_OK) + { + switch (of.err) { + + case 0: + return NGX_HTTP_INTERNAL_SERVER_ERROR; + + case NGX_ENOENT: + case NGX_ENOTDIR: + case NGX_ENAMETOOLONG: + + return NGX_DECLINED; + + case NGX_EACCES: +#if (NGX_HAVE_OPENAT) + case NGX_EMLINK: + case NGX_ELOOP: +#endif + + level = NGX_LOG_ERR; + break; + + default: + + level = NGX_LOG_CRIT; + break; + } + + ngx_log_error(level, log, of.err, + "%s \"%s\" failed", of.failed, path.data); + + return NGX_DECLINED; + } + + if (bscf->enable == NGX_HTTP_BROTLI_STATIC_ON) { + r->gzip_vary = 1; + + if (rc != NGX_OK) { + return NGX_DECLINED; + } + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0, "http static fd: %d", of.fd); + + if (of.is_dir) { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, log, 0, "http dir"); + return NGX_DECLINED; + } + +#if !(NGX_WIN32) /* the not regular files are probably Unix specific */ + + if (!of.is_file) { + ngx_log_error(NGX_LOG_CRIT, log, 0, + "\"%s\" is not a regular file", path.data); + + return NGX_HTTP_NOT_FOUND; + } + +#endif + + r->root_tested = !r->error_page; + + rc = ngx_http_discard_request_body(r); + + if (rc != NGX_OK) { + return rc; + } + + log->action = "sending response to client"; + + r->headers_out.status = NGX_HTTP_OK; + r->headers_out.content_length_n = of.size; + r->headers_out.last_modified_time = of.mtime; + + if (ngx_http_set_etag(r) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + if (ngx_http_set_content_type(r) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + h = ngx_list_push(&r->headers_out.headers); + if (h == NULL) { + return NGX_ERROR; + } + + h->hash = 1; + ngx_str_set(&h->key, "Content-Encoding"); + ngx_str_set(&h->value, "br"); + r->headers_out.content_encoding = h; + + /* we need to allocate all before the header would be sent */ + + b = ngx_pcalloc(r->pool, sizeof(ngx_buf_t)); + if (b == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + b->file = ngx_pcalloc(r->pool, sizeof(ngx_file_t)); + if (b->file == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + rc = ngx_http_send_header(r); + + if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) { + return rc; + } + + b->file_pos = 0; + b->file_last = of.size; + + b->in_file = b->file_last ? 1 : 0; + b->last_buf = (r == r->main) ? 1 : 0; + b->last_in_chain = 1; + + b->file->fd = of.fd; + b->file->name = path; + b->file->log = log; + b->file->directio = of.is_directio; + + out.buf = b; + out.next = NULL; + + return ngx_http_output_filter(r, &out); +} + + +static void * +ngx_http_brotli_static_create_conf(ngx_conf_t *cf) +{ + ngx_http_brotli_static_conf_t *conf; + + conf = ngx_palloc(cf->pool, sizeof(ngx_http_brotli_static_conf_t)); + if (conf == NULL) { + return NULL; + } + + conf->enable = NGX_CONF_UNSET_UINT; + + return conf; +} + + +static char * +ngx_http_brotli_static_merge_conf(ngx_conf_t *cf, void *parent, void *child) +{ + ngx_http_brotli_static_conf_t *prev = parent; + ngx_http_brotli_static_conf_t *conf = child; + + ngx_conf_merge_uint_value(conf->enable, prev->enable, + NGX_HTTP_BROTLI_STATIC_OFF); + + return NGX_CONF_OK; +} + + +static ngx_int_t +ngx_http_brotli_static_init(ngx_conf_t *cf) +{ + ngx_http_handler_pt *h; + ngx_http_core_main_conf_t *cmcf; + + cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); + + h = ngx_array_push(&cmcf->phases[NGX_HTTP_CONTENT_PHASE].handlers); + if (h == NULL) { + return NGX_ERROR; + } + + *h = ngx_http_brotli_static_handler; + + return NGX_OK; +} diff -r 87cf6ddb41c2 -r 81eacab152ef src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 @@ -73,9 +73,11 @@ void *conf); static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); +#if (NGX_HTTP_BROTLI || NGX_HTTP_GZIP) +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n); +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); +#endif #if (NGX_HTTP_GZIP) -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #endif @@ -2170,7 +2172,7 @@ */ if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) { return NGX_DECLINED; } @@ -2296,16 +2298,20 @@ return NGX_OK; } +#endif + + +#if (NGX_HTTP_BROTLI || NGX_HTTP_GZIP) /* - * gzip is enabled for the following quantities: + * encoding is enabled for the following quantities: * "gzip; q=0.001" ... "gzip; q=1.000" - * gzip is disabled for the following quantities: - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases + * encoding is disabled for the following quantities: + * "br; q=0" ... "br; q=0.000", and for any invalid cases */ static ngx_int_t -ngx_http_gzip_accept_encoding(ngx_str_t *ae) +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) { u_char *p, *start, *last; @@ -2313,7 +2319,7 @@ last = start + ae->len; for ( ;; ) { - p = ngx_strcasestrn(start, "gzip", 4 - 1); + p = ngx_strcasestrn(start, e, n - 1); if (p == NULL) { return NGX_DECLINED; } @@ -2322,10 +2328,10 @@ break; } - start = p + 4; - } - - p += 4; + start = p + n; + } + + p += n; while (p < last) { switch (*p++) { @@ -2364,7 +2370,7 @@ return NGX_DECLINED; } - if (ngx_http_gzip_quantity(p, last) == 0) { + if (ngx_http_encoding_quantity(p, last) == 0) { return NGX_DECLINED; } @@ -2373,7 +2379,7 @@ static ngx_uint_t -ngx_http_gzip_quantity(u_char *p, u_char *last) +ngx_http_encoding_quantity(u_char *p, u_char *last) { u_char c; ngx_uint_t n, q; @@ -2428,6 +2434,37 @@ #endif +#if (NGX_HTTP_BROTLI) + +ngx_int_t +ngx_http_brotli_ok(ngx_http_request_t *r) +{ + ngx_table_elt_t *ae; + + if (r != r->main) { + return NGX_DECLINED; + } + + ae = r->headers_in.accept_encoding; + if (ae == NULL) { + return NGX_DECLINED; + } + + if (ae->value.len < sizeof("br") - 1) { + return NGX_DECLINED; + } + + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) + { + return NGX_DECLINED; + } + + return NGX_OK; +} + +#endif + + ngx_int_t ngx_http_subrequest(ngx_http_request_t *r, ngx_str_t *uri, ngx_str_t *args, ngx_http_request_t **psr, diff -r 87cf6ddb41c2 -r 81eacab152ef src/http/ngx_http_core_module.h --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 @@ -506,6 +506,9 @@ ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); #endif +#if (NGX_HTTP_BROTLI) +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); +#endif ngx_int_t ngx_http_subrequest(ngx_http_request_t *r, ngx_str_t *uri, ngx_str_t *args, ngx_http_request_t **sr, -- ? ?????????? ???????????, ??????? ????????? WBR, Eugene Kluchnikov -------------- next part -------------- An HTML attachment was scrubbed... URL: From cbranch at cloudflare.com Wed Feb 22 14:30:21 2017 From: cbranch at cloudflare.com (Chris Branch) Date: Wed, 22 Feb 2017 14:30:21 +0000 Subject: [PATCH] HTTP/2: Make $scheme variable return :scheme pseudo-header value Message-ID: <2d050c8c2e688c26f479.1487773821@cbranch-vm.localdomain> # HG changeset patch # User Chris Branch # Date 1487773385 0 # Wed Feb 22 14:23:05 2017 +0000 # Node ID 2d050c8c2e688c26f4796a09c728c85678c611b4 # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c HTTP/2: Make $scheme variable return :scheme pseudo-header value. This is relevant for plaintext HTTP/2 as well as HTTP/2 over TLS using opportunistic security, as described in: https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption diff -r 87cf6ddb41c2 -r 2d050c8c2e68 src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_variables.c Wed Feb 22 14:23:05 2017 +0000 @@ -1386,6 +1386,16 @@ ngx_http_variable_scheme(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { + if (r->schema_start) { + v->len = r->schema_end - r->schema_start; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->data = r->schema_start; + + return NGX_OK; + } + #if (NGX_HTTP_SSL) if (r->connection->ssl) { From vbart at nginx.com Wed Feb 22 14:40:45 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 22 Feb 2017 17:40:45 +0300 Subject: [PATCH] Add static brotli module In-Reply-To: References: Message-ID: <2886732.38QkW4xQnI@vbart-workstation> On Wednesday 22 February 2017 13:58:57 Eugene Kluchnikov wrote: > # HG changeset patch > # User Evgenii Kliuchnikov > # Date 1487764873 -3600 > # Wed Feb 22 13:01:13 2017 +0100 > # Node ID 81eacab152efa88d1296cc04dfd110a168a6b1fb > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > Add brotli static serving module > > Brotli static serving module is a copy of gzip static serving module > with "gzip" and derivatives replaced with "brotli" and derivatives. [..] At the first glance, the differences are really small and such functionality can be combined in one module. wbr, Valentin V. Bartenev From vbart at nginx.com Wed Feb 22 14:47:52 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 22 Feb 2017 17:47:52 +0300 Subject: [PATCH] HTTP/2: Make $scheme variable return :scheme pseudo-header value In-Reply-To: <2d050c8c2e688c26f479.1487773821@cbranch-vm.localdomain> References: <2d050c8c2e688c26f479.1487773821@cbranch-vm.localdomain> Message-ID: <4979284.39QfxjYYVv@vbart-workstation> On Wednesday 22 February 2017 14:30:21 Chris Branch via nginx-devel wrote: > # HG changeset patch > # User Chris Branch > # Date 1487773385 0 > # Wed Feb 22 14:23:05 2017 +0000 > # Node ID 2d050c8c2e688c26f4796a09c728c85678c611b4 > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > HTTP/2: Make $scheme variable return :scheme pseudo-header value. > > This is relevant for plaintext HTTP/2 as well as HTTP/2 over TLS using > opportunistic security, as described in: > https://tools.ietf.org/html/draft-ietf-httpbis-http2-encryption > [..] This patch creates inconsistency in behavior of the $scheme variable for HTTP/1.x and HTTP/2. Potentially, it can also break some existing setups. IMHO, it's better to introduce another variable. wbr, Valentin V. Bartenev From eustas.ru at gmail.com Wed Feb 22 15:10:21 2017 From: eustas.ru at gmail.com (Eugene Kluchnikov) Date: Wed, 22 Feb 2017 16:10:21 +0100 Subject: [PATCH] Add static brotli module In-Reply-To: <2886732.38QkW4xQnI@vbart-workstation> References: <2886732.38QkW4xQnI@vbart-workstation> Message-ID: Yup. Going to try to create a "combined" module soon =) On 22 February 2017 at 15:40, Valentin V. Bartenev wrote: > On Wednesday 22 February 2017 13:58:57 Eugene Kluchnikov wrote: > > # HG changeset patch > > # User Evgenii Kliuchnikov > > # Date 1487764873 -3600 > > # Wed Feb 22 13:01:13 2017 +0100 > > # Node ID 81eacab152efa88d1296cc04dfd110a168a6b1fb > > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > > Add brotli static serving module > > > > Brotli static serving module is a copy of gzip static serving module > > with "gzip" and derivatives replaced with "brotli" and derivatives. > [..] > > At the first glance, the differences are really small and > such functionality can be combined in one module. > > wbr, Valentin V. Bartenev > > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -- ? ?????????? ???????????, ??????? ????????? WBR, Eugene Kluchnikov -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Feb 22 16:37:30 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 22 Feb 2017 16:37:30 +0000 Subject: [nginx] Contrib: vim syntax, listen option and SSL/Mail protocol keywords. Message-ID: details: http://hg.nginx.org/nginx/rev/00903b2132ed branches: changeset: 6918:00903b2132ed user: othree date: Wed Feb 22 12:26:41 2017 +0800 description: Contrib: vim syntax, listen option and SSL/Mail protocol keywords. diffstat: contrib/vim/syntax/nginx.vim | 37 +++++++++++++++++++++++++++++++------ 1 files changed, 31 insertions(+), 6 deletions(-) diffs (94 lines): diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -13,7 +13,7 @@ syn match ngxVariable '\$\(\w\+\|{\w\+}\ syn match ngxVariableBlock '\$\(\w\+\|{\w\+}\)' contained syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained syn region ngxBlock start=+^+ end=+{+ skip=+\${+ contains=ngxComment,ngxDirectiveBlock,ngxVariableBlock,ngxString oneline -syn region ngxString start=+\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString +syn region ngxString start=+[^:a-zA-Z>!\\@]\z(["']\)+lc=1 end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString syn match ngxComment ' *#.*$' syn keyword ngxBoolean on @@ -37,7 +37,8 @@ syn keyword ngxDirectiveImportant includ syn keyword ngxDirectiveImportant root syn keyword ngxDirectiveImportant server syn keyword ngxDirectiveImportant server_name -syn keyword ngxDirectiveImportant listen +syn keyword ngxDirectiveImportant listen contained +syn region ngxDirectiveImportantListen matchgroup=ngxDirectiveImportant start=+listen+ skip=+\\\\\|\\\;+ end=+;+he=e-1 contains=ngxListenOptions,ngxString syn keyword ngxDirectiveImportant internal syn keyword ngxDirectiveImportant proxy_pass syn keyword ngxDirectiveImportant memcached_pass @@ -46,6 +47,24 @@ syn keyword ngxDirectiveImportant scgi_p syn keyword ngxDirectiveImportant uwsgi_pass syn keyword ngxDirectiveImportant try_files +syn keyword ngxListenOptions default_server contained +syn keyword ngxListenOptions ssl contained +syn keyword ngxListenOptions http2 contained +syn keyword ngxListenOptions spdy contained +syn keyword ngxListenOptions proxy_protocol contained +syn keyword ngxListenOptions setfib contained +syn keyword ngxListenOptions fastopen contained +syn keyword ngxListenOptions backlog contained +syn keyword ngxListenOptions rcvbuf contained +syn keyword ngxListenOptions sndbuf contained +syn keyword ngxListenOptions accept_filter contained +syn keyword ngxListenOptions deferred contained +syn keyword ngxListenOptions bind contained +syn keyword ngxListenOptions ipv6only contained +syn keyword ngxListenOptions reuseport contained +syn keyword ngxListenOptions so_keepalive contained +syn keyword ngxListenOptions keepidle contained + syn keyword ngxDirectiveControl break syn keyword ngxDirectiveControl return syn keyword ngxDirectiveControl rewrite @@ -267,7 +286,8 @@ syn keyword ngxDirective port_in_redirec syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output -syn keyword ngxDirective protocol +syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite +syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer @@ -316,7 +336,7 @@ syn keyword ngxDirective proxy_set_heade syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name -syn keyword ngxDirective proxy_ssl_protocols +syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate @@ -425,7 +445,8 @@ syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers -syn keyword ngxDirective ssl_protocols +syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite +syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets @@ -500,7 +521,7 @@ syn keyword ngxDirective uwsgi_send_time syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name -syn keyword ngxDirective uwsgi_ssl_protocols +syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate @@ -833,4 +854,8 @@ hi link ngxDirectiveDeprecated Error hi link ngxDirective Identifier hi link ngxDirectiveThirdParty Special +hi link ngxListenOptions Keyword +hi link ngxMailProtocol Keyword +hi link ngxSSLProtocol Keyword + let b:current_syntax = "nginx" From mdounin at mdounin.ru Wed Feb 22 16:38:20 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 22 Feb 2017 19:38:20 +0300 Subject: [PATCH] Contrib: vim syntax, listen option and SSL/Mail protocol keywords In-Reply-To: <00903b2132edb863e8ae.1487744219@othree.local> References: <00903b2132edb863e8ae.1487744219@othree.local> Message-ID: <20170222163820.GR62032@mdounin.ru> Hello! On Wed, Feb 22, 2017 at 02:16:59PM +0800, othree wrote: > # HG changeset patch > # User othree > # Date 1487737601 -28800 > # Wed Feb 22 12:26:41 2017 +0800 > # Node ID 00903b2132edb863e8aed2e84e216817fcc07c90 > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > Contrib: vim syntax, listen option and SSL/Mail protocol keywords. > > diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim > +++ b/contrib/vim/syntax/nginx.vim > @@ -8,17 +8,17 @@ end > setlocal iskeyword+=. > setlocal iskeyword+=/ > setlocal iskeyword+=: > > syn match ngxVariable '\$\(\w\+\|{\w\+}\)' > syn match ngxVariableBlock '\$\(\w\+\|{\w\+}\)' contained > syn match ngxVariableString '\$\(\w\+\|{\w\+}\)' contained > syn region ngxBlock start=+^+ end=+{+ skip=+\${+ contains=ngxComment,ngxDirectiveBlock,ngxVariableBlock,ngxString oneline > -syn region ngxString start=+\z(["']\)+ end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString > +syn region ngxString start=+[^:a-zA-Z>!\\@]\z(["']\)+lc=1 end=+\z1+ skip=+\\\\\|\\\z1+ contains=ngxVariableString > syn match ngxComment ' *#.*$' [...] Committed, thanks. -- Maxim Dounin http://nginx.org/ From acgtek at yahoo.com Wed Feb 22 22:16:13 2017 From: acgtek at yahoo.com (Jun Chen) Date: Wed, 22 Feb 2017 22:16:13 +0000 (UTC) Subject: Authentication/access control module for reverse proxy NGINX References: <2066130980.2834686.1487801773496.ref@mail.yahoo.com> Message-ID: <2066130980.2834686.1487801773496@mail.yahoo.com> Hi everyone, I am looking for a module which does the authentication/access control for reverse proxy (preferable `nginx`). This module should do: ??? 1. user authentication using credential stored in database (such as postgres) ??? 2. Monitoring the ongoing connection and take action if certain access credential is met. For example, time is expired ??? 3. open source (allow customization) and nginx, ruby(rails) preferable. It seems that [`OpenResty`][1] with `nginx` can do the job. Here is an [article][2] talking about access control with `Lua` on `nginx`. Here is an example (`nginx and Lua`) giving me impression that a snippet of file could executed for access (`access_by_lua_file`): ??? server { ??????? listen 8080; ??? ??????? location / { ????????? auth_basic?????????? "Protected Elasticsearch"; ????????? auth_basic_user_file passwords; ??? ????????? access_by_lua_file '../authorize.lua';? #<<<===== ??? ????????? proxy_pass http://elasticsearch; ????????? proxy_redirect off; ??????? } ??? ????? } I am new to access control with reverse proxy. Any thought is appreciated. ? [1]: https://github.com/openresty/lua-nginx-module ? [2]: Playing HTTP Tricks with Nginx | | | | | | | | | | | Playing HTTP Tricks with Nginx Update November 2, 2015: If you're interested in advanced access control configuration or other security fea... | | | | -------------- next part -------------- An HTML attachment was scrubbed... URL: From serg.brester at sebres.de Wed Feb 22 22:42:10 2017 From: serg.brester at sebres.de (Sergey Brester) Date: Wed, 22 Feb 2017 23:42:10 +0100 Subject: Authentication/access control module for reverse proxy NGINX In-Reply-To: <2066130980.2834686.1487801773496@mail.yahoo.com> References: <2066130980.2834686.1487801773496.ref@mail.yahoo.com> <2066130980.2834686.1487801773496@mail.yahoo.com> Message-ID: Hi, you can use "auth_request" (see http://nginx.org/en/docs/http/ngx_http_auth_request_module.html) that can take full authorization control you wanted, e. g. authorize via your own internal location to some backend (ruby, etc.), additionally you can use there all features nginx supported, for example you can use nginx-caching (by credential as key) in this location to control the time expiration, etc. Regards, sebres. Am 22.02.2017 23:16, schrieb Jun Chen via nginx-devel: > Hi everyone, > > I am looking for a module which does the authentication/access control > for reverse proxy (preferable `nginx`). This module should do: > > 1. user authentication using credential stored in database (such as > postgres) > 2. Monitoring the ongoing connection and take action if certain access > credential is met. For example, time is expired > 3. open source (allow customization) and nginx, ruby(rails) preferable. > > It seems that [`OpenResty`][1] with `nginx` can do the job. Here is an > [article][2] talking about access control with `Lua` on `nginx`. Here > is an example (`nginx and Lua`) giving me impression that a snippet of > file could executed for access (`access_by_lua_file`): > > server { > listen 8080; > > location / { > auth_basic "Protected Elasticsearch"; > auth_basic_user_file passwords; > > access_by_lua_file '../authorize.lua'; #<<<===== > > proxy_pass http://elasticsearch; > proxy_redirect off; > } > > } > > I am new to access control with reverse proxy. Any thought is > appreciated. > > [1]: https://github.com/openresty/lua-nginx-module > [2]: Playing HTTP Tricks with Nginx [1] Links: ------ [1] https://www.elastic.co/blog/playing-http-tricks-nginx From dave.bevan at bbc.co.uk Wed Feb 22 23:35:48 2017 From: dave.bevan at bbc.co.uk (Dave Bevan) Date: Wed, 22 Feb 2017 23:35:48 +0000 Subject: Add new ssl variable: ssl_client_ms_upn Message-ID: <8B4260EB2A248F47B816B86AAB389ECD8CB82000@bgb01xud1008> Attempt #2 - have removed previously-proposed ssl_client_s_cn and ssl_client_email vars as these are now satisfied, as advised, by map constructs. # HG changeset patch # User Dave Bevan # Date 1487806316 0 # Wed Feb 22 23:31:56 2017 +0000 # Node ID e0a82e49175e9092b63fb7d86054a698d8fc3085 # Parent 00903b2132edb863e8aed2e84e216817fcc07c90 Add new ssl variable: $ssl_client_ms_upn (Microsoft UserPrincipalName). Retrieved from a client cert, this identity string is used in corporate environments as a primary key when interacting with Active Directory. Commonly used to set REMOTE_USER param. Brings equivalence with Apache 2.4.17 which introduced access to the same data: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES Changes with Apache 2.4.17 *) mod_ssl: Add support for extracting the msUPN and dnsSRV forms of subjectAltName entries of type "otherName" into SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment variables. Addresses PR 58020. [Jan Pazdziora , Kaspar Brand] diff -r 00903b2132ed -r e0a82e49175e src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/event/ngx_event_openssl.c Wed Feb 22 23:31:56 2017 +0000 @@ -4081,6 +4081,60 @@ } +ngx_int_t +ngx_ssl_get_client_ms_upn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + int i; + BIO *bio; + X509 *cert; + GENERAL_NAME *altname; + STACK_OF(GENERAL_NAME) *altnames; + + s->len = 0; + + cert = SSL_get_peer_certificate(c->ssl->connection); + if (cert == NULL) { + return NGX_OK; + } + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + altnames = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + + if (altnames) { + for (i = 0; i < sk_GENERAL_NAME_num(altnames); i++) { + altname = sk_GENERAL_NAME_value(altnames, i); + + if (altname->type != GEN_OTHERNAME) { + continue; + } + + if (NID_ms_upn != OBJ_obj2nid(altname->d.otherName->type_id)) { + continue; + } + + BIO_printf(bio, "%s", + (char*)ASN1_STRING_data(altname->d.otherName->value->value.asn1_string)); + break; + } + } + + s->len = BIO_pending(bio); + s->data = ngx_pnalloc(pool, s->len); + + BIO_read(bio, s->data, s->len); + BIO_free(bio); + X509_free(cert); + GENERAL_NAMES_free(altnames); + + return NGX_OK; +} + + static time_t ngx_ssl_parse_time( #if OPENSSL_VERSION_NUMBER > 0x10100000L diff -r 00903b2132ed -r e0a82e49175e src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Wed Feb 22 12:26:41 2017 +0800 +++ b/src/event/ngx_event_openssl.h Wed Feb 22 23:31:56 2017 +0000 @@ -226,6 +226,8 @@ ngx_str_t *s); ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_client_ms_upn(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s); ngx_int_t ngx_ssl_handshake(ngx_connection_t *c); diff -r 00903b2132ed -r e0a82e49175e src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/http/modules/ngx_http_ssl_module.c Wed Feb 22 23:31:56 2017 +0000 @@ -328,6 +328,9 @@ { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_ms_upn"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_client_ms_upn, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; diff -r 00903b2132ed -r e0a82e49175e src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/stream/ngx_stream_ssl_module.c Wed Feb 22 23:31:56 2017 +0000 @@ -272,6 +272,9 @@ { ngx_string("ssl_client_v_remain"), NULL, ngx_stream_ssl_variable, (uintptr_t) ngx_ssl_get_client_v_remain, NGX_STREAM_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_ms_upn"), NULL, ngx_stream_ssl_variable, + (uintptr_t) ngx_ssl_get_client_ms_upn, NGX_STREAM_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; Rgds, -- Dave Bevan Senior Broadcast Systems Developer News Labs, BBC Design & Engineering bbcnewslabs.co.uk bbc.co.uk/news ---------------------------- http://www.bbc.co.uk This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. --------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From amdeich at gmail.com Wed Feb 22 23:57:22 2017 From: amdeich at gmail.com (Andrey Kulikov) Date: Thu, 23 Feb 2017 02:57:22 +0300 Subject: Authentication/access control module for reverse proxy NGINX In-Reply-To: <2066130980.2834686.1487801773496@mail.yahoo.com> References: <2066130980.2834686.1487801773496.ref@mail.yahoo.com> <2066130980.2834686.1487801773496@mail.yahoo.com> Message-ID: Hi, Did you read this nice article on the topic: https://www.nginx.com/blog/nginx-plus-authenticate-users/ ? On 23 February 2017 at 01:16, Jun Chen via nginx-devel < nginx-devel at nginx.org> wrote: > Hi everyone, > > I am looking for a module which does the authentication/access control for > reverse proxy (preferable `nginx`). > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From amdeich at gmail.com Thu Feb 23 00:03:02 2017 From: amdeich at gmail.com (Andrey Kulikov) Date: Thu, 23 Feb 2017 03:03:02 +0300 Subject: Add new ssl variable: ssl_client_ms_upn In-Reply-To: <8B4260EB2A248F47B816B86AAB389ECD8CB82000@bgb01xud1008> References: <8B4260EB2A248F47B816B86AAB389ECD8CB82000@bgb01xud1008> Message-ID: On 23 February 2017 at 02:35, Dave Bevan wrote: > + s->data = ngx_pnalloc(pool, s->len); Errr... No error check? From piotrsikora at google.com Thu Feb 23 03:38:15 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Wed, 22 Feb 2017 19:38:15 -0800 Subject: [PATCH 1 of 2] HTTP: add support for "429 Too Many Requests" response (RFC6585) In-Reply-To: References: <1eec5355ef1e4a8b0aec.1476863503@piotrsikora.sfo.corp.google.com> Message-ID: Hey, > # HG changeset patch > # User Piotr Sikora > # Date 1476859139 25200 > # Tue Oct 18 23:38:59 2016 -0700 > # Node ID 1eec5355ef1e4a8b0aecebdec84c744734c0d36e > # Parent 8081e1f3ab8b9ccb4e2d7f9240cbfb8e404a3c95 > HTTP: add support for "429 Too Many Requests" response (RFC6585). > > This change adds reason phrase in status line and pretty response body > when "429" status code is used in "return", "limit_conn_status" and/or > "limit_req_status" directives. > > It also adds "http_429" parameter to "proxy_next_upstream" for retrying > rate-limited requests, and to "proxy_cache_use_stale" for serving stale > cached responses after being rate-limited. Ping... Best regards, Piotr Sikora From othree at gmail.com Thu Feb 23 04:32:57 2017 From: othree at gmail.com (othree) Date: Thu, 23 Feb 2017 12:32:57 +0800 Subject: [PATCH] Contrib: vim syntax, update core module directives Message-ID: # HG changeset patch # User othree # Date 1487824289 -28800 # Thu Feb 23 12:31:29 2017 +0800 # Node ID d5a7953a10d9730ee1a42f9931218425b4eca1be # Parent 00903b2132edb863e8aed2e84e216817fcc07c90 Contrib: vim syntax, update core module directives diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -77,40 +77,47 @@ syn keyword ngxDirectiveDeprecated conne syn keyword ngxDirectiveDeprecated imap syn keyword ngxDirectiveDeprecated limit_zone syn keyword ngxDirectiveDeprecated mysql_test syn keyword ngxDirectiveDeprecated open_file_cache_retest syn keyword ngxDirectiveDeprecated optimize_server_names syn keyword ngxDirectiveDeprecated satisfy_any syn keyword ngxDirectiveDeprecated so_keepalive +syn keyword ngxDirective absolute_redirect syn keyword ngxDirective accept_mutex syn keyword ngxDirective accept_mutex_delay syn keyword ngxDirective acceptex_read syn keyword ngxDirective access_log syn keyword ngxDirective add_after_body syn keyword ngxDirective add_before_body syn keyword ngxDirective add_header syn keyword ngxDirective addition_types syn keyword ngxDirective aio +syn keyword ngxDirective aio_write syn keyword ngxDirective alias syn keyword ngxDirective allow syn keyword ngxDirective ancient_browser syn keyword ngxDirective ancient_browser_value syn keyword ngxDirective auth_basic syn keyword ngxDirective auth_basic_user_file syn keyword ngxDirective auth_http syn keyword ngxDirective auth_http_header +syn keyword ngxDirective auth_http_pass_client_cert syn keyword ngxDirective auth_http_timeout +syn keyword ngxDirective auth_jwt +syn keyword ngxDirective auth_jwt_key_file syn keyword ngxDirective auth_request syn keyword ngxDirective auth_request_set syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size +syn keyword ngxDirective autoindex_format syn keyword ngxDirective autoindex_localtime syn keyword ngxDirective charset +syn keyword ngxDirective charset_map syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding syn keyword ngxDirective client_body_buffer_size syn keyword ngxDirective client_body_in_file_only syn keyword ngxDirective client_body_in_single_buffer syn keyword ngxDirective client_body_temp_path syn keyword ngxDirective client_body_timeout syn keyword ngxDirective client_header_buffer_size @@ -134,51 +141,58 @@ syn keyword ngxDirective directio_alignm syn keyword ngxDirective disable_symlinks syn keyword ngxDirective empty_gif syn keyword ngxDirective env syn keyword ngxDirective epoll_events syn keyword ngxDirective error_log syn keyword ngxDirective etag syn keyword ngxDirective eventport_events syn keyword ngxDirective expires +syn keyword ngxDirective f4f +syn keyword ngxDirective f4f_buffer_size syn keyword ngxDirective fastcgi_bind syn keyword ngxDirective fastcgi_buffer_size syn keyword ngxDirective fastcgi_buffering syn keyword ngxDirective fastcgi_buffers syn keyword ngxDirective fastcgi_busy_buffers_size syn keyword ngxDirective fastcgi_cache syn keyword ngxDirective fastcgi_cache_bypass syn keyword ngxDirective fastcgi_cache_key syn keyword ngxDirective fastcgi_cache_lock +syn keyword ngxDirective fastcgi_cache_lock_age syn keyword ngxDirective fastcgi_cache_lock_timeout +syn keyword ngxDirective fastcgi_cache_max_range_offset syn keyword ngxDirective fastcgi_cache_methods syn keyword ngxDirective fastcgi_cache_min_uses syn keyword ngxDirective fastcgi_cache_path +syn keyword ngxDirective fastcgi_cache_purge syn keyword ngxDirective fastcgi_cache_revalidate syn keyword ngxDirective fastcgi_cache_use_stale syn keyword ngxDirective fastcgi_cache_valid syn keyword ngxDirective fastcgi_catch_stderr syn keyword ngxDirective fastcgi_connect_timeout syn keyword ngxDirective fastcgi_force_ranges syn keyword ngxDirective fastcgi_hide_header syn keyword ngxDirective fastcgi_ignore_client_abort syn keyword ngxDirective fastcgi_ignore_headers syn keyword ngxDirective fastcgi_index syn keyword ngxDirective fastcgi_intercept_errors syn keyword ngxDirective fastcgi_keep_conn +syn keyword ngxDirective fastcgi_limit_rate syn keyword ngxDirective fastcgi_max_temp_file_size syn keyword ngxDirective fastcgi_next_upstream syn keyword ngxDirective fastcgi_next_upstream_timeout syn keyword ngxDirective fastcgi_next_upstream_tries syn keyword ngxDirective fastcgi_no_cache syn keyword ngxDirective fastcgi_param syn keyword ngxDirective fastcgi_pass_header syn keyword ngxDirective fastcgi_pass_request_body syn keyword ngxDirective fastcgi_pass_request_headers syn keyword ngxDirective fastcgi_read_timeout +syn keyword ngxDirective fastcgi_request_buffering syn keyword ngxDirective fastcgi_send_lowat syn keyword ngxDirective fastcgi_send_timeout syn keyword ngxDirective fastcgi_split_path_info syn keyword ngxDirective fastcgi_store syn keyword ngxDirective fastcgi_store_access syn keyword ngxDirective fastcgi_temp_file_write_size syn keyword ngxDirective fastcgi_temp_path syn keyword ngxDirective flv @@ -199,78 +213,109 @@ syn keyword ngxDirective gzip_http_versi syn keyword ngxDirective gzip_min_length syn keyword ngxDirective gzip_no_buffer syn keyword ngxDirective gzip_proxied syn keyword ngxDirective gzip_static syn keyword ngxDirective gzip_types syn keyword ngxDirective gzip_vary syn keyword ngxDirective gzip_window syn keyword ngxDirective hash +syn keyword ngxDirective health_check +syn keyword ngxDirective health_check_timeout +syn keyword ngxDirective hls +syn keyword ngxDirective hls_buffers +syn keyword ngxDirective hls_forward_args +syn keyword ngxDirective hls_fragment +syn keyword ngxDirective hls_mp4_buffer_size +syn keyword ngxDirective hls_mp4_max_buffer_size +syn keyword ngxDirective http2_chunk_size +syn keyword ngxDirective http2_body_preread_size +syn keyword ngxDirective http2_idle_timeout +syn keyword ngxDirective http2_max_concurrent_streams +syn keyword ngxDirective http2_max_field_size +syn keyword ngxDirective http2_max_header_size +syn keyword ngxDirective http2_max_requests +syn keyword ngxDirective http2_recv_buffer_size +syn keyword ngxDirective http2_recv_timeout syn keyword ngxDirective if_modified_since syn keyword ngxDirective ignore_invalid_headers syn keyword ngxDirective image_filter syn keyword ngxDirective image_filter_buffer syn keyword ngxDirective image_filter_interlace syn keyword ngxDirective image_filter_jpeg_quality syn keyword ngxDirective image_filter_sharpen syn keyword ngxDirective image_filter_transparency +syn keyword ngxDirective image_filter_webp_quality syn keyword ngxDirective imap_auth syn keyword ngxDirective imap_capabilities syn keyword ngxDirective imap_client_buffer syn keyword ngxDirective index syn keyword ngxDirective iocp_threads syn keyword ngxDirective ip_hash +syn keyword ngxDirective js_access +syn keyword ngxDirective js_content +syn keyword ngxDirective js_filter +syn keyword ngxDirective js_include +syn keyword ngxDirective js_preread +syn keyword ngxDirective js_set syn keyword ngxDirective keepalive syn keyword ngxDirective keepalive_disable syn keyword ngxDirective keepalive_requests syn keyword ngxDirective keepalive_timeout syn keyword ngxDirective kqueue_changes syn keyword ngxDirective kqueue_events syn keyword ngxDirective large_client_header_buffers syn keyword ngxDirective least_conn +syn keyword ngxDirective least_time syn keyword ngxDirective limit_conn syn keyword ngxDirective limit_conn_log_level syn keyword ngxDirective limit_conn_status syn keyword ngxDirective limit_conn_zone syn keyword ngxDirective limit_rate syn keyword ngxDirective limit_rate_after syn keyword ngxDirective limit_req syn keyword ngxDirective limit_req_log_level syn keyword ngxDirective limit_req_status syn keyword ngxDirective limit_req_zone syn keyword ngxDirective lingering_close syn keyword ngxDirective lingering_time syn keyword ngxDirective lingering_timeout +syn keyword ngxDirective load_module syn keyword ngxDirective lock_file syn keyword ngxDirective log_format syn keyword ngxDirective log_not_found syn keyword ngxDirective log_subrequest syn keyword ngxDirective map_hash_bucket_size syn keyword ngxDirective map_hash_max_size +syn keyword ngxDirective match syn keyword ngxDirective master_process syn keyword ngxDirective max_ranges syn keyword ngxDirective memcached_bind syn keyword ngxDirective memcached_buffer_size syn keyword ngxDirective memcached_connect_timeout +syn keyword ngxDirective memcached_force_ranges syn keyword ngxDirective memcached_gzip_flag syn keyword ngxDirective memcached_next_upstream syn keyword ngxDirective memcached_next_upstream_timeout syn keyword ngxDirective memcached_next_upstream_tries syn keyword ngxDirective memcached_read_timeout syn keyword ngxDirective memcached_send_timeout syn keyword ngxDirective merge_slashes syn keyword ngxDirective min_delete_depth syn keyword ngxDirective modern_browser syn keyword ngxDirective modern_browser_value syn keyword ngxDirective mp4 syn keyword ngxDirective mp4_buffer_size syn keyword ngxDirective mp4_max_buffer_size +syn keyword ngxDirective mp4_limit_rate +syn keyword ngxDirective mp4_limit_rate_after syn keyword ngxDirective msie_padding syn keyword ngxDirective msie_refresh syn keyword ngxDirective multi_accept +syn keyword ngxDirective ntlm syn keyword ngxDirective open_file_cache syn keyword ngxDirective open_file_cache_errors syn keyword ngxDirective open_file_cache_events syn keyword ngxDirective open_file_cache_min_uses syn keyword ngxDirective open_file_cache_valid syn keyword ngxDirective open_log_file_cache syn keyword ngxDirective output_buffers syn keyword ngxDirective override_charset @@ -281,77 +326,94 @@ syn keyword ngxDirective perl_require syn keyword ngxDirective perl_set syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output +syn keyword ngxDirective preread_buffer_size +syn keyword ngxDirective preread_timeout syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size syn keyword ngxDirective proxy_cache syn keyword ngxDirective proxy_cache_bypass +syn keyword ngxDirective proxy_cache_convert_head syn keyword ngxDirective proxy_cache_key syn keyword ngxDirective proxy_cache_lock +syn keyword ngxDirective proxy_cache_lock_age syn keyword ngxDirective proxy_cache_lock_timeout +syn keyword ngxDirective proxy_cache_max_range_offset syn keyword ngxDirective proxy_cache_methods syn keyword ngxDirective proxy_cache_min_uses syn keyword ngxDirective proxy_cache_path +syn keyword ngxDirective proxy_cache_purge syn keyword ngxDirective proxy_cache_revalidate syn keyword ngxDirective proxy_cache_use_stale syn keyword ngxDirective proxy_cache_valid syn keyword ngxDirective proxy_connect_timeout syn keyword ngxDirective proxy_cookie_domain syn keyword ngxDirective proxy_cookie_path +syn keyword ngxDirective proxy_download_rate syn keyword ngxDirective proxy_force_ranges syn keyword ngxDirective proxy_headers_hash_bucket_size syn keyword ngxDirective proxy_headers_hash_max_size syn keyword ngxDirective proxy_hide_header syn keyword ngxDirective proxy_http_version syn keyword ngxDirective proxy_ignore_client_abort syn keyword ngxDirective proxy_ignore_headers syn keyword ngxDirective proxy_intercept_errors +syn keyword ngxDirective proxy_limit_rate syn keyword ngxDirective proxy_max_temp_file_size syn keyword ngxDirective proxy_method syn keyword ngxDirective proxy_next_upstream syn keyword ngxDirective proxy_next_upstream_timeout syn keyword ngxDirective proxy_next_upstream_tries syn keyword ngxDirective proxy_no_cache syn keyword ngxDirective proxy_pass_error_message syn keyword ngxDirective proxy_pass_header syn keyword ngxDirective proxy_pass_request_body syn keyword ngxDirective proxy_pass_request_headers +syn keyword ngxDirective proxy_protocol +syn keyword ngxDirective proxy_protocol_timeout syn keyword ngxDirective proxy_read_timeout syn keyword ngxDirective proxy_redirect +syn keyword ngxDirective proxy_request_buffering +syn keyword ngxDirective proxy_responses syn keyword ngxDirective proxy_send_lowat syn keyword ngxDirective proxy_send_timeout syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header +syn keyword ngxDirective proxy_ssl_certificate +syn keyword ngxDirective proxy_ssl_certificate_key syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name +syn keyword ngxDirective proxy_ssl_password_file syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size syn keyword ngxDirective proxy_temp_path syn keyword ngxDirective proxy_timeout +syn keyword ngxDirective proxy_upload_rate +syn keyword ngxDirective queue syn keyword ngxDirective random_index syn keyword ngxDirective read_ahead syn keyword ngxDirective real_ip_header syn keyword ngxDirective real_ip_recursive syn keyword ngxDirective recursive_error_pages syn keyword ngxDirective referer_hash_bucket_size syn keyword ngxDirective referer_hash_max_size syn keyword ngxDirective request_pool_size @@ -368,56 +430,65 @@ syn keyword ngxDirective scgi_bind syn keyword ngxDirective scgi_buffer_size syn keyword ngxDirective scgi_buffering syn keyword ngxDirective scgi_buffers syn keyword ngxDirective scgi_busy_buffers_size syn keyword ngxDirective scgi_cache syn keyword ngxDirective scgi_cache_bypass syn keyword ngxDirective scgi_cache_key syn keyword ngxDirective scgi_cache_lock +syn keyword ngxDirective scgi_cache_lock_age syn keyword ngxDirective scgi_cache_lock_timeout +syn keyword ngxDirective scgi_cache_max_range_offset syn keyword ngxDirective scgi_cache_methods syn keyword ngxDirective scgi_cache_min_uses syn keyword ngxDirective scgi_cache_path +syn keyword ngxDirective scgi_cache_purge syn keyword ngxDirective scgi_cache_revalidate syn keyword ngxDirective scgi_cache_use_stale syn keyword ngxDirective scgi_cache_valid syn keyword ngxDirective scgi_connect_timeout syn keyword ngxDirective scgi_force_ranges syn keyword ngxDirective scgi_hide_header syn keyword ngxDirective scgi_ignore_client_abort syn keyword ngxDirective scgi_ignore_headers syn keyword ngxDirective scgi_intercept_errors +syn keyword ngxDirective scgi_limit_rate syn keyword ngxDirective scgi_max_temp_file_size syn keyword ngxDirective scgi_next_upstream syn keyword ngxDirective scgi_next_upstream_timeout syn keyword ngxDirective scgi_next_upstream_tries syn keyword ngxDirective scgi_no_cache syn keyword ngxDirective scgi_param syn keyword ngxDirective scgi_pass_header syn keyword ngxDirective scgi_pass_request_body syn keyword ngxDirective scgi_pass_request_headers syn keyword ngxDirective scgi_read_timeout +syn keyword ngxDirective scgi_request_buffering syn keyword ngxDirective scgi_send_timeout syn keyword ngxDirective scgi_store syn keyword ngxDirective scgi_store_access syn keyword ngxDirective scgi_temp_file_write_size syn keyword ngxDirective scgi_temp_path syn keyword ngxDirective secure_link syn keyword ngxDirective secure_link_md5 syn keyword ngxDirective secure_link_secret syn keyword ngxDirective send_lowat syn keyword ngxDirective send_timeout syn keyword ngxDirective sendfile syn keyword ngxDirective sendfile_max_chunk syn keyword ngxDirective server_name_in_redirect syn keyword ngxDirective server_names_hash_bucket_size syn keyword ngxDirective server_names_hash_max_size syn keyword ngxDirective server_tokens +syn keyword ngxDirective session_log +syn keyword ngxDirective session_log_format +syn keyword ngxDirective session_log_zone syn keyword ngxDirective set_real_ip_from +syn keyword ngxDirective slice syn keyword ngxDirective smtp_auth syn keyword ngxDirective smtp_capabilities syn keyword ngxDirective smtp_client_buffer syn keyword ngxDirective smtp_greeting_delay syn keyword ngxDirective source_charset syn keyword ngxDirective spdy_chunk_size syn keyword ngxDirective spdy_headers_comp syn keyword ngxDirective spdy_keepalive_timeout @@ -438,46 +509,56 @@ syn keyword ngxDirective ssl_buffer_size syn keyword ngxDirective ssl_certificate syn keyword ngxDirective ssl_certificate_key syn keyword ngxDirective ssl_ciphers syn keyword ngxDirective ssl_client_certificate syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine +syn keyword ngxDirective ssl_handshake_timeout syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers +syn keyword ngxDirective ssl_preread syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify syn keyword ngxDirective ssl_trusted_certificate syn keyword ngxDirective ssl_verify_client syn keyword ngxDirective ssl_verify_depth syn keyword ngxDirective starttls +syn keyword ngxDirective state +syn keyword ngxDirective status +syn keyword ngxDirective status_format +syn keyword ngxDirective status_zone +syn keyword ngxDirective sticky +syn keyword ngxDirective sticky_cookie_insert syn keyword ngxDirective stub_status syn keyword ngxDirective sub_filter syn keyword ngxDirective sub_filter_last_modified syn keyword ngxDirective sub_filter_once syn keyword ngxDirective sub_filter_types syn keyword ngxDirective tcp_nodelay syn keyword ngxDirective tcp_nopush +syn keyword ngxDirective thread_pool syn keyword ngxDirective thread_stack_size syn keyword ngxDirective timeout syn keyword ngxDirective timer_resolution syn keyword ngxDirective types_hash_bucket_size syn keyword ngxDirective types_hash_max_size syn keyword ngxDirective underscores_in_headers syn keyword ngxDirective uninitialized_variable_warn +syn keyword ngxDirective upstream_conf syn keyword ngxDirective use syn keyword ngxDirective user syn keyword ngxDirective userid syn keyword ngxDirective userid_domain syn keyword ngxDirective userid_expires syn keyword ngxDirective userid_mark syn keyword ngxDirective userid_name syn keyword ngxDirective userid_p3p @@ -487,45 +568,53 @@ syn keyword ngxDirective uwsgi_bind syn keyword ngxDirective uwsgi_buffer_size syn keyword ngxDirective uwsgi_buffering syn keyword ngxDirective uwsgi_buffers syn keyword ngxDirective uwsgi_busy_buffers_size syn keyword ngxDirective uwsgi_cache syn keyword ngxDirective uwsgi_cache_bypass syn keyword ngxDirective uwsgi_cache_key syn keyword ngxDirective uwsgi_cache_lock +syn keyword ngxDirective uwsgi_cache_lock_age syn keyword ngxDirective uwsgi_cache_lock_timeout syn keyword ngxDirective uwsgi_cache_methods syn keyword ngxDirective uwsgi_cache_min_uses syn keyword ngxDirective uwsgi_cache_path +syn keyword ngxDirective uwsgi_cache_purge syn keyword ngxDirective uwsgi_cache_revalidate syn keyword ngxDirective uwsgi_cache_use_stale syn keyword ngxDirective uwsgi_cache_valid syn keyword ngxDirective uwsgi_connect_timeout syn keyword ngxDirective uwsgi_force_ranges syn keyword ngxDirective uwsgi_hide_header syn keyword ngxDirective uwsgi_ignore_client_abort syn keyword ngxDirective uwsgi_ignore_headers syn keyword ngxDirective uwsgi_intercept_errors +syn keyword ngxDirective uwsgi_limit_rate syn keyword ngxDirective uwsgi_max_temp_file_size syn keyword ngxDirective uwsgi_modifier1 syn keyword ngxDirective uwsgi_modifier2 syn keyword ngxDirective uwsgi_next_upstream syn keyword ngxDirective uwsgi_next_upstream_timeout syn keyword ngxDirective uwsgi_next_upstream_tries syn keyword ngxDirective uwsgi_no_cache syn keyword ngxDirective uwsgi_param +syn keyword ngxDirective uwsgi_pass syn keyword ngxDirective uwsgi_pass_header syn keyword ngxDirective uwsgi_pass_request_body syn keyword ngxDirective uwsgi_pass_request_headers syn keyword ngxDirective uwsgi_read_timeout +syn keyword ngxDirective uwsgi_request_buffering syn keyword ngxDirective uwsgi_send_timeout +syn keyword ngxDirective uwsgi_ssl_certificate +syn keyword ngxDirective uwsgi_ssl_certificate_key syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name +syn keyword ngxDirective uwsgi_ssl_password_file syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access @@ -547,16 +636,17 @@ syn keyword ngxDirective worker_threads syn keyword ngxDirective working_directory syn keyword ngxDirective xclient syn keyword ngxDirective xml_entities syn keyword ngxDirective xslt_last_modified syn keyword ngxDirective xslt_param syn keyword ngxDirective xslt_string_param syn keyword ngxDirective xslt_stylesheet syn keyword ngxDirective xslt_types +syn keyword ngxDirective zone " 3rd party module list: " http://wiki.nginx.org/Nginx3rdPartyModules " Accept Language Module " Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. syn keyword ngxDirectiveThirdParty set_from_accept_language From eustas.ru at gmail.com Thu Feb 23 12:11:56 2017 From: eustas.ru at gmail.com (Eugene Kluchnikov) Date: Thu, 23 Feb 2017 13:11:56 +0100 Subject: [PATCH] Add static brotli module In-Reply-To: References: <2886732.38QkW4xQnI@vbart-workstation> Message-ID: # HG changeset patch # User Evgenii Kliuchnikov # Date 1487764873 -3600 # Wed Feb 22 13:01:13 2017 +0100 # Node ID 96939e63f30579f2f32e843d217bd46fa6086bb4 # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c Add brotli static serving support. Both .gz and .br static content is served by ngx_http_gzip_static_modile, but have separate configuration. diff -r 87cf6ddb41c2 -r 96939e63f305 contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 @@ -86,6 +86,7 @@ syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size syn keyword ngxDirective autoindex_localtime +syn keyword ngxDirective brotli_static syn keyword ngxDirective charset syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/modules/ngx_http_gzip_static_module.c --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 13:01:13 2017 +0100 @@ -16,10 +16,14 @@ typedef struct { - ngx_uint_t enable; + ngx_uint_t enable_gzip; + ngx_uint_t enable_brotli; } ngx_http_gzip_static_conf_t; +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, + ngx_str_t *encoding); static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void *parent, @@ -41,7 +45,14 @@ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_conf_set_enum_slot, NGX_HTTP_LOC_CONF_OFFSET, - offsetof(ngx_http_gzip_static_conf_t, enable), + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), + &ngx_http_gzip_static }, + + { ngx_string("brotli_static"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), &ngx_http_gzip_static }, ngx_null_command @@ -79,19 +90,13 @@ }; +static ngx_str_t encoding_gzip = ngx_string("gzip"); +static ngx_str_t encoding_brotli = ngx_string("brotli"); + static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r) { - u_char *p; - size_t root; - ngx_str_t path; ngx_int_t rc; - ngx_uint_t level; - ngx_log_t *log; - ngx_buf_t *b; - ngx_chain_t out; - ngx_table_elt_t *h; - ngx_open_file_info_t of; ngx_http_core_loc_conf_t *clcf; ngx_http_gzip_static_conf_t *gzcf; @@ -105,19 +110,56 @@ gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { return NGX_DECLINED; } - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { - rc = ngx_http_gzip_ok(r); + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - } else { - /* always */ - rc = NGX_OK; + rc = NGX_DECLINED; + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { + rc = ngx_http_gzip_ok(r); + } else { + /* always */ + rc = NGX_OK; + } + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, clcf, + &encoding_gzip); } - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == NGX_DECLINED) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { + rc = ngx_http_gzip_ok(r); + } else { + /* always */ + rc = NGX_OK; + } + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, rc, clcf, + &encoding_brotli); + } + + return rc; +} + + +static ngx_int_t +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t enable, + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) +{ + u_char *p; + size_t root; + ngx_str_t path; + ngx_int_t rc; + ngx_uint_t level; + ngx_log_t *log; + ngx_buf_t *b; + ngx_chain_t out; + ngx_table_elt_t *h; + ngx_open_file_info_t of; + + rc = ok; if (!clcf->gzip_vary && rc != NGX_OK) { return NGX_DECLINED; @@ -125,14 +167,14 @@ log = r->connection->log; - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); if (p == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } *p++ = '.'; - *p++ = 'g'; - *p++ = 'z'; + *p++ = encoding->data[0]; + *p++ = encoding->data[1]; *p = '\0'; path.len = p - path.data; @@ -188,7 +230,7 @@ return NGX_DECLINED; } - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { + if (enable == NGX_HTTP_GZIP_STATIC_ON) { r->gzip_vary = 1; if (rc != NGX_OK) { @@ -243,7 +285,7 @@ h->hash = 1; ngx_str_set(&h->key, "Content-Encoding"); - ngx_str_set(&h->value, "gzip"); + h->value = *encoding; r->headers_out.content_encoding = h; /* we need to allocate all before the header would be sent */ @@ -293,7 +335,8 @@ return NULL; } - conf->enable = NGX_CONF_UNSET_UINT; + conf->enable_gzip = NGX_CONF_UNSET_UINT; + conf->enable_brotli = NGX_CONF_UNSET_UINT; return conf; } @@ -305,7 +348,9 @@ ngx_http_gzip_static_conf_t *prev = parent; ngx_http_gzip_static_conf_t *conf = child; - ngx_conf_merge_uint_value(conf->enable, prev->enable, + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, + NGX_HTTP_GZIP_STATIC_OFF); + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, NGX_HTTP_GZIP_STATIC_OFF); return NGX_CONF_OK; diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 @@ -74,8 +74,8 @@ static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #if (NGX_HTTP_GZIP) -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n); +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #endif @@ -2170,7 +2170,7 @@ */ if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) { return NGX_DECLINED; } @@ -2297,15 +2297,42 @@ } +ngx_int_t +ngx_http_brotli_ok(ngx_http_request_t *r) +{ + ngx_table_elt_t *ae; + + if (r != r->main) { + return NGX_DECLINED; + } + + ae = r->headers_in.accept_encoding; + if (ae == NULL) { + return NGX_DECLINED; + } + + if (ae->value.len < sizeof("br") - 1) { + return NGX_DECLINED; + } + + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) + { + return NGX_DECLINED; + } + + return NGX_OK; +} + + /* - * gzip is enabled for the following quantities: + * encoding is enabled for the following quantities: * "gzip; q=0.001" ... "gzip; q=1.000" - * gzip is disabled for the following quantities: - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases + * encoding is disabled for the following quantities: + * "br; q=0" ... "br; q=0.000", and for any invalid cases */ static ngx_int_t -ngx_http_gzip_accept_encoding(ngx_str_t *ae) +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) { u_char *p, *start, *last; @@ -2313,7 +2340,7 @@ last = start + ae->len; for ( ;; ) { - p = ngx_strcasestrn(start, "gzip", 4 - 1); + p = ngx_strcasestrn(start, e, n - 1); if (p == NULL) { return NGX_DECLINED; } @@ -2322,10 +2349,10 @@ break; } - start = p + 4; - } - - p += 4; + start = p + n; + } + + p += n; while (p < last) { switch (*p++) { @@ -2364,7 +2391,7 @@ return NGX_DECLINED; } - if (ngx_http_gzip_quantity(p, last) == 0) { + if (ngx_http_encoding_quantity(p, last) == 0) { return NGX_DECLINED; } @@ -2373,7 +2400,7 @@ static ngx_uint_t -ngx_http_gzip_quantity(u_char *p, u_char *last) +ngx_http_encoding_quantity(u_char *p, u_char *last) { u_char c; ngx_uint_t n, q; diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.h --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 @@ -504,6 +504,7 @@ ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); #if (NGX_HTTP_GZIP) ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); #endif Take 2 - modify ngx_http_gzip_static_modile to serve both .gz and .br. On 22 February 2017 at 16:10, Eugene Kluchnikov wrote: > Yup. Going to try to create a "combined" module soon =) > > On 22 February 2017 at 15:40, Valentin V. Bartenev > wrote: >> >> At the first glance, the differences are really small and >> such functionality can be combined in one module. >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From eustas.ru at gmail.com Thu Feb 23 19:03:07 2017 From: eustas.ru at gmail.com (Eugene Kluchnikov) Date: Thu, 23 Feb 2017 20:03:07 +0100 Subject: [PATCH] Add static brotli module In-Reply-To: References: <2886732.38QkW4xQnI@vbart-workstation> Message-ID: # HG changeset patch # User Evgenii Kliuchnikov # Date 1487764873 -3600 # Wed Feb 22 13:01:13 2017 +0100 # Node ID c230f3874e060ccb14d7560233f2c70a910640a1 # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c Add brotli static serving support. Both .gz and .br static content is served by ngx_http_gzip_static_modile, but have separate configuration. diff -r 87cf6ddb41c2 -r c230f3874e06 contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 @@ -86,6 +86,7 @@ syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size syn keyword ngxDirective autoindex_localtime +syn keyword ngxDirective brotli_static syn keyword ngxDirective charset syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/modules/ngx_http_gzip_static_module.c --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 13:01:13 2017 +0100 @@ -16,10 +16,14 @@ typedef struct { - ngx_uint_t enable; + ngx_uint_t enable_gzip; + ngx_uint_t enable_brotli; } ngx_http_gzip_static_conf_t; +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, + ngx_str_t *encoding); static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void *parent, @@ -41,7 +45,14 @@ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_conf_set_enum_slot, NGX_HTTP_LOC_CONF_OFFSET, - offsetof(ngx_http_gzip_static_conf_t, enable), + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), + &ngx_http_gzip_static }, + + { ngx_string("brotli_static"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), &ngx_http_gzip_static }, ngx_null_command @@ -79,19 +90,14 @@ }; +static ngx_str_t encoding_gzip = ngx_string("gzip"); +static ngx_str_t encoding_brotli = ngx_string("br"); + + static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r) { - u_char *p; - size_t root; - ngx_str_t path; ngx_int_t rc; - ngx_uint_t level; - ngx_log_t *log; - ngx_buf_t *b; - ngx_chain_t out; - ngx_table_elt_t *h; - ngx_open_file_info_t of; ngx_http_core_loc_conf_t *clcf; ngx_http_gzip_static_conf_t *gzcf; @@ -105,19 +111,56 @@ gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { return NGX_DECLINED; } - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { - rc = ngx_http_gzip_ok(r); + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - } else { - /* always */ - rc = NGX_OK; + rc = NGX_DECLINED; + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { + rc = ngx_http_gzip_ok(r); + } else { + /* always */ + rc = NGX_OK; + } + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, clcf, + &encoding_gzip); } - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == NGX_DECLINED) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { + rc = ngx_http_gzip_ok(r); + } else { + /* always */ + rc = NGX_OK; + } + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, rc, clcf, + &encoding_brotli); + } + + return rc; +} + + +static ngx_int_t +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t enable, + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) +{ + u_char *p; + size_t root; + ngx_str_t path; + ngx_int_t rc; + ngx_uint_t level; + ngx_log_t *log; + ngx_buf_t *b; + ngx_chain_t out; + ngx_table_elt_t *h; + ngx_open_file_info_t of; + + rc = ok; if (!clcf->gzip_vary && rc != NGX_OK) { return NGX_DECLINED; @@ -125,14 +168,14 @@ log = r->connection->log; - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); if (p == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } *p++ = '.'; - *p++ = 'g'; - *p++ = 'z'; + *p++ = encoding->data[0]; + *p++ = encoding->data[1]; *p = '\0'; path.len = p - path.data; @@ -188,7 +231,7 @@ return NGX_DECLINED; } - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { + if (enable == NGX_HTTP_GZIP_STATIC_ON) { r->gzip_vary = 1; if (rc != NGX_OK) { @@ -243,7 +286,7 @@ h->hash = 1; ngx_str_set(&h->key, "Content-Encoding"); - ngx_str_set(&h->value, "gzip"); + h->value = *encoding; r->headers_out.content_encoding = h; /* we need to allocate all before the header would be sent */ @@ -293,7 +336,8 @@ return NULL; } - conf->enable = NGX_CONF_UNSET_UINT; + conf->enable_gzip = NGX_CONF_UNSET_UINT; + conf->enable_brotli = NGX_CONF_UNSET_UINT; return conf; } @@ -305,7 +349,9 @@ ngx_http_gzip_static_conf_t *prev = parent; ngx_http_gzip_static_conf_t *conf = child; - ngx_conf_merge_uint_value(conf->enable, prev->enable, + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, + NGX_HTTP_GZIP_STATIC_OFF); + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, NGX_HTTP_GZIP_STATIC_OFF); return NGX_CONF_OK; diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 @@ -74,8 +74,8 @@ static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #if (NGX_HTTP_GZIP) -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n); +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #endif @@ -2170,7 +2170,7 @@ */ if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) { return NGX_DECLINED; } @@ -2297,15 +2297,42 @@ } +ngx_int_t +ngx_http_brotli_ok(ngx_http_request_t *r) +{ + ngx_table_elt_t *ae; + + if (r != r->main) { + return NGX_DECLINED; + } + + ae = r->headers_in.accept_encoding; + if (ae == NULL) { + return NGX_DECLINED; + } + + if (ae->value.len < sizeof("br") - 1) { + return NGX_DECLINED; + } + + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) + { + return NGX_DECLINED; + } + + return NGX_OK; +} + + /* - * gzip is enabled for the following quantities: + * encoding is enabled for the following quantities: * "gzip; q=0.001" ... "gzip; q=1.000" - * gzip is disabled for the following quantities: - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases + * encoding is disabled for the following quantities: + * "br; q=0" ... "br; q=0.000", and for any invalid cases */ static ngx_int_t -ngx_http_gzip_accept_encoding(ngx_str_t *ae) +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) { u_char *p, *start, *last; @@ -2313,7 +2340,7 @@ last = start + ae->len; for ( ;; ) { - p = ngx_strcasestrn(start, "gzip", 4 - 1); + p = ngx_strcasestrn(start, e, n - 1); if (p == NULL) { return NGX_DECLINED; } @@ -2322,10 +2349,10 @@ break; } - start = p + 4; - } - - p += 4; + start = p + n; + } + + p += n; while (p < last) { switch (*p++) { @@ -2364,7 +2391,7 @@ return NGX_DECLINED; } - if (ngx_http_gzip_quantity(p, last) == 0) { + if (ngx_http_encoding_quantity(p, last) == 0) { return NGX_DECLINED; } @@ -2373,7 +2400,7 @@ static ngx_uint_t -ngx_http_gzip_quantity(u_char *p, u_char *last) +ngx_http_encoding_quantity(u_char *p, u_char *last) { u_char c; ngx_uint_t n, q; diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.h --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 @@ -504,6 +504,7 @@ ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); #if (NGX_HTTP_GZIP) ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); #endif Fixed "Content-Encoding" value. On 23 February 2017 at 13:11, Eugene Kluchnikov wrote: > # HG changeset patch > # User Evgenii Kliuchnikov > # Date 1487764873 -3600 > # Wed Feb 22 13:01:13 2017 +0100 > # Node ID 96939e63f30579f2f32e843d217bd46fa6086bb4 > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > Add brotli static serving support. > > Both .gz and .br static content is served by > ngx_http_gzip_static_modile, but have separate configuration. > > diff -r 87cf6ddb41c2 -r 96939e63f305 contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 > +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 > @@ -86,6 +86,7 @@ > syn keyword ngxDirective autoindex > syn keyword ngxDirective autoindex_exact_size > syn keyword ngxDirective autoindex_localtime > +syn keyword ngxDirective brotli_static > syn keyword ngxDirective charset > syn keyword ngxDirective charset_types > syn keyword ngxDirective chunked_transfer_encoding > diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/modules/ngx_http_ > gzip_static_module.c > --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 17:01:27 > 2017 +0300 > +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 13:01:13 > 2017 +0100 > @@ -16,10 +16,14 @@ > > > typedef struct { > - ngx_uint_t enable; > + ngx_uint_t enable_gzip; > + ngx_uint_t enable_brotli; > } ngx_http_gzip_static_conf_t; > > > +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, > + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, > + ngx_str_t *encoding); > static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); > static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); > static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void > *parent, > @@ -41,7 +45,14 @@ > NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF| > NGX_CONF_TAKE1, > ngx_conf_set_enum_slot, > NGX_HTTP_LOC_CONF_OFFSET, > - offsetof(ngx_http_gzip_static_conf_t, enable), > + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), > + &ngx_http_gzip_static }, > + > + { ngx_string("brotli_static"), > + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF| > NGX_CONF_TAKE1, > + ngx_conf_set_enum_slot, > + NGX_HTTP_LOC_CONF_OFFSET, > + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), > &ngx_http_gzip_static }, > > ngx_null_command > @@ -79,19 +90,13 @@ > }; > > > +static ngx_str_t encoding_gzip = ngx_string("gzip"); > +static ngx_str_t encoding_brotli = ngx_string("brotli"); > + > static ngx_int_t > ngx_http_gzip_static_handler(ngx_http_request_t *r) > { > - u_char *p; > - size_t root; > - ngx_str_t path; > ngx_int_t rc; > - ngx_uint_t level; > - ngx_log_t *log; > - ngx_buf_t *b; > - ngx_chain_t out; > - ngx_table_elt_t *h; > - ngx_open_file_info_t of; > ngx_http_core_loc_conf_t *clcf; > ngx_http_gzip_static_conf_t *gzcf; > > @@ -105,19 +110,56 @@ > > gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && > + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { > return NGX_DECLINED; > } > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { > - rc = ngx_http_gzip_ok(r); > + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > > - } else { > - /* always */ > - rc = NGX_OK; > + rc = NGX_DECLINED; > + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { > + rc = ngx_http_gzip_ok(r); > + } else { > + /* always */ > + rc = NGX_OK; > + } > + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, > clcf, > + &encoding_gzip); > } > > - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == > NGX_DECLINED) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { > + rc = ngx_http_gzip_ok(r); > + } else { > + /* always */ > + rc = NGX_OK; > + } > + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, rc, > clcf, > + &encoding_brotli); > + } > + > + return rc; > +} > + > + > +static ngx_int_t > +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t enable, > + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) > +{ > + u_char *p; > + size_t root; > + ngx_str_t path; > + ngx_int_t rc; > + ngx_uint_t level; > + ngx_log_t *log; > + ngx_buf_t *b; > + ngx_chain_t out; > + ngx_table_elt_t *h; > + ngx_open_file_info_t of; > + > + rc = ok; > > if (!clcf->gzip_vary && rc != NGX_OK) { > return NGX_DECLINED; > @@ -125,14 +167,14 @@ > > log = r->connection->log; > > - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); > + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); > if (p == NULL) { > return NGX_HTTP_INTERNAL_SERVER_ERROR; > } > > *p++ = '.'; > - *p++ = 'g'; > - *p++ = 'z'; > + *p++ = encoding->data[0]; > + *p++ = encoding->data[1]; > *p = '\0'; > > path.len = p - path.data; > @@ -188,7 +230,7 @@ > return NGX_DECLINED; > } > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { > + if (enable == NGX_HTTP_GZIP_STATIC_ON) { > r->gzip_vary = 1; > > if (rc != NGX_OK) { > @@ -243,7 +285,7 @@ > > h->hash = 1; > ngx_str_set(&h->key, "Content-Encoding"); > - ngx_str_set(&h->value, "gzip"); > + h->value = *encoding; > r->headers_out.content_encoding = h; > > /* we need to allocate all before the header would be sent */ > @@ -293,7 +335,8 @@ > return NULL; > } > > - conf->enable = NGX_CONF_UNSET_UINT; > + conf->enable_gzip = NGX_CONF_UNSET_UINT; > + conf->enable_brotli = NGX_CONF_UNSET_UINT; > > return conf; > } > @@ -305,7 +348,9 @@ > ngx_http_gzip_static_conf_t *prev = parent; > ngx_http_gzip_static_conf_t *conf = child; > > - ngx_conf_merge_uint_value(conf->enable, prev->enable, > + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, > + NGX_HTTP_GZIP_STATIC_OFF); > + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, > NGX_HTTP_GZIP_STATIC_OFF); > > return NGX_CONF_OK; > diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.c > --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 > +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 > @@ -74,8 +74,8 @@ > static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, > void *conf); > #if (NGX_HTTP_GZIP) > -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); > -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); > +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t > n); > +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); > static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, > void *conf); > #endif > @@ -2170,7 +2170,7 @@ > */ > > if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 > - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) > + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) > { > return NGX_DECLINED; > } > @@ -2297,15 +2297,42 @@ > } > > > +ngx_int_t > +ngx_http_brotli_ok(ngx_http_request_t *r) > +{ > + ngx_table_elt_t *ae; > + > + if (r != r->main) { > + return NGX_DECLINED; > + } > + > + ae = r->headers_in.accept_encoding; > + if (ae == NULL) { > + return NGX_DECLINED; > + } > + > + if (ae->value.len < sizeof("br") - 1) { > + return NGX_DECLINED; > + } > + > + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) > + { > + return NGX_DECLINED; > + } > + > + return NGX_OK; > +} > + > + > /* > - * gzip is enabled for the following quantities: > + * encoding is enabled for the following quantities: > * "gzip; q=0.001" ... "gzip; q=1.000" > - * gzip is disabled for the following quantities: > - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases > + * encoding is disabled for the following quantities: > + * "br; q=0" ... "br; q=0.000", and for any invalid cases > */ > > static ngx_int_t > -ngx_http_gzip_accept_encoding(ngx_str_t *ae) > +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) > { > u_char *p, *start, *last; > > @@ -2313,7 +2340,7 @@ > last = start + ae->len; > > for ( ;; ) { > - p = ngx_strcasestrn(start, "gzip", 4 - 1); > + p = ngx_strcasestrn(start, e, n - 1); > if (p == NULL) { > return NGX_DECLINED; > } > @@ -2322,10 +2349,10 @@ > break; > } > > - start = p + 4; > - } > - > - p += 4; > + start = p + n; > + } > + > + p += n; > > while (p < last) { > switch (*p++) { > @@ -2364,7 +2391,7 @@ > return NGX_DECLINED; > } > > - if (ngx_http_gzip_quantity(p, last) == 0) { > + if (ngx_http_encoding_quantity(p, last) == 0) { > return NGX_DECLINED; > } > > @@ -2373,7 +2400,7 @@ > > > static ngx_uint_t > -ngx_http_gzip_quantity(u_char *p, u_char *last) > +ngx_http_encoding_quantity(u_char *p, u_char *last) > { > u_char c; > ngx_uint_t n, q; > diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.h > --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 > +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 > @@ -504,6 +504,7 @@ > ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); > #if (NGX_HTTP_GZIP) > ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); > +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); > #endif > > > > > > > Take 2 - modify ngx_http_gzip_static_modile to serve both .gz and .br. > > > On 22 February 2017 at 16:10, Eugene Kluchnikov > wrote: > >> Yup. Going to try to create a "combined" module soon =) >> >> On 22 February 2017 at 15:40, Valentin V. Bartenev >> wrote: >>> >>> At the first glance, the differences are really small and >>> such functionality can be combined in one module. >>> >> -- ? ?????????? ???????????, ??????? ????????? WBR, Eugene Kluchnikov -------------- next part -------------- An HTML attachment was scrubbed... URL: From othree at gmail.com Fri Feb 24 06:59:23 2017 From: othree at gmail.com (OOO) Date: Fri, 24 Feb 2017 14:59:23 +0800 Subject: [PATCH] Contrib: vim syntax, update core module directives In-Reply-To: References: Message-ID: Sorry, I missed a . after commit message. Will fix it by another PATCH. 2017-02-23 12:32 GMT+08:00 othree : > # HG changeset patch > # User othree > # Date 1487824289 -28800 > # Thu Feb 23 12:31:29 2017 +0800 > # Node ID d5a7953a10d9730ee1a42f9931218425b4eca1be > # Parent 00903b2132edb863e8aed2e84e216817fcc07c90 > Contrib: vim syntax, update core module directives > > diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim > +++ b/contrib/vim/syntax/nginx.vim > @@ -77,40 +77,47 @@ syn keyword ngxDirectiveDeprecated conne > syn keyword ngxDirectiveDeprecated imap > syn keyword ngxDirectiveDeprecated limit_zone > syn keyword ngxDirectiveDeprecated mysql_test > syn keyword ngxDirectiveDeprecated open_file_cache_retest > syn keyword ngxDirectiveDeprecated optimize_server_names > syn keyword ngxDirectiveDeprecated satisfy_any > syn keyword ngxDirectiveDeprecated so_keepalive > > +syn keyword ngxDirective absolute_redirect > syn keyword ngxDirective accept_mutex > syn keyword ngxDirective accept_mutex_delay > syn keyword ngxDirective acceptex_read > syn keyword ngxDirective access_log > syn keyword ngxDirective add_after_body > syn keyword ngxDirective add_before_body > syn keyword ngxDirective add_header > syn keyword ngxDirective addition_types > syn keyword ngxDirective aio > +syn keyword ngxDirective aio_write > syn keyword ngxDirective alias > syn keyword ngxDirective allow > syn keyword ngxDirective ancient_browser > syn keyword ngxDirective ancient_browser_value > syn keyword ngxDirective auth_basic > syn keyword ngxDirective auth_basic_user_file > syn keyword ngxDirective auth_http > syn keyword ngxDirective auth_http_header > +syn keyword ngxDirective auth_http_pass_client_cert > syn keyword ngxDirective auth_http_timeout > +syn keyword ngxDirective auth_jwt > +syn keyword ngxDirective auth_jwt_key_file > syn keyword ngxDirective auth_request > syn keyword ngxDirective auth_request_set > syn keyword ngxDirective autoindex > syn keyword ngxDirective autoindex_exact_size > +syn keyword ngxDirective autoindex_format > syn keyword ngxDirective autoindex_localtime > syn keyword ngxDirective charset > +syn keyword ngxDirective charset_map > syn keyword ngxDirective charset_types > syn keyword ngxDirective chunked_transfer_encoding > syn keyword ngxDirective client_body_buffer_size > syn keyword ngxDirective client_body_in_file_only > syn keyword ngxDirective client_body_in_single_buffer > syn keyword ngxDirective client_body_temp_path > syn keyword ngxDirective client_body_timeout > syn keyword ngxDirective client_header_buffer_size > @@ -134,51 +141,58 @@ syn keyword ngxDirective directio_alignm > syn keyword ngxDirective disable_symlinks > syn keyword ngxDirective empty_gif > syn keyword ngxDirective env > syn keyword ngxDirective epoll_events > syn keyword ngxDirective error_log > syn keyword ngxDirective etag > syn keyword ngxDirective eventport_events > syn keyword ngxDirective expires > +syn keyword ngxDirective f4f > +syn keyword ngxDirective f4f_buffer_size > syn keyword ngxDirective fastcgi_bind > syn keyword ngxDirective fastcgi_buffer_size > syn keyword ngxDirective fastcgi_buffering > syn keyword ngxDirective fastcgi_buffers > syn keyword ngxDirective fastcgi_busy_buffers_size > syn keyword ngxDirective fastcgi_cache > syn keyword ngxDirective fastcgi_cache_bypass > syn keyword ngxDirective fastcgi_cache_key > syn keyword ngxDirective fastcgi_cache_lock > +syn keyword ngxDirective fastcgi_cache_lock_age > syn keyword ngxDirective fastcgi_cache_lock_timeout > +syn keyword ngxDirective fastcgi_cache_max_range_offset > syn keyword ngxDirective fastcgi_cache_methods > syn keyword ngxDirective fastcgi_cache_min_uses > syn keyword ngxDirective fastcgi_cache_path > +syn keyword ngxDirective fastcgi_cache_purge > syn keyword ngxDirective fastcgi_cache_revalidate > syn keyword ngxDirective fastcgi_cache_use_stale > syn keyword ngxDirective fastcgi_cache_valid > syn keyword ngxDirective fastcgi_catch_stderr > syn keyword ngxDirective fastcgi_connect_timeout > syn keyword ngxDirective fastcgi_force_ranges > syn keyword ngxDirective fastcgi_hide_header > syn keyword ngxDirective fastcgi_ignore_client_abort > syn keyword ngxDirective fastcgi_ignore_headers > syn keyword ngxDirective fastcgi_index > syn keyword ngxDirective fastcgi_intercept_errors > syn keyword ngxDirective fastcgi_keep_conn > +syn keyword ngxDirective fastcgi_limit_rate > syn keyword ngxDirective fastcgi_max_temp_file_size > syn keyword ngxDirective fastcgi_next_upstream > syn keyword ngxDirective fastcgi_next_upstream_timeout > syn keyword ngxDirective fastcgi_next_upstream_tries > syn keyword ngxDirective fastcgi_no_cache > syn keyword ngxDirective fastcgi_param > syn keyword ngxDirective fastcgi_pass_header > syn keyword ngxDirective fastcgi_pass_request_body > syn keyword ngxDirective fastcgi_pass_request_headers > syn keyword ngxDirective fastcgi_read_timeout > +syn keyword ngxDirective fastcgi_request_buffering > syn keyword ngxDirective fastcgi_send_lowat > syn keyword ngxDirective fastcgi_send_timeout > syn keyword ngxDirective fastcgi_split_path_info > syn keyword ngxDirective fastcgi_store > syn keyword ngxDirective fastcgi_store_access > syn keyword ngxDirective fastcgi_temp_file_write_size > syn keyword ngxDirective fastcgi_temp_path > syn keyword ngxDirective flv > @@ -199,78 +213,109 @@ syn keyword ngxDirective gzip_http_versi > syn keyword ngxDirective gzip_min_length > syn keyword ngxDirective gzip_no_buffer > syn keyword ngxDirective gzip_proxied > syn keyword ngxDirective gzip_static > syn keyword ngxDirective gzip_types > syn keyword ngxDirective gzip_vary > syn keyword ngxDirective gzip_window > syn keyword ngxDirective hash > +syn keyword ngxDirective health_check > +syn keyword ngxDirective health_check_timeout > +syn keyword ngxDirective hls > +syn keyword ngxDirective hls_buffers > +syn keyword ngxDirective hls_forward_args > +syn keyword ngxDirective hls_fragment > +syn keyword ngxDirective hls_mp4_buffer_size > +syn keyword ngxDirective hls_mp4_max_buffer_size > +syn keyword ngxDirective http2_chunk_size > +syn keyword ngxDirective http2_body_preread_size > +syn keyword ngxDirective http2_idle_timeout > +syn keyword ngxDirective http2_max_concurrent_streams > +syn keyword ngxDirective http2_max_field_size > +syn keyword ngxDirective http2_max_header_size > +syn keyword ngxDirective http2_max_requests > +syn keyword ngxDirective http2_recv_buffer_size > +syn keyword ngxDirective http2_recv_timeout > syn keyword ngxDirective if_modified_since > syn keyword ngxDirective ignore_invalid_headers > syn keyword ngxDirective image_filter > syn keyword ngxDirective image_filter_buffer > syn keyword ngxDirective image_filter_interlace > syn keyword ngxDirective image_filter_jpeg_quality > syn keyword ngxDirective image_filter_sharpen > syn keyword ngxDirective image_filter_transparency > +syn keyword ngxDirective image_filter_webp_quality > syn keyword ngxDirective imap_auth > syn keyword ngxDirective imap_capabilities > syn keyword ngxDirective imap_client_buffer > syn keyword ngxDirective index > syn keyword ngxDirective iocp_threads > syn keyword ngxDirective ip_hash > +syn keyword ngxDirective js_access > +syn keyword ngxDirective js_content > +syn keyword ngxDirective js_filter > +syn keyword ngxDirective js_include > +syn keyword ngxDirective js_preread > +syn keyword ngxDirective js_set > syn keyword ngxDirective keepalive > syn keyword ngxDirective keepalive_disable > syn keyword ngxDirective keepalive_requests > syn keyword ngxDirective keepalive_timeout > syn keyword ngxDirective kqueue_changes > syn keyword ngxDirective kqueue_events > syn keyword ngxDirective large_client_header_buffers > syn keyword ngxDirective least_conn > +syn keyword ngxDirective least_time > syn keyword ngxDirective limit_conn > syn keyword ngxDirective limit_conn_log_level > syn keyword ngxDirective limit_conn_status > syn keyword ngxDirective limit_conn_zone > syn keyword ngxDirective limit_rate > syn keyword ngxDirective limit_rate_after > syn keyword ngxDirective limit_req > syn keyword ngxDirective limit_req_log_level > syn keyword ngxDirective limit_req_status > syn keyword ngxDirective limit_req_zone > syn keyword ngxDirective lingering_close > syn keyword ngxDirective lingering_time > syn keyword ngxDirective lingering_timeout > +syn keyword ngxDirective load_module > syn keyword ngxDirective lock_file > syn keyword ngxDirective log_format > syn keyword ngxDirective log_not_found > syn keyword ngxDirective log_subrequest > syn keyword ngxDirective map_hash_bucket_size > syn keyword ngxDirective map_hash_max_size > +syn keyword ngxDirective match > syn keyword ngxDirective master_process > syn keyword ngxDirective max_ranges > syn keyword ngxDirective memcached_bind > syn keyword ngxDirective memcached_buffer_size > syn keyword ngxDirective memcached_connect_timeout > +syn keyword ngxDirective memcached_force_ranges > syn keyword ngxDirective memcached_gzip_flag > syn keyword ngxDirective memcached_next_upstream > syn keyword ngxDirective memcached_next_upstream_timeout > syn keyword ngxDirective memcached_next_upstream_tries > syn keyword ngxDirective memcached_read_timeout > syn keyword ngxDirective memcached_send_timeout > syn keyword ngxDirective merge_slashes > syn keyword ngxDirective min_delete_depth > syn keyword ngxDirective modern_browser > syn keyword ngxDirective modern_browser_value > syn keyword ngxDirective mp4 > syn keyword ngxDirective mp4_buffer_size > syn keyword ngxDirective mp4_max_buffer_size > +syn keyword ngxDirective mp4_limit_rate > +syn keyword ngxDirective mp4_limit_rate_after > syn keyword ngxDirective msie_padding > syn keyword ngxDirective msie_refresh > syn keyword ngxDirective multi_accept > +syn keyword ngxDirective ntlm > syn keyword ngxDirective open_file_cache > syn keyword ngxDirective open_file_cache_errors > syn keyword ngxDirective open_file_cache_events > syn keyword ngxDirective open_file_cache_min_uses > syn keyword ngxDirective open_file_cache_valid > syn keyword ngxDirective open_log_file_cache > syn keyword ngxDirective output_buffers > syn keyword ngxDirective override_charset > @@ -281,77 +326,94 @@ syn keyword ngxDirective perl_require > syn keyword ngxDirective perl_set > syn keyword ngxDirective pid > syn keyword ngxDirective pop3_auth > syn keyword ngxDirective pop3_capabilities > syn keyword ngxDirective port_in_redirect > syn keyword ngxDirective post_acceptex > syn keyword ngxDirective postpone_gzipping > syn keyword ngxDirective postpone_output > +syn keyword ngxDirective preread_buffer_size > +syn keyword ngxDirective preread_timeout > syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite > syn keyword ngxMailProtocol imap pop3 smtp contained > syn keyword ngxDirective proxy > syn keyword ngxDirective proxy_bind > syn keyword ngxDirective proxy_buffer > syn keyword ngxDirective proxy_buffer_size > syn keyword ngxDirective proxy_buffering > syn keyword ngxDirective proxy_buffers > syn keyword ngxDirective proxy_busy_buffers_size > syn keyword ngxDirective proxy_cache > syn keyword ngxDirective proxy_cache_bypass > +syn keyword ngxDirective proxy_cache_convert_head > syn keyword ngxDirective proxy_cache_key > syn keyword ngxDirective proxy_cache_lock > +syn keyword ngxDirective proxy_cache_lock_age > syn keyword ngxDirective proxy_cache_lock_timeout > +syn keyword ngxDirective proxy_cache_max_range_offset > syn keyword ngxDirective proxy_cache_methods > syn keyword ngxDirective proxy_cache_min_uses > syn keyword ngxDirective proxy_cache_path > +syn keyword ngxDirective proxy_cache_purge > syn keyword ngxDirective proxy_cache_revalidate > syn keyword ngxDirective proxy_cache_use_stale > syn keyword ngxDirective proxy_cache_valid > syn keyword ngxDirective proxy_connect_timeout > syn keyword ngxDirective proxy_cookie_domain > syn keyword ngxDirective proxy_cookie_path > +syn keyword ngxDirective proxy_download_rate > syn keyword ngxDirective proxy_force_ranges > syn keyword ngxDirective proxy_headers_hash_bucket_size > syn keyword ngxDirective proxy_headers_hash_max_size > syn keyword ngxDirective proxy_hide_header > syn keyword ngxDirective proxy_http_version > syn keyword ngxDirective proxy_ignore_client_abort > syn keyword ngxDirective proxy_ignore_headers > syn keyword ngxDirective proxy_intercept_errors > +syn keyword ngxDirective proxy_limit_rate > syn keyword ngxDirective proxy_max_temp_file_size > syn keyword ngxDirective proxy_method > syn keyword ngxDirective proxy_next_upstream > syn keyword ngxDirective proxy_next_upstream_timeout > syn keyword ngxDirective proxy_next_upstream_tries > syn keyword ngxDirective proxy_no_cache > syn keyword ngxDirective proxy_pass_error_message > syn keyword ngxDirective proxy_pass_header > syn keyword ngxDirective proxy_pass_request_body > syn keyword ngxDirective proxy_pass_request_headers > +syn keyword ngxDirective proxy_protocol > +syn keyword ngxDirective proxy_protocol_timeout > syn keyword ngxDirective proxy_read_timeout > syn keyword ngxDirective proxy_redirect > +syn keyword ngxDirective proxy_request_buffering > +syn keyword ngxDirective proxy_responses > syn keyword ngxDirective proxy_send_lowat > syn keyword ngxDirective proxy_send_timeout > syn keyword ngxDirective proxy_set_body > syn keyword ngxDirective proxy_set_header > +syn keyword ngxDirective proxy_ssl_certificate > +syn keyword ngxDirective proxy_ssl_certificate_key > syn keyword ngxDirective proxy_ssl_ciphers > syn keyword ngxDirective proxy_ssl_crl > syn keyword ngxDirective proxy_ssl_name > +syn keyword ngxDirective proxy_ssl_password_file > syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite > syn keyword ngxDirective proxy_ssl_server_name > syn keyword ngxDirective proxy_ssl_session_reuse > syn keyword ngxDirective proxy_ssl_trusted_certificate > syn keyword ngxDirective proxy_ssl_verify > syn keyword ngxDirective proxy_ssl_verify_depth > syn keyword ngxDirective proxy_store > syn keyword ngxDirective proxy_store_access > syn keyword ngxDirective proxy_temp_file_write_size > syn keyword ngxDirective proxy_temp_path > syn keyword ngxDirective proxy_timeout > +syn keyword ngxDirective proxy_upload_rate > +syn keyword ngxDirective queue > syn keyword ngxDirective random_index > syn keyword ngxDirective read_ahead > syn keyword ngxDirective real_ip_header > syn keyword ngxDirective real_ip_recursive > syn keyword ngxDirective recursive_error_pages > syn keyword ngxDirective referer_hash_bucket_size > syn keyword ngxDirective referer_hash_max_size > syn keyword ngxDirective request_pool_size > @@ -368,56 +430,65 @@ syn keyword ngxDirective scgi_bind > syn keyword ngxDirective scgi_buffer_size > syn keyword ngxDirective scgi_buffering > syn keyword ngxDirective scgi_buffers > syn keyword ngxDirective scgi_busy_buffers_size > syn keyword ngxDirective scgi_cache > syn keyword ngxDirective scgi_cache_bypass > syn keyword ngxDirective scgi_cache_key > syn keyword ngxDirective scgi_cache_lock > +syn keyword ngxDirective scgi_cache_lock_age > syn keyword ngxDirective scgi_cache_lock_timeout > +syn keyword ngxDirective scgi_cache_max_range_offset > syn keyword ngxDirective scgi_cache_methods > syn keyword ngxDirective scgi_cache_min_uses > syn keyword ngxDirective scgi_cache_path > +syn keyword ngxDirective scgi_cache_purge > syn keyword ngxDirective scgi_cache_revalidate > syn keyword ngxDirective scgi_cache_use_stale > syn keyword ngxDirective scgi_cache_valid > syn keyword ngxDirective scgi_connect_timeout > syn keyword ngxDirective scgi_force_ranges > syn keyword ngxDirective scgi_hide_header > syn keyword ngxDirective scgi_ignore_client_abort > syn keyword ngxDirective scgi_ignore_headers > syn keyword ngxDirective scgi_intercept_errors > +syn keyword ngxDirective scgi_limit_rate > syn keyword ngxDirective scgi_max_temp_file_size > syn keyword ngxDirective scgi_next_upstream > syn keyword ngxDirective scgi_next_upstream_timeout > syn keyword ngxDirective scgi_next_upstream_tries > syn keyword ngxDirective scgi_no_cache > syn keyword ngxDirective scgi_param > syn keyword ngxDirective scgi_pass_header > syn keyword ngxDirective scgi_pass_request_body > syn keyword ngxDirective scgi_pass_request_headers > syn keyword ngxDirective scgi_read_timeout > +syn keyword ngxDirective scgi_request_buffering > syn keyword ngxDirective scgi_send_timeout > syn keyword ngxDirective scgi_store > syn keyword ngxDirective scgi_store_access > syn keyword ngxDirective scgi_temp_file_write_size > syn keyword ngxDirective scgi_temp_path > syn keyword ngxDirective secure_link > syn keyword ngxDirective secure_link_md5 > syn keyword ngxDirective secure_link_secret > syn keyword ngxDirective send_lowat > syn keyword ngxDirective send_timeout > syn keyword ngxDirective sendfile > syn keyword ngxDirective sendfile_max_chunk > syn keyword ngxDirective server_name_in_redirect > syn keyword ngxDirective server_names_hash_bucket_size > syn keyword ngxDirective server_names_hash_max_size > syn keyword ngxDirective server_tokens > +syn keyword ngxDirective session_log > +syn keyword ngxDirective session_log_format > +syn keyword ngxDirective session_log_zone > syn keyword ngxDirective set_real_ip_from > +syn keyword ngxDirective slice > syn keyword ngxDirective smtp_auth > syn keyword ngxDirective smtp_capabilities > syn keyword ngxDirective smtp_client_buffer > syn keyword ngxDirective smtp_greeting_delay > syn keyword ngxDirective source_charset > syn keyword ngxDirective spdy_chunk_size > syn keyword ngxDirective spdy_headers_comp > syn keyword ngxDirective spdy_keepalive_timeout > @@ -438,46 +509,56 @@ syn keyword ngxDirective ssl_buffer_size > syn keyword ngxDirective ssl_certificate > syn keyword ngxDirective ssl_certificate_key > syn keyword ngxDirective ssl_ciphers > syn keyword ngxDirective ssl_client_certificate > syn keyword ngxDirective ssl_crl > syn keyword ngxDirective ssl_dhparam > syn keyword ngxDirective ssl_ecdh_curve > syn keyword ngxDirective ssl_engine > +syn keyword ngxDirective ssl_handshake_timeout > syn keyword ngxDirective ssl_password_file > syn keyword ngxDirective ssl_prefer_server_ciphers > +syn keyword ngxDirective ssl_preread > syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite > syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite > syn keyword ngxDirective ssl_session_cache > syn keyword ngxDirective ssl_session_ticket_key > syn keyword ngxDirective ssl_session_tickets > syn keyword ngxDirective ssl_session_timeout > syn keyword ngxDirective ssl_stapling > syn keyword ngxDirective ssl_stapling_file > syn keyword ngxDirective ssl_stapling_responder > syn keyword ngxDirective ssl_stapling_verify > syn keyword ngxDirective ssl_trusted_certificate > syn keyword ngxDirective ssl_verify_client > syn keyword ngxDirective ssl_verify_depth > syn keyword ngxDirective starttls > +syn keyword ngxDirective state > +syn keyword ngxDirective status > +syn keyword ngxDirective status_format > +syn keyword ngxDirective status_zone > +syn keyword ngxDirective sticky > +syn keyword ngxDirective sticky_cookie_insert > syn keyword ngxDirective stub_status > syn keyword ngxDirective sub_filter > syn keyword ngxDirective sub_filter_last_modified > syn keyword ngxDirective sub_filter_once > syn keyword ngxDirective sub_filter_types > syn keyword ngxDirective tcp_nodelay > syn keyword ngxDirective tcp_nopush > +syn keyword ngxDirective thread_pool > syn keyword ngxDirective thread_stack_size > syn keyword ngxDirective timeout > syn keyword ngxDirective timer_resolution > syn keyword ngxDirective types_hash_bucket_size > syn keyword ngxDirective types_hash_max_size > syn keyword ngxDirective underscores_in_headers > syn keyword ngxDirective uninitialized_variable_warn > +syn keyword ngxDirective upstream_conf > syn keyword ngxDirective use > syn keyword ngxDirective user > syn keyword ngxDirective userid > syn keyword ngxDirective userid_domain > syn keyword ngxDirective userid_expires > syn keyword ngxDirective userid_mark > syn keyword ngxDirective userid_name > syn keyword ngxDirective userid_p3p > @@ -487,45 +568,53 @@ syn keyword ngxDirective uwsgi_bind > syn keyword ngxDirective uwsgi_buffer_size > syn keyword ngxDirective uwsgi_buffering > syn keyword ngxDirective uwsgi_buffers > syn keyword ngxDirective uwsgi_busy_buffers_size > syn keyword ngxDirective uwsgi_cache > syn keyword ngxDirective uwsgi_cache_bypass > syn keyword ngxDirective uwsgi_cache_key > syn keyword ngxDirective uwsgi_cache_lock > +syn keyword ngxDirective uwsgi_cache_lock_age > syn keyword ngxDirective uwsgi_cache_lock_timeout > syn keyword ngxDirective uwsgi_cache_methods > syn keyword ngxDirective uwsgi_cache_min_uses > syn keyword ngxDirective uwsgi_cache_path > +syn keyword ngxDirective uwsgi_cache_purge > syn keyword ngxDirective uwsgi_cache_revalidate > syn keyword ngxDirective uwsgi_cache_use_stale > syn keyword ngxDirective uwsgi_cache_valid > syn keyword ngxDirective uwsgi_connect_timeout > syn keyword ngxDirective uwsgi_force_ranges > syn keyword ngxDirective uwsgi_hide_header > syn keyword ngxDirective uwsgi_ignore_client_abort > syn keyword ngxDirective uwsgi_ignore_headers > syn keyword ngxDirective uwsgi_intercept_errors > +syn keyword ngxDirective uwsgi_limit_rate > syn keyword ngxDirective uwsgi_max_temp_file_size > syn keyword ngxDirective uwsgi_modifier1 > syn keyword ngxDirective uwsgi_modifier2 > syn keyword ngxDirective uwsgi_next_upstream > syn keyword ngxDirective uwsgi_next_upstream_timeout > syn keyword ngxDirective uwsgi_next_upstream_tries > syn keyword ngxDirective uwsgi_no_cache > syn keyword ngxDirective uwsgi_param > +syn keyword ngxDirective uwsgi_pass > syn keyword ngxDirective uwsgi_pass_header > syn keyword ngxDirective uwsgi_pass_request_body > syn keyword ngxDirective uwsgi_pass_request_headers > syn keyword ngxDirective uwsgi_read_timeout > +syn keyword ngxDirective uwsgi_request_buffering > syn keyword ngxDirective uwsgi_send_timeout > +syn keyword ngxDirective uwsgi_ssl_certificate > +syn keyword ngxDirective uwsgi_ssl_certificate_key > syn keyword ngxDirective uwsgi_ssl_ciphers > syn keyword ngxDirective uwsgi_ssl_crl > syn keyword ngxDirective uwsgi_ssl_name > +syn keyword ngxDirective uwsgi_ssl_password_file > syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite > syn keyword ngxDirective uwsgi_ssl_server_name > syn keyword ngxDirective uwsgi_ssl_session_reuse > syn keyword ngxDirective uwsgi_ssl_trusted_certificate > syn keyword ngxDirective uwsgi_ssl_verify > syn keyword ngxDirective uwsgi_ssl_verify_depth > syn keyword ngxDirective uwsgi_store > syn keyword ngxDirective uwsgi_store_access > @@ -547,16 +636,17 @@ syn keyword ngxDirective worker_threads > syn keyword ngxDirective working_directory > syn keyword ngxDirective xclient > syn keyword ngxDirective xml_entities > syn keyword ngxDirective xslt_last_modified > syn keyword ngxDirective xslt_param > syn keyword ngxDirective xslt_string_param > syn keyword ngxDirective xslt_stylesheet > syn keyword ngxDirective xslt_types > +syn keyword ngxDirective zone > > " 3rd party module list: > " http://wiki.nginx.org/Nginx3rdPartyModules > > " Accept Language Module > " Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. > syn keyword ngxDirectiveThirdParty set_from_accept_language > -- OOO From mp3geek at gmail.com Fri Feb 24 08:05:42 2017 From: mp3geek at gmail.com (Ryan) Date: Fri, 24 Feb 2017 21:05:42 +1300 Subject: [PATCH] Add static brotli module In-Reply-To: References: <2886732.38QkW4xQnI@vbart-workstation> Message-ID: Do you have a brotli patch that applies cleanly with nginx-1.11.10. I'm getting many patch fails. On Fri, Feb 24, 2017 at 8:03 AM, Eugene Kluchnikov wrote: > # HG changeset patch > # User Evgenii Kliuchnikov > # Date 1487764873 -3600 > # Wed Feb 22 13:01:13 2017 +0100 > # Node ID c230f3874e060ccb14d7560233f2c70a910640a1 > # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c > Add brotli static serving support. > > Both .gz and .br static content is served by > ngx_http_gzip_static_modile, but have separate configuration. > > diff -r 87cf6ddb41c2 -r c230f3874e06 contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 > +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 > @@ -86,6 +86,7 @@ > syn keyword ngxDirective autoindex > syn keyword ngxDirective autoindex_exact_size > syn keyword ngxDirective autoindex_localtime > +syn keyword ngxDirective brotli_static > syn keyword ngxDirective charset > syn keyword ngxDirective charset_types > syn keyword ngxDirective chunked_transfer_encoding > diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/modules/ngx_http_ > gzip_static_module.c > --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 17:01:27 > 2017 +0300 > +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 13:01:13 > 2017 +0100 > @@ -16,10 +16,14 @@ > > > typedef struct { > - ngx_uint_t enable; > + ngx_uint_t enable_gzip; > + ngx_uint_t enable_brotli; > } ngx_http_gzip_static_conf_t; > > > +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, > + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, > + ngx_str_t *encoding); > static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); > static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); > static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void > *parent, > @@ -41,7 +45,14 @@ > NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF| > NGX_CONF_TAKE1, > ngx_conf_set_enum_slot, > NGX_HTTP_LOC_CONF_OFFSET, > - offsetof(ngx_http_gzip_static_conf_t, enable), > + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), > + &ngx_http_gzip_static }, > + > + { ngx_string("brotli_static"), > + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF| > NGX_CONF_TAKE1, > + ngx_conf_set_enum_slot, > + NGX_HTTP_LOC_CONF_OFFSET, > + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), > &ngx_http_gzip_static }, > > ngx_null_command > @@ -79,19 +90,14 @@ > }; > > > +static ngx_str_t encoding_gzip = ngx_string("gzip"); > +static ngx_str_t encoding_brotli = ngx_string("br"); > + > + > static ngx_int_t > ngx_http_gzip_static_handler(ngx_http_request_t *r) > { > - u_char *p; > - size_t root; > - ngx_str_t path; > ngx_int_t rc; > - ngx_uint_t level; > - ngx_log_t *log; > - ngx_buf_t *b; > - ngx_chain_t out; > - ngx_table_elt_t *h; > - ngx_open_file_info_t of; > ngx_http_core_loc_conf_t *clcf; > ngx_http_gzip_static_conf_t *gzcf; > > @@ -105,19 +111,56 @@ > > gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && > + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { > return NGX_DECLINED; > } > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { > - rc = ngx_http_gzip_ok(r); > + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > > - } else { > - /* always */ > - rc = NGX_OK; > + rc = NGX_DECLINED; > + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { > + rc = ngx_http_gzip_ok(r); > + } else { > + /* always */ > + rc = NGX_OK; > + } > + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, > clcf, > + &encoding_gzip); > } > > - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == > NGX_DECLINED) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { > + rc = ngx_http_gzip_ok(r); > + } else { > + /* always */ > + rc = NGX_OK; > + } > + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, rc, > clcf, > + &encoding_brotli); > + } > + > + return rc; > +} > + > + > +static ngx_int_t > +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t enable, > + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) > +{ > + u_char *p; > + size_t root; > + ngx_str_t path; > + ngx_int_t rc; > + ngx_uint_t level; > + ngx_log_t *log; > + ngx_buf_t *b; > + ngx_chain_t out; > + ngx_table_elt_t *h; > + ngx_open_file_info_t of; > + > + rc = ok; > > if (!clcf->gzip_vary && rc != NGX_OK) { > return NGX_DECLINED; > @@ -125,14 +168,14 @@ > > log = r->connection->log; > > - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); > + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); > if (p == NULL) { > return NGX_HTTP_INTERNAL_SERVER_ERROR; > } > > *p++ = '.'; > - *p++ = 'g'; > - *p++ = 'z'; > + *p++ = encoding->data[0]; > + *p++ = encoding->data[1]; > *p = '\0'; > > path.len = p - path.data; > @@ -188,7 +231,7 @@ > return NGX_DECLINED; > } > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { > + if (enable == NGX_HTTP_GZIP_STATIC_ON) { > r->gzip_vary = 1; > > if (rc != NGX_OK) { > @@ -243,7 +286,7 @@ > > h->hash = 1; > ngx_str_set(&h->key, "Content-Encoding"); > - ngx_str_set(&h->value, "gzip"); > + h->value = *encoding; > r->headers_out.content_encoding = h; > > /* we need to allocate all before the header would be sent */ > @@ -293,7 +336,8 @@ > return NULL; > } > > - conf->enable = NGX_CONF_UNSET_UINT; > + conf->enable_gzip = NGX_CONF_UNSET_UINT; > + conf->enable_brotli = NGX_CONF_UNSET_UINT; > > return conf; > } > @@ -305,7 +349,9 @@ > ngx_http_gzip_static_conf_t *prev = parent; > ngx_http_gzip_static_conf_t *conf = child; > > - ngx_conf_merge_uint_value(conf->enable, prev->enable, > + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, > + NGX_HTTP_GZIP_STATIC_OFF); > + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, > NGX_HTTP_GZIP_STATIC_OFF); > > return NGX_CONF_OK; > diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.c > --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 > +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 > @@ -74,8 +74,8 @@ > static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, > void *conf); > #if (NGX_HTTP_GZIP) > -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); > -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); > +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t > n); > +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); > static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, > void *conf); > #endif > @@ -2170,7 +2170,7 @@ > */ > > if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 > - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) > + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) > { > return NGX_DECLINED; > } > @@ -2297,15 +2297,42 @@ > } > > > +ngx_int_t > +ngx_http_brotli_ok(ngx_http_request_t *r) > +{ > + ngx_table_elt_t *ae; > + > + if (r != r->main) { > + return NGX_DECLINED; > + } > + > + ae = r->headers_in.accept_encoding; > + if (ae == NULL) { > + return NGX_DECLINED; > + } > + > + if (ae->value.len < sizeof("br") - 1) { > + return NGX_DECLINED; > + } > + > + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) > + { > + return NGX_DECLINED; > + } > + > + return NGX_OK; > +} > + > + > /* > - * gzip is enabled for the following quantities: > + * encoding is enabled for the following quantities: > * "gzip; q=0.001" ... "gzip; q=1.000" > - * gzip is disabled for the following quantities: > - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases > + * encoding is disabled for the following quantities: > + * "br; q=0" ... "br; q=0.000", and for any invalid cases > */ > > static ngx_int_t > -ngx_http_gzip_accept_encoding(ngx_str_t *ae) > +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) > { > u_char *p, *start, *last; > > @@ -2313,7 +2340,7 @@ > last = start + ae->len; > > for ( ;; ) { > - p = ngx_strcasestrn(start, "gzip", 4 - 1); > + p = ngx_strcasestrn(start, e, n - 1); > if (p == NULL) { > return NGX_DECLINED; > } > @@ -2322,10 +2349,10 @@ > break; > } > > - start = p + 4; > - } > - > - p += 4; > + start = p + n; > + } > + > + p += n; > > while (p < last) { > switch (*p++) { > @@ -2364,7 +2391,7 @@ > return NGX_DECLINED; > } > > - if (ngx_http_gzip_quantity(p, last) == 0) { > + if (ngx_http_encoding_quantity(p, last) == 0) { > return NGX_DECLINED; > } > > @@ -2373,7 +2400,7 @@ > > > static ngx_uint_t > -ngx_http_gzip_quantity(u_char *p, u_char *last) > +ngx_http_encoding_quantity(u_char *p, u_char *last) > { > u_char c; > ngx_uint_t n, q; > diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.h > --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 > +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 > @@ -504,6 +504,7 @@ > ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); > #if (NGX_HTTP_GZIP) > ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); > +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); > #endif > > > > > > Fixed "Content-Encoding" value. > > On 23 February 2017 at 13:11, Eugene Kluchnikov > wrote: > >> # HG changeset patch >> # User Evgenii Kliuchnikov >> # Date 1487764873 -3600 >> # Wed Feb 22 13:01:13 2017 +0100 >> # Node ID 96939e63f30579f2f32e843d217bd46fa6086bb4 >> # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c >> Add brotli static serving support. >> >> Both .gz and .br static content is served by >> ngx_http_gzip_static_modile, but have separate configuration. >> >> diff -r 87cf6ddb41c2 -r 96939e63f305 contrib/vim/syntax/nginx.vim >> --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 >> +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 >> @@ -86,6 +86,7 @@ >> syn keyword ngxDirective autoindex >> syn keyword ngxDirective autoindex_exact_size >> syn keyword ngxDirective autoindex_localtime >> +syn keyword ngxDirective brotli_static >> syn keyword ngxDirective charset >> syn keyword ngxDirective charset_types >> syn keyword ngxDirective chunked_transfer_encoding >> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/modules/ngx_http_gzip >> _static_module.c >> --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 17:01:27 >> 2017 +0300 >> +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 13:01:13 >> 2017 +0100 >> @@ -16,10 +16,14 @@ >> >> >> typedef struct { >> - ngx_uint_t enable; >> + ngx_uint_t enable_gzip; >> + ngx_uint_t enable_brotli; >> } ngx_http_gzip_static_conf_t; >> >> >> +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, >> + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, >> + ngx_str_t *encoding); >> static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); >> static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); >> static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void >> *parent, >> @@ -41,7 +45,14 @@ >> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >> CONF_TAKE1, >> ngx_conf_set_enum_slot, >> NGX_HTTP_LOC_CONF_OFFSET, >> - offsetof(ngx_http_gzip_static_conf_t, enable), >> + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), >> + &ngx_http_gzip_static }, >> + >> + { ngx_string("brotli_static"), >> + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >> CONF_TAKE1, >> + ngx_conf_set_enum_slot, >> + NGX_HTTP_LOC_CONF_OFFSET, >> + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), >> &ngx_http_gzip_static }, >> >> ngx_null_command >> @@ -79,19 +90,13 @@ >> }; >> >> >> +static ngx_str_t encoding_gzip = ngx_string("gzip"); >> +static ngx_str_t encoding_brotli = ngx_string("brotli"); >> + >> static ngx_int_t >> ngx_http_gzip_static_handler(ngx_http_request_t *r) >> { >> - u_char *p; >> - size_t root; >> - ngx_str_t path; >> ngx_int_t rc; >> - ngx_uint_t level; >> - ngx_log_t *log; >> - ngx_buf_t *b; >> - ngx_chain_t out; >> - ngx_table_elt_t *h; >> - ngx_open_file_info_t of; >> ngx_http_core_loc_conf_t *clcf; >> ngx_http_gzip_static_conf_t *gzcf; >> >> @@ -105,19 +110,56 @@ >> >> gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && >> + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { >> return NGX_DECLINED; >> } >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >> - rc = ngx_http_gzip_ok(r); >> + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >> >> - } else { >> - /* always */ >> - rc = NGX_OK; >> + rc = NGX_DECLINED; >> + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >> + rc = ngx_http_gzip_ok(r); >> + } else { >> + /* always */ >> + rc = NGX_OK; >> + } >> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, >> clcf, >> + &encoding_gzip); >> } >> >> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >> + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == >> NGX_DECLINED) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >> + rc = ngx_http_gzip_ok(r); >> + } else { >> + /* always */ >> + rc = NGX_OK; >> + } >> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, >> rc, clcf, >> + &encoding_brotli); >> + } >> + >> + return rc; >> +} >> + >> + >> +static ngx_int_t >> +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t >> enable, >> + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) >> +{ >> + u_char *p; >> + size_t root; >> + ngx_str_t path; >> + ngx_int_t rc; >> + ngx_uint_t level; >> + ngx_log_t *log; >> + ngx_buf_t *b; >> + ngx_chain_t out; >> + ngx_table_elt_t *h; >> + ngx_open_file_info_t of; >> + >> + rc = ok; >> >> if (!clcf->gzip_vary && rc != NGX_OK) { >> return NGX_DECLINED; >> @@ -125,14 +167,14 @@ >> >> log = r->connection->log; >> >> - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); >> + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); >> if (p == NULL) { >> return NGX_HTTP_INTERNAL_SERVER_ERROR; >> } >> >> *p++ = '.'; >> - *p++ = 'g'; >> - *p++ = 'z'; >> + *p++ = encoding->data[0]; >> + *p++ = encoding->data[1]; >> *p = '\0'; >> >> path.len = p - path.data; >> @@ -188,7 +230,7 @@ >> return NGX_DECLINED; >> } >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >> + if (enable == NGX_HTTP_GZIP_STATIC_ON) { >> r->gzip_vary = 1; >> >> if (rc != NGX_OK) { >> @@ -243,7 +285,7 @@ >> >> h->hash = 1; >> ngx_str_set(&h->key, "Content-Encoding"); >> - ngx_str_set(&h->value, "gzip"); >> + h->value = *encoding; >> r->headers_out.content_encoding = h; >> >> /* we need to allocate all before the header would be sent */ >> @@ -293,7 +335,8 @@ >> return NULL; >> } >> >> - conf->enable = NGX_CONF_UNSET_UINT; >> + conf->enable_gzip = NGX_CONF_UNSET_UINT; >> + conf->enable_brotli = NGX_CONF_UNSET_UINT; >> >> return conf; >> } >> @@ -305,7 +348,9 @@ >> ngx_http_gzip_static_conf_t *prev = parent; >> ngx_http_gzip_static_conf_t *conf = child; >> >> - ngx_conf_merge_uint_value(conf->enable, prev->enable, >> + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, >> + NGX_HTTP_GZIP_STATIC_OFF); >> + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, >> NGX_HTTP_GZIP_STATIC_OFF); >> >> return NGX_CONF_OK; >> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.c >> --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 >> +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 >> @@ -74,8 +74,8 @@ >> static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, >> void *conf); >> #if (NGX_HTTP_GZIP) >> -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); >> -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); >> +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, >> size_t n); >> +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); >> static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, >> void *conf); >> #endif >> @@ -2170,7 +2170,7 @@ >> */ >> >> if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 >> - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) >> + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) >> { >> return NGX_DECLINED; >> } >> @@ -2297,15 +2297,42 @@ >> } >> >> >> +ngx_int_t >> +ngx_http_brotli_ok(ngx_http_request_t *r) >> +{ >> + ngx_table_elt_t *ae; >> + >> + if (r != r->main) { >> + return NGX_DECLINED; >> + } >> + >> + ae = r->headers_in.accept_encoding; >> + if (ae == NULL) { >> + return NGX_DECLINED; >> + } >> + >> + if (ae->value.len < sizeof("br") - 1) { >> + return NGX_DECLINED; >> + } >> + >> + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) >> + { >> + return NGX_DECLINED; >> + } >> + >> + return NGX_OK; >> +} >> + >> + >> /* >> - * gzip is enabled for the following quantities: >> + * encoding is enabled for the following quantities: >> * "gzip; q=0.001" ... "gzip; q=1.000" >> - * gzip is disabled for the following quantities: >> - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases >> + * encoding is disabled for the following quantities: >> + * "br; q=0" ... "br; q=0.000", and for any invalid cases >> */ >> >> static ngx_int_t >> -ngx_http_gzip_accept_encoding(ngx_str_t *ae) >> +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) >> { >> u_char *p, *start, *last; >> >> @@ -2313,7 +2340,7 @@ >> last = start + ae->len; >> >> for ( ;; ) { >> - p = ngx_strcasestrn(start, "gzip", 4 - 1); >> + p = ngx_strcasestrn(start, e, n - 1); >> if (p == NULL) { >> return NGX_DECLINED; >> } >> @@ -2322,10 +2349,10 @@ >> break; >> } >> >> - start = p + 4; >> - } >> - >> - p += 4; >> + start = p + n; >> + } >> + >> + p += n; >> >> while (p < last) { >> switch (*p++) { >> @@ -2364,7 +2391,7 @@ >> return NGX_DECLINED; >> } >> >> - if (ngx_http_gzip_quantity(p, last) == 0) { >> + if (ngx_http_encoding_quantity(p, last) == 0) { >> return NGX_DECLINED; >> } >> >> @@ -2373,7 +2400,7 @@ >> >> >> static ngx_uint_t >> -ngx_http_gzip_quantity(u_char *p, u_char *last) >> +ngx_http_encoding_quantity(u_char *p, u_char *last) >> { >> u_char c; >> ngx_uint_t n, q; >> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.h >> --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 >> +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 >> @@ -504,6 +504,7 @@ >> ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); >> #if (NGX_HTTP_GZIP) >> ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); >> +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); >> #endif >> >> >> >> >> >> >> Take 2 - modify ngx_http_gzip_static_modile to serve both .gz and .br. >> >> >> On 22 February 2017 at 16:10, Eugene Kluchnikov >> wrote: >> >>> Yup. Going to try to create a "combined" module soon =) >>> >>> On 22 February 2017 at 15:40, Valentin V. Bartenev >>> wrote: >>>> >>>> At the first glance, the differences are really small and >>>> such functionality can be combined in one module. >>>> >>> > > > -- > ? ?????????? ???????????, ??????? ????????? > WBR, Eugene Kluchnikov > > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From othree at gmail.com Fri Feb 24 11:00:47 2017 From: othree at gmail.com (othree) Date: Fri, 24 Feb 2017 19:00:47 +0800 Subject: [PATCH] Contrib: vim syntax, update core module directives Message-ID: <2cb489dbb6287cfcb996.1487934047@othree.local> # HG changeset patch # User othree # Date 1487930758 -28800 # Fri Feb 24 18:05:58 2017 +0800 # Node ID 2cb489dbb6287cfcb99641f0f53a6ded1df87aab # Parent 00903b2132edb863e8aed2e84e216817fcc07c90 Contrib: vim syntax, update core module directives. diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -77,40 +77,47 @@ syn keyword ngxDirectiveDeprecated conne syn keyword ngxDirectiveDeprecated imap syn keyword ngxDirectiveDeprecated limit_zone syn keyword ngxDirectiveDeprecated mysql_test syn keyword ngxDirectiveDeprecated open_file_cache_retest syn keyword ngxDirectiveDeprecated optimize_server_names syn keyword ngxDirectiveDeprecated satisfy_any syn keyword ngxDirectiveDeprecated so_keepalive +syn keyword ngxDirective absolute_redirect syn keyword ngxDirective accept_mutex syn keyword ngxDirective accept_mutex_delay syn keyword ngxDirective acceptex_read syn keyword ngxDirective access_log syn keyword ngxDirective add_after_body syn keyword ngxDirective add_before_body syn keyword ngxDirective add_header syn keyword ngxDirective addition_types syn keyword ngxDirective aio +syn keyword ngxDirective aio_write syn keyword ngxDirective alias syn keyword ngxDirective allow syn keyword ngxDirective ancient_browser syn keyword ngxDirective ancient_browser_value syn keyword ngxDirective auth_basic syn keyword ngxDirective auth_basic_user_file syn keyword ngxDirective auth_http syn keyword ngxDirective auth_http_header +syn keyword ngxDirective auth_http_pass_client_cert syn keyword ngxDirective auth_http_timeout +syn keyword ngxDirective auth_jwt +syn keyword ngxDirective auth_jwt_key_file syn keyword ngxDirective auth_request syn keyword ngxDirective auth_request_set syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size +syn keyword ngxDirective autoindex_format syn keyword ngxDirective autoindex_localtime syn keyword ngxDirective charset +syn keyword ngxDirective charset_map syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding syn keyword ngxDirective client_body_buffer_size syn keyword ngxDirective client_body_in_file_only syn keyword ngxDirective client_body_in_single_buffer syn keyword ngxDirective client_body_temp_path syn keyword ngxDirective client_body_timeout syn keyword ngxDirective client_header_buffer_size @@ -134,51 +141,58 @@ syn keyword ngxDirective directio_alignm syn keyword ngxDirective disable_symlinks syn keyword ngxDirective empty_gif syn keyword ngxDirective env syn keyword ngxDirective epoll_events syn keyword ngxDirective error_log syn keyword ngxDirective etag syn keyword ngxDirective eventport_events syn keyword ngxDirective expires +syn keyword ngxDirective f4f +syn keyword ngxDirective f4f_buffer_size syn keyword ngxDirective fastcgi_bind syn keyword ngxDirective fastcgi_buffer_size syn keyword ngxDirective fastcgi_buffering syn keyword ngxDirective fastcgi_buffers syn keyword ngxDirective fastcgi_busy_buffers_size syn keyword ngxDirective fastcgi_cache syn keyword ngxDirective fastcgi_cache_bypass syn keyword ngxDirective fastcgi_cache_key syn keyword ngxDirective fastcgi_cache_lock +syn keyword ngxDirective fastcgi_cache_lock_age syn keyword ngxDirective fastcgi_cache_lock_timeout +syn keyword ngxDirective fastcgi_cache_max_range_offset syn keyword ngxDirective fastcgi_cache_methods syn keyword ngxDirective fastcgi_cache_min_uses syn keyword ngxDirective fastcgi_cache_path +syn keyword ngxDirective fastcgi_cache_purge syn keyword ngxDirective fastcgi_cache_revalidate syn keyword ngxDirective fastcgi_cache_use_stale syn keyword ngxDirective fastcgi_cache_valid syn keyword ngxDirective fastcgi_catch_stderr syn keyword ngxDirective fastcgi_connect_timeout syn keyword ngxDirective fastcgi_force_ranges syn keyword ngxDirective fastcgi_hide_header syn keyword ngxDirective fastcgi_ignore_client_abort syn keyword ngxDirective fastcgi_ignore_headers syn keyword ngxDirective fastcgi_index syn keyword ngxDirective fastcgi_intercept_errors syn keyword ngxDirective fastcgi_keep_conn +syn keyword ngxDirective fastcgi_limit_rate syn keyword ngxDirective fastcgi_max_temp_file_size syn keyword ngxDirective fastcgi_next_upstream syn keyword ngxDirective fastcgi_next_upstream_timeout syn keyword ngxDirective fastcgi_next_upstream_tries syn keyword ngxDirective fastcgi_no_cache syn keyword ngxDirective fastcgi_param syn keyword ngxDirective fastcgi_pass_header syn keyword ngxDirective fastcgi_pass_request_body syn keyword ngxDirective fastcgi_pass_request_headers syn keyword ngxDirective fastcgi_read_timeout +syn keyword ngxDirective fastcgi_request_buffering syn keyword ngxDirective fastcgi_send_lowat syn keyword ngxDirective fastcgi_send_timeout syn keyword ngxDirective fastcgi_split_path_info syn keyword ngxDirective fastcgi_store syn keyword ngxDirective fastcgi_store_access syn keyword ngxDirective fastcgi_temp_file_write_size syn keyword ngxDirective fastcgi_temp_path syn keyword ngxDirective flv @@ -199,78 +213,109 @@ syn keyword ngxDirective gzip_http_versi syn keyword ngxDirective gzip_min_length syn keyword ngxDirective gzip_no_buffer syn keyword ngxDirective gzip_proxied syn keyword ngxDirective gzip_static syn keyword ngxDirective gzip_types syn keyword ngxDirective gzip_vary syn keyword ngxDirective gzip_window syn keyword ngxDirective hash +syn keyword ngxDirective health_check +syn keyword ngxDirective health_check_timeout +syn keyword ngxDirective hls +syn keyword ngxDirective hls_buffers +syn keyword ngxDirective hls_forward_args +syn keyword ngxDirective hls_fragment +syn keyword ngxDirective hls_mp4_buffer_size +syn keyword ngxDirective hls_mp4_max_buffer_size +syn keyword ngxDirective http2_chunk_size +syn keyword ngxDirective http2_body_preread_size +syn keyword ngxDirective http2_idle_timeout +syn keyword ngxDirective http2_max_concurrent_streams +syn keyword ngxDirective http2_max_field_size +syn keyword ngxDirective http2_max_header_size +syn keyword ngxDirective http2_max_requests +syn keyword ngxDirective http2_recv_buffer_size +syn keyword ngxDirective http2_recv_timeout syn keyword ngxDirective if_modified_since syn keyword ngxDirective ignore_invalid_headers syn keyword ngxDirective image_filter syn keyword ngxDirective image_filter_buffer syn keyword ngxDirective image_filter_interlace syn keyword ngxDirective image_filter_jpeg_quality syn keyword ngxDirective image_filter_sharpen syn keyword ngxDirective image_filter_transparency +syn keyword ngxDirective image_filter_webp_quality syn keyword ngxDirective imap_auth syn keyword ngxDirective imap_capabilities syn keyword ngxDirective imap_client_buffer syn keyword ngxDirective index syn keyword ngxDirective iocp_threads syn keyword ngxDirective ip_hash +syn keyword ngxDirective js_access +syn keyword ngxDirective js_content +syn keyword ngxDirective js_filter +syn keyword ngxDirective js_include +syn keyword ngxDirective js_preread +syn keyword ngxDirective js_set syn keyword ngxDirective keepalive syn keyword ngxDirective keepalive_disable syn keyword ngxDirective keepalive_requests syn keyword ngxDirective keepalive_timeout syn keyword ngxDirective kqueue_changes syn keyword ngxDirective kqueue_events syn keyword ngxDirective large_client_header_buffers syn keyword ngxDirective least_conn +syn keyword ngxDirective least_time syn keyword ngxDirective limit_conn syn keyword ngxDirective limit_conn_log_level syn keyword ngxDirective limit_conn_status syn keyword ngxDirective limit_conn_zone syn keyword ngxDirective limit_rate syn keyword ngxDirective limit_rate_after syn keyword ngxDirective limit_req syn keyword ngxDirective limit_req_log_level syn keyword ngxDirective limit_req_status syn keyword ngxDirective limit_req_zone syn keyword ngxDirective lingering_close syn keyword ngxDirective lingering_time syn keyword ngxDirective lingering_timeout +syn keyword ngxDirective load_module syn keyword ngxDirective lock_file syn keyword ngxDirective log_format syn keyword ngxDirective log_not_found syn keyword ngxDirective log_subrequest syn keyword ngxDirective map_hash_bucket_size syn keyword ngxDirective map_hash_max_size +syn keyword ngxDirective match syn keyword ngxDirective master_process syn keyword ngxDirective max_ranges syn keyword ngxDirective memcached_bind syn keyword ngxDirective memcached_buffer_size syn keyword ngxDirective memcached_connect_timeout +syn keyword ngxDirective memcached_force_ranges syn keyword ngxDirective memcached_gzip_flag syn keyword ngxDirective memcached_next_upstream syn keyword ngxDirective memcached_next_upstream_timeout syn keyword ngxDirective memcached_next_upstream_tries syn keyword ngxDirective memcached_read_timeout syn keyword ngxDirective memcached_send_timeout syn keyword ngxDirective merge_slashes syn keyword ngxDirective min_delete_depth syn keyword ngxDirective modern_browser syn keyword ngxDirective modern_browser_value syn keyword ngxDirective mp4 syn keyword ngxDirective mp4_buffer_size syn keyword ngxDirective mp4_max_buffer_size +syn keyword ngxDirective mp4_limit_rate +syn keyword ngxDirective mp4_limit_rate_after syn keyword ngxDirective msie_padding syn keyword ngxDirective msie_refresh syn keyword ngxDirective multi_accept +syn keyword ngxDirective ntlm syn keyword ngxDirective open_file_cache syn keyword ngxDirective open_file_cache_errors syn keyword ngxDirective open_file_cache_events syn keyword ngxDirective open_file_cache_min_uses syn keyword ngxDirective open_file_cache_valid syn keyword ngxDirective open_log_file_cache syn keyword ngxDirective output_buffers syn keyword ngxDirective override_charset @@ -281,77 +326,94 @@ syn keyword ngxDirective perl_require syn keyword ngxDirective perl_set syn keyword ngxDirective pid syn keyword ngxDirective pop3_auth syn keyword ngxDirective pop3_capabilities syn keyword ngxDirective port_in_redirect syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output +syn keyword ngxDirective preread_buffer_size +syn keyword ngxDirective preread_timeout syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy syn keyword ngxDirective proxy_bind syn keyword ngxDirective proxy_buffer syn keyword ngxDirective proxy_buffer_size syn keyword ngxDirective proxy_buffering syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size syn keyword ngxDirective proxy_cache syn keyword ngxDirective proxy_cache_bypass +syn keyword ngxDirective proxy_cache_convert_head syn keyword ngxDirective proxy_cache_key syn keyword ngxDirective proxy_cache_lock +syn keyword ngxDirective proxy_cache_lock_age syn keyword ngxDirective proxy_cache_lock_timeout +syn keyword ngxDirective proxy_cache_max_range_offset syn keyword ngxDirective proxy_cache_methods syn keyword ngxDirective proxy_cache_min_uses syn keyword ngxDirective proxy_cache_path +syn keyword ngxDirective proxy_cache_purge syn keyword ngxDirective proxy_cache_revalidate syn keyword ngxDirective proxy_cache_use_stale syn keyword ngxDirective proxy_cache_valid syn keyword ngxDirective proxy_connect_timeout syn keyword ngxDirective proxy_cookie_domain syn keyword ngxDirective proxy_cookie_path +syn keyword ngxDirective proxy_download_rate syn keyword ngxDirective proxy_force_ranges syn keyword ngxDirective proxy_headers_hash_bucket_size syn keyword ngxDirective proxy_headers_hash_max_size syn keyword ngxDirective proxy_hide_header syn keyword ngxDirective proxy_http_version syn keyword ngxDirective proxy_ignore_client_abort syn keyword ngxDirective proxy_ignore_headers syn keyword ngxDirective proxy_intercept_errors +syn keyword ngxDirective proxy_limit_rate syn keyword ngxDirective proxy_max_temp_file_size syn keyword ngxDirective proxy_method syn keyword ngxDirective proxy_next_upstream syn keyword ngxDirective proxy_next_upstream_timeout syn keyword ngxDirective proxy_next_upstream_tries syn keyword ngxDirective proxy_no_cache syn keyword ngxDirective proxy_pass_error_message syn keyword ngxDirective proxy_pass_header syn keyword ngxDirective proxy_pass_request_body syn keyword ngxDirective proxy_pass_request_headers +syn keyword ngxDirective proxy_protocol +syn keyword ngxDirective proxy_protocol_timeout syn keyword ngxDirective proxy_read_timeout syn keyword ngxDirective proxy_redirect +syn keyword ngxDirective proxy_request_buffering +syn keyword ngxDirective proxy_responses syn keyword ngxDirective proxy_send_lowat syn keyword ngxDirective proxy_send_timeout syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header +syn keyword ngxDirective proxy_ssl_certificate +syn keyword ngxDirective proxy_ssl_certificate_key syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name +syn keyword ngxDirective proxy_ssl_password_file syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse syn keyword ngxDirective proxy_ssl_trusted_certificate syn keyword ngxDirective proxy_ssl_verify syn keyword ngxDirective proxy_ssl_verify_depth syn keyword ngxDirective proxy_store syn keyword ngxDirective proxy_store_access syn keyword ngxDirective proxy_temp_file_write_size syn keyword ngxDirective proxy_temp_path syn keyword ngxDirective proxy_timeout +syn keyword ngxDirective proxy_upload_rate +syn keyword ngxDirective queue syn keyword ngxDirective random_index syn keyword ngxDirective read_ahead syn keyword ngxDirective real_ip_header syn keyword ngxDirective real_ip_recursive syn keyword ngxDirective recursive_error_pages syn keyword ngxDirective referer_hash_bucket_size syn keyword ngxDirective referer_hash_max_size syn keyword ngxDirective request_pool_size @@ -368,56 +430,65 @@ syn keyword ngxDirective scgi_bind syn keyword ngxDirective scgi_buffer_size syn keyword ngxDirective scgi_buffering syn keyword ngxDirective scgi_buffers syn keyword ngxDirective scgi_busy_buffers_size syn keyword ngxDirective scgi_cache syn keyword ngxDirective scgi_cache_bypass syn keyword ngxDirective scgi_cache_key syn keyword ngxDirective scgi_cache_lock +syn keyword ngxDirective scgi_cache_lock_age syn keyword ngxDirective scgi_cache_lock_timeout +syn keyword ngxDirective scgi_cache_max_range_offset syn keyword ngxDirective scgi_cache_methods syn keyword ngxDirective scgi_cache_min_uses syn keyword ngxDirective scgi_cache_path +syn keyword ngxDirective scgi_cache_purge syn keyword ngxDirective scgi_cache_revalidate syn keyword ngxDirective scgi_cache_use_stale syn keyword ngxDirective scgi_cache_valid syn keyword ngxDirective scgi_connect_timeout syn keyword ngxDirective scgi_force_ranges syn keyword ngxDirective scgi_hide_header syn keyword ngxDirective scgi_ignore_client_abort syn keyword ngxDirective scgi_ignore_headers syn keyword ngxDirective scgi_intercept_errors +syn keyword ngxDirective scgi_limit_rate syn keyword ngxDirective scgi_max_temp_file_size syn keyword ngxDirective scgi_next_upstream syn keyword ngxDirective scgi_next_upstream_timeout syn keyword ngxDirective scgi_next_upstream_tries syn keyword ngxDirective scgi_no_cache syn keyword ngxDirective scgi_param syn keyword ngxDirective scgi_pass_header syn keyword ngxDirective scgi_pass_request_body syn keyword ngxDirective scgi_pass_request_headers syn keyword ngxDirective scgi_read_timeout +syn keyword ngxDirective scgi_request_buffering syn keyword ngxDirective scgi_send_timeout syn keyword ngxDirective scgi_store syn keyword ngxDirective scgi_store_access syn keyword ngxDirective scgi_temp_file_write_size syn keyword ngxDirective scgi_temp_path syn keyword ngxDirective secure_link syn keyword ngxDirective secure_link_md5 syn keyword ngxDirective secure_link_secret syn keyword ngxDirective send_lowat syn keyword ngxDirective send_timeout syn keyword ngxDirective sendfile syn keyword ngxDirective sendfile_max_chunk syn keyword ngxDirective server_name_in_redirect syn keyword ngxDirective server_names_hash_bucket_size syn keyword ngxDirective server_names_hash_max_size syn keyword ngxDirective server_tokens +syn keyword ngxDirective session_log +syn keyword ngxDirective session_log_format +syn keyword ngxDirective session_log_zone syn keyword ngxDirective set_real_ip_from +syn keyword ngxDirective slice syn keyword ngxDirective smtp_auth syn keyword ngxDirective smtp_capabilities syn keyword ngxDirective smtp_client_buffer syn keyword ngxDirective smtp_greeting_delay syn keyword ngxDirective source_charset syn keyword ngxDirective spdy_chunk_size syn keyword ngxDirective spdy_headers_comp syn keyword ngxDirective spdy_keepalive_timeout @@ -438,46 +509,56 @@ syn keyword ngxDirective ssl_buffer_size syn keyword ngxDirective ssl_certificate syn keyword ngxDirective ssl_certificate_key syn keyword ngxDirective ssl_ciphers syn keyword ngxDirective ssl_client_certificate syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine +syn keyword ngxDirective ssl_handshake_timeout syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers +syn keyword ngxDirective ssl_preread syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective ssl_session_cache syn keyword ngxDirective ssl_session_ticket_key syn keyword ngxDirective ssl_session_tickets syn keyword ngxDirective ssl_session_timeout syn keyword ngxDirective ssl_stapling syn keyword ngxDirective ssl_stapling_file syn keyword ngxDirective ssl_stapling_responder syn keyword ngxDirective ssl_stapling_verify syn keyword ngxDirective ssl_trusted_certificate syn keyword ngxDirective ssl_verify_client syn keyword ngxDirective ssl_verify_depth syn keyword ngxDirective starttls +syn keyword ngxDirective state +syn keyword ngxDirective status +syn keyword ngxDirective status_format +syn keyword ngxDirective status_zone +syn keyword ngxDirective sticky +syn keyword ngxDirective sticky_cookie_insert syn keyword ngxDirective stub_status syn keyword ngxDirective sub_filter syn keyword ngxDirective sub_filter_last_modified syn keyword ngxDirective sub_filter_once syn keyword ngxDirective sub_filter_types syn keyword ngxDirective tcp_nodelay syn keyword ngxDirective tcp_nopush +syn keyword ngxDirective thread_pool syn keyword ngxDirective thread_stack_size syn keyword ngxDirective timeout syn keyword ngxDirective timer_resolution syn keyword ngxDirective types_hash_bucket_size syn keyword ngxDirective types_hash_max_size syn keyword ngxDirective underscores_in_headers syn keyword ngxDirective uninitialized_variable_warn +syn keyword ngxDirective upstream_conf syn keyword ngxDirective use syn keyword ngxDirective user syn keyword ngxDirective userid syn keyword ngxDirective userid_domain syn keyword ngxDirective userid_expires syn keyword ngxDirective userid_mark syn keyword ngxDirective userid_name syn keyword ngxDirective userid_p3p @@ -487,45 +568,53 @@ syn keyword ngxDirective uwsgi_bind syn keyword ngxDirective uwsgi_buffer_size syn keyword ngxDirective uwsgi_buffering syn keyword ngxDirective uwsgi_buffers syn keyword ngxDirective uwsgi_busy_buffers_size syn keyword ngxDirective uwsgi_cache syn keyword ngxDirective uwsgi_cache_bypass syn keyword ngxDirective uwsgi_cache_key syn keyword ngxDirective uwsgi_cache_lock +syn keyword ngxDirective uwsgi_cache_lock_age syn keyword ngxDirective uwsgi_cache_lock_timeout syn keyword ngxDirective uwsgi_cache_methods syn keyword ngxDirective uwsgi_cache_min_uses syn keyword ngxDirective uwsgi_cache_path +syn keyword ngxDirective uwsgi_cache_purge syn keyword ngxDirective uwsgi_cache_revalidate syn keyword ngxDirective uwsgi_cache_use_stale syn keyword ngxDirective uwsgi_cache_valid syn keyword ngxDirective uwsgi_connect_timeout syn keyword ngxDirective uwsgi_force_ranges syn keyword ngxDirective uwsgi_hide_header syn keyword ngxDirective uwsgi_ignore_client_abort syn keyword ngxDirective uwsgi_ignore_headers syn keyword ngxDirective uwsgi_intercept_errors +syn keyword ngxDirective uwsgi_limit_rate syn keyword ngxDirective uwsgi_max_temp_file_size syn keyword ngxDirective uwsgi_modifier1 syn keyword ngxDirective uwsgi_modifier2 syn keyword ngxDirective uwsgi_next_upstream syn keyword ngxDirective uwsgi_next_upstream_timeout syn keyword ngxDirective uwsgi_next_upstream_tries syn keyword ngxDirective uwsgi_no_cache syn keyword ngxDirective uwsgi_param +syn keyword ngxDirective uwsgi_pass syn keyword ngxDirective uwsgi_pass_header syn keyword ngxDirective uwsgi_pass_request_body syn keyword ngxDirective uwsgi_pass_request_headers syn keyword ngxDirective uwsgi_read_timeout +syn keyword ngxDirective uwsgi_request_buffering syn keyword ngxDirective uwsgi_send_timeout +syn keyword ngxDirective uwsgi_ssl_certificate +syn keyword ngxDirective uwsgi_ssl_certificate_key syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name +syn keyword ngxDirective uwsgi_ssl_password_file syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse syn keyword ngxDirective uwsgi_ssl_trusted_certificate syn keyword ngxDirective uwsgi_ssl_verify syn keyword ngxDirective uwsgi_ssl_verify_depth syn keyword ngxDirective uwsgi_store syn keyword ngxDirective uwsgi_store_access @@ -547,16 +636,17 @@ syn keyword ngxDirective worker_threads syn keyword ngxDirective working_directory syn keyword ngxDirective xclient syn keyword ngxDirective xml_entities syn keyword ngxDirective xslt_last_modified syn keyword ngxDirective xslt_param syn keyword ngxDirective xslt_string_param syn keyword ngxDirective xslt_stylesheet syn keyword ngxDirective xslt_types +syn keyword ngxDirective zone " 3rd party module list: " http://wiki.nginx.org/Nginx3rdPartyModules " Accept Language Module " Parses the Accept-Language header and gives the most suitable locale from a list of supported locales. syn keyword ngxDirectiveThirdParty set_from_accept_language From eustas.ru at gmail.com Fri Feb 24 11:01:55 2017 From: eustas.ru at gmail.com (Eugene Kluchnikov) Date: Fri, 24 Feb 2017 12:01:55 +0100 Subject: [PATCH] Add static brotli module In-Reply-To: References: <2886732.38QkW4xQnI@vbart-workstation> Message-ID: Easily =) # HG changeset patch # User Evgenii Kliuchnikov # Date 1487932524 -3600 # Fri Feb 24 11:35:24 2017 +0100 # Node ID e1f5e06ade015f9855a6f683817cde7bb0f243a3 # Parent 1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e Add brotli static (over nginx-1.11.10) diff -r 1ad0999a7ded -r e1f5e06ade01 contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim Tue Feb 14 18:36:04 2017 +0300 +++ b/contrib/vim/syntax/nginx.vim Fri Feb 24 11:35:24 2017 +0100 @@ -86,6 +86,7 @@ syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size syn keyword ngxDirective autoindex_localtime +syn keyword ngxDirective brotli_static syn keyword ngxDirective charset syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/modules/ngx_http_gzip_static_module.c --- a/src/http/modules/ngx_http_gzip_static_module.c Tue Feb 14 18:36:04 2017 +0300 +++ b/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 24 11:35:24 2017 +0100 @@ -16,10 +16,13 @@ typedef struct { - ngx_uint_t enable; + ngx_uint_t enable_gzip; + ngx_uint_t enable_brotli; } ngx_http_gzip_static_conf_t; - +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, + ngx_str_t *encoding); static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void *parent, @@ -41,7 +44,14 @@ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_conf_set_enum_slot, NGX_HTTP_LOC_CONF_OFFSET, - offsetof(ngx_http_gzip_static_conf_t, enable), + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), + &ngx_http_gzip_static }, + + { ngx_string("brotli_static"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), &ngx_http_gzip_static }, ngx_null_command @@ -79,19 +89,14 @@ }; +static ngx_str_t encoding_gzip = ngx_string("gzip"); +static ngx_str_t encoding_brotli = ngx_string("br"); + + static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r) { - u_char *p; - size_t root; - ngx_str_t path; ngx_int_t rc; - ngx_uint_t level; - ngx_log_t *log; - ngx_buf_t *b; - ngx_chain_t out; - ngx_table_elt_t *h; - ngx_open_file_info_t of; ngx_http_core_loc_conf_t *clcf; ngx_http_gzip_static_conf_t *gzcf; @@ -105,19 +110,56 @@ gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF + && gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { return NGX_DECLINED; } - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { - rc = ngx_http_gzip_ok(r); + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - } else { - /* always */ - rc = NGX_OK; + rc = NGX_DECLINED; + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { + rc = ngx_http_gzip_ok(r); + } else { + /* always */ + rc = NGX_OK; + } + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, clcf, + &encoding_gzip); } - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == NGX_DECLINED) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { + rc = ngx_http_gzip_ok(r); + } else { + /* always */ + rc = NGX_OK; + } + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, rc, clcf, + &encoding_brotli); + } + + return rc; +} + + +static ngx_int_t +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t enable, + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) +{ + u_char *p; + size_t root; + ngx_str_t path; + ngx_int_t rc; + ngx_uint_t level; + ngx_log_t *log; + ngx_buf_t *b; + ngx_chain_t out; + ngx_table_elt_t *h; + ngx_open_file_info_t of; + + rc = ok; if (!clcf->gzip_vary && rc != NGX_OK) { return NGX_DECLINED; @@ -125,14 +167,14 @@ log = r->connection->log; - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); if (p == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } *p++ = '.'; - *p++ = 'g'; - *p++ = 'z'; + *p++ = encoding->data[0]; + *p++ = encoding->data[1]; *p = '\0'; path.len = p - path.data; @@ -188,7 +230,7 @@ return NGX_DECLINED; } - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { + if (enable == NGX_HTTP_GZIP_STATIC_ON) { r->gzip_vary = 1; if (rc != NGX_OK) { @@ -243,7 +285,7 @@ h->hash = 1; ngx_str_set(&h->key, "Content-Encoding"); - ngx_str_set(&h->value, "gzip"); + h->value = *encoding; r->headers_out.content_encoding = h; /* we need to allocate all before the header would be sent */ @@ -293,7 +335,8 @@ return NULL; } - conf->enable = NGX_CONF_UNSET_UINT; + conf->enable_gzip = NGX_CONF_UNSET_UINT; + conf->enable_brotli = NGX_CONF_UNSET_UINT; return conf; } @@ -305,7 +348,9 @@ ngx_http_gzip_static_conf_t *prev = parent; ngx_http_gzip_static_conf_t *conf = child; - ngx_conf_merge_uint_value(conf->enable, prev->enable, + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, + NGX_HTTP_GZIP_STATIC_OFF); + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, NGX_HTTP_GZIP_STATIC_OFF); return NGX_CONF_OK; diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Tue Feb 14 18:36:04 2017 +0300 +++ b/src/http/ngx_http_core_module.c Fri Feb 24 11:35:24 2017 +0100 @@ -74,8 +74,8 @@ static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #if (NGX_HTTP_GZIP) -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n); +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #endif @@ -2170,7 +2170,7 @@ */ if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) { return NGX_DECLINED; } @@ -2297,15 +2297,42 @@ } +ngx_int_t +ngx_http_brotli_ok(ngx_http_request_t *r) +{ + ngx_table_elt_t *ae; + + if (r != r->main) { + return NGX_DECLINED; + } + + ae = r->headers_in.accept_encoding; + if (ae == NULL) { + return NGX_DECLINED; + } + + if (ae->value.len < sizeof("br") - 1) { + return NGX_DECLINED; + } + + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) + { + return NGX_DECLINED; + } + + return NGX_OK; +} + + /* - * gzip is enabled for the following quantities: - * "gzip; q=0.001" ... "gzip; q=1.000" - * gzip is disabled for the following quantities: - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases + * encoding is enabled for the following quantities: + * "gzip; q=0.001" ... "gzip; q=1.000" + * encoding is disabled for the following quantities: + * "br; q=0" ... "br; q=0.000", and for any invalid cases */ static ngx_int_t -ngx_http_gzip_accept_encoding(ngx_str_t *ae) +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) { u_char *p, *start, *last; @@ -2313,7 +2340,7 @@ last = start + ae->len; for ( ;; ) { - p = ngx_strcasestrn(start, "gzip", 4 - 1); + p = ngx_strcasestrn(start, e, n - 1); if (p == NULL) { return NGX_DECLINED; } @@ -2322,10 +2349,10 @@ break; } - start = p + 4; - } - - p += 4; + start = p + n; + } + + p += n; while (p < last) { switch (*p++) { @@ -2364,7 +2391,7 @@ return NGX_DECLINED; } - if (ngx_http_gzip_quantity(p, last) == 0) { + if (ngx_http_encoding_quantity(p, last) == 0) { return NGX_DECLINED; } @@ -2373,7 +2400,7 @@ static ngx_uint_t -ngx_http_gzip_quantity(u_char *p, u_char *last) +ngx_http_encoding_quantity(u_char *p, u_char *last) { u_char c; ngx_uint_t n, q; diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/ngx_http_core_module.h --- a/src/http/ngx_http_core_module.h Tue Feb 14 18:36:04 2017 +0300 +++ b/src/http/ngx_http_core_module.h Fri Feb 24 11:35:24 2017 +0100 @@ -504,6 +504,7 @@ ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); #if (NGX_HTTP_GZIP) ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); #endif On 24 February 2017 at 09:05, Ryan wrote: > Do you have a brotli patch that applies cleanly with nginx-1.11.10. I'm > getting many patch fails. > > On Fri, Feb 24, 2017 at 8:03 AM, Eugene Kluchnikov > wrote: > >> # HG changeset patch >> # User Evgenii Kliuchnikov >> # Date 1487764873 -3600 >> # Wed Feb 22 13:01:13 2017 +0100 >> # Node ID c230f3874e060ccb14d7560233f2c70a910640a1 >> # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c >> Add brotli static serving support. >> >> Both .gz and .br static content is served by >> ngx_http_gzip_static_modile, but have separate configuration. >> >> diff -r 87cf6ddb41c2 -r c230f3874e06 contrib/vim/syntax/nginx.vim >> --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 >> +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 >> @@ -86,6 +86,7 @@ >> syn keyword ngxDirective autoindex >> syn keyword ngxDirective autoindex_exact_size >> syn keyword ngxDirective autoindex_localtime >> +syn keyword ngxDirective brotli_static >> syn keyword ngxDirective charset >> syn keyword ngxDirective charset_types >> syn keyword ngxDirective chunked_transfer_encoding >> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/modules/ngx_http_gzip >> _static_module.c >> --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 17:01:27 >> 2017 +0300 >> +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 13:01:13 >> 2017 +0100 >> @@ -16,10 +16,14 @@ >> >> >> typedef struct { >> - ngx_uint_t enable; >> + ngx_uint_t enable_gzip; >> + ngx_uint_t enable_brotli; >> } ngx_http_gzip_static_conf_t; >> >> >> +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, >> + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, >> + ngx_str_t *encoding); >> static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); >> static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); >> static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void >> *parent, >> @@ -41,7 +45,14 @@ >> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >> CONF_TAKE1, >> ngx_conf_set_enum_slot, >> NGX_HTTP_LOC_CONF_OFFSET, >> - offsetof(ngx_http_gzip_static_conf_t, enable), >> + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), >> + &ngx_http_gzip_static }, >> + >> + { ngx_string("brotli_static"), >> + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >> CONF_TAKE1, >> + ngx_conf_set_enum_slot, >> + NGX_HTTP_LOC_CONF_OFFSET, >> + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), >> &ngx_http_gzip_static }, >> >> ngx_null_command >> @@ -79,19 +90,14 @@ >> }; >> >> >> +static ngx_str_t encoding_gzip = ngx_string("gzip"); >> +static ngx_str_t encoding_brotli = ngx_string("br"); >> + >> + >> static ngx_int_t >> ngx_http_gzip_static_handler(ngx_http_request_t *r) >> { >> - u_char *p; >> - size_t root; >> - ngx_str_t path; >> ngx_int_t rc; >> - ngx_uint_t level; >> - ngx_log_t *log; >> - ngx_buf_t *b; >> - ngx_chain_t out; >> - ngx_table_elt_t *h; >> - ngx_open_file_info_t of; >> ngx_http_core_loc_conf_t *clcf; >> ngx_http_gzip_static_conf_t *gzcf; >> >> @@ -105,19 +111,56 @@ >> >> gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && >> + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { >> return NGX_DECLINED; >> } >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >> - rc = ngx_http_gzip_ok(r); >> + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >> >> - } else { >> - /* always */ >> - rc = NGX_OK; >> + rc = NGX_DECLINED; >> + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >> + rc = ngx_http_gzip_ok(r); >> + } else { >> + /* always */ >> + rc = NGX_OK; >> + } >> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, >> clcf, >> + &encoding_gzip); >> } >> >> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >> + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == >> NGX_DECLINED) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >> + rc = ngx_http_gzip_ok(r); >> + } else { >> + /* always */ >> + rc = NGX_OK; >> + } >> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, >> rc, clcf, >> + &encoding_brotli); >> + } >> + >> + return rc; >> +} >> + >> + >> +static ngx_int_t >> +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t >> enable, >> + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) >> +{ >> + u_char *p; >> + size_t root; >> + ngx_str_t path; >> + ngx_int_t rc; >> + ngx_uint_t level; >> + ngx_log_t *log; >> + ngx_buf_t *b; >> + ngx_chain_t out; >> + ngx_table_elt_t *h; >> + ngx_open_file_info_t of; >> + >> + rc = ok; >> >> if (!clcf->gzip_vary && rc != NGX_OK) { >> return NGX_DECLINED; >> @@ -125,14 +168,14 @@ >> >> log = r->connection->log; >> >> - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); >> + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); >> if (p == NULL) { >> return NGX_HTTP_INTERNAL_SERVER_ERROR; >> } >> >> *p++ = '.'; >> - *p++ = 'g'; >> - *p++ = 'z'; >> + *p++ = encoding->data[0]; >> + *p++ = encoding->data[1]; >> *p = '\0'; >> >> path.len = p - path.data; >> @@ -188,7 +231,7 @@ >> return NGX_DECLINED; >> } >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >> + if (enable == NGX_HTTP_GZIP_STATIC_ON) { >> r->gzip_vary = 1; >> >> if (rc != NGX_OK) { >> @@ -243,7 +286,7 @@ >> >> h->hash = 1; >> ngx_str_set(&h->key, "Content-Encoding"); >> - ngx_str_set(&h->value, "gzip"); >> + h->value = *encoding; >> r->headers_out.content_encoding = h; >> >> /* we need to allocate all before the header would be sent */ >> @@ -293,7 +336,8 @@ >> return NULL; >> } >> >> - conf->enable = NGX_CONF_UNSET_UINT; >> + conf->enable_gzip = NGX_CONF_UNSET_UINT; >> + conf->enable_brotli = NGX_CONF_UNSET_UINT; >> >> return conf; >> } >> @@ -305,7 +349,9 @@ >> ngx_http_gzip_static_conf_t *prev = parent; >> ngx_http_gzip_static_conf_t *conf = child; >> >> - ngx_conf_merge_uint_value(conf->enable, prev->enable, >> + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, >> + NGX_HTTP_GZIP_STATIC_OFF); >> + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, >> NGX_HTTP_GZIP_STATIC_OFF); >> >> return NGX_CONF_OK; >> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.c >> --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 >> +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 >> @@ -74,8 +74,8 @@ >> static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, >> void *conf); >> #if (NGX_HTTP_GZIP) >> -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); >> -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); >> +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, >> size_t n); >> +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); >> static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, >> void *conf); >> #endif >> @@ -2170,7 +2170,7 @@ >> */ >> >> if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 >> - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) >> + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) >> { >> return NGX_DECLINED; >> } >> @@ -2297,15 +2297,42 @@ >> } >> >> >> +ngx_int_t >> +ngx_http_brotli_ok(ngx_http_request_t *r) >> +{ >> + ngx_table_elt_t *ae; >> + >> + if (r != r->main) { >> + return NGX_DECLINED; >> + } >> + >> + ae = r->headers_in.accept_encoding; >> + if (ae == NULL) { >> + return NGX_DECLINED; >> + } >> + >> + if (ae->value.len < sizeof("br") - 1) { >> + return NGX_DECLINED; >> + } >> + >> + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) >> + { >> + return NGX_DECLINED; >> + } >> + >> + return NGX_OK; >> +} >> + >> + >> /* >> - * gzip is enabled for the following quantities: >> + * encoding is enabled for the following quantities: >> * "gzip; q=0.001" ... "gzip; q=1.000" >> - * gzip is disabled for the following quantities: >> - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases >> + * encoding is disabled for the following quantities: >> + * "br; q=0" ... "br; q=0.000", and for any invalid cases >> */ >> >> static ngx_int_t >> -ngx_http_gzip_accept_encoding(ngx_str_t *ae) >> +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) >> { >> u_char *p, *start, *last; >> >> @@ -2313,7 +2340,7 @@ >> last = start + ae->len; >> >> for ( ;; ) { >> - p = ngx_strcasestrn(start, "gzip", 4 - 1); >> + p = ngx_strcasestrn(start, e, n - 1); >> if (p == NULL) { >> return NGX_DECLINED; >> } >> @@ -2322,10 +2349,10 @@ >> break; >> } >> >> - start = p + 4; >> - } >> - >> - p += 4; >> + start = p + n; >> + } >> + >> + p += n; >> >> while (p < last) { >> switch (*p++) { >> @@ -2364,7 +2391,7 @@ >> return NGX_DECLINED; >> } >> >> - if (ngx_http_gzip_quantity(p, last) == 0) { >> + if (ngx_http_encoding_quantity(p, last) == 0) { >> return NGX_DECLINED; >> } >> >> @@ -2373,7 +2400,7 @@ >> >> >> static ngx_uint_t >> -ngx_http_gzip_quantity(u_char *p, u_char *last) >> +ngx_http_encoding_quantity(u_char *p, u_char *last) >> { >> u_char c; >> ngx_uint_t n, q; >> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.h >> --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 >> +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 >> @@ -504,6 +504,7 @@ >> ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); >> #if (NGX_HTTP_GZIP) >> ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); >> +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); >> #endif >> >> >> >> >> >> Fixed "Content-Encoding" value. >> >> On 23 February 2017 at 13:11, Eugene Kluchnikov >> wrote: >> >>> # HG changeset patch >>> # User Evgenii Kliuchnikov >>> # Date 1487764873 -3600 >>> # Wed Feb 22 13:01:13 2017 +0100 >>> # Node ID 96939e63f30579f2f32e843d217bd46fa6086bb4 >>> # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c >>> Add brotli static serving support. >>> >>> Both .gz and .br static content is served by >>> ngx_http_gzip_static_modile, but have separate configuration. >>> >>> diff -r 87cf6ddb41c2 -r 96939e63f305 contrib/vim/syntax/nginx.vim >>> --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 >>> +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 >>> @@ -86,6 +86,7 @@ >>> syn keyword ngxDirective autoindex >>> syn keyword ngxDirective autoindex_exact_size >>> syn keyword ngxDirective autoindex_localtime >>> +syn keyword ngxDirective brotli_static >>> syn keyword ngxDirective charset >>> syn keyword ngxDirective charset_types >>> syn keyword ngxDirective chunked_transfer_encoding >>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/modules/ngx_http_gzip >>> _static_module.c >>> --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 >>> 17:01:27 2017 +0300 >>> +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 >>> 13:01:13 2017 +0100 >>> @@ -16,10 +16,14 @@ >>> >>> >>> typedef struct { >>> - ngx_uint_t enable; >>> + ngx_uint_t enable_gzip; >>> + ngx_uint_t enable_brotli; >>> } ngx_http_gzip_static_conf_t; >>> >>> >>> +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, >>> + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, >>> + ngx_str_t *encoding); >>> static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); >>> static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); >>> static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void >>> *parent, >>> @@ -41,7 +45,14 @@ >>> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>> CONF_TAKE1, >>> ngx_conf_set_enum_slot, >>> NGX_HTTP_LOC_CONF_OFFSET, >>> - offsetof(ngx_http_gzip_static_conf_t, enable), >>> + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), >>> + &ngx_http_gzip_static }, >>> + >>> + { ngx_string("brotli_static"), >>> + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>> CONF_TAKE1, >>> + ngx_conf_set_enum_slot, >>> + NGX_HTTP_LOC_CONF_OFFSET, >>> + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), >>> &ngx_http_gzip_static }, >>> >>> ngx_null_command >>> @@ -79,19 +90,13 @@ >>> }; >>> >>> >>> +static ngx_str_t encoding_gzip = ngx_string("gzip"); >>> +static ngx_str_t encoding_brotli = ngx_string("brotli"); >>> + >>> static ngx_int_t >>> ngx_http_gzip_static_handler(ngx_http_request_t *r) >>> { >>> - u_char *p; >>> - size_t root; >>> - ngx_str_t path; >>> ngx_int_t rc; >>> - ngx_uint_t level; >>> - ngx_log_t *log; >>> - ngx_buf_t *b; >>> - ngx_chain_t out; >>> - ngx_table_elt_t *h; >>> - ngx_open_file_info_t of; >>> ngx_http_core_loc_conf_t *clcf; >>> ngx_http_gzip_static_conf_t *gzcf; >>> >>> @@ -105,19 +110,56 @@ >>> >>> gzcf = ngx_http_get_module_loc_conf(r, >>> ngx_http_gzip_static_module); >>> >>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { >>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && >>> + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { >>> return NGX_DECLINED; >>> } >>> >>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>> - rc = ngx_http_gzip_ok(r); >>> + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>> >>> - } else { >>> - /* always */ >>> - rc = NGX_OK; >>> + rc = NGX_DECLINED; >>> + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { >>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>> + rc = ngx_http_gzip_ok(r); >>> + } else { >>> + /* always */ >>> + rc = NGX_OK; >>> + } >>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, >>> clcf, >>> + &encoding_gzip); >>> } >>> >>> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>> + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == >>> NGX_DECLINED) { >>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>> + rc = ngx_http_gzip_ok(r); >>> + } else { >>> + /* always */ >>> + rc = NGX_OK; >>> + } >>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, >>> rc, clcf, >>> + &encoding_brotli); >>> + } >>> + >>> + return rc; >>> +} >>> + >>> + >>> +static ngx_int_t >>> +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t >>> enable, >>> + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) >>> +{ >>> + u_char *p; >>> + size_t root; >>> + ngx_str_t path; >>> + ngx_int_t rc; >>> + ngx_uint_t level; >>> + ngx_log_t *log; >>> + ngx_buf_t *b; >>> + ngx_chain_t out; >>> + ngx_table_elt_t *h; >>> + ngx_open_file_info_t of; >>> + >>> + rc = ok; >>> >>> if (!clcf->gzip_vary && rc != NGX_OK) { >>> return NGX_DECLINED; >>> @@ -125,14 +167,14 @@ >>> >>> log = r->connection->log; >>> >>> - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); >>> + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); >>> if (p == NULL) { >>> return NGX_HTTP_INTERNAL_SERVER_ERROR; >>> } >>> >>> *p++ = '.'; >>> - *p++ = 'g'; >>> - *p++ = 'z'; >>> + *p++ = encoding->data[0]; >>> + *p++ = encoding->data[1]; >>> *p = '\0'; >>> >>> path.len = p - path.data; >>> @@ -188,7 +230,7 @@ >>> return NGX_DECLINED; >>> } >>> >>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>> + if (enable == NGX_HTTP_GZIP_STATIC_ON) { >>> r->gzip_vary = 1; >>> >>> if (rc != NGX_OK) { >>> @@ -243,7 +285,7 @@ >>> >>> h->hash = 1; >>> ngx_str_set(&h->key, "Content-Encoding"); >>> - ngx_str_set(&h->value, "gzip"); >>> + h->value = *encoding; >>> r->headers_out.content_encoding = h; >>> >>> /* we need to allocate all before the header would be sent */ >>> @@ -293,7 +335,8 @@ >>> return NULL; >>> } >>> >>> - conf->enable = NGX_CONF_UNSET_UINT; >>> + conf->enable_gzip = NGX_CONF_UNSET_UINT; >>> + conf->enable_brotli = NGX_CONF_UNSET_UINT; >>> >>> return conf; >>> } >>> @@ -305,7 +348,9 @@ >>> ngx_http_gzip_static_conf_t *prev = parent; >>> ngx_http_gzip_static_conf_t *conf = child; >>> >>> - ngx_conf_merge_uint_value(conf->enable, prev->enable, >>> + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, >>> + NGX_HTTP_GZIP_STATIC_OFF); >>> + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, >>> NGX_HTTP_GZIP_STATIC_OFF); >>> >>> return NGX_CONF_OK; >>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.c >>> --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 >>> +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 >>> @@ -74,8 +74,8 @@ >>> static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, >>> void *conf); >>> #if (NGX_HTTP_GZIP) >>> -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); >>> -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); >>> +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, >>> size_t n); >>> +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); >>> static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, >>> void *conf); >>> #endif >>> @@ -2170,7 +2170,7 @@ >>> */ >>> >>> if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 >>> - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) >>> + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) >>> { >>> return NGX_DECLINED; >>> } >>> @@ -2297,15 +2297,42 @@ >>> } >>> >>> >>> +ngx_int_t >>> +ngx_http_brotli_ok(ngx_http_request_t *r) >>> +{ >>> + ngx_table_elt_t *ae; >>> + >>> + if (r != r->main) { >>> + return NGX_DECLINED; >>> + } >>> + >>> + ae = r->headers_in.accept_encoding; >>> + if (ae == NULL) { >>> + return NGX_DECLINED; >>> + } >>> + >>> + if (ae->value.len < sizeof("br") - 1) { >>> + return NGX_DECLINED; >>> + } >>> + >>> + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) >>> + { >>> + return NGX_DECLINED; >>> + } >>> + >>> + return NGX_OK; >>> +} >>> + >>> + >>> /* >>> - * gzip is enabled for the following quantities: >>> + * encoding is enabled for the following quantities: >>> * "gzip; q=0.001" ... "gzip; q=1.000" >>> - * gzip is disabled for the following quantities: >>> - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases >>> + * encoding is disabled for the following quantities: >>> + * "br; q=0" ... "br; q=0.000", and for any invalid cases >>> */ >>> >>> static ngx_int_t >>> -ngx_http_gzip_accept_encoding(ngx_str_t *ae) >>> +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) >>> { >>> u_char *p, *start, *last; >>> >>> @@ -2313,7 +2340,7 @@ >>> last = start + ae->len; >>> >>> for ( ;; ) { >>> - p = ngx_strcasestrn(start, "gzip", 4 - 1); >>> + p = ngx_strcasestrn(start, e, n - 1); >>> if (p == NULL) { >>> return NGX_DECLINED; >>> } >>> @@ -2322,10 +2349,10 @@ >>> break; >>> } >>> >>> - start = p + 4; >>> - } >>> - >>> - p += 4; >>> + start = p + n; >>> + } >>> + >>> + p += n; >>> >>> while (p < last) { >>> switch (*p++) { >>> @@ -2364,7 +2391,7 @@ >>> return NGX_DECLINED; >>> } >>> >>> - if (ngx_http_gzip_quantity(p, last) == 0) { >>> + if (ngx_http_encoding_quantity(p, last) == 0) { >>> return NGX_DECLINED; >>> } >>> >>> @@ -2373,7 +2400,7 @@ >>> >>> >>> static ngx_uint_t >>> -ngx_http_gzip_quantity(u_char *p, u_char *last) >>> +ngx_http_encoding_quantity(u_char *p, u_char *last) >>> { >>> u_char c; >>> ngx_uint_t n, q; >>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.h >>> --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 >>> +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 >>> @@ -504,6 +504,7 @@ >>> ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); >>> #if (NGX_HTTP_GZIP) >>> ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); >>> +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); >>> #endif >>> >>> >>> >>> >>> >>> >>> Take 2 - modify ngx_http_gzip_static_modile to serve both .gz and .br. >>> >>> >>> On 22 February 2017 at 16:10, Eugene Kluchnikov >>> wrote: >>> >>>> Yup. Going to try to create a "combined" module soon =) >>>> >>>> On 22 February 2017 at 15:40, Valentin V. Bartenev >>>> wrote: >>>>> >>>>> At the first glance, the differences are really small and >>>>> such functionality can be combined in one module. >>>>> >>>> >> >> >> -- >> ? ?????????? ???????????, ??????? ????????? >> WBR, Eugene Kluchnikov >> >> _______________________________________________ >> nginx-devel mailing list >> nginx-devel at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> > > -- ? ?????????? ???????????, ??????? ????????? WBR, Eugene Kluchnikov -------------- next part -------------- An HTML attachment was scrubbed... URL: From eustas.ru at gmail.com Fri Feb 24 11:08:30 2017 From: eustas.ru at gmail.com (Eugene Kluchnikov) Date: Fri, 24 Feb 2017 12:08:30 +0100 Subject: [PATCH] Add static brotli module In-Reply-To: References: <2886732.38QkW4xQnI@vbart-workstation> Message-ID: Fixed whitespaces. It seems that patch over trunk and over 1.11.10 tag differ only in dates and hashes. # HG changeset patch # User Evgenii Kliuchnikov # Date 1487932524 -3600 # Fri Feb 24 11:35:24 2017 +0100 # Node ID 662115ad250f48cfdd7963de40bfe7c7c8ae8ba3 # Parent 1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e Add brotli static serving support (ontoZZ 1.11.10) Both .gz and .br static content is served by ngx_http_gzip_static_modile, but have separate configuration. diff -r 1ad0999a7ded -r 662115ad250f contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim Tue Feb 14 18:36:04 2017 +0300 +++ b/contrib/vim/syntax/nginx.vim Fri Feb 24 11:35:24 2017 +0100 @@ -86,6 +86,7 @@ syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size syn keyword ngxDirective autoindex_localtime +syn keyword ngxDirective brotli_static syn keyword ngxDirective charset syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding diff -r 1ad0999a7ded -r 662115ad250f src/http/modules/ngx_http_gzip_static_module.c --- a/src/http/modules/ngx_http_gzip_static_module.c Tue Feb 14 18:36:04 2017 +0300 +++ b/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 24 11:35:24 2017 +0100 @@ -16,10 +16,14 @@ typedef struct { - ngx_uint_t enable; + ngx_uint_t enable_gzip; + ngx_uint_t enable_brotli; } ngx_http_gzip_static_conf_t; +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, + ngx_str_t *encoding); static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void *parent, @@ -41,7 +45,14 @@ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, ngx_conf_set_enum_slot, NGX_HTTP_LOC_CONF_OFFSET, - offsetof(ngx_http_gzip_static_conf_t, enable), + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), + &ngx_http_gzip_static }, + + { ngx_string("brotli_static"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_conf_set_enum_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), &ngx_http_gzip_static }, ngx_null_command @@ -79,19 +90,14 @@ }; +static ngx_str_t encoding_gzip = ngx_string("gzip"); +static ngx_str_t encoding_brotli = ngx_string("br"); + + static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r) { - u_char *p; - size_t root; - ngx_str_t path; ngx_int_t rc; - ngx_uint_t level; - ngx_log_t *log; - ngx_buf_t *b; - ngx_chain_t out; - ngx_table_elt_t *h; - ngx_open_file_info_t of; ngx_http_core_loc_conf_t *clcf; ngx_http_gzip_static_conf_t *gzcf; @@ -105,19 +111,56 @@ gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF + && gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { return NGX_DECLINED; } - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { - rc = ngx_http_gzip_ok(r); + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - } else { - /* always */ - rc = NGX_OK; + rc = NGX_DECLINED; + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { + rc = ngx_http_gzip_ok(r); + } else { + /* always */ + rc = NGX_OK; + } + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, clcf, + &encoding_gzip); } - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == NGX_DECLINED) { + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { + rc = ngx_http_gzip_ok(r); + } else { + /* always */ + rc = NGX_OK; + } + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, rc, clcf, + &encoding_brotli); + } + + return rc; +} + + +static ngx_int_t +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t enable, + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) +{ + u_char *p; + size_t root; + ngx_str_t path; + ngx_int_t rc; + ngx_uint_t level; + ngx_log_t *log; + ngx_buf_t *b; + ngx_chain_t out; + ngx_table_elt_t *h; + ngx_open_file_info_t of; + + rc = ok; if (!clcf->gzip_vary && rc != NGX_OK) { return NGX_DECLINED; @@ -125,14 +168,14 @@ log = r->connection->log; - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); if (p == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } *p++ = '.'; - *p++ = 'g'; - *p++ = 'z'; + *p++ = encoding->data[0]; + *p++ = encoding->data[1]; *p = '\0'; path.len = p - path.data; @@ -188,7 +231,7 @@ return NGX_DECLINED; } - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { + if (enable == NGX_HTTP_GZIP_STATIC_ON) { r->gzip_vary = 1; if (rc != NGX_OK) { @@ -243,7 +286,7 @@ h->hash = 1; ngx_str_set(&h->key, "Content-Encoding"); - ngx_str_set(&h->value, "gzip"); + h->value = *encoding; r->headers_out.content_encoding = h; /* we need to allocate all before the header would be sent */ @@ -293,7 +336,8 @@ return NULL; } - conf->enable = NGX_CONF_UNSET_UINT; + conf->enable_gzip = NGX_CONF_UNSET_UINT; + conf->enable_brotli = NGX_CONF_UNSET_UINT; return conf; } @@ -305,7 +349,9 @@ ngx_http_gzip_static_conf_t *prev = parent; ngx_http_gzip_static_conf_t *conf = child; - ngx_conf_merge_uint_value(conf->enable, prev->enable, + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, + NGX_HTTP_GZIP_STATIC_OFF); + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, NGX_HTTP_GZIP_STATIC_OFF); return NGX_CONF_OK; diff -r 1ad0999a7ded -r 662115ad250f src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Tue Feb 14 18:36:04 2017 +0300 +++ b/src/http/ngx_http_core_module.c Fri Feb 24 11:35:24 2017 +0100 @@ -74,8 +74,8 @@ static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #if (NGX_HTTP_GZIP) -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n); +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #endif @@ -2170,7 +2170,7 @@ */ if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) { return NGX_DECLINED; } @@ -2297,15 +2297,42 @@ } +ngx_int_t +ngx_http_brotli_ok(ngx_http_request_t *r) +{ + ngx_table_elt_t *ae; + + if (r != r->main) { + return NGX_DECLINED; + } + + ae = r->headers_in.accept_encoding; + if (ae == NULL) { + return NGX_DECLINED; + } + + if (ae->value.len < sizeof("br") - 1) { + return NGX_DECLINED; + } + + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) + { + return NGX_DECLINED; + } + + return NGX_OK; +} + + /* - * gzip is enabled for the following quantities: + * encoding is enabled for the following quantities: * "gzip; q=0.001" ... "gzip; q=1.000" - * gzip is disabled for the following quantities: - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases + * encoding is disabled for the following quantities: + * "br; q=0" ... "br; q=0.000", and for any invalid cases */ static ngx_int_t -ngx_http_gzip_accept_encoding(ngx_str_t *ae) +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) { u_char *p, *start, *last; @@ -2313,7 +2340,7 @@ last = start + ae->len; for ( ;; ) { - p = ngx_strcasestrn(start, "gzip", 4 - 1); + p = ngx_strcasestrn(start, e, n - 1); if (p == NULL) { return NGX_DECLINED; } @@ -2322,10 +2349,10 @@ break; } - start = p + 4; - } - - p += 4; + start = p + n; + } + + p += n; while (p < last) { switch (*p++) { @@ -2364,7 +2391,7 @@ return NGX_DECLINED; } - if (ngx_http_gzip_quantity(p, last) == 0) { + if (ngx_http_encoding_quantity(p, last) == 0) { return NGX_DECLINED; } @@ -2373,7 +2400,7 @@ static ngx_uint_t -ngx_http_gzip_quantity(u_char *p, u_char *last) +ngx_http_encoding_quantity(u_char *p, u_char *last) { u_char c; ngx_uint_t n, q; diff -r 1ad0999a7ded -r 662115ad250f src/http/ngx_http_core_module.h --- a/src/http/ngx_http_core_module.h Tue Feb 14 18:36:04 2017 +0300 +++ b/src/http/ngx_http_core_module.h Fri Feb 24 11:35:24 2017 +0100 @@ -504,6 +504,7 @@ ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); #if (NGX_HTTP_GZIP) ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); #endif On 24 February 2017 at 12:01, Eugene Kluchnikov wrote: > Easily =) > > > # HG changeset patch > # User Evgenii Kliuchnikov > # Date 1487932524 -3600 > # Fri Feb 24 11:35:24 2017 +0100 > # Node ID e1f5e06ade015f9855a6f683817cde7bb0f243a3 > # Parent 1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e > Add brotli static (over nginx-1.11.10) > > diff -r 1ad0999a7ded -r e1f5e06ade01 contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim Tue Feb 14 18:36:04 2017 +0300 > +++ b/contrib/vim/syntax/nginx.vim Fri Feb 24 11:35:24 2017 +0100 > @@ -86,6 +86,7 @@ > syn keyword ngxDirective autoindex > syn keyword ngxDirective autoindex_exact_size > syn keyword ngxDirective autoindex_localtime > +syn keyword ngxDirective brotli_static > syn keyword ngxDirective charset > syn keyword ngxDirective charset_types > syn keyword ngxDirective chunked_transfer_encoding > diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/modules/ngx_http_ > gzip_static_module.c > --- a/src/http/modules/ngx_http_gzip_static_module.c Tue Feb 14 18:36:04 > 2017 +0300 > +++ b/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 24 11:35:24 > 2017 +0100 > @@ -16,10 +16,13 @@ > > > typedef struct { > - ngx_uint_t enable; > + ngx_uint_t enable_gzip; > + ngx_uint_t enable_brotli; > } ngx_http_gzip_static_conf_t; > > - > +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, > + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, > + ngx_str_t *encoding); > static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); > static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); > static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void > *parent, > @@ -41,7 +44,14 @@ > NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF| > NGX_CONF_TAKE1, > ngx_conf_set_enum_slot, > NGX_HTTP_LOC_CONF_OFFSET, > - offsetof(ngx_http_gzip_static_conf_t, enable), > + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), > + &ngx_http_gzip_static }, > + > + { ngx_string("brotli_static"), > + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF| > NGX_CONF_TAKE1, > + ngx_conf_set_enum_slot, > + NGX_HTTP_LOC_CONF_OFFSET, > + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), > &ngx_http_gzip_static }, > > ngx_null_command > @@ -79,19 +89,14 @@ > }; > > > +static ngx_str_t encoding_gzip = ngx_string("gzip"); > +static ngx_str_t encoding_brotli = ngx_string("br"); > + > + > static ngx_int_t > ngx_http_gzip_static_handler(ngx_http_request_t *r) > { > - u_char *p; > - size_t root; > - ngx_str_t path; > ngx_int_t rc; > - ngx_uint_t level; > - ngx_log_t *log; > - ngx_buf_t *b; > - ngx_chain_t out; > - ngx_table_elt_t *h; > - ngx_open_file_info_t of; > ngx_http_core_loc_conf_t *clcf; > ngx_http_gzip_static_conf_t *gzcf; > > @@ -105,19 +110,56 @@ > > gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF > + && gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { > return NGX_DECLINED; > } > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { > - rc = ngx_http_gzip_ok(r); > + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > > - } else { > - /* always */ > - rc = NGX_OK; > + rc = NGX_DECLINED; > + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { > + rc = ngx_http_gzip_ok(r); > + } else { > + /* always */ > + rc = NGX_OK; > + } > + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, > clcf, > + &encoding_gzip); > } > > - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == > NGX_DECLINED) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { > + rc = ngx_http_gzip_ok(r); > + } else { > + /* always */ > + rc = NGX_OK; > + } > + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, rc, > clcf, > + &encoding_brotli); > + } > + > + return rc; > +} > + > + > +static ngx_int_t > +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t enable, > + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) > +{ > + u_char *p; > + size_t root; > + ngx_str_t path; > + ngx_int_t rc; > + ngx_uint_t level; > + ngx_log_t *log; > + ngx_buf_t *b; > + ngx_chain_t out; > + ngx_table_elt_t *h; > + ngx_open_file_info_t of; > + > + rc = ok; > > if (!clcf->gzip_vary && rc != NGX_OK) { > return NGX_DECLINED; > @@ -125,14 +167,14 @@ > > log = r->connection->log; > > - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); > + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); > if (p == NULL) { > return NGX_HTTP_INTERNAL_SERVER_ERROR; > } > > *p++ = '.'; > - *p++ = 'g'; > - *p++ = 'z'; > + *p++ = encoding->data[0]; > + *p++ = encoding->data[1]; > *p = '\0'; > > path.len = p - path.data; > @@ -188,7 +230,7 @@ > return NGX_DECLINED; > } > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { > + if (enable == NGX_HTTP_GZIP_STATIC_ON) { > r->gzip_vary = 1; > > if (rc != NGX_OK) { > @@ -243,7 +285,7 @@ > > h->hash = 1; > ngx_str_set(&h->key, "Content-Encoding"); > - ngx_str_set(&h->value, "gzip"); > + h->value = *encoding; > r->headers_out.content_encoding = h; > > /* we need to allocate all before the header would be sent */ > @@ -293,7 +335,8 @@ > return NULL; > } > > - conf->enable = NGX_CONF_UNSET_UINT; > + conf->enable_gzip = NGX_CONF_UNSET_UINT; > + conf->enable_brotli = NGX_CONF_UNSET_UINT; > > return conf; > } > @@ -305,7 +348,9 @@ > ngx_http_gzip_static_conf_t *prev = parent; > ngx_http_gzip_static_conf_t *conf = child; > > - ngx_conf_merge_uint_value(conf->enable, prev->enable, > + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, > + NGX_HTTP_GZIP_STATIC_OFF); > + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, > NGX_HTTP_GZIP_STATIC_OFF); > > return NGX_CONF_OK; > diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/ngx_http_core_module.c > --- a/src/http/ngx_http_core_module.c Tue Feb 14 18:36:04 2017 +0300 > +++ b/src/http/ngx_http_core_module.c Fri Feb 24 11:35:24 2017 +0100 > @@ -74,8 +74,8 @@ > static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, > void *conf); > #if (NGX_HTTP_GZIP) > -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); > -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); > +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t > n); > +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); > static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, > void *conf); > #endif > @@ -2170,7 +2170,7 @@ > */ > > if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 > - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) > + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) > { > return NGX_DECLINED; > } > @@ -2297,15 +2297,42 @@ > } > > > +ngx_int_t > +ngx_http_brotli_ok(ngx_http_request_t *r) > +{ > + ngx_table_elt_t *ae; > + > + if (r != r->main) { > + return NGX_DECLINED; > + } > + > + ae = r->headers_in.accept_encoding; > + if (ae == NULL) { > + return NGX_DECLINED; > + } > + > + if (ae->value.len < sizeof("br") - 1) { > + return NGX_DECLINED; > + } > + > + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) > + { > + return NGX_DECLINED; > + } > + > + return NGX_OK; > +} > + > + > /* > - * gzip is enabled for the following quantities: > - * "gzip; q=0.001" ... "gzip; q=1.000" > - * gzip is disabled for the following quantities: > - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases > + * encoding is enabled for the following quantities: > + * "gzip; q=0.001" ... "gzip; q=1.000" > + * encoding is disabled for the following quantities: > + * "br; q=0" ... "br; q=0.000", and for any invalid cases > */ > > static ngx_int_t > -ngx_http_gzip_accept_encoding(ngx_str_t *ae) > +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) > { > u_char *p, *start, *last; > > @@ -2313,7 +2340,7 @@ > last = start + ae->len; > > for ( ;; ) { > - p = ngx_strcasestrn(start, "gzip", 4 - 1); > + p = ngx_strcasestrn(start, e, n - 1); > if (p == NULL) { > return NGX_DECLINED; > } > @@ -2322,10 +2349,10 @@ > break; > } > > - start = p + 4; > - } > - > - p += 4; > + start = p + n; > + } > + > + p += n; > > while (p < last) { > switch (*p++) { > @@ -2364,7 +2391,7 @@ > return NGX_DECLINED; > } > > - if (ngx_http_gzip_quantity(p, last) == 0) { > + if (ngx_http_encoding_quantity(p, last) == 0) { > return NGX_DECLINED; > } > > @@ -2373,7 +2400,7 @@ > > > static ngx_uint_t > -ngx_http_gzip_quantity(u_char *p, u_char *last) > +ngx_http_encoding_quantity(u_char *p, u_char *last) > { > u_char c; > ngx_uint_t n, q; > diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/ngx_http_core_module.h > --- a/src/http/ngx_http_core_module.h Tue Feb 14 18:36:04 2017 +0300 > +++ b/src/http/ngx_http_core_module.h Fri Feb 24 11:35:24 2017 +0100 > @@ -504,6 +504,7 @@ > ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); > #if (NGX_HTTP_GZIP) > ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); > +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); > #endif > > > > > > > On 24 February 2017 at 09:05, Ryan wrote: > >> Do you have a brotli patch that applies cleanly with nginx-1.11.10. I'm >> getting many patch fails. >> >> On Fri, Feb 24, 2017 at 8:03 AM, Eugene Kluchnikov >> wrote: >> >>> # HG changeset patch >>> # User Evgenii Kliuchnikov >>> # Date 1487764873 -3600 >>> # Wed Feb 22 13:01:13 2017 +0100 >>> # Node ID c230f3874e060ccb14d7560233f2c70a910640a1 >>> # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c >>> Add brotli static serving support. >>> >>> Both .gz and .br static content is served by >>> ngx_http_gzip_static_modile, but have separate configuration. >>> >>> diff -r 87cf6ddb41c2 -r c230f3874e06 contrib/vim/syntax/nginx.vim >>> --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 >>> +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 >>> @@ -86,6 +86,7 @@ >>> syn keyword ngxDirective autoindex >>> syn keyword ngxDirective autoindex_exact_size >>> syn keyword ngxDirective autoindex_localtime >>> +syn keyword ngxDirective brotli_static >>> syn keyword ngxDirective charset >>> syn keyword ngxDirective charset_types >>> syn keyword ngxDirective chunked_transfer_encoding >>> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/modules/ngx_http_gzip >>> _static_module.c >>> --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 >>> 17:01:27 2017 +0300 >>> +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 >>> 13:01:13 2017 +0100 >>> @@ -16,10 +16,14 @@ >>> >>> >>> typedef struct { >>> - ngx_uint_t enable; >>> + ngx_uint_t enable_gzip; >>> + ngx_uint_t enable_brotli; >>> } ngx_http_gzip_static_conf_t; >>> >>> >>> +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, >>> + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, >>> + ngx_str_t *encoding); >>> static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); >>> static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); >>> static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void >>> *parent, >>> @@ -41,7 +45,14 @@ >>> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>> CONF_TAKE1, >>> ngx_conf_set_enum_slot, >>> NGX_HTTP_LOC_CONF_OFFSET, >>> - offsetof(ngx_http_gzip_static_conf_t, enable), >>> + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), >>> + &ngx_http_gzip_static }, >>> + >>> + { ngx_string("brotli_static"), >>> + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>> CONF_TAKE1, >>> + ngx_conf_set_enum_slot, >>> + NGX_HTTP_LOC_CONF_OFFSET, >>> + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), >>> &ngx_http_gzip_static }, >>> >>> ngx_null_command >>> @@ -79,19 +90,14 @@ >>> }; >>> >>> >>> +static ngx_str_t encoding_gzip = ngx_string("gzip"); >>> +static ngx_str_t encoding_brotli = ngx_string("br"); >>> + >>> + >>> static ngx_int_t >>> ngx_http_gzip_static_handler(ngx_http_request_t *r) >>> { >>> - u_char *p; >>> - size_t root; >>> - ngx_str_t path; >>> ngx_int_t rc; >>> - ngx_uint_t level; >>> - ngx_log_t *log; >>> - ngx_buf_t *b; >>> - ngx_chain_t out; >>> - ngx_table_elt_t *h; >>> - ngx_open_file_info_t of; >>> ngx_http_core_loc_conf_t *clcf; >>> ngx_http_gzip_static_conf_t *gzcf; >>> >>> @@ -105,19 +111,56 @@ >>> >>> gzcf = ngx_http_get_module_loc_conf(r, >>> ngx_http_gzip_static_module); >>> >>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { >>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && >>> + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { >>> return NGX_DECLINED; >>> } >>> >>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>> - rc = ngx_http_gzip_ok(r); >>> + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>> >>> - } else { >>> - /* always */ >>> - rc = NGX_OK; >>> + rc = NGX_DECLINED; >>> + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { >>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>> + rc = ngx_http_gzip_ok(r); >>> + } else { >>> + /* always */ >>> + rc = NGX_OK; >>> + } >>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, >>> clcf, >>> + &encoding_gzip); >>> } >>> >>> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>> + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == >>> NGX_DECLINED) { >>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>> + rc = ngx_http_gzip_ok(r); >>> + } else { >>> + /* always */ >>> + rc = NGX_OK; >>> + } >>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, >>> rc, clcf, >>> + &encoding_brotli); >>> + } >>> + >>> + return rc; >>> +} >>> + >>> + >>> +static ngx_int_t >>> +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t >>> enable, >>> + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) >>> +{ >>> + u_char *p; >>> + size_t root; >>> + ngx_str_t path; >>> + ngx_int_t rc; >>> + ngx_uint_t level; >>> + ngx_log_t *log; >>> + ngx_buf_t *b; >>> + ngx_chain_t out; >>> + ngx_table_elt_t *h; >>> + ngx_open_file_info_t of; >>> + >>> + rc = ok; >>> >>> if (!clcf->gzip_vary && rc != NGX_OK) { >>> return NGX_DECLINED; >>> @@ -125,14 +168,14 @@ >>> >>> log = r->connection->log; >>> >>> - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); >>> + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); >>> if (p == NULL) { >>> return NGX_HTTP_INTERNAL_SERVER_ERROR; >>> } >>> >>> *p++ = '.'; >>> - *p++ = 'g'; >>> - *p++ = 'z'; >>> + *p++ = encoding->data[0]; >>> + *p++ = encoding->data[1]; >>> *p = '\0'; >>> >>> path.len = p - path.data; >>> @@ -188,7 +231,7 @@ >>> return NGX_DECLINED; >>> } >>> >>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>> + if (enable == NGX_HTTP_GZIP_STATIC_ON) { >>> r->gzip_vary = 1; >>> >>> if (rc != NGX_OK) { >>> @@ -243,7 +286,7 @@ >>> >>> h->hash = 1; >>> ngx_str_set(&h->key, "Content-Encoding"); >>> - ngx_str_set(&h->value, "gzip"); >>> + h->value = *encoding; >>> r->headers_out.content_encoding = h; >>> >>> /* we need to allocate all before the header would be sent */ >>> @@ -293,7 +336,8 @@ >>> return NULL; >>> } >>> >>> - conf->enable = NGX_CONF_UNSET_UINT; >>> + conf->enable_gzip = NGX_CONF_UNSET_UINT; >>> + conf->enable_brotli = NGX_CONF_UNSET_UINT; >>> >>> return conf; >>> } >>> @@ -305,7 +349,9 @@ >>> ngx_http_gzip_static_conf_t *prev = parent; >>> ngx_http_gzip_static_conf_t *conf = child; >>> >>> - ngx_conf_merge_uint_value(conf->enable, prev->enable, >>> + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, >>> + NGX_HTTP_GZIP_STATIC_OFF); >>> + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, >>> NGX_HTTP_GZIP_STATIC_OFF); >>> >>> return NGX_CONF_OK; >>> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.c >>> --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 >>> +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 >>> @@ -74,8 +74,8 @@ >>> static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, >>> void *conf); >>> #if (NGX_HTTP_GZIP) >>> -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); >>> -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); >>> +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, >>> size_t n); >>> +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); >>> static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, >>> void *conf); >>> #endif >>> @@ -2170,7 +2170,7 @@ >>> */ >>> >>> if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 >>> - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) >>> + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) >>> { >>> return NGX_DECLINED; >>> } >>> @@ -2297,15 +2297,42 @@ >>> } >>> >>> >>> +ngx_int_t >>> +ngx_http_brotli_ok(ngx_http_request_t *r) >>> +{ >>> + ngx_table_elt_t *ae; >>> + >>> + if (r != r->main) { >>> + return NGX_DECLINED; >>> + } >>> + >>> + ae = r->headers_in.accept_encoding; >>> + if (ae == NULL) { >>> + return NGX_DECLINED; >>> + } >>> + >>> + if (ae->value.len < sizeof("br") - 1) { >>> + return NGX_DECLINED; >>> + } >>> + >>> + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) >>> + { >>> + return NGX_DECLINED; >>> + } >>> + >>> + return NGX_OK; >>> +} >>> + >>> + >>> /* >>> - * gzip is enabled for the following quantities: >>> + * encoding is enabled for the following quantities: >>> * "gzip; q=0.001" ... "gzip; q=1.000" >>> - * gzip is disabled for the following quantities: >>> - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases >>> + * encoding is disabled for the following quantities: >>> + * "br; q=0" ... "br; q=0.000", and for any invalid cases >>> */ >>> >>> static ngx_int_t >>> -ngx_http_gzip_accept_encoding(ngx_str_t *ae) >>> +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) >>> { >>> u_char *p, *start, *last; >>> >>> @@ -2313,7 +2340,7 @@ >>> last = start + ae->len; >>> >>> for ( ;; ) { >>> - p = ngx_strcasestrn(start, "gzip", 4 - 1); >>> + p = ngx_strcasestrn(start, e, n - 1); >>> if (p == NULL) { >>> return NGX_DECLINED; >>> } >>> @@ -2322,10 +2349,10 @@ >>> break; >>> } >>> >>> - start = p + 4; >>> - } >>> - >>> - p += 4; >>> + start = p + n; >>> + } >>> + >>> + p += n; >>> >>> while (p < last) { >>> switch (*p++) { >>> @@ -2364,7 +2391,7 @@ >>> return NGX_DECLINED; >>> } >>> >>> - if (ngx_http_gzip_quantity(p, last) == 0) { >>> + if (ngx_http_encoding_quantity(p, last) == 0) { >>> return NGX_DECLINED; >>> } >>> >>> @@ -2373,7 +2400,7 @@ >>> >>> >>> static ngx_uint_t >>> -ngx_http_gzip_quantity(u_char *p, u_char *last) >>> +ngx_http_encoding_quantity(u_char *p, u_char *last) >>> { >>> u_char c; >>> ngx_uint_t n, q; >>> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.h >>> --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 >>> +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 >>> @@ -504,6 +504,7 @@ >>> ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); >>> #if (NGX_HTTP_GZIP) >>> ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); >>> +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); >>> #endif >>> >>> >>> >>> >>> >>> Fixed "Content-Encoding" value. >>> >>> On 23 February 2017 at 13:11, Eugene Kluchnikov >>> wrote: >>> >>>> # HG changeset patch >>>> # User Evgenii Kliuchnikov >>>> # Date 1487764873 -3600 >>>> # Wed Feb 22 13:01:13 2017 +0100 >>>> # Node ID 96939e63f30579f2f32e843d217bd46fa6086bb4 >>>> # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c >>>> Add brotli static serving support. >>>> >>>> Both .gz and .br static content is served by >>>> ngx_http_gzip_static_modile, but have separate configuration. >>>> >>>> diff -r 87cf6ddb41c2 -r 96939e63f305 contrib/vim/syntax/nginx.vim >>>> --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 >>>> +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 >>>> @@ -86,6 +86,7 @@ >>>> syn keyword ngxDirective autoindex >>>> syn keyword ngxDirective autoindex_exact_size >>>> syn keyword ngxDirective autoindex_localtime >>>> +syn keyword ngxDirective brotli_static >>>> syn keyword ngxDirective charset >>>> syn keyword ngxDirective charset_types >>>> syn keyword ngxDirective chunked_transfer_encoding >>>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/modules/ngx_http_gzip >>>> _static_module.c >>>> --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 >>>> 17:01:27 2017 +0300 >>>> +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 >>>> 13:01:13 2017 +0100 >>>> @@ -16,10 +16,14 @@ >>>> >>>> >>>> typedef struct { >>>> - ngx_uint_t enable; >>>> + ngx_uint_t enable_gzip; >>>> + ngx_uint_t enable_brotli; >>>> } ngx_http_gzip_static_conf_t; >>>> >>>> >>>> +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t >>>> *r, >>>> + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, >>>> + ngx_str_t *encoding); >>>> static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); >>>> static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); >>>> static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void >>>> *parent, >>>> @@ -41,7 +45,14 @@ >>>> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>>> CONF_TAKE1, >>>> ngx_conf_set_enum_slot, >>>> NGX_HTTP_LOC_CONF_OFFSET, >>>> - offsetof(ngx_http_gzip_static_conf_t, enable), >>>> + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), >>>> + &ngx_http_gzip_static }, >>>> + >>>> + { ngx_string("brotli_static"), >>>> + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>>> CONF_TAKE1, >>>> + ngx_conf_set_enum_slot, >>>> + NGX_HTTP_LOC_CONF_OFFSET, >>>> + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), >>>> &ngx_http_gzip_static }, >>>> >>>> ngx_null_command >>>> @@ -79,19 +90,13 @@ >>>> }; >>>> >>>> >>>> +static ngx_str_t encoding_gzip = ngx_string("gzip"); >>>> +static ngx_str_t encoding_brotli = ngx_string("brotli"); >>>> + >>>> static ngx_int_t >>>> ngx_http_gzip_static_handler(ngx_http_request_t *r) >>>> { >>>> - u_char *p; >>>> - size_t root; >>>> - ngx_str_t path; >>>> ngx_int_t rc; >>>> - ngx_uint_t level; >>>> - ngx_log_t *log; >>>> - ngx_buf_t *b; >>>> - ngx_chain_t out; >>>> - ngx_table_elt_t *h; >>>> - ngx_open_file_info_t of; >>>> ngx_http_core_loc_conf_t *clcf; >>>> ngx_http_gzip_static_conf_t *gzcf; >>>> >>>> @@ -105,19 +110,56 @@ >>>> >>>> gzcf = ngx_http_get_module_loc_conf(r, >>>> ngx_http_gzip_static_module); >>>> >>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { >>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && >>>> + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { >>>> return NGX_DECLINED; >>>> } >>>> >>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>>> - rc = ngx_http_gzip_ok(r); >>>> + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>>> >>>> - } else { >>>> - /* always */ >>>> - rc = NGX_OK; >>>> + rc = NGX_DECLINED; >>>> + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { >>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>>> + rc = ngx_http_gzip_ok(r); >>>> + } else { >>>> + /* always */ >>>> + rc = NGX_OK; >>>> + } >>>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, >>>> rc, clcf, >>>> + &encoding_gzip); >>>> } >>>> >>>> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>>> + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == >>>> NGX_DECLINED) { >>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>>> + rc = ngx_http_gzip_ok(r); >>>> + } else { >>>> + /* always */ >>>> + rc = NGX_OK; >>>> + } >>>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, >>>> rc, clcf, >>>> + &encoding_brotli); >>>> + } >>>> + >>>> + return rc; >>>> +} >>>> + >>>> + >>>> +static ngx_int_t >>>> +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t >>>> enable, >>>> + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) >>>> +{ >>>> + u_char *p; >>>> + size_t root; >>>> + ngx_str_t path; >>>> + ngx_int_t rc; >>>> + ngx_uint_t level; >>>> + ngx_log_t *log; >>>> + ngx_buf_t *b; >>>> + ngx_chain_t out; >>>> + ngx_table_elt_t *h; >>>> + ngx_open_file_info_t of; >>>> + >>>> + rc = ok; >>>> >>>> if (!clcf->gzip_vary && rc != NGX_OK) { >>>> return NGX_DECLINED; >>>> @@ -125,14 +167,14 @@ >>>> >>>> log = r->connection->log; >>>> >>>> - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); >>>> + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); >>>> if (p == NULL) { >>>> return NGX_HTTP_INTERNAL_SERVER_ERROR; >>>> } >>>> >>>> *p++ = '.'; >>>> - *p++ = 'g'; >>>> - *p++ = 'z'; >>>> + *p++ = encoding->data[0]; >>>> + *p++ = encoding->data[1]; >>>> *p = '\0'; >>>> >>>> path.len = p - path.data; >>>> @@ -188,7 +230,7 @@ >>>> return NGX_DECLINED; >>>> } >>>> >>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>>> + if (enable == NGX_HTTP_GZIP_STATIC_ON) { >>>> r->gzip_vary = 1; >>>> >>>> if (rc != NGX_OK) { >>>> @@ -243,7 +285,7 @@ >>>> >>>> h->hash = 1; >>>> ngx_str_set(&h->key, "Content-Encoding"); >>>> - ngx_str_set(&h->value, "gzip"); >>>> + h->value = *encoding; >>>> r->headers_out.content_encoding = h; >>>> >>>> /* we need to allocate all before the header would be sent */ >>>> @@ -293,7 +335,8 @@ >>>> return NULL; >>>> } >>>> >>>> - conf->enable = NGX_CONF_UNSET_UINT; >>>> + conf->enable_gzip = NGX_CONF_UNSET_UINT; >>>> + conf->enable_brotli = NGX_CONF_UNSET_UINT; >>>> >>>> return conf; >>>> } >>>> @@ -305,7 +348,9 @@ >>>> ngx_http_gzip_static_conf_t *prev = parent; >>>> ngx_http_gzip_static_conf_t *conf = child; >>>> >>>> - ngx_conf_merge_uint_value(conf->enable, prev->enable, >>>> + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, >>>> + NGX_HTTP_GZIP_STATIC_OFF); >>>> + ngx_conf_merge_uint_value(conf->enable_brotli, >>>> prev->enable_brotli, >>>> NGX_HTTP_GZIP_STATIC_OFF); >>>> >>>> return NGX_CONF_OK; >>>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.c >>>> --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 >>>> +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 >>>> @@ -74,8 +74,8 @@ >>>> static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t >>>> *cmd, >>>> void *conf); >>>> #if (NGX_HTTP_GZIP) >>>> -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); >>>> -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); >>>> +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, >>>> size_t n); >>>> +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); >>>> static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, >>>> void *conf); >>>> #endif >>>> @@ -2170,7 +2170,7 @@ >>>> */ >>>> >>>> if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 >>>> - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) >>>> + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) >>>> { >>>> return NGX_DECLINED; >>>> } >>>> @@ -2297,15 +2297,42 @@ >>>> } >>>> >>>> >>>> +ngx_int_t >>>> +ngx_http_brotli_ok(ngx_http_request_t *r) >>>> +{ >>>> + ngx_table_elt_t *ae; >>>> + >>>> + if (r != r->main) { >>>> + return NGX_DECLINED; >>>> + } >>>> + >>>> + ae = r->headers_in.accept_encoding; >>>> + if (ae == NULL) { >>>> + return NGX_DECLINED; >>>> + } >>>> + >>>> + if (ae->value.len < sizeof("br") - 1) { >>>> + return NGX_DECLINED; >>>> + } >>>> + >>>> + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) >>>> + { >>>> + return NGX_DECLINED; >>>> + } >>>> + >>>> + return NGX_OK; >>>> +} >>>> + >>>> + >>>> /* >>>> - * gzip is enabled for the following quantities: >>>> + * encoding is enabled for the following quantities: >>>> * "gzip; q=0.001" ... "gzip; q=1.000" >>>> - * gzip is disabled for the following quantities: >>>> - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases >>>> + * encoding is disabled for the following quantities: >>>> + * "br; q=0" ... "br; q=0.000", and for any invalid cases >>>> */ >>>> >>>> static ngx_int_t >>>> -ngx_http_gzip_accept_encoding(ngx_str_t *ae) >>>> +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) >>>> { >>>> u_char *p, *start, *last; >>>> >>>> @@ -2313,7 +2340,7 @@ >>>> last = start + ae->len; >>>> >>>> for ( ;; ) { >>>> - p = ngx_strcasestrn(start, "gzip", 4 - 1); >>>> + p = ngx_strcasestrn(start, e, n - 1); >>>> if (p == NULL) { >>>> return NGX_DECLINED; >>>> } >>>> @@ -2322,10 +2349,10 @@ >>>> break; >>>> } >>>> >>>> - start = p + 4; >>>> - } >>>> - >>>> - p += 4; >>>> + start = p + n; >>>> + } >>>> + >>>> + p += n; >>>> >>>> while (p < last) { >>>> switch (*p++) { >>>> @@ -2364,7 +2391,7 @@ >>>> return NGX_DECLINED; >>>> } >>>> >>>> - if (ngx_http_gzip_quantity(p, last) == 0) { >>>> + if (ngx_http_encoding_quantity(p, last) == 0) { >>>> return NGX_DECLINED; >>>> } >>>> >>>> @@ -2373,7 +2400,7 @@ >>>> >>>> >>>> static ngx_uint_t >>>> -ngx_http_gzip_quantity(u_char *p, u_char *last) >>>> +ngx_http_encoding_quantity(u_char *p, u_char *last) >>>> { >>>> u_char c; >>>> ngx_uint_t n, q; >>>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.h >>>> --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 >>>> +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 >>>> @@ -504,6 +504,7 @@ >>>> ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); >>>> #if (NGX_HTTP_GZIP) >>>> ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); >>>> +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); >>>> #endif >>>> >>>> >>>> >>>> >>>> >>>> >>>> Take 2 - modify ngx_http_gzip_static_modile to serve both .gz and .br. >>>> >>>> >>>> On 22 February 2017 at 16:10, Eugene Kluchnikov >>>> wrote: >>>> >>>>> Yup. Going to try to create a "combined" module soon =) >>>>> >>>>> On 22 February 2017 at 15:40, Valentin V. Bartenev >>>>> wrote: >>>>>> >>>>>> At the first glance, the differences are really small and >>>>>> such functionality can be combined in one module. >>>>>> >>>>> >>> >>> >>> -- >>> ? ?????????? ???????????, ??????? ????????? >>> WBR, Eugene Kluchnikov >>> >>> _______________________________________________ >>> nginx-devel mailing list >>> nginx-devel at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >>> >> >> > > > -- > ? ?????????? ???????????, ??????? ????????? > WBR, Eugene Kluchnikov > -- ? ?????????? ???????????, ??????? ????????? WBR, Eugene Kluchnikov -------------- next part -------------- An HTML attachment was scrubbed... URL: From mp3geek at gmail.com Fri Feb 24 11:35:01 2017 From: mp3geek at gmail.com (Ryan) Date: Sat, 25 Feb 2017 00:35:01 +1300 Subject: [PATCH] Add static brotli module In-Reply-To: References: <2886732.38QkW4xQnI@vbart-workstation> Message-ID: An attachment might be easier also, since gmail is messing with the formatting of this. On Sat, Feb 25, 2017 at 12:08 AM, Eugene Kluchnikov wrote: > Fixed whitespaces. > It seems that patch over trunk and over 1.11.10 tag differ only in dates > and hashes. > > > # HG changeset patch > # User Evgenii Kliuchnikov > # Date 1487932524 -3600 > # Fri Feb 24 11:35:24 2017 +0100 > # Node ID 662115ad250f48cfdd7963de40bfe7c7c8ae8ba3 > # Parent 1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e > Add brotli static serving support (ontoZZ 1.11.10) > > Both .gz and .br static content is served by > ngx_http_gzip_static_modile, but have separate configuration. > > diff -r 1ad0999a7ded -r 662115ad250f contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim Tue Feb 14 18:36:04 2017 +0300 > +++ b/contrib/vim/syntax/nginx.vim Fri Feb 24 11:35:24 2017 +0100 > @@ -86,6 +86,7 @@ > syn keyword ngxDirective autoindex > syn keyword ngxDirective autoindex_exact_size > syn keyword ngxDirective autoindex_localtime > +syn keyword ngxDirective brotli_static > syn keyword ngxDirective charset > syn keyword ngxDirective charset_types > syn keyword ngxDirective chunked_transfer_encoding > diff -r 1ad0999a7ded -r 662115ad250f src/http/modules/ngx_http_ > gzip_static_module.c > --- a/src/http/modules/ngx_http_gzip_static_module.c Tue Feb 14 18:36:04 > 2017 +0300 > +++ b/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 24 11:35:24 > 2017 +0100 > @@ -16,10 +16,14 @@ > > > typedef struct { > - ngx_uint_t enable; > + ngx_uint_t enable_gzip; > + ngx_uint_t enable_brotli; > } ngx_http_gzip_static_conf_t; > > > +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, > + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, > + ngx_str_t *encoding); > static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); > static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); > static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void > *parent, > @@ -41,7 +45,14 @@ > NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF| > NGX_CONF_TAKE1, > ngx_conf_set_enum_slot, > NGX_HTTP_LOC_CONF_OFFSET, > - offsetof(ngx_http_gzip_static_conf_t, enable), > + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), > + &ngx_http_gzip_static }, > + > + { ngx_string("brotli_static"), > + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF| > NGX_CONF_TAKE1, > + ngx_conf_set_enum_slot, > + NGX_HTTP_LOC_CONF_OFFSET, > + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), > &ngx_http_gzip_static }, > > ngx_null_command > @@ -79,19 +90,14 @@ > }; > > > +static ngx_str_t encoding_gzip = ngx_string("gzip"); > +static ngx_str_t encoding_brotli = ngx_string("br"); > + > + > static ngx_int_t > ngx_http_gzip_static_handler(ngx_http_request_t *r) > { > - u_char *p; > - size_t root; > - ngx_str_t path; > ngx_int_t rc; > - ngx_uint_t level; > - ngx_log_t *log; > - ngx_buf_t *b; > - ngx_chain_t out; > - ngx_table_elt_t *h; > - ngx_open_file_info_t of; > ngx_http_core_loc_conf_t *clcf; > ngx_http_gzip_static_conf_t *gzcf; > > @@ -105,19 +111,56 @@ > > gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF > + && gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { > return NGX_DECLINED; > } > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { > - rc = ngx_http_gzip_ok(r); > + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > > - } else { > - /* always */ > - rc = NGX_OK; > + rc = NGX_DECLINED; > + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { > + rc = ngx_http_gzip_ok(r); > + } else { > + /* always */ > + rc = NGX_OK; > + } > + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, > clcf, > + &encoding_gzip); > } > > - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); > + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == > NGX_DECLINED) { > + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { > + rc = ngx_http_gzip_ok(r); > + } else { > + /* always */ > + rc = NGX_OK; > + } > + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, rc, > clcf, > + &encoding_brotli); > + } > + > + return rc; > +} > + > + > +static ngx_int_t > +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t enable, > + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) > +{ > + u_char *p; > + size_t root; > + ngx_str_t path; > + ngx_int_t rc; > + ngx_uint_t level; > + ngx_log_t *log; > + ngx_buf_t *b; > + ngx_chain_t out; > + ngx_table_elt_t *h; > + ngx_open_file_info_t of; > + > + rc = ok; > > if (!clcf->gzip_vary && rc != NGX_OK) { > return NGX_DECLINED; > @@ -125,14 +168,14 @@ > > log = r->connection->log; > > - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); > + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); > if (p == NULL) { > return NGX_HTTP_INTERNAL_SERVER_ERROR; > } > > *p++ = '.'; > - *p++ = 'g'; > - *p++ = 'z'; > + *p++ = encoding->data[0]; > + *p++ = encoding->data[1]; > *p = '\0'; > > path.len = p - path.data; > @@ -188,7 +231,7 @@ > return NGX_DECLINED; > } > > - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { > + if (enable == NGX_HTTP_GZIP_STATIC_ON) { > r->gzip_vary = 1; > > if (rc != NGX_OK) { > @@ -243,7 +286,7 @@ > > h->hash = 1; > ngx_str_set(&h->key, "Content-Encoding"); > - ngx_str_set(&h->value, "gzip"); > + h->value = *encoding; > r->headers_out.content_encoding = h; > > /* we need to allocate all before the header would be sent */ > @@ -293,7 +336,8 @@ > return NULL; > } > > - conf->enable = NGX_CONF_UNSET_UINT; > + conf->enable_gzip = NGX_CONF_UNSET_UINT; > + conf->enable_brotli = NGX_CONF_UNSET_UINT; > > return conf; > } > @@ -305,7 +349,9 @@ > ngx_http_gzip_static_conf_t *prev = parent; > ngx_http_gzip_static_conf_t *conf = child; > > - ngx_conf_merge_uint_value(conf->enable, prev->enable, > + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, > + NGX_HTTP_GZIP_STATIC_OFF); > + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, > NGX_HTTP_GZIP_STATIC_OFF); > > return NGX_CONF_OK; > diff -r 1ad0999a7ded -r 662115ad250f src/http/ngx_http_core_module.c > --- a/src/http/ngx_http_core_module.c Tue Feb 14 18:36:04 2017 +0300 > +++ b/src/http/ngx_http_core_module.c Fri Feb 24 11:35:24 2017 +0100 > @@ -74,8 +74,8 @@ > static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, > void *conf); > #if (NGX_HTTP_GZIP) > -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); > -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); > +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t > n); > +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); > static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, > void *conf); > #endif > @@ -2170,7 +2170,7 @@ > */ > > if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 > - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) > + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) > { > return NGX_DECLINED; > } > @@ -2297,15 +2297,42 @@ > } > > > +ngx_int_t > +ngx_http_brotli_ok(ngx_http_request_t *r) > +{ > + ngx_table_elt_t *ae; > + > + if (r != r->main) { > + return NGX_DECLINED; > + } > + > + ae = r->headers_in.accept_encoding; > + if (ae == NULL) { > + return NGX_DECLINED; > + } > + > + if (ae->value.len < sizeof("br") - 1) { > + return NGX_DECLINED; > + } > + > + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) > + { > + return NGX_DECLINED; > + } > + > + return NGX_OK; > +} > + > + > /* > - * gzip is enabled for the following quantities: > + * encoding is enabled for the following quantities: > * "gzip; q=0.001" ... "gzip; q=1.000" > - * gzip is disabled for the following quantities: > - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases > + * encoding is disabled for the following quantities: > + * "br; q=0" ... "br; q=0.000", and for any invalid cases > */ > > static ngx_int_t > -ngx_http_gzip_accept_encoding(ngx_str_t *ae) > +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) > { > u_char *p, *start, *last; > > @@ -2313,7 +2340,7 @@ > last = start + ae->len; > > for ( ;; ) { > - p = ngx_strcasestrn(start, "gzip", 4 - 1); > + p = ngx_strcasestrn(start, e, n - 1); > if (p == NULL) { > return NGX_DECLINED; > } > @@ -2322,10 +2349,10 @@ > break; > } > > - start = p + 4; > - } > - > - p += 4; > + start = p + n; > + } > + > + p += n; > > while (p < last) { > switch (*p++) { > @@ -2364,7 +2391,7 @@ > return NGX_DECLINED; > } > > - if (ngx_http_gzip_quantity(p, last) == 0) { > + if (ngx_http_encoding_quantity(p, last) == 0) { > return NGX_DECLINED; > } > > @@ -2373,7 +2400,7 @@ > > > static ngx_uint_t > -ngx_http_gzip_quantity(u_char *p, u_char *last) > +ngx_http_encoding_quantity(u_char *p, u_char *last) > { > u_char c; > ngx_uint_t n, q; > diff -r 1ad0999a7ded -r 662115ad250f src/http/ngx_http_core_module.h > --- a/src/http/ngx_http_core_module.h Tue Feb 14 18:36:04 2017 +0300 > +++ b/src/http/ngx_http_core_module.h Fri Feb 24 11:35:24 2017 +0100 > @@ -504,6 +504,7 @@ > ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); > #if (NGX_HTTP_GZIP) > ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); > +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); > #endif > > > > > > > On 24 February 2017 at 12:01, Eugene Kluchnikov > wrote: > >> Easily =) >> >> >> # HG changeset patch >> # User Evgenii Kliuchnikov >> # Date 1487932524 -3600 >> # Fri Feb 24 11:35:24 2017 +0100 >> # Node ID e1f5e06ade015f9855a6f683817cde7bb0f243a3 >> # Parent 1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e >> Add brotli static (over nginx-1.11.10) >> >> diff -r 1ad0999a7ded -r e1f5e06ade01 contrib/vim/syntax/nginx.vim >> --- a/contrib/vim/syntax/nginx.vim Tue Feb 14 18:36:04 2017 +0300 >> +++ b/contrib/vim/syntax/nginx.vim Fri Feb 24 11:35:24 2017 +0100 >> @@ -86,6 +86,7 @@ >> syn keyword ngxDirective autoindex >> syn keyword ngxDirective autoindex_exact_size >> syn keyword ngxDirective autoindex_localtime >> +syn keyword ngxDirective brotli_static >> syn keyword ngxDirective charset >> syn keyword ngxDirective charset_types >> syn keyword ngxDirective chunked_transfer_encoding >> diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/modules/ngx_http_gzip >> _static_module.c >> --- a/src/http/modules/ngx_http_gzip_static_module.c Tue Feb 14 18:36:04 >> 2017 +0300 >> +++ b/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 24 11:35:24 >> 2017 +0100 >> @@ -16,10 +16,13 @@ >> >> >> typedef struct { >> - ngx_uint_t enable; >> + ngx_uint_t enable_gzip; >> + ngx_uint_t enable_brotli; >> } ngx_http_gzip_static_conf_t; >> >> - >> +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t *r, >> + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, >> + ngx_str_t *encoding); >> static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); >> static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); >> static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void >> *parent, >> @@ -41,7 +44,14 @@ >> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >> CONF_TAKE1, >> ngx_conf_set_enum_slot, >> NGX_HTTP_LOC_CONF_OFFSET, >> - offsetof(ngx_http_gzip_static_conf_t, enable), >> + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), >> + &ngx_http_gzip_static }, >> + >> + { ngx_string("brotli_static"), >> + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >> CONF_TAKE1, >> + ngx_conf_set_enum_slot, >> + NGX_HTTP_LOC_CONF_OFFSET, >> + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), >> &ngx_http_gzip_static }, >> >> ngx_null_command >> @@ -79,19 +89,14 @@ >> }; >> >> >> +static ngx_str_t encoding_gzip = ngx_string("gzip"); >> +static ngx_str_t encoding_brotli = ngx_string("br"); >> + >> + >> static ngx_int_t >> ngx_http_gzip_static_handler(ngx_http_request_t *r) >> { >> - u_char *p; >> - size_t root; >> - ngx_str_t path; >> ngx_int_t rc; >> - ngx_uint_t level; >> - ngx_log_t *log; >> - ngx_buf_t *b; >> - ngx_chain_t out; >> - ngx_table_elt_t *h; >> - ngx_open_file_info_t of; >> ngx_http_core_loc_conf_t *clcf; >> ngx_http_gzip_static_conf_t *gzcf; >> >> @@ -105,19 +110,56 @@ >> >> gzcf = ngx_http_get_module_loc_conf(r, ngx_http_gzip_static_module); >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF >> + && gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { >> return NGX_DECLINED; >> } >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >> - rc = ngx_http_gzip_ok(r); >> + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >> >> - } else { >> - /* always */ >> - rc = NGX_OK; >> + rc = NGX_DECLINED; >> + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >> + rc = ngx_http_gzip_ok(r); >> + } else { >> + /* always */ >> + rc = NGX_OK; >> + } >> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, rc, >> clcf, >> + &encoding_gzip); >> } >> >> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >> + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == >> NGX_DECLINED) { >> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >> + rc = ngx_http_gzip_ok(r); >> + } else { >> + /* always */ >> + rc = NGX_OK; >> + } >> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, >> rc, clcf, >> + &encoding_brotli); >> + } >> + >> + return rc; >> +} >> + >> + >> +static ngx_int_t >> +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t >> enable, >> + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) >> +{ >> + u_char *p; >> + size_t root; >> + ngx_str_t path; >> + ngx_int_t rc; >> + ngx_uint_t level; >> + ngx_log_t *log; >> + ngx_buf_t *b; >> + ngx_chain_t out; >> + ngx_table_elt_t *h; >> + ngx_open_file_info_t of; >> + >> + rc = ok; >> >> if (!clcf->gzip_vary && rc != NGX_OK) { >> return NGX_DECLINED; >> @@ -125,14 +167,14 @@ >> >> log = r->connection->log; >> >> - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); >> + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); >> if (p == NULL) { >> return NGX_HTTP_INTERNAL_SERVER_ERROR; >> } >> >> *p++ = '.'; >> - *p++ = 'g'; >> - *p++ = 'z'; >> + *p++ = encoding->data[0]; >> + *p++ = encoding->data[1]; >> *p = '\0'; >> >> path.len = p - path.data; >> @@ -188,7 +230,7 @@ >> return NGX_DECLINED; >> } >> >> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >> + if (enable == NGX_HTTP_GZIP_STATIC_ON) { >> r->gzip_vary = 1; >> >> if (rc != NGX_OK) { >> @@ -243,7 +285,7 @@ >> >> h->hash = 1; >> ngx_str_set(&h->key, "Content-Encoding"); >> - ngx_str_set(&h->value, "gzip"); >> + h->value = *encoding; >> r->headers_out.content_encoding = h; >> >> /* we need to allocate all before the header would be sent */ >> @@ -293,7 +335,8 @@ >> return NULL; >> } >> >> - conf->enable = NGX_CONF_UNSET_UINT; >> + conf->enable_gzip = NGX_CONF_UNSET_UINT; >> + conf->enable_brotli = NGX_CONF_UNSET_UINT; >> >> return conf; >> } >> @@ -305,7 +348,9 @@ >> ngx_http_gzip_static_conf_t *prev = parent; >> ngx_http_gzip_static_conf_t *conf = child; >> >> - ngx_conf_merge_uint_value(conf->enable, prev->enable, >> + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, >> + NGX_HTTP_GZIP_STATIC_OFF); >> + ngx_conf_merge_uint_value(conf->enable_brotli, prev->enable_brotli, >> NGX_HTTP_GZIP_STATIC_OFF); >> >> return NGX_CONF_OK; >> diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/ngx_http_core_module.c >> --- a/src/http/ngx_http_core_module.c Tue Feb 14 18:36:04 2017 +0300 >> +++ b/src/http/ngx_http_core_module.c Fri Feb 24 11:35:24 2017 +0100 >> @@ -74,8 +74,8 @@ >> static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t *cmd, >> void *conf); >> #if (NGX_HTTP_GZIP) >> -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); >> -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); >> +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, >> size_t n); >> +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); >> static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, >> void *conf); >> #endif >> @@ -2170,7 +2170,7 @@ >> */ >> >> if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 >> - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) >> + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) >> { >> return NGX_DECLINED; >> } >> @@ -2297,15 +2297,42 @@ >> } >> >> >> +ngx_int_t >> +ngx_http_brotli_ok(ngx_http_request_t *r) >> +{ >> + ngx_table_elt_t *ae; >> + >> + if (r != r->main) { >> + return NGX_DECLINED; >> + } >> + >> + ae = r->headers_in.accept_encoding; >> + if (ae == NULL) { >> + return NGX_DECLINED; >> + } >> + >> + if (ae->value.len < sizeof("br") - 1) { >> + return NGX_DECLINED; >> + } >> + >> + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) >> + { >> + return NGX_DECLINED; >> + } >> + >> + return NGX_OK; >> +} >> + >> + >> /* >> - * gzip is enabled for the following quantities: >> - * "gzip; q=0.001" ... "gzip; q=1.000" >> - * gzip is disabled for the following quantities: >> - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases >> + * encoding is enabled for the following quantities: >> + * "gzip; q=0.001" ... "gzip; q=1.000" >> + * encoding is disabled for the following quantities: >> + * "br; q=0" ... "br; q=0.000", and for any invalid cases >> */ >> >> static ngx_int_t >> -ngx_http_gzip_accept_encoding(ngx_str_t *ae) >> +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) >> { >> u_char *p, *start, *last; >> >> @@ -2313,7 +2340,7 @@ >> last = start + ae->len; >> >> for ( ;; ) { >> - p = ngx_strcasestrn(start, "gzip", 4 - 1); >> + p = ngx_strcasestrn(start, e, n - 1); >> if (p == NULL) { >> return NGX_DECLINED; >> } >> @@ -2322,10 +2349,10 @@ >> break; >> } >> >> - start = p + 4; >> - } >> - >> - p += 4; >> + start = p + n; >> + } >> + >> + p += n; >> >> while (p < last) { >> switch (*p++) { >> @@ -2364,7 +2391,7 @@ >> return NGX_DECLINED; >> } >> >> - if (ngx_http_gzip_quantity(p, last) == 0) { >> + if (ngx_http_encoding_quantity(p, last) == 0) { >> return NGX_DECLINED; >> } >> >> @@ -2373,7 +2400,7 @@ >> >> >> static ngx_uint_t >> -ngx_http_gzip_quantity(u_char *p, u_char *last) >> +ngx_http_encoding_quantity(u_char *p, u_char *last) >> { >> u_char c; >> ngx_uint_t n, q; >> diff -r 1ad0999a7ded -r e1f5e06ade01 src/http/ngx_http_core_module.h >> --- a/src/http/ngx_http_core_module.h Tue Feb 14 18:36:04 2017 +0300 >> +++ b/src/http/ngx_http_core_module.h Fri Feb 24 11:35:24 2017 +0100 >> @@ -504,6 +504,7 @@ >> ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); >> #if (NGX_HTTP_GZIP) >> ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); >> +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); >> #endif >> >> >> >> >> >> >> On 24 February 2017 at 09:05, Ryan wrote: >> >>> Do you have a brotli patch that applies cleanly with nginx-1.11.10. I'm >>> getting many patch fails. >>> >>> On Fri, Feb 24, 2017 at 8:03 AM, Eugene Kluchnikov >>> wrote: >>> >>>> # HG changeset patch >>>> # User Evgenii Kliuchnikov >>>> # Date 1487764873 -3600 >>>> # Wed Feb 22 13:01:13 2017 +0100 >>>> # Node ID c230f3874e060ccb14d7560233f2c70a910640a1 >>>> # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c >>>> Add brotli static serving support. >>>> >>>> Both .gz and .br static content is served by >>>> ngx_http_gzip_static_modile, but have separate configuration. >>>> >>>> diff -r 87cf6ddb41c2 -r c230f3874e06 contrib/vim/syntax/nginx.vim >>>> --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 >>>> +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 >>>> @@ -86,6 +86,7 @@ >>>> syn keyword ngxDirective autoindex >>>> syn keyword ngxDirective autoindex_exact_size >>>> syn keyword ngxDirective autoindex_localtime >>>> +syn keyword ngxDirective brotli_static >>>> syn keyword ngxDirective charset >>>> syn keyword ngxDirective charset_types >>>> syn keyword ngxDirective chunked_transfer_encoding >>>> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/modules/ngx_http_gzip >>>> _static_module.c >>>> --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 >>>> 17:01:27 2017 +0300 >>>> +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 >>>> 13:01:13 2017 +0100 >>>> @@ -16,10 +16,14 @@ >>>> >>>> >>>> typedef struct { >>>> - ngx_uint_t enable; >>>> + ngx_uint_t enable_gzip; >>>> + ngx_uint_t enable_brotli; >>>> } ngx_http_gzip_static_conf_t; >>>> >>>> >>>> +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t >>>> *r, >>>> + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, >>>> + ngx_str_t *encoding); >>>> static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); >>>> static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); >>>> static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void >>>> *parent, >>>> @@ -41,7 +45,14 @@ >>>> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>>> CONF_TAKE1, >>>> ngx_conf_set_enum_slot, >>>> NGX_HTTP_LOC_CONF_OFFSET, >>>> - offsetof(ngx_http_gzip_static_conf_t, enable), >>>> + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), >>>> + &ngx_http_gzip_static }, >>>> + >>>> + { ngx_string("brotli_static"), >>>> + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>>> CONF_TAKE1, >>>> + ngx_conf_set_enum_slot, >>>> + NGX_HTTP_LOC_CONF_OFFSET, >>>> + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), >>>> &ngx_http_gzip_static }, >>>> >>>> ngx_null_command >>>> @@ -79,19 +90,14 @@ >>>> }; >>>> >>>> >>>> +static ngx_str_t encoding_gzip = ngx_string("gzip"); >>>> +static ngx_str_t encoding_brotli = ngx_string("br"); >>>> + >>>> + >>>> static ngx_int_t >>>> ngx_http_gzip_static_handler(ngx_http_request_t *r) >>>> { >>>> - u_char *p; >>>> - size_t root; >>>> - ngx_str_t path; >>>> ngx_int_t rc; >>>> - ngx_uint_t level; >>>> - ngx_log_t *log; >>>> - ngx_buf_t *b; >>>> - ngx_chain_t out; >>>> - ngx_table_elt_t *h; >>>> - ngx_open_file_info_t of; >>>> ngx_http_core_loc_conf_t *clcf; >>>> ngx_http_gzip_static_conf_t *gzcf; >>>> >>>> @@ -105,19 +111,56 @@ >>>> >>>> gzcf = ngx_http_get_module_loc_conf(r, >>>> ngx_http_gzip_static_module); >>>> >>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { >>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && >>>> + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { >>>> return NGX_DECLINED; >>>> } >>>> >>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>>> - rc = ngx_http_gzip_ok(r); >>>> + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>>> >>>> - } else { >>>> - /* always */ >>>> - rc = NGX_OK; >>>> + rc = NGX_DECLINED; >>>> + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { >>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>>> + rc = ngx_http_gzip_ok(r); >>>> + } else { >>>> + /* always */ >>>> + rc = NGX_OK; >>>> + } >>>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, >>>> rc, clcf, >>>> + &encoding_gzip); >>>> } >>>> >>>> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>>> + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == >>>> NGX_DECLINED) { >>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>>> + rc = ngx_http_gzip_ok(r); >>>> + } else { >>>> + /* always */ >>>> + rc = NGX_OK; >>>> + } >>>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, >>>> rc, clcf, >>>> + &encoding_brotli); >>>> + } >>>> + >>>> + return rc; >>>> +} >>>> + >>>> + >>>> +static ngx_int_t >>>> +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t >>>> enable, >>>> + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t *encoding) >>>> +{ >>>> + u_char *p; >>>> + size_t root; >>>> + ngx_str_t path; >>>> + ngx_int_t rc; >>>> + ngx_uint_t level; >>>> + ngx_log_t *log; >>>> + ngx_buf_t *b; >>>> + ngx_chain_t out; >>>> + ngx_table_elt_t *h; >>>> + ngx_open_file_info_t of; >>>> + >>>> + rc = ok; >>>> >>>> if (!clcf->gzip_vary && rc != NGX_OK) { >>>> return NGX_DECLINED; >>>> @@ -125,14 +168,14 @@ >>>> >>>> log = r->connection->log; >>>> >>>> - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); >>>> + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); >>>> if (p == NULL) { >>>> return NGX_HTTP_INTERNAL_SERVER_ERROR; >>>> } >>>> >>>> *p++ = '.'; >>>> - *p++ = 'g'; >>>> - *p++ = 'z'; >>>> + *p++ = encoding->data[0]; >>>> + *p++ = encoding->data[1]; >>>> *p = '\0'; >>>> >>>> path.len = p - path.data; >>>> @@ -188,7 +231,7 @@ >>>> return NGX_DECLINED; >>>> } >>>> >>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>>> + if (enable == NGX_HTTP_GZIP_STATIC_ON) { >>>> r->gzip_vary = 1; >>>> >>>> if (rc != NGX_OK) { >>>> @@ -243,7 +286,7 @@ >>>> >>>> h->hash = 1; >>>> ngx_str_set(&h->key, "Content-Encoding"); >>>> - ngx_str_set(&h->value, "gzip"); >>>> + h->value = *encoding; >>>> r->headers_out.content_encoding = h; >>>> >>>> /* we need to allocate all before the header would be sent */ >>>> @@ -293,7 +336,8 @@ >>>> return NULL; >>>> } >>>> >>>> - conf->enable = NGX_CONF_UNSET_UINT; >>>> + conf->enable_gzip = NGX_CONF_UNSET_UINT; >>>> + conf->enable_brotli = NGX_CONF_UNSET_UINT; >>>> >>>> return conf; >>>> } >>>> @@ -305,7 +349,9 @@ >>>> ngx_http_gzip_static_conf_t *prev = parent; >>>> ngx_http_gzip_static_conf_t *conf = child; >>>> >>>> - ngx_conf_merge_uint_value(conf->enable, prev->enable, >>>> + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, >>>> + NGX_HTTP_GZIP_STATIC_OFF); >>>> + ngx_conf_merge_uint_value(conf->enable_brotli, >>>> prev->enable_brotli, >>>> NGX_HTTP_GZIP_STATIC_OFF); >>>> >>>> return NGX_CONF_OK; >>>> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.c >>>> --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 >>>> +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 >>>> @@ -74,8 +74,8 @@ >>>> static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t >>>> *cmd, >>>> void *conf); >>>> #if (NGX_HTTP_GZIP) >>>> -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); >>>> -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); >>>> +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, >>>> size_t n); >>>> +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char *last); >>>> static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t *cmd, >>>> void *conf); >>>> #endif >>>> @@ -2170,7 +2170,7 @@ >>>> */ >>>> >>>> if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 >>>> - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) >>>> + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) >>>> { >>>> return NGX_DECLINED; >>>> } >>>> @@ -2297,15 +2297,42 @@ >>>> } >>>> >>>> >>>> +ngx_int_t >>>> +ngx_http_brotli_ok(ngx_http_request_t *r) >>>> +{ >>>> + ngx_table_elt_t *ae; >>>> + >>>> + if (r != r->main) { >>>> + return NGX_DECLINED; >>>> + } >>>> + >>>> + ae = r->headers_in.accept_encoding; >>>> + if (ae == NULL) { >>>> + return NGX_DECLINED; >>>> + } >>>> + >>>> + if (ae->value.len < sizeof("br") - 1) { >>>> + return NGX_DECLINED; >>>> + } >>>> + >>>> + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) >>>> + { >>>> + return NGX_DECLINED; >>>> + } >>>> + >>>> + return NGX_OK; >>>> +} >>>> + >>>> + >>>> /* >>>> - * gzip is enabled for the following quantities: >>>> + * encoding is enabled for the following quantities: >>>> * "gzip; q=0.001" ... "gzip; q=1.000" >>>> - * gzip is disabled for the following quantities: >>>> - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases >>>> + * encoding is disabled for the following quantities: >>>> + * "br; q=0" ... "br; q=0.000", and for any invalid cases >>>> */ >>>> >>>> static ngx_int_t >>>> -ngx_http_gzip_accept_encoding(ngx_str_t *ae) >>>> +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) >>>> { >>>> u_char *p, *start, *last; >>>> >>>> @@ -2313,7 +2340,7 @@ >>>> last = start + ae->len; >>>> >>>> for ( ;; ) { >>>> - p = ngx_strcasestrn(start, "gzip", 4 - 1); >>>> + p = ngx_strcasestrn(start, e, n - 1); >>>> if (p == NULL) { >>>> return NGX_DECLINED; >>>> } >>>> @@ -2322,10 +2349,10 @@ >>>> break; >>>> } >>>> >>>> - start = p + 4; >>>> - } >>>> - >>>> - p += 4; >>>> + start = p + n; >>>> + } >>>> + >>>> + p += n; >>>> >>>> while (p < last) { >>>> switch (*p++) { >>>> @@ -2364,7 +2391,7 @@ >>>> return NGX_DECLINED; >>>> } >>>> >>>> - if (ngx_http_gzip_quantity(p, last) == 0) { >>>> + if (ngx_http_encoding_quantity(p, last) == 0) { >>>> return NGX_DECLINED; >>>> } >>>> >>>> @@ -2373,7 +2400,7 @@ >>>> >>>> >>>> static ngx_uint_t >>>> -ngx_http_gzip_quantity(u_char *p, u_char *last) >>>> +ngx_http_encoding_quantity(u_char *p, u_char *last) >>>> { >>>> u_char c; >>>> ngx_uint_t n, q; >>>> diff -r 87cf6ddb41c2 -r c230f3874e06 src/http/ngx_http_core_module.h >>>> --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 >>>> +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 >>>> @@ -504,6 +504,7 @@ >>>> ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); >>>> #if (NGX_HTTP_GZIP) >>>> ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); >>>> +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); >>>> #endif >>>> >>>> >>>> >>>> >>>> >>>> Fixed "Content-Encoding" value. >>>> >>>> On 23 February 2017 at 13:11, Eugene Kluchnikov >>>> wrote: >>>> >>>>> # HG changeset patch >>>>> # User Evgenii Kliuchnikov >>>>> # Date 1487764873 -3600 >>>>> # Wed Feb 22 13:01:13 2017 +0100 >>>>> # Node ID 96939e63f30579f2f32e843d217bd46fa6086bb4 >>>>> # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c >>>>> Add brotli static serving support. >>>>> >>>>> Both .gz and .br static content is served by >>>>> ngx_http_gzip_static_modile, but have separate configuration. >>>>> >>>>> diff -r 87cf6ddb41c2 -r 96939e63f305 contrib/vim/syntax/nginx.vim >>>>> --- a/contrib/vim/syntax/nginx.vim Fri Feb 17 17:01:27 2017 +0300 >>>>> +++ b/contrib/vim/syntax/nginx.vim Wed Feb 22 13:01:13 2017 +0100 >>>>> @@ -86,6 +86,7 @@ >>>>> syn keyword ngxDirective autoindex >>>>> syn keyword ngxDirective autoindex_exact_size >>>>> syn keyword ngxDirective autoindex_localtime >>>>> +syn keyword ngxDirective brotli_static >>>>> syn keyword ngxDirective charset >>>>> syn keyword ngxDirective charset_types >>>>> syn keyword ngxDirective chunked_transfer_encoding >>>>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/modules/ngx_http_gzip >>>>> _static_module.c >>>>> --- a/src/http/modules/ngx_http_gzip_static_module.c Fri Feb 17 >>>>> 17:01:27 2017 +0300 >>>>> +++ b/src/http/modules/ngx_http_gzip_static_module.c Wed Feb 22 >>>>> 13:01:13 2017 +0100 >>>>> @@ -16,10 +16,14 @@ >>>>> >>>>> >>>>> typedef struct { >>>>> - ngx_uint_t enable; >>>>> + ngx_uint_t enable_gzip; >>>>> + ngx_uint_t enable_brotli; >>>>> } ngx_http_gzip_static_conf_t; >>>>> >>>>> >>>>> +static ngx_int_t ngx_http_gzip_static_serve_file(ngx_http_request_t >>>>> *r, >>>>> + ngx_uint_t enable, ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, >>>>> + ngx_str_t *encoding); >>>>> static ngx_int_t ngx_http_gzip_static_handler(ngx_http_request_t *r); >>>>> static void *ngx_http_gzip_static_create_conf(ngx_conf_t *cf); >>>>> static char *ngx_http_gzip_static_merge_conf(ngx_conf_t *cf, void >>>>> *parent, >>>>> @@ -41,7 +45,14 @@ >>>>> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>>>> CONF_TAKE1, >>>>> ngx_conf_set_enum_slot, >>>>> NGX_HTTP_LOC_CONF_OFFSET, >>>>> - offsetof(ngx_http_gzip_static_conf_t, enable), >>>>> + offsetof(ngx_http_gzip_static_conf_t, enable_gzip), >>>>> + &ngx_http_gzip_static }, >>>>> + >>>>> + { ngx_string("brotli_static"), >>>>> + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_ >>>>> CONF_TAKE1, >>>>> + ngx_conf_set_enum_slot, >>>>> + NGX_HTTP_LOC_CONF_OFFSET, >>>>> + offsetof(ngx_http_gzip_static_conf_t, enable_brotli), >>>>> &ngx_http_gzip_static }, >>>>> >>>>> ngx_null_command >>>>> @@ -79,19 +90,13 @@ >>>>> }; >>>>> >>>>> >>>>> +static ngx_str_t encoding_gzip = ngx_string("gzip"); >>>>> +static ngx_str_t encoding_brotli = ngx_string("brotli"); >>>>> + >>>>> static ngx_int_t >>>>> ngx_http_gzip_static_handler(ngx_http_request_t *r) >>>>> { >>>>> - u_char *p; >>>>> - size_t root; >>>>> - ngx_str_t path; >>>>> ngx_int_t rc; >>>>> - ngx_uint_t level; >>>>> - ngx_log_t *log; >>>>> - ngx_buf_t *b; >>>>> - ngx_chain_t out; >>>>> - ngx_table_elt_t *h; >>>>> - ngx_open_file_info_t of; >>>>> ngx_http_core_loc_conf_t *clcf; >>>>> ngx_http_gzip_static_conf_t *gzcf; >>>>> >>>>> @@ -105,19 +110,56 @@ >>>>> >>>>> gzcf = ngx_http_get_module_loc_conf(r, >>>>> ngx_http_gzip_static_module); >>>>> >>>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_OFF) { >>>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_OFF && >>>>> + gzcf->enable_brotli == NGX_HTTP_GZIP_STATIC_OFF) { >>>>> return NGX_DECLINED; >>>>> } >>>>> >>>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>>>> - rc = ngx_http_gzip_ok(r); >>>>> + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>>>> >>>>> - } else { >>>>> - /* always */ >>>>> - rc = NGX_OK; >>>>> + rc = NGX_DECLINED; >>>>> + if (gzcf->enable_gzip != NGX_HTTP_GZIP_STATIC_OFF) { >>>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>>>> + rc = ngx_http_gzip_ok(r); >>>>> + } else { >>>>> + /* always */ >>>>> + rc = NGX_OK; >>>>> + } >>>>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_gzip, >>>>> rc, clcf, >>>>> + &encoding_gzip); >>>>> } >>>>> >>>>> - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); >>>>> + if (gzcf->enable_brotli != NGX_HTTP_GZIP_STATIC_OFF && rc == >>>>> NGX_DECLINED) { >>>>> + if (gzcf->enable_gzip == NGX_HTTP_GZIP_STATIC_ON) { >>>>> + rc = ngx_http_gzip_ok(r); >>>>> + } else { >>>>> + /* always */ >>>>> + rc = NGX_OK; >>>>> + } >>>>> + rc = ngx_http_gzip_static_serve_file(r, gzcf->enable_brotli, >>>>> rc, clcf, >>>>> + &encoding_brotli); >>>>> + } >>>>> + >>>>> + return rc; >>>>> +} >>>>> + >>>>> + >>>>> +static ngx_int_t >>>>> +ngx_http_gzip_static_serve_file(ngx_http_request_t *r, ngx_uint_t >>>>> enable, >>>>> + ngx_uint_t ok, ngx_http_core_loc_conf_t *clcf, ngx_str_t >>>>> *encoding) >>>>> +{ >>>>> + u_char *p; >>>>> + size_t root; >>>>> + ngx_str_t path; >>>>> + ngx_int_t rc; >>>>> + ngx_uint_t level; >>>>> + ngx_log_t *log; >>>>> + ngx_buf_t *b; >>>>> + ngx_chain_t out; >>>>> + ngx_table_elt_t *h; >>>>> + ngx_open_file_info_t of; >>>>> + >>>>> + rc = ok; >>>>> >>>>> if (!clcf->gzip_vary && rc != NGX_OK) { >>>>> return NGX_DECLINED; >>>>> @@ -125,14 +167,14 @@ >>>>> >>>>> log = r->connection->log; >>>>> >>>>> - p = ngx_http_map_uri_to_path(r, &path, &root, sizeof(".gz") - 1); >>>>> + p = ngx_http_map_uri_to_path(r, &path, &root, 4 - 1); >>>>> if (p == NULL) { >>>>> return NGX_HTTP_INTERNAL_SERVER_ERROR; >>>>> } >>>>> >>>>> *p++ = '.'; >>>>> - *p++ = 'g'; >>>>> - *p++ = 'z'; >>>>> + *p++ = encoding->data[0]; >>>>> + *p++ = encoding->data[1]; >>>>> *p = '\0'; >>>>> >>>>> path.len = p - path.data; >>>>> @@ -188,7 +230,7 @@ >>>>> return NGX_DECLINED; >>>>> } >>>>> >>>>> - if (gzcf->enable == NGX_HTTP_GZIP_STATIC_ON) { >>>>> + if (enable == NGX_HTTP_GZIP_STATIC_ON) { >>>>> r->gzip_vary = 1; >>>>> >>>>> if (rc != NGX_OK) { >>>>> @@ -243,7 +285,7 @@ >>>>> >>>>> h->hash = 1; >>>>> ngx_str_set(&h->key, "Content-Encoding"); >>>>> - ngx_str_set(&h->value, "gzip"); >>>>> + h->value = *encoding; >>>>> r->headers_out.content_encoding = h; >>>>> >>>>> /* we need to allocate all before the header would be sent */ >>>>> @@ -293,7 +335,8 @@ >>>>> return NULL; >>>>> } >>>>> >>>>> - conf->enable = NGX_CONF_UNSET_UINT; >>>>> + conf->enable_gzip = NGX_CONF_UNSET_UINT; >>>>> + conf->enable_brotli = NGX_CONF_UNSET_UINT; >>>>> >>>>> return conf; >>>>> } >>>>> @@ -305,7 +348,9 @@ >>>>> ngx_http_gzip_static_conf_t *prev = parent; >>>>> ngx_http_gzip_static_conf_t *conf = child; >>>>> >>>>> - ngx_conf_merge_uint_value(conf->enable, prev->enable, >>>>> + ngx_conf_merge_uint_value(conf->enable_gzip, prev->enable_gzip, >>>>> + NGX_HTTP_GZIP_STATIC_OFF); >>>>> + ngx_conf_merge_uint_value(conf->enable_brotli, >>>>> prev->enable_brotli, >>>>> NGX_HTTP_GZIP_STATIC_OFF); >>>>> >>>>> return NGX_CONF_OK; >>>>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.c >>>>> --- a/src/http/ngx_http_core_module.c Fri Feb 17 17:01:27 2017 +0300 >>>>> +++ b/src/http/ngx_http_core_module.c Wed Feb 22 13:01:13 2017 +0100 >>>>> @@ -74,8 +74,8 @@ >>>>> static char *ngx_http_core_resolver(ngx_conf_t *cf, ngx_command_t >>>>> *cmd, >>>>> void *conf); >>>>> #if (NGX_HTTP_GZIP) >>>>> -static ngx_int_t ngx_http_gzip_accept_encoding(ngx_str_t *ae); >>>>> -static ngx_uint_t ngx_http_gzip_quantity(u_char *p, u_char *last); >>>>> +static ngx_int_t ngx_http_accept_encoding(ngx_str_t *ae, char *e, >>>>> size_t n); >>>>> +static ngx_uint_t ngx_http_encoding_quantity(u_char *p, u_char >>>>> *last); >>>>> static char *ngx_http_gzip_disable(ngx_conf_t *cf, ngx_command_t >>>>> *cmd, >>>>> void *conf); >>>>> #endif >>>>> @@ -2170,7 +2170,7 @@ >>>>> */ >>>>> >>>>> if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0 >>>>> - && ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK) >>>>> + && ngx_http_accept_encoding(&ae->value, "gzip", 4) != NGX_OK) >>>>> { >>>>> return NGX_DECLINED; >>>>> } >>>>> @@ -2297,15 +2297,42 @@ >>>>> } >>>>> >>>>> >>>>> +ngx_int_t >>>>> +ngx_http_brotli_ok(ngx_http_request_t *r) >>>>> +{ >>>>> + ngx_table_elt_t *ae; >>>>> + >>>>> + if (r != r->main) { >>>>> + return NGX_DECLINED; >>>>> + } >>>>> + >>>>> + ae = r->headers_in.accept_encoding; >>>>> + if (ae == NULL) { >>>>> + return NGX_DECLINED; >>>>> + } >>>>> + >>>>> + if (ae->value.len < sizeof("br") - 1) { >>>>> + return NGX_DECLINED; >>>>> + } >>>>> + >>>>> + if (ngx_http_accept_encoding(&ae->value, "br", 2) != NGX_OK) >>>>> + { >>>>> + return NGX_DECLINED; >>>>> + } >>>>> + >>>>> + return NGX_OK; >>>>> +} >>>>> + >>>>> + >>>>> /* >>>>> - * gzip is enabled for the following quantities: >>>>> + * encoding is enabled for the following quantities: >>>>> * "gzip; q=0.001" ... "gzip; q=1.000" >>>>> - * gzip is disabled for the following quantities: >>>>> - * "gzip; q=0" ... "gzip; q=0.000", and for any invalid cases >>>>> + * encoding is disabled for the following quantities: >>>>> + * "br; q=0" ... "br; q=0.000", and for any invalid cases >>>>> */ >>>>> >>>>> static ngx_int_t >>>>> -ngx_http_gzip_accept_encoding(ngx_str_t *ae) >>>>> +ngx_http_accept_encoding(ngx_str_t *ae, char *e, size_t n) >>>>> { >>>>> u_char *p, *start, *last; >>>>> >>>>> @@ -2313,7 +2340,7 @@ >>>>> last = start + ae->len; >>>>> >>>>> for ( ;; ) { >>>>> - p = ngx_strcasestrn(start, "gzip", 4 - 1); >>>>> + p = ngx_strcasestrn(start, e, n - 1); >>>>> if (p == NULL) { >>>>> return NGX_DECLINED; >>>>> } >>>>> @@ -2322,10 +2349,10 @@ >>>>> break; >>>>> } >>>>> >>>>> - start = p + 4; >>>>> - } >>>>> - >>>>> - p += 4; >>>>> + start = p + n; >>>>> + } >>>>> + >>>>> + p += n; >>>>> >>>>> while (p < last) { >>>>> switch (*p++) { >>>>> @@ -2364,7 +2391,7 @@ >>>>> return NGX_DECLINED; >>>>> } >>>>> >>>>> - if (ngx_http_gzip_quantity(p, last) == 0) { >>>>> + if (ngx_http_encoding_quantity(p, last) == 0) { >>>>> return NGX_DECLINED; >>>>> } >>>>> >>>>> @@ -2373,7 +2400,7 @@ >>>>> >>>>> >>>>> static ngx_uint_t >>>>> -ngx_http_gzip_quantity(u_char *p, u_char *last) >>>>> +ngx_http_encoding_quantity(u_char *p, u_char *last) >>>>> { >>>>> u_char c; >>>>> ngx_uint_t n, q; >>>>> diff -r 87cf6ddb41c2 -r 96939e63f305 src/http/ngx_http_core_module.h >>>>> --- a/src/http/ngx_http_core_module.h Fri Feb 17 17:01:27 2017 +0300 >>>>> +++ b/src/http/ngx_http_core_module.h Wed Feb 22 13:01:13 2017 +0100 >>>>> @@ -504,6 +504,7 @@ >>>>> ngx_int_t ngx_http_auth_basic_user(ngx_http_request_t *r); >>>>> #if (NGX_HTTP_GZIP) >>>>> ngx_int_t ngx_http_gzip_ok(ngx_http_request_t *r); >>>>> +ngx_int_t ngx_http_brotli_ok(ngx_http_request_t *r); >>>>> #endif >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> Take 2 - modify ngx_http_gzip_static_modile to serve both .gz and .br. >>>>> >>>>> >>>>> On 22 February 2017 at 16:10, Eugene Kluchnikov >>>>> wrote: >>>>> >>>>>> Yup. Going to try to create a "combined" module soon =) >>>>>> >>>>>> On 22 February 2017 at 15:40, Valentin V. Bartenev >>>>>> wrote: >>>>>>> >>>>>>> At the first glance, the differences are really small and >>>>>>> such functionality can be combined in one module. >>>>>>> >>>>>> >>>> >>>> >>>> -- >>>> ? ?????????? ???????????, ??????? ????????? >>>> WBR, Eugene Kluchnikov >>>> >>>> _______________________________________________ >>>> nginx-devel mailing list >>>> nginx-devel at nginx.org >>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >>>> >>> >>> >> >> >> -- >> ? ?????????? ???????????, ??????? ????????? >> WBR, Eugene Kluchnikov >> > > > > -- > ? ?????????? ???????????, ??????? ????????? > WBR, Eugene Kluchnikov > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dave.bevan at bbc.co.uk Fri Feb 24 13:48:27 2017 From: dave.bevan at bbc.co.uk (Dave Bevan) Date: Fri, 24 Feb 2017 13:48:27 +0000 Subject: New ssl var: $ssl_client_ms_upn Message-ID: <8B4260EB2A248F47B816B86AAB389ECD8CB863AF@bgb01xud1008> # HG changeset patch # User Dave Bevan # Date 1487943997 0 # Fri Feb 24 13:46:37 2017 +0000 # Node ID 5ccdcc88e98c31c4694fa47d6876934d2af0fcfd # Parent 00903b2132edb863e8aed2e84e216817fcc07c90 Add new ssl variable: $ssl_client_ms_upn (Microsoft UserPrincipalName). Retrieved from a client cert, this identity string is used in corporate environments as a primary key when interacting with Active Directory. Commonly used to set REMOTE_USER param. Brings equivalence with Apache 2.4.17 which introduced access to the same data: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES Changes with Apache 2.4.17 *) mod_ssl: Add support for extracting the msUPN and dnsSRV forms of subjectAltName entries of type "otherName" into SSL_{CLIENT,SERVER}_SAN_OTHER_{msUPN,dnsSRV}_n environment variables. Addresses PR 58020. [Jan Pazdziora , Kaspar Brand] Includes enhanced error checking (thanks Andrey K) diff -r 00903b2132ed -r 5ccdcc88e98c src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/event/ngx_event_openssl.c Fri Feb 24 13:46:37 2017 +0000 @@ -4081,6 +4081,67 @@ } +ngx_int_t +ngx_ssl_get_client_ms_upn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) +{ + int i; + BIO *bio; + X509 *cert; + GENERAL_NAME *altname; + STACK_OF(GENERAL_NAME) *altnames; + + s->len = 0; + + cert = SSL_get_peer_certificate(c->ssl->connection); + if (cert == NULL) { + return NGX_OK; + } + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) { + X509_free(cert); + return NGX_ERROR; + } + + altnames = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + + if (altnames) { + for (i = 0; i < sk_GENERAL_NAME_num(altnames); i++) { + altname = sk_GENERAL_NAME_value(altnames, i); + + if (altname->type != GEN_OTHERNAME) { + continue; + } + + if (NID_ms_upn != OBJ_obj2nid(altname->d.otherName->type_id)) { + continue; + } + + BIO_printf(bio, "%s", + (char*)ASN1_STRING_data(altname->d.otherName->value->value.asn1_string)); + break; + } + } + + s->len = BIO_pending(bio); + s->data = ngx_pnalloc(pool, s->len); + if (s->data == NULL) { + BIO_free(bio); + X509_free(cert); + GENERAL_NAMES_free(altnames); + return NGX_ERROR; + } + + BIO_read(bio, s->data, s->len); + + BIO_free(bio); + X509_free(cert); + GENERAL_NAMES_free(altnames); + + return NGX_OK; +} + + static time_t ngx_ssl_parse_time( #if OPENSSL_VERSION_NUMBER > 0x10100000L diff -r 00903b2132ed -r 5ccdcc88e98c src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Wed Feb 22 12:26:41 2017 +0800 +++ b/src/event/ngx_event_openssl.h Fri Feb 24 13:46:37 2017 +0000 @@ -226,6 +226,8 @@ ngx_str_t *s); ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); +ngx_int_t ngx_ssl_get_client_ms_upn(ngx_connection_t *c, ngx_pool_t *pool, + ngx_str_t *s); ngx_int_t ngx_ssl_handshake(ngx_connection_t *c); diff -r 00903b2132ed -r 5ccdcc88e98c src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/http/modules/ngx_http_ssl_module.c Fri Feb 24 13:46:37 2017 +0000 @@ -328,6 +328,9 @@ { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable, (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_ms_upn"), NULL, ngx_http_ssl_variable, + (uintptr_t) ngx_ssl_get_client_ms_upn, NGX_HTTP_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; diff -r 00903b2132ed -r 5ccdcc88e98c src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c Wed Feb 22 12:26:41 2017 +0800 +++ b/src/stream/ngx_stream_ssl_module.c Fri Feb 24 13:46:37 2017 +0000 @@ -272,6 +272,9 @@ { ngx_string("ssl_client_v_remain"), NULL, ngx_stream_ssl_variable, (uintptr_t) ngx_ssl_get_client_v_remain, NGX_STREAM_VAR_CHANGEABLE, 0 }, + { ngx_string("ssl_client_ms_upn"), NULL, ngx_stream_ssl_variable, + (uintptr_t) ngx_ssl_get_client_ms_upn, NGX_STREAM_VAR_CHANGEABLE, 0 }, + { ngx_null_string, NULL, NULL, 0, 0, 0 } }; -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Sat Feb 25 23:45:10 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 26 Feb 2017 02:45:10 +0300 Subject: [PATCH 1 of 2] HTTP: add support for "429 Too Many Requests" response (RFC6585) In-Reply-To: References: <1eec5355ef1e4a8b0aec.1476863503@piotrsikora.sfo.corp.google.com> Message-ID: <20170225234510.GD34777@mdounin.ru> Hello! On Wed, Feb 22, 2017 at 07:38:15PM -0800, Piotr Sikora via nginx-devel wrote: > Hey, > > > # HG changeset patch > > # User Piotr Sikora > > # Date 1476859139 25200 > > # Tue Oct 18 23:38:59 2016 -0700 > > # Node ID 1eec5355ef1e4a8b0aecebdec84c744734c0d36e > > # Parent 8081e1f3ab8b9ccb4e2d7f9240cbfb8e404a3c95 > > HTTP: add support for "429 Too Many Requests" response (RFC6585). > > > > This change adds reason phrase in status line and pretty response body > > when "429" status code is used in "return", "limit_conn_status" and/or > > "limit_req_status" directives. > > > > It also adds "http_429" parameter to "proxy_next_upstream" for retrying > > rate-limited requests, and to "proxy_cache_use_stale" for serving stale > > cached responses after being rate-limited. > > Ping... I certainly disagree with the second patch of the series. The first one looks acceptable, though it might be a better idea to split it into two separate patches. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Sun Feb 26 13:27:42 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 26 Feb 2017 13:27:42 +0000 Subject: [nginx] Contrib: vim syntax, update core module directives. Message-ID: details: http://hg.nginx.org/nginx/rev/2cb489dbb628 branches: changeset: 6919:2cb489dbb628 user: othree date: Fri Feb 24 18:05:58 2017 +0800 description: Contrib: vim syntax, update core module directives. diffstat: contrib/vim/syntax/nginx.vim | 90 ++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 90 insertions(+), 0 deletions(-) diffs (367 lines): diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -82,6 +82,7 @@ syn keyword ngxDirectiveDeprecated optim syn keyword ngxDirectiveDeprecated satisfy_any syn keyword ngxDirectiveDeprecated so_keepalive +syn keyword ngxDirective absolute_redirect syn keyword ngxDirective accept_mutex syn keyword ngxDirective accept_mutex_delay syn keyword ngxDirective acceptex_read @@ -91,6 +92,7 @@ syn keyword ngxDirective add_before_body syn keyword ngxDirective add_header syn keyword ngxDirective addition_types syn keyword ngxDirective aio +syn keyword ngxDirective aio_write syn keyword ngxDirective alias syn keyword ngxDirective allow syn keyword ngxDirective ancient_browser @@ -99,13 +101,18 @@ syn keyword ngxDirective auth_basic syn keyword ngxDirective auth_basic_user_file syn keyword ngxDirective auth_http syn keyword ngxDirective auth_http_header +syn keyword ngxDirective auth_http_pass_client_cert syn keyword ngxDirective auth_http_timeout +syn keyword ngxDirective auth_jwt +syn keyword ngxDirective auth_jwt_key_file syn keyword ngxDirective auth_request syn keyword ngxDirective auth_request_set syn keyword ngxDirective autoindex syn keyword ngxDirective autoindex_exact_size +syn keyword ngxDirective autoindex_format syn keyword ngxDirective autoindex_localtime syn keyword ngxDirective charset +syn keyword ngxDirective charset_map syn keyword ngxDirective charset_types syn keyword ngxDirective chunked_transfer_encoding syn keyword ngxDirective client_body_buffer_size @@ -139,6 +146,8 @@ syn keyword ngxDirective error_log syn keyword ngxDirective etag syn keyword ngxDirective eventport_events syn keyword ngxDirective expires +syn keyword ngxDirective f4f +syn keyword ngxDirective f4f_buffer_size syn keyword ngxDirective fastcgi_bind syn keyword ngxDirective fastcgi_buffer_size syn keyword ngxDirective fastcgi_buffering @@ -148,10 +157,13 @@ syn keyword ngxDirective fastcgi_cache syn keyword ngxDirective fastcgi_cache_bypass syn keyword ngxDirective fastcgi_cache_key syn keyword ngxDirective fastcgi_cache_lock +syn keyword ngxDirective fastcgi_cache_lock_age syn keyword ngxDirective fastcgi_cache_lock_timeout +syn keyword ngxDirective fastcgi_cache_max_range_offset syn keyword ngxDirective fastcgi_cache_methods syn keyword ngxDirective fastcgi_cache_min_uses syn keyword ngxDirective fastcgi_cache_path +syn keyword ngxDirective fastcgi_cache_purge syn keyword ngxDirective fastcgi_cache_revalidate syn keyword ngxDirective fastcgi_cache_use_stale syn keyword ngxDirective fastcgi_cache_valid @@ -164,6 +176,7 @@ syn keyword ngxDirective fastcgi_ignore_ syn keyword ngxDirective fastcgi_index syn keyword ngxDirective fastcgi_intercept_errors syn keyword ngxDirective fastcgi_keep_conn +syn keyword ngxDirective fastcgi_limit_rate syn keyword ngxDirective fastcgi_max_temp_file_size syn keyword ngxDirective fastcgi_next_upstream syn keyword ngxDirective fastcgi_next_upstream_timeout @@ -174,6 +187,7 @@ syn keyword ngxDirective fastcgi_pass_he syn keyword ngxDirective fastcgi_pass_request_body syn keyword ngxDirective fastcgi_pass_request_headers syn keyword ngxDirective fastcgi_read_timeout +syn keyword ngxDirective fastcgi_request_buffering syn keyword ngxDirective fastcgi_send_lowat syn keyword ngxDirective fastcgi_send_timeout syn keyword ngxDirective fastcgi_split_path_info @@ -204,6 +218,23 @@ syn keyword ngxDirective gzip_types syn keyword ngxDirective gzip_vary syn keyword ngxDirective gzip_window syn keyword ngxDirective hash +syn keyword ngxDirective health_check +syn keyword ngxDirective health_check_timeout +syn keyword ngxDirective hls +syn keyword ngxDirective hls_buffers +syn keyword ngxDirective hls_forward_args +syn keyword ngxDirective hls_fragment +syn keyword ngxDirective hls_mp4_buffer_size +syn keyword ngxDirective hls_mp4_max_buffer_size +syn keyword ngxDirective http2_chunk_size +syn keyword ngxDirective http2_body_preread_size +syn keyword ngxDirective http2_idle_timeout +syn keyword ngxDirective http2_max_concurrent_streams +syn keyword ngxDirective http2_max_field_size +syn keyword ngxDirective http2_max_header_size +syn keyword ngxDirective http2_max_requests +syn keyword ngxDirective http2_recv_buffer_size +syn keyword ngxDirective http2_recv_timeout syn keyword ngxDirective if_modified_since syn keyword ngxDirective ignore_invalid_headers syn keyword ngxDirective image_filter @@ -212,12 +243,19 @@ syn keyword ngxDirective image_filter_in syn keyword ngxDirective image_filter_jpeg_quality syn keyword ngxDirective image_filter_sharpen syn keyword ngxDirective image_filter_transparency +syn keyword ngxDirective image_filter_webp_quality syn keyword ngxDirective imap_auth syn keyword ngxDirective imap_capabilities syn keyword ngxDirective imap_client_buffer syn keyword ngxDirective index syn keyword ngxDirective iocp_threads syn keyword ngxDirective ip_hash +syn keyword ngxDirective js_access +syn keyword ngxDirective js_content +syn keyword ngxDirective js_filter +syn keyword ngxDirective js_include +syn keyword ngxDirective js_preread +syn keyword ngxDirective js_set syn keyword ngxDirective keepalive syn keyword ngxDirective keepalive_disable syn keyword ngxDirective keepalive_requests @@ -226,6 +264,7 @@ syn keyword ngxDirective kqueue_changes syn keyword ngxDirective kqueue_events syn keyword ngxDirective large_client_header_buffers syn keyword ngxDirective least_conn +syn keyword ngxDirective least_time syn keyword ngxDirective limit_conn syn keyword ngxDirective limit_conn_log_level syn keyword ngxDirective limit_conn_status @@ -239,17 +278,20 @@ syn keyword ngxDirective limit_req_zone syn keyword ngxDirective lingering_close syn keyword ngxDirective lingering_time syn keyword ngxDirective lingering_timeout +syn keyword ngxDirective load_module syn keyword ngxDirective lock_file syn keyword ngxDirective log_format syn keyword ngxDirective log_not_found syn keyword ngxDirective log_subrequest syn keyword ngxDirective map_hash_bucket_size syn keyword ngxDirective map_hash_max_size +syn keyword ngxDirective match syn keyword ngxDirective master_process syn keyword ngxDirective max_ranges syn keyword ngxDirective memcached_bind syn keyword ngxDirective memcached_buffer_size syn keyword ngxDirective memcached_connect_timeout +syn keyword ngxDirective memcached_force_ranges syn keyword ngxDirective memcached_gzip_flag syn keyword ngxDirective memcached_next_upstream syn keyword ngxDirective memcached_next_upstream_timeout @@ -263,9 +305,12 @@ syn keyword ngxDirective modern_browser_ syn keyword ngxDirective mp4 syn keyword ngxDirective mp4_buffer_size syn keyword ngxDirective mp4_max_buffer_size +syn keyword ngxDirective mp4_limit_rate +syn keyword ngxDirective mp4_limit_rate_after syn keyword ngxDirective msie_padding syn keyword ngxDirective msie_refresh syn keyword ngxDirective multi_accept +syn keyword ngxDirective ntlm syn keyword ngxDirective open_file_cache syn keyword ngxDirective open_file_cache_errors syn keyword ngxDirective open_file_cache_events @@ -286,6 +331,8 @@ syn keyword ngxDirective port_in_redirec syn keyword ngxDirective post_acceptex syn keyword ngxDirective postpone_gzipping syn keyword ngxDirective postpone_output +syn keyword ngxDirective preread_buffer_size +syn keyword ngxDirective preread_timeout syn keyword ngxDirective protocol nextgroup=ngxMailProtocol skipwhite syn keyword ngxMailProtocol imap pop3 smtp contained syn keyword ngxDirective proxy @@ -297,18 +344,23 @@ syn keyword ngxDirective proxy_buffers syn keyword ngxDirective proxy_busy_buffers_size syn keyword ngxDirective proxy_cache syn keyword ngxDirective proxy_cache_bypass +syn keyword ngxDirective proxy_cache_convert_head syn keyword ngxDirective proxy_cache_key syn keyword ngxDirective proxy_cache_lock +syn keyword ngxDirective proxy_cache_lock_age syn keyword ngxDirective proxy_cache_lock_timeout +syn keyword ngxDirective proxy_cache_max_range_offset syn keyword ngxDirective proxy_cache_methods syn keyword ngxDirective proxy_cache_min_uses syn keyword ngxDirective proxy_cache_path +syn keyword ngxDirective proxy_cache_purge syn keyword ngxDirective proxy_cache_revalidate syn keyword ngxDirective proxy_cache_use_stale syn keyword ngxDirective proxy_cache_valid syn keyword ngxDirective proxy_connect_timeout syn keyword ngxDirective proxy_cookie_domain syn keyword ngxDirective proxy_cookie_path +syn keyword ngxDirective proxy_download_rate syn keyword ngxDirective proxy_force_ranges syn keyword ngxDirective proxy_headers_hash_bucket_size syn keyword ngxDirective proxy_headers_hash_max_size @@ -317,6 +369,7 @@ syn keyword ngxDirective proxy_http_vers syn keyword ngxDirective proxy_ignore_client_abort syn keyword ngxDirective proxy_ignore_headers syn keyword ngxDirective proxy_intercept_errors +syn keyword ngxDirective proxy_limit_rate syn keyword ngxDirective proxy_max_temp_file_size syn keyword ngxDirective proxy_method syn keyword ngxDirective proxy_next_upstream @@ -327,15 +380,22 @@ syn keyword ngxDirective proxy_pass_erro syn keyword ngxDirective proxy_pass_header syn keyword ngxDirective proxy_pass_request_body syn keyword ngxDirective proxy_pass_request_headers +syn keyword ngxDirective proxy_protocol +syn keyword ngxDirective proxy_protocol_timeout syn keyword ngxDirective proxy_read_timeout syn keyword ngxDirective proxy_redirect +syn keyword ngxDirective proxy_request_buffering +syn keyword ngxDirective proxy_responses syn keyword ngxDirective proxy_send_lowat syn keyword ngxDirective proxy_send_timeout syn keyword ngxDirective proxy_set_body syn keyword ngxDirective proxy_set_header +syn keyword ngxDirective proxy_ssl_certificate +syn keyword ngxDirective proxy_ssl_certificate_key syn keyword ngxDirective proxy_ssl_ciphers syn keyword ngxDirective proxy_ssl_crl syn keyword ngxDirective proxy_ssl_name +syn keyword ngxDirective proxy_ssl_password_file syn keyword ngxDirective proxy_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective proxy_ssl_server_name syn keyword ngxDirective proxy_ssl_session_reuse @@ -347,6 +407,8 @@ syn keyword ngxDirective proxy_store_acc syn keyword ngxDirective proxy_temp_file_write_size syn keyword ngxDirective proxy_temp_path syn keyword ngxDirective proxy_timeout +syn keyword ngxDirective proxy_upload_rate +syn keyword ngxDirective queue syn keyword ngxDirective random_index syn keyword ngxDirective read_ahead syn keyword ngxDirective real_ip_header @@ -373,10 +435,13 @@ syn keyword ngxDirective scgi_cache syn keyword ngxDirective scgi_cache_bypass syn keyword ngxDirective scgi_cache_key syn keyword ngxDirective scgi_cache_lock +syn keyword ngxDirective scgi_cache_lock_age syn keyword ngxDirective scgi_cache_lock_timeout +syn keyword ngxDirective scgi_cache_max_range_offset syn keyword ngxDirective scgi_cache_methods syn keyword ngxDirective scgi_cache_min_uses syn keyword ngxDirective scgi_cache_path +syn keyword ngxDirective scgi_cache_purge syn keyword ngxDirective scgi_cache_revalidate syn keyword ngxDirective scgi_cache_use_stale syn keyword ngxDirective scgi_cache_valid @@ -386,6 +451,7 @@ syn keyword ngxDirective scgi_hide_heade syn keyword ngxDirective scgi_ignore_client_abort syn keyword ngxDirective scgi_ignore_headers syn keyword ngxDirective scgi_intercept_errors +syn keyword ngxDirective scgi_limit_rate syn keyword ngxDirective scgi_max_temp_file_size syn keyword ngxDirective scgi_next_upstream syn keyword ngxDirective scgi_next_upstream_timeout @@ -396,6 +462,7 @@ syn keyword ngxDirective scgi_pass_heade syn keyword ngxDirective scgi_pass_request_body syn keyword ngxDirective scgi_pass_request_headers syn keyword ngxDirective scgi_read_timeout +syn keyword ngxDirective scgi_request_buffering syn keyword ngxDirective scgi_send_timeout syn keyword ngxDirective scgi_store syn keyword ngxDirective scgi_store_access @@ -412,7 +479,11 @@ syn keyword ngxDirective server_name_in_ syn keyword ngxDirective server_names_hash_bucket_size syn keyword ngxDirective server_names_hash_max_size syn keyword ngxDirective server_tokens +syn keyword ngxDirective session_log +syn keyword ngxDirective session_log_format +syn keyword ngxDirective session_log_zone syn keyword ngxDirective set_real_ip_from +syn keyword ngxDirective slice syn keyword ngxDirective smtp_auth syn keyword ngxDirective smtp_capabilities syn keyword ngxDirective smtp_client_buffer @@ -443,8 +514,10 @@ syn keyword ngxDirective ssl_crl syn keyword ngxDirective ssl_dhparam syn keyword ngxDirective ssl_ecdh_curve syn keyword ngxDirective ssl_engine +syn keyword ngxDirective ssl_handshake_timeout syn keyword ngxDirective ssl_password_file syn keyword ngxDirective ssl_prefer_server_ciphers +syn keyword ngxDirective ssl_preread syn keyword ngxDirective ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxSSLProtocol SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 contained nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective ssl_session_cache @@ -459,6 +532,12 @@ syn keyword ngxDirective ssl_trusted_cer syn keyword ngxDirective ssl_verify_client syn keyword ngxDirective ssl_verify_depth syn keyword ngxDirective starttls +syn keyword ngxDirective state +syn keyword ngxDirective status +syn keyword ngxDirective status_format +syn keyword ngxDirective status_zone +syn keyword ngxDirective sticky +syn keyword ngxDirective sticky_cookie_insert syn keyword ngxDirective stub_status syn keyword ngxDirective sub_filter syn keyword ngxDirective sub_filter_last_modified @@ -466,6 +545,7 @@ syn keyword ngxDirective sub_filter_once syn keyword ngxDirective sub_filter_types syn keyword ngxDirective tcp_nodelay syn keyword ngxDirective tcp_nopush +syn keyword ngxDirective thread_pool syn keyword ngxDirective thread_stack_size syn keyword ngxDirective timeout syn keyword ngxDirective timer_resolution @@ -473,6 +553,7 @@ syn keyword ngxDirective types_hash_buck syn keyword ngxDirective types_hash_max_size syn keyword ngxDirective underscores_in_headers syn keyword ngxDirective uninitialized_variable_warn +syn keyword ngxDirective upstream_conf syn keyword ngxDirective use syn keyword ngxDirective user syn keyword ngxDirective userid @@ -492,10 +573,12 @@ syn keyword ngxDirective uwsgi_cache syn keyword ngxDirective uwsgi_cache_bypass syn keyword ngxDirective uwsgi_cache_key syn keyword ngxDirective uwsgi_cache_lock +syn keyword ngxDirective uwsgi_cache_lock_age syn keyword ngxDirective uwsgi_cache_lock_timeout syn keyword ngxDirective uwsgi_cache_methods syn keyword ngxDirective uwsgi_cache_min_uses syn keyword ngxDirective uwsgi_cache_path +syn keyword ngxDirective uwsgi_cache_purge syn keyword ngxDirective uwsgi_cache_revalidate syn keyword ngxDirective uwsgi_cache_use_stale syn keyword ngxDirective uwsgi_cache_valid @@ -505,6 +588,7 @@ syn keyword ngxDirective uwsgi_hide_head syn keyword ngxDirective uwsgi_ignore_client_abort syn keyword ngxDirective uwsgi_ignore_headers syn keyword ngxDirective uwsgi_intercept_errors +syn keyword ngxDirective uwsgi_limit_rate syn keyword ngxDirective uwsgi_max_temp_file_size syn keyword ngxDirective uwsgi_modifier1 syn keyword ngxDirective uwsgi_modifier2 @@ -513,14 +597,19 @@ syn keyword ngxDirective uwsgi_next_upst syn keyword ngxDirective uwsgi_next_upstream_tries syn keyword ngxDirective uwsgi_no_cache syn keyword ngxDirective uwsgi_param +syn keyword ngxDirective uwsgi_pass syn keyword ngxDirective uwsgi_pass_header syn keyword ngxDirective uwsgi_pass_request_body syn keyword ngxDirective uwsgi_pass_request_headers syn keyword ngxDirective uwsgi_read_timeout +syn keyword ngxDirective uwsgi_request_buffering syn keyword ngxDirective uwsgi_send_timeout +syn keyword ngxDirective uwsgi_ssl_certificate +syn keyword ngxDirective uwsgi_ssl_certificate_key syn keyword ngxDirective uwsgi_ssl_ciphers syn keyword ngxDirective uwsgi_ssl_crl syn keyword ngxDirective uwsgi_ssl_name +syn keyword ngxDirective uwsgi_ssl_password_file syn keyword ngxDirective uwsgi_ssl_protocols nextgroup=ngxSSLProtocol skipwhite syn keyword ngxDirective uwsgi_ssl_server_name syn keyword ngxDirective uwsgi_ssl_session_reuse @@ -552,6 +641,7 @@ syn keyword ngxDirective xslt_param syn keyword ngxDirective xslt_string_param syn keyword ngxDirective xslt_stylesheet syn keyword ngxDirective xslt_types +syn keyword ngxDirective zone " 3rd party module list: " http://wiki.nginx.org/Nginx3rdPartyModules From mdounin at mdounin.ru Sun Feb 26 13:28:00 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 26 Feb 2017 16:28:00 +0300 Subject: [PATCH] Contrib: vim syntax, update core module directives In-Reply-To: <2cb489dbb6287cfcb996.1487934047@othree.local> References: <2cb489dbb6287cfcb996.1487934047@othree.local> Message-ID: <20170226132800.GG34777@mdounin.ru> Hello! On Fri, Feb 24, 2017 at 07:00:47PM +0800, othree wrote: > # HG changeset patch > # User othree > # Date 1487930758 -28800 > # Fri Feb 24 18:05:58 2017 +0800 > # Node ID 2cb489dbb6287cfcb99641f0f53a6ded1df87aab > # Parent 00903b2132edb863e8aed2e84e216817fcc07c90 > Contrib: vim syntax, update core module directives. [...] Committed, thanks. -- Maxim Dounin http://nginx.org/ From cbranch at cloudflare.com Mon Feb 27 11:58:30 2017 From: cbranch at cloudflare.com (Chris Branch) Date: Mon, 27 Feb 2017 11:58:30 +0000 Subject: [PATCH] $request_scheme variable Message-ID: <05f555d65a33ebf005fe.1488196710@cbranch-vm.localdomain> # HG changeset patch # User Chris Branch # Date 1488195909 0 # Mon Feb 27 11:45:09 2017 +0000 # Node ID 05f555d65a33ebf005fedc569fb52eba3758e1d7 # Parent 87cf6ddb41c216876d13cffa5e637a61b159362c $request_scheme variable. Contains the URI scheme supplied by the client. If no scheme supplied, equivalent to $scheme. Scheme can be supplied by the client in two ways: * HTTP/2 :scheme pseudo-header. * HTTP/1 absolute URI in request line. diff -r 87cf6ddb41c2 -r 05f555d65a33 src/http/ngx_http_variables.c --- a/src/http/ngx_http_variables.c Fri Feb 17 17:01:27 2017 +0300 +++ b/src/http/ngx_http_variables.c Mon Feb 27 11:45:09 2017 +0000 @@ -105,6 +105,8 @@ ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_request_id(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); +static ngx_int_t ngx_http_variable_request_scheme(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_variable_status(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); @@ -288,6 +290,10 @@ ngx_http_variable_request_id, 0, 0, 0 }, + { ngx_string("request_scheme"), NULL, + ngx_http_variable_request_scheme, + 0, 0, 0 }, + { ngx_string("status"), NULL, ngx_http_variable_status, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, @@ -2158,6 +2164,24 @@ static ngx_int_t +ngx_http_variable_request_scheme(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +{ + if (r->schema_start) { + v->len = r->schema_end - r->schema_start; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; + v->data = r->schema_start; + + return NGX_OK; + } + + return ngx_http_variable_scheme(r, v, data); +} + + +static ngx_int_t ngx_http_variable_connection(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { From mdounin at mdounin.ru Mon Feb 27 22:50:51 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 27 Feb 2017 22:50:51 +0000 Subject: [nginx] Fixed background update with "if". Message-ID: details: http://hg.nginx.org/nginx/rev/8b7fd958c59f branches: changeset: 6920:8b7fd958c59f user: Maxim Dounin date: Mon Feb 27 22:36:15 2017 +0300 description: Fixed background update with "if". Cloned subrequests should inherit r->content_handler. This way they will be able to use the same location configuration as the original request if there are "if" directives in the configuration. Without r->content_handler inherited, the following configuration tries to access a static file in the update request: location / { set $true 1; if ($true) { # nothing } proxy_pass http://backend; proxy_cache one; proxy_cache_use_stale updating; proxy_cache_background_update on; } See http://mailman.nginx.org/pipermail/nginx/2017-February/053019.html for initial report. diffstat: src/http/ngx_http_core_module.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (11 lines): diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -2571,6 +2571,7 @@ ngx_http_subrequest(ngx_http_request_t * sr->method_name = r->method_name; sr->loc_conf = r->loc_conf; sr->valid_location = r->valid_location; + sr->content_handler = r->content_handler; sr->phase_handler = r->phase_handler; sr->write_event_handler = ngx_http_core_run_phases; From thibaultcha at fastmail.com Tue Feb 28 03:45:12 2017 From: thibaultcha at fastmail.com (Thibault Charbonnier) Date: Mon, 27 Feb 2017 19:45:12 -0800 Subject: [PATCH] Resolver: parse hosts file entries Message-ID: Hello, Here is an attempt at parsing and caching the hosts entries from /etc/hosts. I believe that the resolver should provide such an option to allow: - saving DNS lookups - avoiding confusion from users who expect it to be resolved - the current implementation now self-documents whether the hosts file is used for a particular resolver or not Please let me know if this is of any interest. -- Thibault # HG changeset patch # User Thibault Charbonnier # Date 1488252201 28800 # Mon Feb 27 19:23:21 2017 -0800 # Branch resolve-hostsfile # Node ID 91ef480a020bae132506052ca567fef2c4422705 # Parent 640f035293959b2d4b0ba5939d954bc517f57f77 Resolver: parse hosts file entries The resolver option can now take an optional 'hosts=' option, such as: resolver 8.8.4.4 hosts=/etc/hosts; Hosts parsed from the hosts file are considered valid forever. The behavior tries to be conservative, and only parses the hosts file when the option is provided, to enforce backwards compatibility. diff -r 640f03529395 -r 91ef480a020b src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c Fri Jan 27 19:06:35 2017 +0300 +++ b/src/core/ngx_resolver.c Mon Feb 27 19:23:21 2017 -0800 @@ -9,11 +9,12 @@ #include #include - -#define NGX_RESOLVER_UDP_SIZE 4096 - -#define NGX_RESOLVER_TCP_RSIZE (2 + 65535) -#define NGX_RESOLVER_TCP_WSIZE 8192 +#define NGX_RESOLVER_HOSTSFILE_SIZE 4096 + +#define NGX_RESOLVER_UDP_SIZE 4096 + +#define NGX_RESOLVER_TCP_RSIZE (2 + 65535) +#define NGX_RESOLVER_TCP_WSIZE 8192 typedef struct { @@ -120,6 +121,8 @@ ngx_resolver_node_t *rn); static void ngx_resolver_srv_names_handler(ngx_resolver_ctx_t *ctx); static ngx_int_t ngx_resolver_cmp_srvs(const void *one, const void *two); +static ngx_int_t ngx_resolver_parse_hostsfile(ngx_conf_t *cf, ngx_resolver_t *r, + ngx_str_t filename); #if (NGX_HAVE_INET6) static void ngx_resolver_rbtree_insert_addr6_value(ngx_rbtree_node_t *temp, @@ -128,7 +131,6 @@ struct in6_addr *addr, uint32_t hash); #endif - ngx_resolver_t * ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) { @@ -243,6 +245,24 @@ } #endif + if (ngx_strncmp(names[i].data, "hosts=", 6) == 0) { + r->hostsfile.len = names[i].len - 6; + + if (r->hostsfile.len == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter: %V", &names[i]); + return NULL; + } + + r->hostsfile.data = ngx_resolver_dup(r, names[i].data + 6, + r->hostsfile.len + 1); + if (r->hostsfile.data == NULL) { + return NULL; + } + + continue; + } + ngx_memzero(&u, sizeof(ngx_url_t)); u.url = names[i]; @@ -273,6 +293,13 @@ } } + if (r->hostsfile.len > 0 + && ngx_resolver_parse_hostsfile(cf, r, r->hostsfile) + != NGX_OK) + { + return NULL; + } + return r; } @@ -4660,3 +4687,264 @@ return p1 - p2; } + + +static ngx_int_t +ngx_resolver_parse_hostsfile(ngx_conf_t *cf, ngx_resolver_t *r, + ngx_str_t filename) +{ + off_t file_size; + u_char ch; + u_char *start; + size_t len; + ssize_t n, size; + ngx_int_t rc; + ngx_str_t s; + ngx_fd_t fd; + ngx_buf_t b; + ngx_file_t file; + in_addr_t addr; + ngx_resolver_node_t *rn; + enum { + scan_line = 0, + scan_skipline, + scan_addr, + scan_hosts, + scan_name + } state; + + b.start = NULL; + s.data = NULL; + s.len = 0; + rn = NULL; + + fd = ngx_open_file(filename.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); + if (fd == NGX_INVALID_FILE) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_open_file_n " \"%s\" failed", filename.data); + return NGX_ERROR; + } + + ngx_memzero(&file, sizeof(ngx_file_t)); + + if (ngx_fd_info(fd, &file.info) == NGX_FILE_ERROR) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_fd_info_n " \"%s\" failed", filename.data); + goto fail; + } + + file.fd = fd; + file.log = cf->log; + file.name.len = filename.len; + file.name.data = filename.data; + file.offset = 0; + + b.start = ngx_resolver_alloc(r, NGX_RESOLVER_HOSTSFILE_SIZE); + if (b.start == NULL) { + goto fail; + } + + b.pos = b.start; + b.last = b.start; + b.end = b.last + NGX_RESOLVER_HOSTSFILE_SIZE; + b.temporary = 1; + + start = b.pos; + state = scan_line; + file_size = ngx_file_size(&file.info); + + for ( ;; ) { + + if (b.pos >= b.last) { + len = b.pos - start; + + if (len) { + ngx_memmove(b.start, start, len); + } + + size = (ssize_t) (file_size - file.offset); + + if (size > b.end - (b.start + len)) { + size = b.end - (b.start + len); + + } else if (size == 0) { + rc = NGX_OK; + goto done; + } + + n = ngx_read_file(&file, b.start + len, size, file.offset); + if (n == NGX_ERROR) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_read_file_n, " \"%s\" failed", + filename.data); + goto fail; + } + + if (n != size) { + ngx_log_error(NGX_LOG_ERR, cf->log, ngx_errno, + ngx_read_file_n, " returned only %z bytes " + "instead of %z", n, size); + goto fail; + } + + b.pos = b.start + len; + b.last = b.pos + n; + start = b.start; + } + + ch = *b.pos; + + switch (state) { + + case scan_line: + if (ch == ' ') { + break; + } + + if (ch == '#') { + state = scan_skipline; + break; + } + + start = b.pos; + state = scan_addr; + break; + + case scan_skipline: + if (ch == LF || ch == CR) { + state = scan_line; + } + + break; + + case scan_addr: + if (ch == LF || ch == CR) { + state = scan_line; + break; + } + + if (ch == ' ' || ch == '\t') { + if (s.data) { + ngx_resolver_free(r, s.data); + } + + s.len = b.pos - start; + + s.data = ngx_resolver_dup(r, start, s.len); + if (s.data == NULL) { + goto fail; + } + + state = scan_hosts; + } + + break; + + case scan_hosts: + if (ch == LF || ch == CR) { + state = scan_line; + break; + } + + if (ch == ' ' || ch == '\t') { + break; + } + + start = b.pos; + state = scan_name; + break; + + case scan_name: + if (ch == ' ' || ch == '\t' || ch == LF || ch == CR) { + rn = ngx_resolver_calloc(r, sizeof(ngx_resolver_node_t)); + if (rn == NULL) { + goto fail; + } + + rn->nlen = b.pos - start; + + rn->name = ngx_resolver_dup(r, start, rn->nlen); + if (rn->name == NULL) { + goto fail; + } + + rn->ttl = NGX_MAX_UINT32_VALUE; + rn->valid = NGX_MAX_UINT32_VALUE; + rn->expire = NGX_MAX_UINT32_VALUE; + rn->node.key = ngx_crc32_short(rn->name, rn->nlen); + + if (ngx_strlchr(s.data, + s.data + s.len, ':') != NULL) + { + +#if (NGX_HAVE_INET6) + if (!r->ipv6 + || ngx_inet6_addr(s.data, s.len, + rn->u6.addr6.s6_addr) != NGX_OK) + { + ngx_resolver_free_node(r, rn); + state = scan_skipline; + break; + } + + rn->naddrs6 = 1; +#endif + + } else { + addr = ngx_inet_addr(s.data, s.len); + if (addr == INADDR_NONE) { + ngx_resolver_free_node(r, rn); + state = scan_skipline; + break; + } + + rn->naddrs = 1; + rn->u.addr = addr; + } + + ngx_rbtree_insert(&r->name_rbtree, &rn->node); + + ngx_queue_insert_head(&r->name_expire_queue, &rn->queue); + + if (ch == LF || ch == CR) { + state = scan_line; + break; + } + + state = scan_hosts; + } + + break; + } + + b.pos++; + } + +fail: + + rc = NGX_ERROR; + +done: + + if (s.data) { + ngx_resolver_free(r, s.data); + } + + if (b.start) { + ngx_resolver_free(r, b.start); + } + + if (ngx_close_file(fd) == NGX_FILE_ERROR) { + ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, + ngx_close_file_n, " \"%s\" failed", + filename.data); + rc = NGX_ERROR; + } + + if (rc == NGX_ERROR) { + return NGX_ERROR; + } + + return NGX_OK; +} + diff -r 640f03529395 -r 91ef480a020b src/core/ngx_resolver.h --- a/src/core/ngx_resolver.h Fri Jan 27 19:06:35 2017 +0300 +++ b/src/core/ngx_resolver.h Mon Feb 27 19:23:21 2017 -0800 @@ -146,6 +146,8 @@ struct ngx_resolver_s { + ngx_str_t hostsfile; + /* has to be pointer because of "incomplete type" */ ngx_event_t *event; void *dummy; From thibaultcha at fastmail.com Tue Feb 28 07:50:16 2017 From: thibaultcha at fastmail.com (Thibault Charbonnier) Date: Mon, 27 Feb 2017 23:50:16 -0800 Subject: [PATCH] Resolver: parse hosts file entries In-Reply-To: References: Message-ID: <56e01788-baca-8c2d-c0ca-de1e02965226@fastmail.com> On 2/27/17 7:45 PM, Thibault Charbonnier wrote: > + if (r->hostsfile.len > 0 > + && ngx_resolver_parse_hostsfile(cf, r, r->hostsfile) My bad, the third argument here can probably be removed. I moved the hosts file path to the resolver struct at some point in order to _eventually_ implement some sort or reloading in the future. > + != NGX_OK) > + { > + return NULL; > + } > + > return r; > } From eran.kornblau at kaltura.com Tue Feb 28 19:20:49 2017 From: eran.kornblau at kaltura.com (Eran Kornblau) Date: Tue, 28 Feb 2017 19:20:49 +0000 Subject: Add missing static specifiers Message-ID: Hi all, Wrote a small script to find missing 'static's in my module - https://github.com/kaltura/nginx-vod-module/blob/master/test/test_static.py I executed it on nginx core and found a few of those too, see attached patch. The logic for finding these was - 1. An exported symbol (found by running readelf on all object files) 2. Appears only in one source file (I could have checked the object imports instead, but anyway, that's how it works...) 3. Not mentioned in any header file (simple 'find whole words' search) 4. Does not end with '_module' Btw, the script also complained about ngx_noaccepting and ngx_restart, I did not change those since all other flags there are exported. Thanks! Eran -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: nginx-add-static.patch Type: application/octet-stream Size: 3845 bytes Desc: nginx-add-static.patch URL: From mdounin at mdounin.ru Tue Feb 28 20:22:19 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 28 Feb 2017 23:22:19 +0300 Subject: Add missing static specifiers In-Reply-To: References: Message-ID: <20170228202219.GO34777@mdounin.ru> Hello! On Tue, Feb 28, 2017 at 07:20:49PM +0000, Eran Kornblau wrote: > Hi all, > > Wrote a small script to find missing 'static's in my module - > https://github.com/kaltura/nginx-vod-module/blob/master/test/test_static.py > > I executed it on nginx core and found a few of those too, see attached patch. > The logic for finding these was - > > 1. An exported symbol (found by running readelf on all object files) > > 2. Appears only in one source file (I could have checked the object imports instead, but anyway, > that's how it works...) > > 3. Not mentioned in any header file (simple 'find whole words' search) > > 4. Does not end with '_module' > > Btw, the script also complained about ngx_noaccepting and ngx_restart, I did not change those since > all other flags there are exported. Thank you, looks interesting. Quick review below. > # HG changeset patch > # User Eran Kornblau > # Date 1488300547 18000 > # Tue Feb 28 11:49:07 2017 -0500 > # Node ID 4b4b8f5413a4a1679d6ad0aa444e29e3f55b6b2a > # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 > add missing static specifiers Style nitpicking: Added missing static specifiers. > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/core/ngx_resolver.c > --- a/src/core/ngx_resolver.c Mon Feb 27 22:36:15 2017 +0300 > +++ b/src/core/ngx_resolver.c Tue Feb 28 11:49:07 2017 -0500 > @@ -56,7 +56,7 @@ > ((u_char *) (n) - offsetof(ngx_resolver_node_t, node)) > > > -ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec); > +static ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec); > ngx_int_t ngx_tcp_connect(ngx_resolver_connection_t *rec); > > I'm curious why ngx_udp_connect() was catched, but exactly identical ngx_tcp_connect() wasn't. > @@ -4379,7 +4379,7 @@ > } > > > -ngx_int_t > +static ngx_int_t > ngx_udp_connect(ngx_resolver_connection_t *rec) > { > int rc; > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/event/modules/ngx_epoll_module.c > --- a/src/event/modules/ngx_epoll_module.c Mon Feb 27 22:36:15 2017 +0300 > +++ b/src/event/modules/ngx_epoll_module.c Tue Feb 28 11:49:07 2017 -0500 > @@ -176,7 +176,7 @@ > }; > > > -ngx_event_module_t ngx_epoll_module_ctx = { > +static ngx_event_module_t ngx_epoll_module_ctx = { > &epoll_name, > ngx_epoll_create_conf, /* create configuration */ > ngx_epoll_init_conf, /* init configuration */ > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/event/ngx_event.c > --- a/src/event/ngx_event.c Mon Feb 27 22:36:15 2017 +0300 > +++ b/src/event/ngx_event.c Tue Feb 28 11:49:07 2017 -0500 > @@ -165,7 +165,7 @@ > }; > > > -ngx_event_module_t ngx_event_core_module_ctx = { > +static ngx_event_module_t ngx_event_core_module_ctx = { > &event_core_name, > ngx_event_core_create_conf, /* create configuration */ > ngx_event_core_init_conf, /* init configuration */ Note that all event modules currently use non-static contexts. Obviously your script can't catch symbols in modules you don't have compiled in, but a simple grep will allow to properly extend this to other modules. > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/http/modules/ngx_http_charset_filter_module.c > --- a/src/http/modules/ngx_http_charset_filter_module.c Mon Feb 27 22:36:15 2017 +0300 > +++ b/src/http/modules/ngx_http_charset_filter_module.c Tue Feb 28 11:49:07 2017 -0500 > @@ -123,7 +123,7 @@ > static ngx_int_t ngx_http_charset_postconfiguration(ngx_conf_t *cf); > > > -ngx_str_t ngx_http_charset_default_types[] = { > +static ngx_str_t ngx_http_charset_default_types[] = { > ngx_string("text/html"), > ngx_string("text/xml"), > ngx_string("text/plain"), The ngx_http_xslt_default_types variable seems to be exactly identical. > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/http/modules/ngx_http_static_module.c > --- a/src/http/modules/ngx_http_static_module.c Mon Feb 27 22:36:15 2017 +0300 > +++ b/src/http/modules/ngx_http_static_module.c Tue Feb 28 11:49:07 2017 -0500 > @@ -14,7 +14,7 @@ > static ngx_int_t ngx_http_static_init(ngx_conf_t *cf); > > > -ngx_http_module_t ngx_http_static_module_ctx = { > +static ngx_http_module_t ngx_http_static_module_ctx = { > NULL, /* preconfiguration */ > ngx_http_static_init, /* postconfiguration */ > As per $ grep -rh ngx_http_module_t src/ | grep -v '^static' there is also ngx_http_gzip_static_module_ctx which is also not static. > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/http/ngx_http_upstream.c > --- a/src/http/ngx_http_upstream.c Mon Feb 27 22:36:15 2017 +0300 > +++ b/src/http/ngx_http_upstream.c Tue Feb 28 11:49:07 2017 -0500 > @@ -188,7 +188,7 @@ > #endif > > > -ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { > +static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { > > { ngx_string("Status"), > ngx_http_upstream_process_header_line, > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/os/unix/ngx_linux_init.c > --- a/src/os/unix/ngx_linux_init.c Mon Feb 27 22:36:15 2017 +0300 > +++ b/src/os/unix/ngx_linux_init.c Tue Feb 28 11:49:07 2017 -0500 > @@ -9,8 +9,8 @@ > #include > > > -u_char ngx_linux_kern_ostype[50]; > -u_char ngx_linux_kern_osrelease[50]; > +static u_char ngx_linux_kern_ostype[50]; > +static u_char ngx_linux_kern_osrelease[50]; There are various OS-specific variables for various other platforms as well. It would be a good idea to either review them all, or left them as is. [...] -- Maxim Dounin http://nginx.org/ From eran.kornblau at kaltura.com Tue Feb 28 21:20:37 2017 From: eran.kornblau at kaltura.com (Eran Kornblau) Date: Tue, 28 Feb 2017 21:20:37 +0000 Subject: Add missing static specifiers In-Reply-To: <20170228202219.GO34777@mdounin.ru> References: <20170228202219.GO34777@mdounin.ru> Message-ID: Thanks for the review! Updated patch attached, comments inline below > Hello! > > > # HG changeset patch > > # User Eran Kornblau # Date 1488300547 18000 > > # Tue Feb 28 11:49:07 2017 -0500 > > # Node ID 4b4b8f5413a4a1679d6ad0aa444e29e3f55b6b2a > > # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 > > add missing static specifiers > > Style nitpicking: > > Added missing static specifiers. > Changed > > > > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/core/ngx_resolver.c > > --- a/src/core/ngx_resolver.c Mon Feb 27 22:36:15 2017 +0300 > > +++ b/src/core/ngx_resolver.c Tue Feb 28 11:49:07 2017 -0500 > > @@ -56,7 +56,7 @@ > > ((u_char *) (n) - offsetof(ngx_resolver_node_t, node)) > > > > > > -ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec); > > +static ngx_int_t ngx_udp_connect(ngx_resolver_connection_t *rec); > > ngx_int_t ngx_tcp_connect(ngx_resolver_connection_t *rec); > > > > > > I'm curious why ngx_udp_connect() was catched, but exactly identical ngx_tcp_connect() wasn't. > Good catch! The reason is that while I applied the changes against master, I'm usually working on old version (1.8.0) and I executed the script against that one, this function did not exist then. Anyway, I ran the script now against master and it did find this function, as well as a few additional stat variables which I added now as well. > > @@ -4379,7 +4379,7 @@ > > } > > > > > > -ngx_int_t > > +static ngx_int_t > > ngx_udp_connect(ngx_resolver_connection_t *rec) { > > int rc; > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/event/modules/ngx_epoll_module.c > > --- a/src/event/modules/ngx_epoll_module.c Mon Feb 27 22:36:15 2017 +0300 > > +++ b/src/event/modules/ngx_epoll_module.c Tue Feb 28 11:49:07 2017 -0500 > > @@ -176,7 +176,7 @@ > > }; > > > > > > -ngx_event_module_t ngx_epoll_module_ctx = { > > +static ngx_event_module_t ngx_epoll_module_ctx = { > > &epoll_name, > > ngx_epoll_create_conf, /* create configuration */ > > ngx_epoll_init_conf, /* init configuration */ > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/event/ngx_event.c > > --- a/src/event/ngx_event.c Mon Feb 27 22:36:15 2017 +0300 > > +++ b/src/event/ngx_event.c Tue Feb 28 11:49:07 2017 -0500 > > @@ -165,7 +165,7 @@ > > }; > > > > > > -ngx_event_module_t ngx_event_core_module_ctx = { > > +static ngx_event_module_t ngx_event_core_module_ctx = { > > &event_core_name, > > ngx_event_core_create_conf, /* create configuration */ > > ngx_event_core_init_conf, /* init configuration */ > > Note that all event modules currently use non-static contexts. > Obviously your script can't catch symbols in modules you don't have compiled in, but a simple grep will allow to properly extend this to other modules. > Added > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/http/modules/ngx_http_charset_filter_module.c > > --- a/src/http/modules/ngx_http_charset_filter_module.c Mon Feb 27 22:36:15 2017 +0300 > > +++ b/src/http/modules/ngx_http_charset_filter_module.c Tue Feb 28 11:49:07 2017 -0500 > > @@ -123,7 +123,7 @@ > > static ngx_int_t ngx_http_charset_postconfiguration(ngx_conf_t *cf); > > > > > > -ngx_str_t ngx_http_charset_default_types[] = { > > +static ngx_str_t ngx_http_charset_default_types[] = { > > ngx_string("text/html"), > > ngx_string("text/xml"), > > ngx_string("text/plain"), > > The ngx_http_xslt_default_types variable seems to be exactly identical. > Added > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/http/modules/ngx_http_static_module.c > > --- a/src/http/modules/ngx_http_static_module.c Mon Feb 27 22:36:15 2017 +0300 > > +++ b/src/http/modules/ngx_http_static_module.c Tue Feb 28 11:49:07 2017 -0500 > > @@ -14,7 +14,7 @@ > > static ngx_int_t ngx_http_static_init(ngx_conf_t *cf); > > > > > > -ngx_http_module_t ngx_http_static_module_ctx = { > > +static ngx_http_module_t ngx_http_static_module_ctx = { > > NULL, /* preconfiguration */ > > ngx_http_static_init, /* postconfiguration */ > > > > As per > > $ grep -rh ngx_http_module_t src/ | grep -v '^static' > > there is also ngx_http_gzip_static_module_ctx which is also not static. > Added > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/http/ngx_http_upstream.c > > --- a/src/http/ngx_http_upstream.c Mon Feb 27 22:36:15 2017 +0300 > > +++ b/src/http/ngx_http_upstream.c Tue Feb 28 11:49:07 2017 -0500 > > @@ -188,7 +188,7 @@ > > #endif > > > > > > -ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { > > +static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { > > > > { ngx_string("Status"), > > ngx_http_upstream_process_header_line, > > diff -r 8b7fd958c59f -r 4b4b8f5413a4 src/os/unix/ngx_linux_init.c > > --- a/src/os/unix/ngx_linux_init.c Mon Feb 27 22:36:15 2017 +0300 > > +++ b/src/os/unix/ngx_linux_init.c Tue Feb 28 11:49:07 2017 -0500 > > @@ -9,8 +9,8 @@ > > #include > > > > > > -u_char ngx_linux_kern_ostype[50]; > > -u_char ngx_linux_kern_osrelease[50]; > > +static u_char ngx_linux_kern_ostype[50]; static u_char > > +ngx_linux_kern_osrelease[50]; > > There are various OS-specific variables for various other platforms as well. It would be a good idea to either review them all, or left them as is. > Only one I could find is SERVICE_TABLE_ENTRY st (went over win32 files manually) Added it > [...] > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx-devel mailing list > nginx-devel at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-devel > Eran -------------- next part -------------- A non-text attachment was scrubbed... Name: nginx-add-static2.patch Type: application/octet-stream Size: 10239 bytes Desc: nginx-add-static2.patch URL: From piotrsikora at google.com Tue Feb 28 23:39:59 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Tue, 28 Feb 2017 15:39:59 -0800 Subject: [PATCH 1 of 3] HTTP: add support for "429 Too Many Requests" response (RFC6585) In-Reply-To: <20170225234510.GD34777@mdounin.ru> References: <20170225234510.GD34777@mdounin.ru> Message-ID: <9a63d6e990d230db0ec6.1488325199@piotrsikora.sfo.corp.google.com> # HG changeset patch # User Piotr Sikora # Date 1488324535 28800 # Tue Feb 28 15:28:55 2017 -0800 # Node ID 9a63d6e990d230db0ec6b03250265447f648526e # Parent 8b7fd958c59f8280d167fe7dd93f1942bfed5876 HTTP: add support for "429 Too Many Requests" response (RFC6585). This change adds reason phrase in status line and pretty response body when "429" status code is used in "return", "limit_conn_status" and/or "limit_req_status" directives. Signed-off-by: Piotr Sikora diff -r 8b7fd958c59f -r 9a63d6e990d2 src/http/ngx_http_header_filter_module.c --- a/src/http/ngx_http_header_filter_module.c +++ b/src/http/ngx_http_header_filter_module.c @@ -101,12 +101,16 @@ static ngx_str_t ngx_http_status_lines[] ngx_null_string, /* "419 unused" */ ngx_null_string, /* "420 unused" */ ngx_string("421 Misdirected Request"), + ngx_null_string, /* "422 Unprocessable Entity" */ + ngx_null_string, /* "423 Locked" */ + ngx_null_string, /* "424 Failed Dependency" */ + ngx_null_string, /* "425 unused" */ + ngx_null_string, /* "426 Upgrade Required" */ + ngx_null_string, /* "427 unused" */ + ngx_null_string, /* "428 Precondition Required" */ + ngx_string("429 Too Many Requests"), - /* ngx_null_string, */ /* "422 Unprocessable Entity" */ - /* ngx_null_string, */ /* "423 Locked" */ - /* ngx_null_string, */ /* "424 Failed Dependency" */ - -#define NGX_HTTP_LAST_4XX 422 +#define NGX_HTTP_LAST_4XX 430 #define NGX_HTTP_OFF_5XX (NGX_HTTP_LAST_4XX - 400 + NGX_HTTP_OFF_4XX) ngx_string("500 Internal Server Error"), diff -r 8b7fd958c59f -r 9a63d6e990d2 src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -98,6 +98,7 @@ #define NGX_HTTP_UNSUPPORTED_MEDIA_TYPE 415 #define NGX_HTTP_RANGE_NOT_SATISFIABLE 416 #define NGX_HTTP_MISDIRECTED_REQUEST 421 +#define NGX_HTTP_TOO_MANY_REQUESTS 429 /* Our own HTTP codes */ diff -r 8b7fd958c59f -r 9a63d6e990d2 src/http/ngx_http_special_response.c --- a/src/http/ngx_http_special_response.c +++ b/src/http/ngx_http_special_response.c @@ -225,6 +225,14 @@ static char ngx_http_error_421_page[] = ; +static char ngx_http_error_429_page[] = +"" CRLF +"429 Too Many Requests" CRLF +"" CRLF +"

429 Too Many Requests

" CRLF +; + + static char ngx_http_error_494_page[] = "" CRLF "400 Request Header Or Cookie Too Large" @@ -354,8 +362,16 @@ static ngx_str_t ngx_http_error_pages[] ngx_null_string, /* 419 */ ngx_null_string, /* 420 */ ngx_string(ngx_http_error_421_page), + ngx_null_string, /* 422 */ + ngx_null_string, /* 423 */ + ngx_null_string, /* 424 */ + ngx_null_string, /* 425 */ + ngx_null_string, /* 426 */ + ngx_null_string, /* 427 */ + ngx_null_string, /* 428 */ + ngx_string(ngx_http_error_429_page), -#define NGX_HTTP_LAST_4XX 422 +#define NGX_HTTP_LAST_4XX 430 #define NGX_HTTP_OFF_5XX (NGX_HTTP_LAST_4XX - 400 + NGX_HTTP_OFF_4XX) ngx_string(ngx_http_error_494_page), /* 494, request header too large */ From piotrsikora at google.com Tue Feb 28 23:40:00 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Tue, 28 Feb 2017 15:40:00 -0800 Subject: [PATCH 2 of 3] Upstream: allow recovery from "429 Too Many Requests" response In-Reply-To: <20170225234510.GD34777@mdounin.ru> References: <20170225234510.GD34777@mdounin.ru> Message-ID: # HG changeset patch # User Piotr Sikora # Date 1488324535 28800 # Tue Feb 28 15:28:55 2017 -0800 # Node ID e21f12a958010e1f3e5cdc1640859e335e032ca5 # Parent 9a63d6e990d230db0ec6b03250265447f648526e Upstream: allow recovery from "429 Too Many Requests" response. This change adds "http_429" parameter to "proxy_next_upstream" for retrying rate-limited requests, and to "proxy_cache_use_stale" for serving stale cached responses after being rate-limited. Signed-off-by: Piotr Sikora diff -r 9a63d6e990d2 -r e21f12a95801 src/http/modules/ngx_http_fastcgi_module.c --- a/src/http/modules/ngx_http_fastcgi_module.c +++ b/src/http/modules/ngx_http_fastcgi_module.c @@ -211,6 +211,7 @@ static ngx_conf_bitmask_t ngx_http_fast { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, { ngx_null_string, 0 } diff -r 9a63d6e990d2 -r e21f12a95801 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -220,6 +220,7 @@ static ngx_conf_bitmask_t ngx_http_prox { ngx_string("http_504"), NGX_HTTP_UPSTREAM_FT_HTTP_504 }, { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, { ngx_null_string, 0 } diff -r 9a63d6e990d2 -r e21f12a95801 src/http/modules/ngx_http_scgi_module.c --- a/src/http/modules/ngx_http_scgi_module.c +++ b/src/http/modules/ngx_http_scgi_module.c @@ -82,6 +82,7 @@ static ngx_conf_bitmask_t ngx_http_scgi_ { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, { ngx_null_string, 0 } diff -r 9a63d6e990d2 -r e21f12a95801 src/http/modules/ngx_http_uwsgi_module.c --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c @@ -114,6 +114,7 @@ static ngx_conf_bitmask_t ngx_http_uwsgi { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { ngx_string("updating"), NGX_HTTP_UPSTREAM_FT_UPDATING }, { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, { ngx_null_string, 0 } diff -r 9a63d6e990d2 -r e21f12a95801 src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -436,6 +436,7 @@ static ngx_http_upstream_next_t ngx_htt { 504, NGX_HTTP_UPSTREAM_FT_HTTP_504 }, { 403, NGX_HTTP_UPSTREAM_FT_HTTP_403 }, { 404, NGX_HTTP_UPSTREAM_FT_HTTP_404 }, + { 429, NGX_HTTP_UPSTREAM_FT_HTTP_429 }, { 0, 0 } }; @@ -4115,7 +4116,8 @@ ngx_http_upstream_next(ngx_http_request_ if (u->peer.sockaddr) { if (ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_403 - || ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_404) + || ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_404 + || ft_type == NGX_HTTP_UPSTREAM_FT_HTTP_429) { state = NGX_PEER_NEXT; @@ -4155,6 +4157,10 @@ ngx_http_upstream_next(ngx_http_request_ status = NGX_HTTP_NOT_FOUND; break; + case NGX_HTTP_UPSTREAM_FT_HTTP_429: + status = NGX_HTTP_TOO_MANY_REQUESTS; + break; + /* * NGX_HTTP_UPSTREAM_FT_BUSY_LOCK and NGX_HTTP_UPSTREAM_FT_MAX_WAITING * never reach here diff -r 9a63d6e990d2 -r e21f12a95801 src/http/ngx_http_upstream.h --- a/src/http/ngx_http_upstream.h +++ b/src/http/ngx_http_upstream.h @@ -26,10 +26,11 @@ #define NGX_HTTP_UPSTREAM_FT_HTTP_504 0x00000080 #define NGX_HTTP_UPSTREAM_FT_HTTP_403 0x00000100 #define NGX_HTTP_UPSTREAM_FT_HTTP_404 0x00000200 -#define NGX_HTTP_UPSTREAM_FT_UPDATING 0x00000400 -#define NGX_HTTP_UPSTREAM_FT_BUSY_LOCK 0x00000800 -#define NGX_HTTP_UPSTREAM_FT_MAX_WAITING 0x00001000 -#define NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT 0x00002000 +#define NGX_HTTP_UPSTREAM_FT_HTTP_429 0x00000400 +#define NGX_HTTP_UPSTREAM_FT_UPDATING 0x00000800 +#define NGX_HTTP_UPSTREAM_FT_BUSY_LOCK 0x00001000 +#define NGX_HTTP_UPSTREAM_FT_MAX_WAITING 0x00002000 +#define NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT 0x00004000 #define NGX_HTTP_UPSTREAM_FT_NOLIVE 0x40000000 #define NGX_HTTP_UPSTREAM_FT_OFF 0x80000000 @@ -38,7 +39,8 @@ |NGX_HTTP_UPSTREAM_FT_HTTP_503 \ |NGX_HTTP_UPSTREAM_FT_HTTP_504 \ |NGX_HTTP_UPSTREAM_FT_HTTP_403 \ - |NGX_HTTP_UPSTREAM_FT_HTTP_404) + |NGX_HTTP_UPSTREAM_FT_HTTP_404 \ + |NGX_HTTP_UPSTREAM_FT_HTTP_429) #define NGX_HTTP_UPSTREAM_INVALID_HEADER 40 From piotrsikora at google.com Tue Feb 28 23:40:01 2017 From: piotrsikora at google.com (Piotr Sikora) Date: Tue, 28 Feb 2017 15:40:01 -0800 Subject: [PATCH 3 of 3] Limit req: change default response code when rate-limiting In-Reply-To: <20170225234510.GD34777@mdounin.ru> References: <20170225234510.GD34777@mdounin.ru> Message-ID: # HG changeset patch # User Piotr Sikora # Date 1488324535 28800 # Tue Feb 28 15:28:55 2017 -0800 # Node ID c9d43c652ac776068e78f695dde00606eed184f8 # Parent e21f12a958010e1f3e5cdc1640859e335e032ca5 Limit req: change default response code when rate-limiting. Previously, "503 Service Unavailable" response code was used, but the new "429 Too Many Requests" response code is more appropriate. Signed-off-by: Piotr Sikora diff -r e21f12a95801 -r c9d43c652ac7 src/http/modules/ngx_http_limit_req_module.c --- a/src/http/modules/ngx_http_limit_req_module.c +++ b/src/http/modules/ngx_http_limit_req_module.c @@ -712,7 +712,7 @@ ngx_http_limit_req_merge_conf(ngx_conf_t NGX_LOG_INFO : conf->limit_log_level + 1; ngx_conf_merge_uint_value(conf->status_code, prev->status_code, - NGX_HTTP_SERVICE_UNAVAILABLE); + NGX_HTTP_TOO_MANY_REQUESTS); return NGX_CONF_OK; }