[nginx] support http2 per server

洪志道 hongzhidao at gmail.com
Fri Jun 9 12:56:38 UTC 2017


Hi, Valentin.

Please confirm again, thanks.

diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Mon May 29 23:33:38 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.c Fri Jun 09 07:15:50 2017 -0400
@@ -234,6 +234,13 @@
       offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
       NULL },

+    { ngx_string("ssl_h2"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+      ngx_http_ssl_enable,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, h2),
+      NULL },
+
       ngx_null_command
 };

@@ -343,16 +350,17 @@
     unsigned char *outlen, const unsigned char *in, unsigned int inlen,
     void *arg)
 {
-    unsigned int            srvlen;
-    unsigned char          *srv;
+    unsigned int               srvlen;
+    unsigned char             *srv;
 #if (NGX_DEBUG)
-    unsigned int            i;
+    unsigned int               i;
 #endif
 #if (NGX_HTTP_V2)
-    ngx_http_connection_t  *hc;
+    ngx_http_connection_t     *hc;
+    ngx_http_ssl_srv_conf_t   *sscf;
 #endif
 #if (NGX_HTTP_V2 || NGX_DEBUG)
-    ngx_connection_t       *c;
+    ngx_connection_t          *c;

     c = ngx_ssl_get_connection(ssl_conn);
 #endif
@@ -367,8 +375,9 @@

 #if (NGX_HTTP_V2)
     hc = c->data;
+    sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);

-    if (hc->addr_conf->http2) {
+    if (hc->addr_conf->http2 && sscf->h2) {
         srv =
            (unsigned char *) NGX_HTTP_V2_ALPN_ADVERTISE
NGX_HTTP_NPN_ADVERTISE;
         srvlen = sizeof(NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE)
- 1;
@@ -411,11 +420,13 @@

 #if (NGX_HTTP_V2)
     {
-    ngx_http_connection_t  *hc;
+    ngx_http_connection_t     *hc;
+    ngx_http_ssl_srv_conf_t   *sscf;

     hc = c->data;
+    sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);

-    if (hc->addr_conf->http2) {
+    if (hc->addr_conf->http2 && sscf->h2) {
         *out =
             (unsigned char *) NGX_HTTP_V2_NPN_ADVERTISE
NGX_HTTP_NPN_ADVERTISE;
         *outlen = sizeof(NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE)
- 1;
@@ -555,6 +566,7 @@
     sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
     sscf->stapling = NGX_CONF_UNSET;
     sscf->stapling_verify = NGX_CONF_UNSET;
+    sscf->h2 = NGX_CONF_UNSET;

     return sscf;
 }
@@ -620,6 +632,8 @@
     ngx_conf_merge_str_value(conf->stapling_responder,
                          prev->stapling_responder, "");

+    ngx_conf_merge_value(conf->h2, prev->h2, 0);
+
     conf->ssl.log = cf->log;

     if (conf->enable) {
diff -r 5e05118678af src/http/modules/ngx_http_ssl_module.h
--- a/src/http/modules/ngx_http_ssl_module.h Mon May 29 23:33:38 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.h Fri Jun 09 07:15:50 2017 -0400
@@ -57,6 +57,8 @@

     u_char                         *file;
     ngx_uint_t                      line;
+
+    ngx_flag_t                      h2;
 } ngx_http_ssl_srv_conf_t;


diff -r 5e05118678af src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Mon May 29 23:33:38 2017 +0300
+++ b/src/http/ngx_http_request.c Fri Jun 09 07:15:50 2017 -0400
@@ -784,9 +784,10 @@
      && (defined TLSEXT_TYPE_application_layer_protocol_negotiation
    \
          || defined TLSEXT_TYPE_next_proto_neg))
         {
-        unsigned int            len;
-        const unsigned char    *data;
-        ngx_http_connection_t  *hc;
+        unsigned int              len;
+        const unsigned char      *data;
+        ngx_http_connection_t    *hc;
+        ngx_http_ssl_srv_conf_t  *sscf;

         hc = c->data;

@@ -805,9 +806,14 @@
             SSL_get0_next_proto_negotiated(c->ssl->connection, &data,
&len);
 #endif

-            if (len == 2 && data[0] == 'h' && data[1] == '2') {
-                ngx_http_v2_init(c->read);
-                return;
+            sscf = ngx_http_get_module_srv_conf(hc->conf_ctx,
ngx_http_ssl_module);
+
+            if (sscf->h2) {
+
+                if (len == 2 && data[0] == 'h' && data[1] == '2') {
+                    ngx_http_v2_init(c->read);
+                    return;
+                }
             }
         }
         }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170609/5fc24c84/attachment.html>


More information about the nginx-devel mailing list