Contrib: http2 per server (was re: [nginx] support http2 per server)
David Freedman
david.freedman at uk.clara.net
Mon Oct 2 15:29:55 UTC 2017
Not that anybody has responded yet, but please find an important improvement over this patch:
- if (hc->addr_conf->http2 && !sscf->h2) {
+ if (r->http_version == NGX_HTTP_VERSION_20 && !sscf->h2) {
Full patch (with this improvement included) below:
diff -r 6b6e15bbda92 -r 2806e0ba8e91 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Tue Sep 05 17:59:31 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.c Fri Sep 08 01:07:46 2017 +0000
@@ -234,6 +234,13 @@
offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
NULL },
+ { ngx_string("ssl_h2"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+ ngx_http_ssl_enable,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_ssl_srv_conf_t, h2),
+ NULL },
+
ngx_null_command
};
@@ -354,6 +361,7 @@
#endif
#if (NGX_HTTP_V2)
ngx_http_connection_t *hc;
+ ngx_http_ssl_srv_conf_t *sscf;
#endif
#if (NGX_HTTP_V2 || NGX_DEBUG)
ngx_connection_t *c;
@@ -372,7 +380,9 @@
#if (NGX_HTTP_V2)
hc = c->data;
- if (hc->addr_conf->http2) {
+ sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
+
+ if (hc->addr_conf->http2 && sscf->h2) {
srv =
(unsigned char *) NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
srvlen = sizeof(NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
@@ -416,10 +426,13 @@
#if (NGX_HTTP_V2)
{
ngx_http_connection_t *hc;
+ ngx_http_ssl_srv_conf_t *sscf;
hc = c->data;
- if (hc->addr_conf->http2) {
+ sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
+
+ if (hc->addr_conf->http2 && sscf->h2) {
*out =
(unsigned char *) NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
*outlen = sizeof(NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
@@ -559,6 +572,7 @@
sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
sscf->stapling = NGX_CONF_UNSET;
sscf->stapling_verify = NGX_CONF_UNSET;
+ sscf->h2 = NGX_CONF_UNSET;
return sscf;
}
@@ -624,6 +638,8 @@
ngx_conf_merge_str_value(conf->stapling_responder,
prev->stapling_responder, "");
+ ngx_conf_merge_value(conf->h2, prev->h2, 1);
+
conf->ssl.log = cf->log;
if (conf->enable) {
diff -r 6b6e15bbda92 -r 2806e0ba8e91 src/http/modules/ngx_http_ssl_module.h
--- a/src/http/modules/ngx_http_ssl_module.h Tue Sep 05 17:59:31 2017 +0300
+++ b/src/http/modules/ngx_http_ssl_module.h Fri Sep 08 01:07:46 2017 +0000
@@ -57,6 +57,9 @@
u_char *file;
ngx_uint_t line;
+
+ ngx_flag_t h2;
+
} ngx_http_ssl_srv_conf_t;
diff -r 6b6e15bbda92 -r 2806e0ba8e91 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Tue Sep 05 17:59:31 2017 +0300
+++ b/src/http/ngx_http_request.c Fri Sep 08 01:07:46 2017 +0000
@@ -795,6 +795,7 @@
unsigned int len;
const unsigned char *data;
ngx_http_connection_t *hc;
+ ngx_http_ssl_srv_conf_t *sscf;
hc = c->data;
@@ -813,9 +814,15 @@
SSL_get0_next_proto_negotiated(c->ssl->connection, &data, &len);
#endif
- if (len == 2 && data[0] == 'h' && data[1] == '2') {
- ngx_http_v2_init(c->read);
- return;
+ sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
+
+ if (sscf->h2) {
+
+ if (len == 2 && data[0] == 'h' && data[1] == '2') {
+ ngx_http_v2_init(c->read);
+ return;
+ }
+
}
}
}
@@ -2106,6 +2113,15 @@
ngx_http_finalize_request(r, NGX_HTTP_MISDIRECTED_REQUEST);
return NGX_ERROR;
}
+#if (NGX_HTTP_V2)
+ if (r->http_version == NGX_HTTP_VERSION_20 && !sscf->h2) {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client attempted to request a server name "
+ "that does not have http2 enabled");
+ ngx_http_finalize_request(r, NGX_HTTP_MISDIRECTED_REQUEST);
+ return NGX_ERROR;
+ }
+#endif
}
#endif
More information about the nginx-devel
mailing list