[nginx] The gRPC proxy module.
Maxim Dounin
mdounin at mdounin.ru
Sat Mar 17 20:08:27 UTC 2018
details: http://hg.nginx.org/nginx/rev/2713b2dbf5bb
branches:
changeset: 7233:2713b2dbf5bb
user: Maxim Dounin <mdounin at mdounin.ru>
date: Sat Mar 17 23:04:24 2018 +0300
description:
The gRPC proxy module.
The module allows passing requests to upstream gRPC servers.
The module is built by default as long as HTTP/2 support is compiled in.
Example configuration:
grpc_pass 127.0.0.1:9000;
Alternatively, the "grpc://" scheme can be used:
grpc_pass grpc://127.0.0.1:9000;
Keepalive support is available via the upstream keepalive module. Note
that keepalive connections won't currently work with grpc-go as it fails
to handle SETTINGS_HEADER_TABLE_SIZE.
To use with SSL:
grpc_pass grpcs://127.0.0.1:9000;
SSL connections use ALPN "h2" when available. At least grpc-go works fine
without ALPN, so if ALPN is not available we just establish a connection
without it.
Tested with grpc-c++ and grpc-go.
diffstat:
auto/modules | 11 +
auto/options | 2 +
src/http/modules/ngx_http_grpc_module.c | 4571 +++++++++++++++++++++++++++++++
3 files changed, 4584 insertions(+), 0 deletions(-)
diffs (truncated from 4616 to 1000 lines):
diff --git a/auto/modules b/auto/modules
--- a/auto/modules
+++ b/auto/modules
@@ -744,6 +744,17 @@ if [ $HTTP = YES ]; then
. auto/module
fi
+ if [ $HTTP_GRPC = YES -a $HTTP_V2 = YES ]; then
+ ngx_module_name=ngx_http_grpc_module
+ ngx_module_incs=
+ ngx_module_deps=
+ ngx_module_srcs=src/http/modules/ngx_http_grpc_module.c
+ ngx_module_libs=
+ ngx_module_link=$HTTP_GRPC
+
+ . auto/module
+ fi
+
if [ $HTTP_PERL != NO ]; then
ngx_module_name=ngx_http_perl_module
ngx_module_incs=src/http/modules/perl
diff --git a/auto/options b/auto/options
--- a/auto/options
+++ b/auto/options
@@ -86,6 +86,7 @@ HTTP_PROXY=YES
HTTP_FASTCGI=YES
HTTP_UWSGI=YES
HTTP_SCGI=YES
+HTTP_GRPC=YES
HTTP_PERL=NO
HTTP_MEMCACHED=YES
HTTP_LIMIT_CONN=YES
@@ -262,6 +263,7 @@ do
--without-http_fastcgi_module) HTTP_FASTCGI=NO ;;
--without-http_uwsgi_module) HTTP_UWSGI=NO ;;
--without-http_scgi_module) HTTP_SCGI=NO ;;
+ --without-http_grpc_module) HTTP_GRPC=NO ;;
--without-http_memcached_module) HTTP_MEMCACHED=NO ;;
--without-http_limit_conn_module) HTTP_LIMIT_CONN=NO ;;
--without-http_limit_req_module) HTTP_LIMIT_REQ=NO ;;
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
new file mode 100644
--- /dev/null
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -0,0 +1,4571 @@
+
+/*
+ * Copyright (C) Maxim Dounin
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include <ngx_config.h>
+#include <ngx_core.h>
+#include <ngx_http.h>
+
+
+typedef struct {
+ ngx_array_t *flushes;
+ ngx_array_t *lengths;
+ ngx_array_t *values;
+ ngx_hash_t hash;
+} ngx_http_grpc_headers_t;
+
+
+typedef struct {
+ ngx_http_upstream_conf_t upstream;
+
+ ngx_http_grpc_headers_t headers;
+ ngx_array_t *headers_source;
+
+ ngx_str_t host;
+ ngx_uint_t host_set;
+
+#if (NGX_HTTP_SSL)
+ ngx_uint_t ssl;
+ ngx_uint_t ssl_protocols;
+ ngx_str_t ssl_ciphers;
+ ngx_uint_t ssl_verify_depth;
+ ngx_str_t ssl_trusted_certificate;
+ ngx_str_t ssl_crl;
+ ngx_str_t ssl_certificate;
+ ngx_str_t ssl_certificate_key;
+ ngx_array_t *ssl_passwords;
+#endif
+} ngx_http_grpc_loc_conf_t;
+
+
+typedef enum {
+ ngx_http_grpc_st_start = 0,
+ ngx_http_grpc_st_length_2,
+ ngx_http_grpc_st_length_3,
+ ngx_http_grpc_st_type,
+ ngx_http_grpc_st_flags,
+ ngx_http_grpc_st_stream_id,
+ ngx_http_grpc_st_stream_id_2,
+ ngx_http_grpc_st_stream_id_3,
+ ngx_http_grpc_st_stream_id_4,
+ ngx_http_grpc_st_payload,
+ ngx_http_grpc_st_padding
+} ngx_http_grpc_state_e;
+
+
+typedef struct {
+ size_t init_window;
+ size_t send_window;
+ size_t recv_window;
+ ngx_uint_t last_stream_id;
+} ngx_http_grpc_conn_t;
+
+
+typedef struct {
+ ngx_http_grpc_state_e state;
+ ngx_uint_t frame_state;
+ ngx_uint_t fragment_state;
+
+ ngx_chain_t *in;
+ ngx_chain_t *out;
+ ngx_chain_t *free;
+ ngx_chain_t *busy;
+
+ ngx_http_grpc_conn_t *connection;
+
+ ngx_uint_t id;
+
+ ssize_t send_window;
+ size_t recv_window;
+
+ size_t rest;
+ ngx_uint_t stream_id;
+ u_char type;
+ u_char flags;
+ u_char padding;
+
+ ngx_uint_t error;
+ ngx_uint_t window_update;
+
+ ngx_uint_t setting_id;
+ ngx_uint_t setting_value;
+
+ u_char ping_data[8];
+
+ ngx_uint_t index;
+ ngx_str_t name;
+ ngx_str_t value;
+
+ u_char *field_end;
+ size_t field_length;
+ size_t field_rest;
+ u_char field_state;
+
+ unsigned literal:1;
+ unsigned field_huffman:1;
+
+ unsigned header_sent:1;
+ unsigned output_closed:1;
+ unsigned parsing_headers:1;
+ unsigned end_stream:1;
+ unsigned status:1;
+
+ ngx_http_request_t *request;
+} ngx_http_grpc_ctx_t;
+
+
+typedef struct {
+ u_char length_0;
+ u_char length_1;
+ u_char length_2;
+ u_char type;
+ u_char flags;
+ u_char stream_id_0;
+ u_char stream_id_1;
+ u_char stream_id_2;
+ u_char stream_id_3;
+} ngx_http_grpc_frame_t;
+
+
+static ngx_int_t ngx_http_grpc_create_request(ngx_http_request_t *r);
+static ngx_int_t ngx_http_grpc_reinit_request(ngx_http_request_t *r);
+static ngx_int_t ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in);
+static ngx_int_t ngx_http_grpc_process_header(ngx_http_request_t *r);
+static ngx_int_t ngx_http_grpc_filter_init(void *data);
+static ngx_int_t ngx_http_grpc_filter(void *data, ssize_t bytes);
+
+static ngx_int_t ngx_http_grpc_parse_frame(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
+static ngx_int_t ngx_http_grpc_parse_header(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
+static ngx_int_t ngx_http_grpc_parse_fragment(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
+static ngx_int_t ngx_http_grpc_validate_header_name(ngx_http_request_t *r,
+ ngx_str_t *s);
+static ngx_int_t ngx_http_grpc_validate_header_value(ngx_http_request_t *r,
+ ngx_str_t *s);
+static ngx_int_t ngx_http_grpc_parse_rst_stream(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
+static ngx_int_t ngx_http_grpc_parse_goaway(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
+static ngx_int_t ngx_http_grpc_parse_window_update(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
+static ngx_int_t ngx_http_grpc_parse_settings(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
+static ngx_int_t ngx_http_grpc_parse_ping(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_buf_t *b);
+
+static ngx_int_t ngx_http_grpc_send_settings_ack(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx);
+static ngx_int_t ngx_http_grpc_send_ping_ack(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx);
+static ngx_int_t ngx_http_grpc_send_window_update(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx);
+
+static ngx_chain_t *ngx_http_grpc_get_buf(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx);
+static ngx_http_grpc_ctx_t *ngx_http_grpc_get_ctx(ngx_http_request_t *r);
+static ngx_int_t ngx_http_grpc_get_connection_data(ngx_http_request_t *r,
+ ngx_http_grpc_ctx_t *ctx, ngx_peer_connection_t *pc);
+static void ngx_http_grpc_cleanup(void *data);
+
+static void ngx_http_grpc_abort_request(ngx_http_request_t *r);
+static void ngx_http_grpc_finalize_request(ngx_http_request_t *r,
+ ngx_int_t rc);
+
+static void *ngx_http_grpc_create_loc_conf(ngx_conf_t *cf);
+static char *ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf,
+ void *parent, void *child);
+static ngx_int_t ngx_http_grpc_init_headers(ngx_conf_t *cf,
+ ngx_http_grpc_loc_conf_t *conf, ngx_http_grpc_headers_t *headers,
+ ngx_keyval_t *default_headers);
+
+static char *ngx_http_grpc_pass(ngx_conf_t *cf, ngx_command_t *cmd,
+ void *conf);
+
+#if (NGX_HTTP_SSL)
+static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf,
+ ngx_command_t *cmd, void *conf);
+static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf,
+ ngx_http_grpc_loc_conf_t *glcf);
+#endif
+
+
+static ngx_conf_bitmask_t ngx_http_grpc_next_upstream_masks[] = {
+ { ngx_string("error"), NGX_HTTP_UPSTREAM_FT_ERROR },
+ { ngx_string("timeout"), NGX_HTTP_UPSTREAM_FT_TIMEOUT },
+ { ngx_string("invalid_header"), NGX_HTTP_UPSTREAM_FT_INVALID_HEADER },
+ { ngx_string("non_idempotent"), NGX_HTTP_UPSTREAM_FT_NON_IDEMPOTENT },
+ { ngx_string("http_500"), NGX_HTTP_UPSTREAM_FT_HTTP_500 },
+ { ngx_string("http_502"), NGX_HTTP_UPSTREAM_FT_HTTP_502 },
+ { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 },
+ { ngx_string("http_504"), NGX_HTTP_UPSTREAM_FT_HTTP_504 },
+ { ngx_string("http_403"), NGX_HTTP_UPSTREAM_FT_HTTP_403 },
+ { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 },
+ { ngx_string("http_429"), NGX_HTTP_UPSTREAM_FT_HTTP_429 },
+ { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF },
+ { ngx_null_string, 0 }
+};
+
+
+#if (NGX_HTTP_SSL)
+
+static ngx_conf_bitmask_t ngx_http_grpc_ssl_protocols[] = {
+ { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
+ { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
+ { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
+ { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
+ { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
+ { ngx_null_string, 0 }
+};
+
+#endif
+
+
+static ngx_command_t ngx_http_grpc_commands[] = {
+
+ { ngx_string("grpc_pass"),
+ NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_TAKE1,
+ ngx_http_grpc_pass,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
+ { ngx_string("grpc_bind"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE12,
+ ngx_http_upstream_bind_set_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.local),
+ NULL },
+
+ { ngx_string("grpc_connect_timeout"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.connect_timeout),
+ NULL },
+
+ { ngx_string("grpc_send_timeout"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.send_timeout),
+ NULL },
+
+ { ngx_string("grpc_intercept_errors"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.intercept_errors),
+ NULL },
+
+ { ngx_string("grpc_buffer_size"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_size_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.buffer_size),
+ NULL },
+
+ { ngx_string("grpc_read_timeout"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.read_timeout),
+ NULL },
+
+ { ngx_string("grpc_next_upstream"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
+ ngx_conf_set_bitmask_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream),
+ &ngx_http_grpc_next_upstream_masks },
+
+ { ngx_string("grpc_next_upstream_tries"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_num_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream_tries),
+ NULL },
+
+ { ngx_string("grpc_next_upstream_timeout"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_msec_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.next_upstream_timeout),
+ NULL },
+
+ { ngx_string("grpc_set_header"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
+ ngx_conf_set_keyval_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, headers_source),
+ NULL },
+
+ { ngx_string("grpc_pass_header"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_array_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.pass_headers),
+ NULL },
+
+ { ngx_string("grpc_hide_header"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_array_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.hide_headers),
+ NULL },
+
+ { ngx_string("grpc_ignore_headers"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
+ ngx_conf_set_bitmask_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.ignore_headers),
+ &ngx_http_upstream_ignore_headers_masks },
+
+#if (NGX_HTTP_SSL)
+
+ { ngx_string("grpc_ssl_session_reuse"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_session_reuse),
+ NULL },
+
+ { ngx_string("grpc_ssl_protocols"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
+ ngx_conf_set_bitmask_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, ssl_protocols),
+ &ngx_http_grpc_ssl_protocols },
+
+ { ngx_string("grpc_ssl_ciphers"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, ssl_ciphers),
+ NULL },
+
+ { ngx_string("grpc_ssl_name"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_http_set_complex_value_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_name),
+ NULL },
+
+ { ngx_string("grpc_ssl_server_name"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_server_name),
+ NULL },
+
+ { ngx_string("grpc_ssl_verify"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_verify),
+ NULL },
+
+ { ngx_string("grpc_ssl_verify_depth"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_num_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, ssl_verify_depth),
+ NULL },
+
+ { ngx_string("grpc_ssl_trusted_certificate"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, ssl_trusted_certificate),
+ NULL },
+
+ { ngx_string("grpc_ssl_crl"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, ssl_crl),
+ NULL },
+
+ { ngx_string("grpc_ssl_certificate"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate),
+ NULL },
+
+ { ngx_string("grpc_ssl_certificate_key"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate_key),
+ NULL },
+
+ { ngx_string("grpc_ssl_password_file"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+ ngx_http_grpc_ssl_password_file,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ 0,
+ NULL },
+
+#endif
+
+ ngx_null_command
+};
+
+
+static ngx_http_module_t ngx_http_grpc_module_ctx = {
+ NULL, /* preconfiguration */
+ NULL, /* postconfiguration */
+
+ NULL, /* create main configuration */
+ NULL, /* init main configuration */
+
+ NULL, /* create server configuration */
+ NULL, /* merge server configuration */
+
+ ngx_http_grpc_create_loc_conf, /* create location configuration */
+ ngx_http_grpc_merge_loc_conf /* merge location configuration */
+};
+
+
+ngx_module_t ngx_http_grpc_module = {
+ NGX_MODULE_V1,
+ &ngx_http_grpc_module_ctx, /* module context */
+ ngx_http_grpc_commands, /* module directives */
+ NGX_HTTP_MODULE, /* module type */
+ NULL, /* init master */
+ NULL, /* init module */
+ NULL, /* init process */
+ NULL, /* init thread */
+ NULL, /* exit thread */
+ NULL, /* exit process */
+ NULL, /* exit master */
+ NGX_MODULE_V1_PADDING
+};
+
+
+static u_char ngx_http_grpc_connection_start[] =
+ "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" /* connection preface */
+
+ "\x00\x00\x12\x04\x00\x00\x00\x00\x00" /* settings frame */
+ "\x00\x01\x00\x00\x00\x00" /* header table size */
+ "\x00\x02\x00\x00\x00\x00" /* disable push */
+ "\x00\x04\x7f\xff\xff\xff" /* initial window */
+
+ "\x00\x00\x04\x08\x00\x00\x00\x00\x00" /* window update frame */
+ "\x7f\xff\x00\x00";
+
+
+static ngx_keyval_t ngx_http_grpc_headers[] = {
+ { ngx_string("Content-Length"), ngx_string("$content_length") },
+ { ngx_string("Host"), ngx_string("") },
+ { ngx_string("Connection"), ngx_string("") },
+ { ngx_string("Transfer-Encoding"), ngx_string("") },
+ { ngx_string("TE"), ngx_string("") },
+ { ngx_string("Keep-Alive"), ngx_string("") },
+ { ngx_string("Expect"), ngx_string("") },
+ { ngx_string("Upgrade"), ngx_string("") },
+ { ngx_null_string, ngx_null_string }
+};
+
+
+static ngx_str_t ngx_http_grpc_hide_headers[] = {
+ ngx_string("Date"),
+ ngx_string("Server"),
+ ngx_string("X-Accel-Expires"),
+ ngx_string("X-Accel-Redirect"),
+ ngx_string("X-Accel-Limit-Rate"),
+ ngx_string("X-Accel-Buffering"),
+ ngx_string("X-Accel-Charset"),
+ ngx_null_string
+};
+
+
+static ngx_int_t
+ngx_http_grpc_handler(ngx_http_request_t *r)
+{
+ ngx_int_t rc;
+ ngx_http_upstream_t *u;
+ ngx_http_grpc_ctx_t *ctx;
+ ngx_http_grpc_loc_conf_t *glcf;
+
+ if (ngx_http_upstream_create(r) != NGX_OK) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module);
+
+ u = r->upstream;
+
+#if (NGX_HTTP_SSL)
+ u->ssl = (glcf->upstream.ssl != NULL);
+
+ if (u->ssl) {
+ ngx_str_set(&u->schema, "grpcs://");
+
+ } else {
+ ngx_str_set(&u->schema, "grpc://");
+ }
+#else
+ ngx_str_set(&u->schema, "grpc://");
+#endif
+
+ u->output.tag = (ngx_buf_tag_t) &ngx_http_grpc_module;
+
+ u->conf = &glcf->upstream;
+
+ u->create_request = ngx_http_grpc_create_request;
+ u->reinit_request = ngx_http_grpc_reinit_request;
+ u->process_header = ngx_http_grpc_process_header;
+ u->abort_request = ngx_http_grpc_abort_request;
+ u->finalize_request = ngx_http_grpc_finalize_request;
+
+ ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_grpc_ctx_t));
+ if (ctx == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ ctx->request = r;
+
+ ngx_http_set_ctx(r, ctx, ngx_http_grpc_module);
+
+ u->input_filter_init = ngx_http_grpc_filter_init;
+ u->input_filter = ngx_http_grpc_filter;
+ u->input_filter_ctx = ctx;
+
+ r->request_body_no_buffering = 1;
+
+ rc = ngx_http_read_client_request_body(r, ngx_http_upstream_init);
+
+ if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
+ return rc;
+ }
+
+ return NGX_DONE;
+}
+
+
+static ngx_int_t
+ngx_http_grpc_create_request(ngx_http_request_t *r)
+{
+ u_char *p, *tmp, *key_tmp, *val_tmp, *headers_frame;
+ size_t len, tmp_len, key_len, val_len, uri_len;
+ uintptr_t escape;
+ ngx_buf_t *b;
+ ngx_uint_t i, next;
+ ngx_chain_t *cl, *body;
+ ngx_list_part_t *part;
+ ngx_table_elt_t *header;
+ ngx_http_upstream_t *u;
+ ngx_http_grpc_frame_t *f;
+ ngx_http_script_code_pt code;
+ ngx_http_grpc_loc_conf_t *glcf;
+ ngx_http_script_engine_t e, le;
+ ngx_http_script_len_code_pt lcode;
+
+ u = r->upstream;
+
+ glcf = ngx_http_get_module_loc_conf(r, ngx_http_grpc_module);
+
+ len = sizeof(ngx_http_grpc_connection_start) - 1
+ + sizeof(ngx_http_grpc_frame_t); /* headers frame */
+
+ /* :method header */
+
+ if (r->method == NGX_HTTP_GET || r->method == NGX_HTTP_POST) {
+ len += 1;
+ tmp_len = 0;
+
+ } else {
+ len += 1 + NGX_HTTP_V2_INT_OCTETS + r->method_name.len;
+ tmp_len = r->method_name.len;
+ }
+
+ /* :scheme header */
+
+ len += 1;
+
+ /* :path header */
+
+ if (r->valid_unparsed_uri) {
+ escape = 0;
+ uri_len = r->unparsed_uri.len;
+
+ } else {
+ escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len,
+ NGX_ESCAPE_URI);
+ uri_len = r->uri.len + escape + sizeof("?") - 1 + r->args.len;
+ }
+
+ len += 1 + NGX_HTTP_V2_INT_OCTETS + uri_len;
+
+ if (tmp_len < uri_len) {
+ tmp_len = uri_len;
+ }
+
+ /* :authority header */
+
+ if (!glcf->host_set) {
+ len += 1 + NGX_HTTP_V2_INT_OCTETS + glcf->host.len;
+
+ if (tmp_len < glcf->host.len) {
+ tmp_len = glcf->host.len;
+ }
+ }
+
+ /* other headers */
+
+ ngx_http_script_flush_no_cacheable_variables(r, glcf->headers.flushes);
+ ngx_memzero(&le, sizeof(ngx_http_script_engine_t));
+
+ le.ip = glcf->headers.lengths->elts;
+ le.request = r;
+ le.flushed = 1;
+
+ while (*(uintptr_t *) le.ip) {
+
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ key_len = lcode(&le);
+
+ for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ }
+ le.ip += sizeof(uintptr_t);
+
+ if (val_len == 0) {
+ continue;
+ }
+
+ len += 1 + NGX_HTTP_V2_INT_OCTETS + key_len
+ + NGX_HTTP_V2_INT_OCTETS + val_len;
+
+ if (tmp_len < key_len) {
+ tmp_len = key_len;
+ }
+
+ if (tmp_len < val_len) {
+ tmp_len = val_len;
+ }
+ }
+
+ if (glcf->upstream.pass_request_headers) {
+ part = &r->headers_in.headers.part;
+ header = part->elts;
+
+ for (i = 0; /* void */; i++) {
+
+ if (i >= part->nelts) {
+ if (part->next == NULL) {
+ break;
+ }
+
+ part = part->next;
+ header = part->elts;
+ i = 0;
+ }
+
+ if (ngx_hash_find(&glcf->headers.hash, header[i].hash,
+ header[i].lowcase_key, header[i].key.len))
+ {
+ continue;
+ }
+
+ len += 1 + NGX_HTTP_V2_INT_OCTETS + header[i].key.len
+ + NGX_HTTP_V2_INT_OCTETS + header[i].value.len;
+
+ if (tmp_len < header[i].key.len) {
+ tmp_len = header[i].key.len;
+ }
+
+ if (tmp_len < header[i].value.len) {
+ tmp_len = header[i].value.len;
+ }
+ }
+ }
+
+ /* continuation frames */
+
+ len += sizeof(ngx_http_grpc_frame_t)
+ * (len / NGX_HTTP_V2_DEFAULT_FRAME_SIZE);
+
+
+ b = ngx_create_temp_buf(r->pool, len);
+ if (b == NULL) {
+ return NGX_ERROR;
+ }
+
+ cl = ngx_alloc_chain_link(r->pool);
+ if (cl == NULL) {
+ return NGX_ERROR;
+ }
+
+ cl->buf = b;
+ cl->next = NULL;
+
+ tmp = ngx_palloc(r->pool, tmp_len * 3);
+ if (tmp == NULL) {
+ return NGX_ERROR;
+ }
+
+ key_tmp = tmp + tmp_len;
+ val_tmp = tmp + 2 * tmp_len;
+
+ /* connection preface */
+
+ b->last = ngx_copy(b->last, ngx_http_grpc_connection_start,
+ sizeof(ngx_http_grpc_connection_start) - 1);
+
+ /* headers frame */
+
+ headers_frame = b->last;
+
+ f = (ngx_http_grpc_frame_t *) b->last;
+ b->last += sizeof(ngx_http_grpc_frame_t);
+
+ f->length_0 = 0;
+ f->length_1 = 0;
+ f->length_2 = 0;
+ f->type = NGX_HTTP_V2_HEADERS_FRAME;
+ f->flags = 0;
+ f->stream_id_0 = 0;
+ f->stream_id_1 = 0;
+ f->stream_id_2 = 0;
+ f->stream_id_3 = 1;
+
+ if (r->method == NGX_HTTP_GET) {
+ *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_METHOD_GET_INDEX);
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":method: GET\"");
+
+ } else if (r->method == NGX_HTTP_POST) {
+ *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_METHOD_POST_INDEX);
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":method: POST\"");
+
+ } else {
+ *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_METHOD_INDEX);
+ b->last = ngx_http_v2_write_value(b->last, r->method_name.data,
+ r->method_name.len, tmp);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":method: %V\"", &r->method_name);
+ }
+
+#if (NGX_HTTP_SSL)
+ if (glcf->ssl) {
+ *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX);
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":scheme: https\"");
+ } else
+#endif
+ {
+ *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX);
+
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":scheme: http\"");
+ }
+
+ if (r->valid_unparsed_uri) {
+
+ if (r->unparsed_uri.len == 1 && r->unparsed_uri.data[0] == '/') {
+ *b->last++ = ngx_http_v2_indexed(NGX_HTTP_V2_PATH_ROOT_INDEX);
+
+ } else {
+ *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
+ b->last = ngx_http_v2_write_value(b->last, r->unparsed_uri.data,
+ r->unparsed_uri.len, tmp);
+ }
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":path: %V\"", &r->unparsed_uri);
+
+ } else if (escape || r->args.len > 0) {
+ p = val_tmp;
+
+ if (escape) {
+ p = (u_char *) ngx_escape_uri(p, r->uri.data, r->uri.len,
+ NGX_ESCAPE_URI);
+
+ } else {
+ p = ngx_copy(p, r->uri.data, r->uri.len);
+ }
+
+ if (r->args.len > 0) {
+ *p++ = '?';
+ p = ngx_copy(p, r->args.data, r->args.len);
+ }
+
+ *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
+ b->last = ngx_http_v2_write_value(b->last, val_tmp, p - val_tmp, tmp);
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":path: %*s\"", p - val_tmp, val_tmp);
+
+ } else {
+ *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
+ b->last = ngx_http_v2_write_value(b->last, r->uri.data,
+ r->uri.len, tmp);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":path: %V\"", &r->uri);
+ }
+
+ if (!glcf->host_set) {
+ *b->last++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_AUTHORITY_INDEX);
+ b->last = ngx_http_v2_write_value(b->last, glcf->host.data,
+ glcf->host.len, tmp);
+
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \":authority: %V\"", &glcf->host);
+ }
+
+ ngx_memzero(&e, sizeof(ngx_http_script_engine_t));
+
+ e.ip = glcf->headers.values->elts;
+ e.request = r;
+ e.flushed = 1;
+
+ le.ip = glcf->headers.lengths->elts;
+
+ while (*(uintptr_t *) le.ip) {
+
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ key_len = lcode(&le);
+
+ for (val_len = 0; *(uintptr_t *) le.ip; val_len += lcode(&le)) {
+ lcode = *(ngx_http_script_len_code_pt *) le.ip;
+ }
+ le.ip += sizeof(uintptr_t);
+
+ if (val_len == 0) {
+ e.skip = 1;
+
+ while (*(uintptr_t *) e.ip) {
+ code = *(ngx_http_script_code_pt *) e.ip;
+ code((ngx_http_script_engine_t *) &e);
+ }
+ e.ip += sizeof(uintptr_t);
+
+ e.skip = 0;
+
+ continue;
+ }
+
+ *b->last++ = 0;
+
+ e.pos = key_tmp;
+
+ code = *(ngx_http_script_code_pt *) e.ip;
+ code((ngx_http_script_engine_t *) &e);
+
+ b->last = ngx_http_v2_write_name(b->last, key_tmp, key_len, tmp);
+
+ e.pos = val_tmp;
+
+ while (*(uintptr_t *) e.ip) {
+ code = *(ngx_http_script_code_pt *) e.ip;
+ code((ngx_http_script_engine_t *) &e);
+ }
+ e.ip += sizeof(uintptr_t);
+
+ b->last = ngx_http_v2_write_value(b->last, val_tmp, val_len, tmp);
+
+#if (NGX_DEBUG)
+ if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) {
+ ngx_strlow(key_tmp, key_tmp, key_len);
+
+ ngx_log_debug4(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \"%*s: %*s\"",
+ key_len, key_tmp, val_len, val_tmp);
+ }
+#endif
+ }
+
+ if (glcf->upstream.pass_request_headers) {
+ part = &r->headers_in.headers.part;
+ header = part->elts;
+
+ for (i = 0; /* void */; i++) {
+
+ if (i >= part->nelts) {
+ if (part->next == NULL) {
+ break;
+ }
+
+ part = part->next;
+ header = part->elts;
+ i = 0;
+ }
+
+ if (ngx_hash_find(&glcf->headers.hash, header[i].hash,
+ header[i].lowcase_key, header[i].key.len))
+ {
+ continue;
+ }
+
+ *b->last++ = 0;
+
+ b->last = ngx_http_v2_write_name(b->last, header[i].key.data,
+ header[i].key.len, tmp);
+
+ b->last = ngx_http_v2_write_value(b->last, header[i].value.data,
+ header[i].value.len, tmp);
+
+#if (NGX_DEBUG)
+ if (r->connection->log->log_level & NGX_LOG_DEBUG_HTTP) {
+ ngx_strlow(tmp, header[i].key.data, header[i].key.len);
+
+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+ "grpc header: \"%*s: %V\"",
+ header[i].key.len, tmp, &header[i].value);
+ }
+#endif
+ }
+ }
+
+ /* update headers frame length */
+
+ len = b->last - headers_frame - sizeof(ngx_http_grpc_frame_t);
+
+ if (len > NGX_HTTP_V2_DEFAULT_FRAME_SIZE) {
+ len = NGX_HTTP_V2_DEFAULT_FRAME_SIZE;
+ next = 1;
+
+ } else {
+ next = 0;
+ }
+
+ f = (ngx_http_grpc_frame_t *) headers_frame;
+
+ f->length_0 = (u_char) ((len >> 16) & 0xff);
+ f->length_1 = (u_char) ((len >> 8) & 0xff);
+ f->length_2 = (u_char) (len & 0xff);
+
+ /* create additional continuation frames */
+
+ p = headers_frame;
+
More information about the nginx-devel
mailing list