summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_http.h (follow)
AgeCommit message (Collapse)AuthorFilesLines
2021-08-12Router: client IP address replacement.Oisin Canty1-2/+15
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behind a reverse proxy like nginx or a CDN. You must specify the source addresses of the trusted proxies. This can be accomplished with any valid IP pattern supported by Unit's match block: ["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"] The feature is configured per listener. The client address replacement functionality only operates when there is a source IP match and the specified header is present. Typically this would be an 'X-Forwarded-For' header. { "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] }, "pass": "applications/my_app" }, } } If a request occurs and Unit receives a header like below: "X-Forwarded-For: 84.123.23.23" By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8. If Unit runs behind consecutive reverse proxies and receives a header similar to the following: "X-Forwarded-For: 84.123.23.23, 10.0.0.254" You will need to enable "recursive" checking, which walks the header from last address to first and chooses the first non-trusted address it finds. { "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] "recursive": true, }, "pass": "applications/my_app" }, } } If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254 is also a trusted address so the client address will be replaced with 84.123.23.23. If all IP addresses in the header are trusted, the client address is set to the first address in the header: If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1", the client address will be replaced with 10.0.0.3.
2021-07-24Router: split nxt_http_app_conf_t from nxt_http_action_t.Zhidao HONG1-5/+0
No functional changes.
2021-07-26Router: renamed nxt_http_proxy_create() as nxt_http_proxy_init().Zhidao HONG1-2/+2
No functional changes.
2021-07-23Router: split nxt_http_static_conf_t from nxt_http_action_t.Zhidao HONG1-15/+12
No functional changes.
2021-05-24Router: split nxt_http_return_conf_t from nxt_http_action_t.Zhidao HONG1-3/+17
No functional changes.
2021-05-06Static: implemented MIME filteringOisin Canty1-1/+5
2021-04-29Static: support for openat2() features.Zhidao HONG1-0/+2
Support for chrooting, rejecting symlinks, and rejecting crossing mounting points on a per-request basis during static file serving.
2021-04-22Router: grouped app and share fields in nxt_http_action_t.Zhidao HONG1-3/+9
This is a prerequisite for further introduction of openat2() features. No functional changes.
2020-12-08PHP: populating PHP_AUTH_* server variables.Valentin Bartenev1-0/+1
This closes #498 issue on GitHub.
2020-11-17Router: matching regular expressions support.Axel Duch1-0/+6
2020-08-13Basic variables support.Valentin Bartenev1-4/+8
2020-08-12Responding with error in case of first process start failure.Max Romanov1-0/+4
After shared application port introducing, request queue in router was removed and requests may stuck forever waiting for another process start.
2020-06-23Upstream chunked transfer encoding support.Igor Sysoev1-1/+0
2020-05-14PHP: implemented "targets" option.Valentin Bartenev1-0/+2
This allows to specify multiple subsequent targets inside PHP applications. For example: { "listeners": { "*:80": { "pass": "routes" } }, "routes": [ { "match": { "uri": "/info" }, "action": { "pass": "applications/my_app/phpinfo" } }, { "match": { "uri": "/hello" }, "action": { "pass": "applications/my_app/hello" } }, { "action": { "pass": "applications/my_app/rest" } } ], "applications": { "my_app": { "type": "php", "targets": { "phpinfo": { "script": "phpinfo.php", "root": "/www/data/admin", }, "hello": { "script": "hello.php", "root": "/www/data/test", }, "rest": { "root": "/www/data/example.com", "index": "index.php" }, } } } }
2020-05-14Configuration: URI encoding in the "pass" option.Valentin Bartenev1-1/+4
This is useful to escape "/" in path fragments. For example, in order to reference the application named "foo/bar": { "pass": "applications/foo%2Fbar" }
2020-04-16Using malloc/free for the http fields hash.Max Romanov1-3/+3
This is required due to lack of a graceful shutdown: there is a small gap between the runtime's memory pool release and router process's exit. Thus, a worker thread may start processing a request between these two operations, which may result in an http fields hash access and subsequent crash. To simplify issue reproduction, it makes sense to add a 2 sec sleep before exit() in nxt_runtime_exit().
2020-03-21Implemented "location" option for "return" action.Valentin Bartenev1-0/+2
This allows to specify redirects: { "action": { "return": 301, "location": "https://www.example.com/" } }
2020-03-27Implemented "return" action.Valentin Bartenev1-0/+7
The "return" action can be used to immediately generate a simple HTTP response with an arbitrary status: { "action": { "return": 404 } } This is especially useful for denying access to specific resources.
2020-03-19Completing request header buffers to avoid memory leak.Max Romanov1-1/+2
Before this fix, only persistent connection request buffers were completed. This issue was introduced in dc403927ab0b.
2020-03-06Round robin upstream added.Igor Sysoev1-3/+15
2020-03-03Added a "fallback" option to be used with the "share" action.Valentin Bartenev1-0/+1
It allows proceeding to another action if a file isn't available. An example: { "share": "/data/www/", "fallback": { "pass": "applications/php" } } In the example above, an attempt is made first to serve a request with a file from the "/data/www/" directory. If there's no such file, the request is passed to the "php" application. Fallback actions may be nested: { "share": "/data/www/", "fallback": { "share": "/data/cache/", "fallback": { "proxy": "http://127.0.0.1:9000" } } }
2019-11-14Processing inconsistent proxied response length.Igor Sysoev1-0/+2
Keepalive connection is disabled if upstream response length differs from specified in the "Content-Length" field value.
2019-11-14Initial proxy support.Igor Sysoev1-2/+39
2019-11-14Using request task.Igor Sysoev1-0/+1
2019-11-14Replacing pass with action.Igor Sysoev1-10/+10
2019-09-19Basic support for serving static files.Valentin Bartenev1-0/+29
2019-08-26Adding body handler to nxt_http_request_header_send().Igor Sysoev1-2/+4
2019-08-20Introducing websocket support in router and libunit.Max Romanov1-0/+28
2019-08-06nxt_h1proto_t definition was moved to h1proto implementation.Igor Sysoev1-19/+1
2019-08-06Refactored HTTP protocol callback table.Igor Sysoev1-22/+19
2019-07-24Added routing based on request scheme.Axel Duch1-2/+0
Scheme matches exact string “http” or “https”.
2019-05-30Added routing based on cookies.Igor Sysoev1-0/+1
2019-05-30Added routing based on arguments.Igor Sysoev1-0/+1
2019-03-21Adjusting request schema value according to connection tls state.Max Romanov1-1/+3
This closes #223 issue on GitHub.
2019-03-06Removed unnecessary abstraction layer.Alexander Borisov1-0/+4
2019-02-27Initial routing implementation.Igor Sysoev1-1/+31
2019-02-19Validation and normalization of request host.Valentin Bartenev1-1/+1
2019-02-18Fixed memory leak on response body sending failure.Igor Sysoev1-1/+0
2018-09-28Disabled chunked transfer encoding for 204 responses.Igor Sysoev1-0/+1
2018-09-20Added nginx error 497 response.Igor Sysoev1-0/+2
2018-07-30Sending 408 response on idle connection timeout.Igor Sysoev1-0/+2
2018-06-25Introduced nxt_length() macro.Valentin Bartenev1-3/+3
2018-05-30Fixed keep-alive hanging after reconfiguration.Igor Sysoev1-3/+2
2018-04-11Initial access log support.Valentin Bartenev1-6/+13
2018-04-10Splitting HTTP processing in more granulate connection states.Igor Sysoev1-0/+1
2018-04-03HTTP: using r->mem_pool retention counter for response buffers.Igor Sysoev1-3/+10
2018-02-12HTTP: the Date response header.Valentin Bartenev1-0/+1
2018-02-07Fixed reading of the rest of body, again.Valentin Bartenev1-1/+0
The last attempt in ee5f278e8c81 wasn't enough.
2018-01-15Checking for major HTTP version.Valentin Bartenev1-0/+1
2017-12-29Using correct pointer and size for memzero operation.Igor Sysoev1-1/+5
Found by Coverity (CID 215689).