summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_router.h (follow)
AgeCommit message (Collapse)AuthorFilesLines
2021-11-09Introducing application prototype processes.Tiago Natel de Moura1-0/+2
2021-10-28Moving request limit control to libunit.Max Romanov1-1/+0
Introducting application graceful stop. For now only used when application process reach request limit value. This closes #585 issue on GitHub.
2021-08-12Router: client IP address replacement.Oisin Canty1-0/+3
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behind a reverse proxy like nginx or a CDN. You must specify the source addresses of the trusted proxies. This can be accomplished with any valid IP pattern supported by Unit's match block: ["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"] The feature is configured per listener. The client address replacement functionality only operates when there is a source IP match and the specified header is present. Typically this would be an 'X-Forwarded-For' header. { "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] }, "pass": "applications/my_app" }, } } If a request occurs and Unit receives a header like below: "X-Forwarded-For: 84.123.23.23" By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8. If Unit runs behind consecutive reverse proxies and receives a header similar to the following: "X-Forwarded-For: 84.123.23.23, 10.0.0.254" You will need to enable "recursive" checking, which walks the header from last address to first and chooses the first non-trusted address it finds. { "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] "recursive": true, }, "pass": "applications/my_app" }, } } If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254 is also a trusted address so the client address will be replaced with 84.123.23.23. If all IP addresses in the header are trusted, the client address is set to the first address in the header: If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1", the client address will be replaced with 10.0.0.3.
2021-07-29Application restart introduced.Max Romanov1-0/+2
When processing a restart request, the router sends a QUIT message to all existing processes of the application. Then, a new shared application port is created to ensure that new requests won't be handled by the old processes of the application.
2021-07-24Router: split nxt_http_app_conf_t from nxt_http_action_t.Zhidao HONG1-3/+3
No functional changes.
2021-05-17Fixing racing condition on listen socket close in router.Max Romanov1-0/+2
Listen socket is actually closed in the instant timer handler. This patch moves the "configuration has been applied" notification to the timer handler to avoid a situation when the user gets the response from the controller, but the listen socket is still open in the router.
2020-11-17HTTP parser: allowed more characters in header field names.Valentin Bartenev1-0/+2
Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error response. Now, the parser allows the same set of characters as specified in RFC 7230, including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~". Header field names that contain only these characters are considered valid. Also, there's a new option introduced: "discard_unsafe_fields". It accepts boolean value and it is set to "true" by default. When this option is "true", all header field names that contain characters in valid range, but other than alphanumeric or "-" are skipped during parsing. When the option is "false", these header fields aren't skipped. Requests with non-valid characters in header field names according to RFC 7230 are rejected regardless of "discard_unsafe_fields" setting. This closes #422 issue on GitHub.
2020-08-21Configuration: removed "reschedule_timeout" option.Valentin Bartenev1-1/+0
It's not used since cbcd76704c90. This option is a leftover from previous IPC between router and applications processes. It was never documented, though. Thanks to 洪志道 (Hong Zhi Dao).
2020-08-13Basic variables support.Valentin Bartenev1-2/+2
2020-08-12Responding with error in case of first process start failure.Max Romanov1-0/+1
After shared application port introducing, request queue in router was removed and requests may stuck forever waiting for another process start.
2020-08-11Made router port message handlers into static functions.Max Romanov1-6/+0
Mostly harmless.
2020-08-11Introducing the shared application port.Max Romanov1-5/+9
This is the port shared between all application processes which use it to pass requests for processing. Using it significantly simplifies the request processing code in the router. The drawback is 2 more file descriptors per each configured application and more complex libunit message wait/read code.
2020-07-06Destroying temporary router configuration.Igor Sysoev1-6/+0
The lifespan of a listening socket is longer than both router configuration's and temporary router configuration's lifespan, so the sockets should be stored in persistent queues. Safety is ensured by the fact that the router processes only one new configuration at any time.
2020-05-14PHP: implemented "targets" option.Valentin Bartenev1-0/+3
This allows to specify multiple subsequent targets inside PHP applications. For example: { "listeners": { "*:80": { "pass": "routes" } }, "routes": [ { "match": { "uri": "/info" }, "action": { "pass": "applications/my_app/phpinfo" } }, { "match": { "uri": "/hello" }, "action": { "pass": "applications/my_app/hello" } }, { "action": { "pass": "applications/my_app/rest" } } ], "applications": { "my_app": { "type": "php", "targets": { "phpinfo": { "script": "phpinfo.php", "root": "/www/data/admin", }, "hello": { "script": "hello.php", "root": "/www/data/test", }, "rest": { "root": "/www/data/example.com", "index": "index.php" }, } } } }
2020-03-12Using disk file to store large request body.Max Romanov1-0/+2
This closes #386 on GitHub.
2020-03-06Round robin upstream added.Igor Sysoev1-0/+5
2020-03-04Refactored nxt_http_action.Igor Sysoev1-2/+2
2019-11-14Initial proxy support.Igor Sysoev1-0/+7
2019-11-14Replacing pass with action.Igor Sysoev1-3/+3
2019-09-19Basic support for serving static files.Valentin Bartenev1-1/+5
2019-08-20Introducing websocket support in router and libunit.Max Romanov1-0/+9
2019-08-14Renaming supplemental request structures in router.Max Romanov1-2/+2
- nxt_req_app_link_t -> nxt_request_app_link_t - nxt_req_conn_link_t -> nxt_request_rpc_data_t Corresponding abbreviated field names also changed: - ra -> req_app_link - rc -> req_rpc_data
2019-05-30Handling routing errors.Igor Sysoev1-0/+3
2019-03-06Removed unnecessary abstraction layer.Alexander Borisov1-1/+1
2019-02-27Initial routing implementation.Igor Sysoev1-2/+8
2018-09-20Controller: certificates storage interface.Valentin Bartenev1-0/+4
2018-09-20Added SSL/TLS support on connection level.Igor Sysoev1-0/+4
2018-08-10Introducing app joint to accurate app release.Max Romanov1-2/+10
For accurate app descriptor release, it is required to count the number of use counts. Use count increased when: - app linked to configuration app queue; - socket conf stores pointer to app; - request for start app process posted to router service thread; Application port has pointer to app, but it does not increase use count to avoid use count loop. Timer needs a pointer to nxt_timer_t which is stored in engine timers tree. nxt_timer_t now resides in nxt_app_joint_t and does not lock the application. Start process port RPC handlers is also linked to nxt_app_joint_t. App joint (nxt_app_joint_t) is a 'weak pointer': - single threaded; - use countable; - store pointer to nxt_app_t (which can be NULL); nxt_app_t has pointer to nxt_app_joint_t and update its pointer to app.
2018-08-06Unit application library.Max Romanov1-6/+0
Library now used in all language modules. Old 'nxt_app_*' code removed. See src/test/nxt_unit_app_test.c for usage sample.
2018-05-30Fixed keep-alive hanging after reconfiguration.Igor Sysoev1-0/+3
2018-04-11Access log reopening.Valentin Bartenev1-0/+2
2018-04-11Initial access log support.Valentin Bartenev1-9/+25
2018-03-28Using more expressive name for field.Igor Sysoev1-1/+1
2018-01-29Introducing extended app process management.Max Romanov1-3/+14
- Pre-fork 'processes.spare' application processes; - fork more processes to keep 'processes.spare' idle processes; - fork on-demand up to 'processes.max' count; - scale down idle application processes above 'processes.spare' after 'processes.idle_timeout'; - number of concurrently started application processes also limited by 'processes.spare' (or 1, if spare is 0).
2017-12-28Removed duplicate declaration.Igor Sysoev1-0/+2
2017-12-28Removed duplicate declaration.Igor Sysoev1-3/+0
2017-12-28HTTP keep-alive connections support.Igor Sysoev1-0/+7
2017-12-27Implementing worker stop after limits.requests.Max Romanov1-0/+1
2017-12-27Rescheduling of pending request after configured timeout.Max Romanov1-1/+3
New optional configuration parameter introduced: limits.reschedule_timeout. Default value 1 second. In the case when request is written to the port socket 'in advance', it is called 'pending'. On every completed request, the head of pending request is checked against reschedule timeout. If this request waiting for execution longer than timeout, it is cancelled, new port selected for this request.
2017-10-18Router: fixed segfault after configuration change.Igor Sysoev1-9/+8
2017-10-04Introducing use counters for port and app. Thread safe port write.Max Romanov1-1/+5
Use counter helps to simplify logic around port and application free. Port 'post' function introduced to simplify post execution of particular function to original port engine's thread. Write message queue is protected by mutex which makes port write operation thread safe.
2017-09-15Introducing application timeout.Max Romanov1-0/+2
2017-09-14Router: fixed segmentation fault.Igor Sysoev1-0/+6
The router process exited abnormally on reconfiguration if number of worker threads had been decreased on the previous reconfiguration. Besides the list of router engines should be updated only after a new configuration joints have been prepared for all engines.
2017-08-29The master process has been renamed to the main process.Igor Sysoev1-1/+1
2017-08-17The new module configuration interface.Igor Sysoev1-1/+6
Configuration and building example: ./configure ./configure python ./configure php ./configure go make all or ./configure make nginext ./configure python make python ./configure php make php ./configure go make go Modules configuration options and building examples: ./configure python --module=python2 --config=python2.7-config make python2 ./configure php --module=php7 --config=php7.0-config --lib-path=/usr/local/php7.0 make php7 ./configure go --go=go1.6 --go-path=${HOME}/go1.6 make go1.6
2017-08-11Request body read state implemented.Max Romanov1-0/+4
With specific timeout and buffer size settings.
2017-08-02Using port rpc in router->master start worker request.Max Romanov1-2/+1
2017-07-18Port allocation and destroy changed. Worker process stop introduced.Max Romanov1-3/+5
2017-07-16Fixed building by Clang.Igor Sysoev1-3/+0
2017-07-14Router: using joint job queues instead of arrays to passIgor Sysoev1-3/+1
listening socket handlers to worker engines.