Constified numerous function parameters.

As was pointed out by the cppcheck[0] static code analysis utility we
can mark numerous function parameters as 'const'. This acts as a hint to
the compiler a

Constified numerous function parameters.

As was pointed out by the cppcheck[0] static code analysis utility we
can mark numerous function parameters as 'const'. This acts as a hint to
the compiler about our intentions and the compiler will tell us when we
deviate from them.

[0]: https://cppcheck.sourceforge.io/

show more ...

Router: forwared header replacement.

Router: introduced nxt_http_forward_t.

This makes the replacement of forwarded request header
like client_ip and protocol more generic.
It's a prerequirement for protocol replacement.

No functional

Router: introduced nxt_http_forward_t.

This makes the replacement of forwarded request header
like client_ip and protocol more generic.
It's a prerequirement for protocol replacement.

No functional changes.

show more ...

HTTP: generalized uri encoding.

No functional changes.

HTTP: generalized argument and cookie parsing.

No functional changes.

Router: refactored variable pass.

Since the "pass" option supports both strings and variables, a generic
nxt_var_t structure can be used in the configuration phase, and the "name"
field in actions i

Router: refactored variable pass.

Since the "pass" option supports both strings and variables, a generic
nxt_var_t structure can be used in the configuration phase, and the "name"
field in actions is redundant.

No functional changes.

show more ...

Router: client IP address replacement.

This commit introduces the replacement of the client address based on the value
of a specified HTTP header. This is intended for use when Unit is placed
behin

Router: client IP address replacement.

This commit introduces the replacement of the client address based on the value
of a specified HTTP header. This is intended for use when Unit is placed
behind a reverse proxy like nginx or a CDN.

You must specify the source addresses of the trusted proxies. This can be
accomplished with any valid IP pattern supported by Unit's match block:

["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]

The feature is configured per listener.

The client address replacement functionality only operates when there is a
source IP match and the specified header is present. Typically this would be
an 'X-Forwarded-For' header.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
},
"pass": "applications/my_app"
},
}
}

If a request occurs and Unit receives a header like below:

"X-Forwarded-For: 84.123.23.23"

By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR
will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.

If Unit runs behind consecutive reverse proxies and receives a header similar
to the following:

"X-Forwarded-For: 84.123.23.23, 10.0.0.254"

You will need to enable "recursive" checking, which walks the header from
last address to first and chooses the first non-trusted address it finds.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
"recursive": true,
},
"pass": "applications/my_app"
},
}
}

If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254
is also a trusted address so the client address will be replaced with
84.123.23.23.

If all IP addresses in the header are trusted, the client address is set to
the first address in the header:

If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1",
the client address will be replaced with 10.0.0.3.

show more ...

Router: split nxt_http_app_conf_t from nxt_http_action_t.

No functional changes.

Router: grouped app and share fields in nxt_http_action_t.

This is a prerequisite for further introduction of openat2() features.
No functional changes.

Increased request memory pool size.

Previous value was too small, which reduced efficiency of the pool causing
a lot of additional allocations even for simple request and response.

Basic variables support.

PHP: implemented "targets" option.

This allows to specify multiple subsequent targets inside PHP applications.
For example:

{
"listeners": {
"*:80": {
"pass": "route

PHP: implemented "targets" option.

This allows to specify multiple subsequent targets inside PHP applications.
For example:

{
"listeners": {
"*:80": {
"pass": "routes"
}
},

"routes": [
{
"match": {
"uri": "/info"
},

"action": {
"pass": "applications/my_app/phpinfo"
}
},
{
"match": {
"uri": "/hello"
},

"action": {
"pass": "applications/my_app/hello"
}
},
{
"action": {
"pass": "applications/my_app/rest"
}
}
],

"applications": {
"my_app": {
"type": "php",
"targets": {
"phpinfo": {
"script": "phpinfo.php",
"root": "/www/data/admin",
},

"hello": {
"script": "hello.php",
"root": "/www/data/test",
},

"rest": {
"root": "/www/data/example.com",
"index": "index.php"
},
}
}
}
}

show more ...

Using malloc/free for the http fields hash.

This is required due to lack of a graceful shutdown: there is a small gap
between the runtime's memory pool release and router process's exit. Thus, a
wor

Using malloc/free for the http fields hash.

This is required due to lack of a graceful shutdown: there is a small gap
between the runtime's memory pool release and router process's exit. Thus, a
worker thread may start processing a request between these two operations,
which may result in an http fields hash access and subsequent crash.

To simplify issue reproduction, it makes sense to add a 2 sec sleep before
exit() in nxt_runtime_exit().

show more ...

Using disk file to store large request body.

This closes #386 on GitHub.

Moving request memory pool retain call after RPC data allocation.

If the call is done only after a successful RPC data allocation, its
corresponding release call is not missed, which avoids a potent

Moving request memory pool retain call after RPC data allocation.

If the call is done only after a successful RPC data allocation, its
corresponding release call is not missed, which avoids a potential leak.

show more ...

Checking Content-Length value right after header parse.

The check was moved from the request body read stage.

Initial proxy support.

Introduced chained buffer completion handlers.

Using request task.

Replacing pass with action.

Basic support for serving static files.

Adding body handler to nxt_http_request_header_send().

Introducing websocket support in router and libunit.

Refactored HTTP protocol callback table.

Added routing based on request scheme.

Scheme matches exact string “http” or “https”.