#
2133:46433e3cef45 |
| 20-Jun-2022 |
Zhidao HONG |
Router: forwared header replacement.
|
#
2132:34d63ed988dc |
| 20-Jun-2022 |
Zhidao HONG |
Router: introduced nxt_http_forward_t.
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement.
No functional
Router: introduced nxt_http_forward_t.
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement.
No functional changes.
show more ...
|
Revision tags: 1.27.0-1, 1.27.0, 1.26.1-1, 1.26.1, 1.26.0-1, 1.26.0 |
|
#
1998:c8790d2a89bb |
| 09-Nov-2021 |
Tiago Natel de Moura |
Introducing application prototype processes.
|
#
1980:43553aa72111 |
| 28-Oct-2021 |
Max Romanov |
Moving request limit control to libunit.
Introducting application graceful stop. For now only used when application process reach request limit value.
This closes #585 issue on GitHub.
|
Revision tags: 1.25.0-1, 1.25.0 |
|
#
1936:953434450ea9 |
| 12-Aug-2021 |
Oisin Canty |
Router: client IP address replacement.
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behin
Router: client IP address replacement.
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behind a reverse proxy like nginx or a CDN.
You must specify the source addresses of the trusted proxies. This can be accomplished with any valid IP pattern supported by Unit's match block:
["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]
The feature is configured per listener.
The client address replacement functionality only operates when there is a source IP match and the specified header is present. Typically this would be an 'X-Forwarded-For' header.
{ "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] }, "pass": "applications/my_app" }, } }
If a request occurs and Unit receives a header like below:
"X-Forwarded-For: 84.123.23.23"
By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.
If Unit runs behind consecutive reverse proxies and receives a header similar to the following:
"X-Forwarded-For: 84.123.23.23, 10.0.0.254"
You will need to enable "recursive" checking, which walks the header from last address to first and chooses the first non-trusted address it finds.
{ "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] "recursive": true, }, "pass": "applications/my_app" }, } }
If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254 is also a trusted address so the client address will be replaced with 84.123.23.23.
If all IP addresses in the header are trusted, the client address is set to the first address in the header:
If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1", the client address will be replaced with 10.0.0.3.
show more ...
|
#
1926:6e85d6c0b8bb |
| 29-Jul-2021 |
Max Romanov |
Application restart introduced.
When processing a restart request, the router sends a QUIT message to all existing processes of the application. Then, a new shared application port is created to en
Application restart introduced.
When processing a restart request, the router sends a QUIT message to all existing processes of the application. Then, a new shared application port is created to ensure that new requests won't be handled by the old processes of the application.
show more ...
|
#
1925:b8a2ac618950 |
| 24-Jul-2021 |
Zhidao HONG |
Router: split nxt_http_app_conf_t from nxt_http_action_t.
No functional changes.
|
Revision tags: 1.24.0-1, 1.24.0 |
|
#
1867:7f1b2eaa2d58 |
| 17-May-2021 |
Max Romanov |
Fixing racing condition on listen socket close in router.
Listen socket is actually closed in the instant timer handler. This patch moves the "configuration has been applied" notification to the ti
Fixing racing condition on listen socket close in router.
Listen socket is actually closed in the instant timer handler. This patch moves the "configuration has been applied" notification to the timer handler to avoid a situation when the user gets the response from the controller, but the listen socket is still open in the router.
show more ...
|
Revision tags: 1.23.0-1, 1.23.0, 1.22.0-1, 1.22.0, 1.21.0-1, 1.21.0 |
|
#
1709:1fe93c17d23f |
| 17-Nov-2020 |
Valentin Bartenev |
HTTP parser: allowed more characters in header field names.
Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400
HTTP parser: allowed more characters in header field names.
Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error response.
Now, the parser allows the same set of characters as specified in RFC 7230, including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~". Header field names that contain only these characters are considered valid.
Also, there's a new option introduced: "discard_unsafe_fields". It accepts boolean value and it is set to "true" by default.
When this option is "true", all header field names that contain characters in valid range, but other than alphanumeric or "-" are skipped during parsing. When the option is "false", these header fields aren't skipped.
Requests with non-valid characters in header field names according to RFC 7230 are rejected regardless of "discard_unsafe_fields" setting.
This closes #422 issue on GitHub.
show more ...
|
Revision tags: 1.20.0-1, 1.20.0 |
|
#
1582:31fdf609ca4c |
| 21-Aug-2020 |
Valentin Bartenev |
Configuration: removed "reschedule_timeout" option.
It's not used since cbcd76704c90.
This option is a leftover from previous IPC between router and applications processes. It was never documented
Configuration: removed "reschedule_timeout" option.
It's not used since cbcd76704c90.
This option is a leftover from previous IPC between router and applications processes. It was never documented, though.
Thanks to 洪志道 (Hong Zhi Dao).
show more ...
|
Revision tags: 1.19.0-1, 1.19.0 |
|
#
1563:d32bc428f46b |
| 12-Aug-2020 |
Valentin Bartenev |
Basic variables support.
|
#
1561:4dae2fd8e02a |
| 12-Aug-2020 |
Max Romanov |
Responding with error in case of first process start failure.
After shared application port introducing, request queue in router was removed and requests may stuck forever waiting for another proces
Responding with error in case of first process start failure.
After shared application port introducing, request queue in router was removed and requests may stuck forever waiting for another process start.
show more ...
|
#
1552:a363564c527c |
| 11-Aug-2020 |
Max Romanov |
Made router port message handlers into static functions.
Mostly harmless.
|
#
1547:cbcd76704c90 |
| 11-Aug-2020 |
Max Romanov |
Introducing the shared application port.
This is the port shared between all application processes which use it to pass requests for processing. Using it significantly simplifies the request proces
Introducing the shared application port.
This is the port shared between all application processes which use it to pass requests for processing. Using it significantly simplifies the request processing code in the router. The drawback is 2 more file descriptors per each configured application and more complex libunit message wait/read code.
show more ...
|
#
1509:2a3a06bc2684 |
| 06-Jul-2020 |
Igor Sysoev |
Destroying temporary router configuration.
The lifespan of a listening socket is longer than both router configuration's and temporary router configuration's lifespan, so the sockets should be store
Destroying temporary router configuration.
The lifespan of a listening socket is longer than both router configuration's and temporary router configuration's lifespan, so the sockets should be stored in persistent queues. Safety is ensured by the fact that the router processes only one new configuration at any time.
show more ...
|
Revision tags: 1.18.0-1, 1.18.0 |
|
#
1473:e07d5b451423 |
| 14-May-2020 |
Valentin Bartenev |
PHP: implemented "targets" option.
This allows to specify multiple subsequent targets inside PHP applications. For example:
{ "listeners": { "*:80": { "pass": "route
PHP: implemented "targets" option.
This allows to specify multiple subsequent targets inside PHP applications. For example:
{ "listeners": { "*:80": { "pass": "routes" } },
"routes": [ { "match": { "uri": "/info" },
"action": { "pass": "applications/my_app/phpinfo" } }, { "match": { "uri": "/hello" },
"action": { "pass": "applications/my_app/hello" } }, { "action": { "pass": "applications/my_app/rest" } } ],
"applications": { "my_app": { "type": "php", "targets": { "phpinfo": { "script": "phpinfo.php", "root": "/www/data/admin", },
"hello": { "script": "hello.php", "root": "/www/data/test", },
"rest": { "root": "/www/data/example.com", "index": "index.php" }, } } } }
show more ...
|
Revision tags: 1.17.0-1, 1.17.0, 1.16.0-1, 1.16.0 |
|
#
1403:1cee885b7f10 |
| 12-Mar-2020 |
Max Romanov |
Using disk file to store large request body.
This closes #386 on GitHub.
|
#
1394:20b41ebfff79 |
| 06-Mar-2020 |
Igor Sysoev |
Round robin upstream added.
|
#
1392:eef15777af49 |
| 04-Mar-2020 |
Igor Sysoev |
Refactored nxt_http_action.
|
Revision tags: 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0, 1.13.0-1, 1.13.0 |
|
#
1270:9efa309be18b |
| 14-Nov-2019 |
Igor Sysoev |
Initial proxy support.
|
#
1264:30b289d97479 |
| 14-Nov-2019 |
Igor Sysoev |
Replacing pass with action.
|
Revision tags: 1.12.0-1, 1.12.0, 1.11.0-2, 1.11.0-1, 1.11.0 |
|
#
1183:6008abf06746 |
| 18-Sep-2019 |
Valentin Bartenev |
Basic support for serving static files.
|
Revision tags: 1.10.0-2, 1.10.0-1, 1.10.0 |
|
#
1131:ec7d924d8dfb |
| 20-Aug-2019 |
Max Romanov |
Introducing websocket support in router and libunit.
|
#
1123:96c52626c673 |
| 14-Aug-2019 |
Max Romanov |
Renaming supplemental request structures in router.
- nxt_req_app_link_t -> nxt_request_app_link_t - nxt_req_conn_link_t -> nxt_request_rpc_data_t
Corresponding abbreviated field names also change
Renaming supplemental request structures in router.
- nxt_req_app_link_t -> nxt_request_app_link_t - nxt_req_conn_link_t -> nxt_request_rpc_data_t
Corresponding abbreviated field names also changed: - ra -> req_app_link - rc -> req_rpc_data
show more ...
|
Revision tags: 1.9.0-1, 1.9.0 |
|
#
1060:7cfbff67bb17 |
| 30-May-2019 |
Igor Sysoev |
Handling routing errors.
|