Router: forwared header replacement.

Router: introduced nxt_http_forward_t.

This makes the replacement of forwarded request header
like client_ip and protocol more generic.
It's a prerequirement for protocol replacement.

No functional

Router: introduced nxt_http_forward_t.

This makes the replacement of forwarded request header
like client_ip and protocol more generic.
It's a prerequirement for protocol replacement.

No functional changes.

show more ...

Introducing application prototype processes.

Moving request limit control to libunit.

Introducting application graceful stop. For now only used when application
process reach request limit value.

This closes #585 issue on GitHub.

Router: client IP address replacement.

This commit introduces the replacement of the client address based on the value
of a specified HTTP header. This is intended for use when Unit is placed
behin

Router: client IP address replacement.

This commit introduces the replacement of the client address based on the value
of a specified HTTP header. This is intended for use when Unit is placed
behind a reverse proxy like nginx or a CDN.

You must specify the source addresses of the trusted proxies. This can be
accomplished with any valid IP pattern supported by Unit's match block:

["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]

The feature is configured per listener.

The client address replacement functionality only operates when there is a
source IP match and the specified header is present. Typically this would be
an 'X-Forwarded-For' header.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
},
"pass": "applications/my_app"
},
}
}

If a request occurs and Unit receives a header like below:

"X-Forwarded-For: 84.123.23.23"

By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR
will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.

If Unit runs behind consecutive reverse proxies and receives a header similar
to the following:

"X-Forwarded-For: 84.123.23.23, 10.0.0.254"

You will need to enable "recursive" checking, which walks the header from
last address to first and chooses the first non-trusted address it finds.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
"recursive": true,
},
"pass": "applications/my_app"
},
}
}

If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254
is also a trusted address so the client address will be replaced with
84.123.23.23.

If all IP addresses in the header are trusted, the client address is set to
the first address in the header:

If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1",
the client address will be replaced with 10.0.0.3.

show more ...

Application restart introduced.

When processing a restart request, the router sends a QUIT message to all
existing processes of the application. Then, a new shared application port is
created to en

Application restart introduced.

When processing a restart request, the router sends a QUIT message to all
existing processes of the application. Then, a new shared application port is
created to ensure that new requests won't be handled by the old processes of
the application.

show more ...

Router: split nxt_http_app_conf_t from nxt_http_action_t.

No functional changes.

Fixing racing condition on listen socket close in router.

Listen socket is actually closed in the instant timer handler. This patch moves
the "configuration has been applied" notification to the ti

Fixing racing condition on listen socket close in router.

Listen socket is actually closed in the instant timer handler. This patch moves
the "configuration has been applied" notification to the timer handler to avoid
a situation when the user gets the response from the controller, but the listen
socket is still open in the router.

show more ...

HTTP parser: allowed more characters in header field names.

Previously, all requests that contained in header field names characters other
than alphanumeric, or "-", or "_" were rejected with a 400

HTTP parser: allowed more characters in header field names.

Previously, all requests that contained in header field names characters other
than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error
response.

Now, the parser allows the same set of characters as specified in RFC 7230,
including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~".
Header field names that contain only these characters are considered valid.

Also, there's a new option introduced: "discard_unsafe_fields". It accepts
boolean value and it is set to "true" by default.

When this option is "true", all header field names that contain characters
in valid range, but other than alphanumeric or "-" are skipped during parsing.
When the option is "false", these header fields aren't skipped.

Requests with non-valid characters in header field names according to
RFC 7230 are rejected regardless of "discard_unsafe_fields" setting.

This closes #422 issue on GitHub.

show more ...

Configuration: removed "reschedule_timeout" option.

It's not used since cbcd76704c90.

This option is a leftover from previous IPC between router and applications
processes. It was never documented

Configuration: removed "reschedule_timeout" option.

It's not used since cbcd76704c90.

This option is a leftover from previous IPC between router and applications
processes. It was never documented, though.

Thanks to 洪志道 (Hong Zhi Dao).

show more ...

Basic variables support.

Responding with error in case of first process start failure.

After shared application port introducing, request queue in router was
removed and requests may stuck forever waiting for another proces

Responding with error in case of first process start failure.

After shared application port introducing, request queue in router was
removed and requests may stuck forever waiting for another process start.

show more ...

Made router port message handlers into static functions.

Mostly harmless.

Introducing the shared application port.

This is the port shared between all application processes which use it to pass
requests for processing. Using it significantly simplifies the request
proces

Introducing the shared application port.

This is the port shared between all application processes which use it to pass
requests for processing. Using it significantly simplifies the request
processing code in the router. The drawback is 2 more file descriptors per each
configured application and more complex libunit message wait/read code.

show more ...

Destroying temporary router configuration.

The lifespan of a listening socket is longer than both router
configuration's and temporary router configuration's lifespan,
so the sockets should be store

Destroying temporary router configuration.

The lifespan of a listening socket is longer than both router
configuration's and temporary router configuration's lifespan,
so the sockets should be stored in persistent queues. Safety
is ensured by the fact that the router processes only one new
configuration at any time.

show more ...

PHP: implemented "targets" option.

This allows to specify multiple subsequent targets inside PHP applications.
For example:

{
"listeners": {
"*:80": {
"pass": "route

PHP: implemented "targets" option.

This allows to specify multiple subsequent targets inside PHP applications.
For example:

{
"listeners": {
"*:80": {
"pass": "routes"
}
},

"routes": [
{
"match": {
"uri": "/info"
},

"action": {
"pass": "applications/my_app/phpinfo"
}
},
{
"match": {
"uri": "/hello"
},

"action": {
"pass": "applications/my_app/hello"
}
},
{
"action": {
"pass": "applications/my_app/rest"
}
}
],

"applications": {
"my_app": {
"type": "php",
"targets": {
"phpinfo": {
"script": "phpinfo.php",
"root": "/www/data/admin",
},

"hello": {
"script": "hello.php",
"root": "/www/data/test",
},

"rest": {
"root": "/www/data/example.com",
"index": "index.php"
},
}
}
}
}

show more ...

Using disk file to store large request body.

This closes #386 on GitHub.

Round robin upstream added.

Refactored nxt_http_action.

Initial proxy support.

Replacing pass with action.

Basic support for serving static files.

Introducing websocket support in router and libunit.

Renaming supplemental request structures in router.

- nxt_req_app_link_t -> nxt_request_app_link_t
- nxt_req_conn_link_t -> nxt_request_rpc_data_t

Corresponding abbreviated field names also change

Renaming supplemental request structures in router.

- nxt_req_app_link_t -> nxt_request_app_link_t
- nxt_req_conn_link_t -> nxt_request_rpc_data_t

Corresponding abbreviated field names also changed:
- ra -> req_app_link
- rc -> req_rpc_data

show more ...

Handling routing errors.