Revision tags: 1.32.0-1, 1.32.0 |
|
#
2625:a6b688c5757c |
| 23-Jan-2024 |
Zhidao HONG |
HTTP: enhanced access log with conditional filtering.
This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript co
HTTP: enhanced access log with conditional filtering.
This feature allows users to specify conditions to control if access log should be recorded. The "if" option supports a string and JavaScript code. If its value is empty, 0, false, null, or undefined, the logs will not be recorded. And the '!' as a prefix inverses the condition.
Example 1: Only log requests that sent a session cookie.
{ "access_log": { "if": "$cookie_session", "path": "..." } }
Example 2: Do not log health check requests.
{ "access_log": { "if": "`${uri == '/health' ? false : true}`", "path": "..." } }
Example 3: Only log requests when the time is before 22:00.
{ "access_log": { "if": "`${new Date().getHours() < 22}`", "path": "..." } }
or
{ "access_log": { "if": "!`${new Date().getHours() >= 22}`", "path": "..." } }
Closes: https://github.com/nginx/unit/issues/594
show more ...
|
Revision tags: 1.31.1-1, 1.31.1, 1.31.0-1, 1.31.0, 1.30.0-1, 1.30.0 |
|
#
2450:14277f21a722 |
| 08-May-2023 |
Zhidao HONG |
NJS: supported loadable modules.
|
#
2437:8973f763920b |
| 18-Mar-2023 |
Andrew Clayton |
Allow to remove the version string in HTTP responses.
Normally Unit responds to HTTP requests by including a header like
Server: Unit/1.30.0
however it can sometimes be beneficial to withhold th
Allow to remove the version string in HTTP responses.
Normally Unit responds to HTTP requests by including a header like
Server: Unit/1.30.0
however it can sometimes be beneficial to withhold the version information and in this case just respond with
Server: Unit
This patch adds a new "settings.http" boolean option called server_version, which defaults to true, in which case the full version information is sent. However this can be set to false, e.g
"settings": { "http": { "server_version": false } },
in which case Unit responds without the version information as the latter example above shows.
Link: <https://www.ietf.org/rfc/rfc9110.html#section-10.2.4> Closes: <https://github.com/nginx/unit/issues/158> Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
show more ...
|
#
2381:a68b5f5bf46c |
| 26-Jan-2023 |
Alejandro Colomar |
HTTP: added route logging.
- Configuration: added "/config/settings/http/log_route".
Type: bool Default: false
This adds configurability to the error log. It allows enabling and disa
HTTP: added route logging.
- Configuration: added "/config/settings/http/log_route".
Type: bool Default: false
This adds configurability to the error log. It allows enabling and disabling logs related to how the router performs selection of the routes.
- HTTP: logging request line.
Log level: [notice]
The request line is essential to understand which logs correspond to which request when reading the logs.
- HTTP: logging route that's been discarded.
Log level: [info]
- HTTP: logging route whose action is selected.
Log level: [notice]
- HTTP: logging when "fallback" action is taken.
Log level: [notice]
Closes: <https://github.com/nginx/unit/issues/758> Link: <https://github.com/nginx/unit/pull/824> Link: <https://github.com/nginx/unit/pull/839> Suggested-by: Timo Stark <t.stark@nginx.com> Suggested-by: Mark L Wood-Patrick <mwoodpatrick@gmail.com> Suggested-by: Liam Crilly <liam@nginx.com> Tested-by: Liam Crilly <liam@nginx.com> Acked-by: Artem Konev <a.konev@f5.com> Cc: Andrew Clayton <a.clayton@nginx.com> Cc: Andrei Zeliankou <zelenkov@nginx.com> Reviewed-by: Zhidao Hong <z.hong@f5.com> Signed-off-by: Alejandro Colomar <alx@nginx.com>
show more ...
|
Revision tags: 1.29.1-1, 1.29.1, 1.29.0-1, 1.29.0 |
|
#
2246:5f4056478375 |
| 20-Nov-2022 |
Zhidao HONG |
Var: separating nxt_tstr_t from nxt_var_t.
It's for the introduction of njs support. For each option that supports native variable and JS template literals introduced next, it's unified as template
Var: separating nxt_tstr_t from nxt_var_t.
It's for the introduction of njs support. For each option that supports native variable and JS template literals introduced next, it's unified as template string.
No functional changes.
show more ...
|
Revision tags: 1.28.0-1, 1.28.0 |
|
#
2166:64a3527f65ad |
| 28-Jul-2022 |
Zhidao HONG |
Log: customizable access log format.
|
#
2165:556348458f34 |
| 14-Jul-2022 |
Zhidao HONG |
Log: split access log from nxt_router.c.
No functional changes.
|
#
2147:7bf58b1b18c4 |
| 13-Jul-2022 |
Zhidao HONG |
Var: dynamic variables support.
This commit adds the variables $arg_NAME, $header_NAME, and $cookie_NAME.
|
#
2133:46433e3cef45 |
| 20-Jun-2022 |
Zhidao HONG |
Router: forwared header replacement.
|
#
2132:34d63ed988dc |
| 20-Jun-2022 |
Zhidao HONG |
Router: introduced nxt_http_forward_t.
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement.
No functional
Router: introduced nxt_http_forward_t.
This makes the replacement of forwarded request header like client_ip and protocol more generic. It's a prerequirement for protocol replacement.
No functional changes.
show more ...
|
Revision tags: 1.27.0-1, 1.27.0, 1.26.1-1, 1.26.1, 1.26.0-1, 1.26.0 |
|
#
1998:c8790d2a89bb |
| 09-Nov-2021 |
Tiago Natel de Moura |
Introducing application prototype processes.
|
#
1980:43553aa72111 |
| 28-Oct-2021 |
Max Romanov |
Moving request limit control to libunit.
Introducting application graceful stop. For now only used when application process reach request limit value.
This closes #585 issue on GitHub.
|
Revision tags: 1.25.0-1, 1.25.0 |
|
#
1936:953434450ea9 |
| 12-Aug-2021 |
Oisin Canty |
Router: client IP address replacement.
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behin
Router: client IP address replacement.
This commit introduces the replacement of the client address based on the value of a specified HTTP header. This is intended for use when Unit is placed behind a reverse proxy like nginx or a CDN.
You must specify the source addresses of the trusted proxies. This can be accomplished with any valid IP pattern supported by Unit's match block:
["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]
The feature is configured per listener.
The client address replacement functionality only operates when there is a source IP match and the specified header is present. Typically this would be an 'X-Forwarded-For' header.
{ "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] }, "pass": "applications/my_app" }, } }
If a request occurs and Unit receives a header like below:
"X-Forwarded-For: 84.123.23.23"
By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.
If Unit runs behind consecutive reverse proxies and receives a header similar to the following:
"X-Forwarded-For: 84.123.23.23, 10.0.0.254"
You will need to enable "recursive" checking, which walks the header from last address to first and chooses the first non-trusted address it finds.
{ "listeners": { "127.0.0.1:8080": { "client_ip": { "header": "X-Forwarded-For", "source": [ "10.0.0.0/8" ] "recursive": true, }, "pass": "applications/my_app" }, } }
If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254 is also a trusted address so the client address will be replaced with 84.123.23.23.
If all IP addresses in the header are trusted, the client address is set to the first address in the header:
If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1", the client address will be replaced with 10.0.0.3.
show more ...
|
#
1926:6e85d6c0b8bb |
| 29-Jul-2021 |
Max Romanov |
Application restart introduced.
When processing a restart request, the router sends a QUIT message to all existing processes of the application. Then, a new shared application port is created to en
Application restart introduced.
When processing a restart request, the router sends a QUIT message to all existing processes of the application. Then, a new shared application port is created to ensure that new requests won't be handled by the old processes of the application.
show more ...
|
#
1925:b8a2ac618950 |
| 24-Jul-2021 |
Zhidao HONG |
Router: split nxt_http_app_conf_t from nxt_http_action_t.
No functional changes.
|
Revision tags: 1.24.0-1, 1.24.0 |
|
#
1867:7f1b2eaa2d58 |
| 17-May-2021 |
Max Romanov |
Fixing racing condition on listen socket close in router.
Listen socket is actually closed in the instant timer handler. This patch moves the "configuration has been applied" notification to the ti
Fixing racing condition on listen socket close in router.
Listen socket is actually closed in the instant timer handler. This patch moves the "configuration has been applied" notification to the timer handler to avoid a situation when the user gets the response from the controller, but the listen socket is still open in the router.
show more ...
|
Revision tags: 1.23.0-1, 1.23.0, 1.22.0-1, 1.22.0, 1.21.0-1, 1.21.0 |
|
#
1709:1fe93c17d23f |
| 17-Nov-2020 |
Valentin Bartenev |
HTTP parser: allowed more characters in header field names.
Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400
HTTP parser: allowed more characters in header field names.
Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error response.
Now, the parser allows the same set of characters as specified in RFC 7230, including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~". Header field names that contain only these characters are considered valid.
Also, there's a new option introduced: "discard_unsafe_fields". It accepts boolean value and it is set to "true" by default.
When this option is "true", all header field names that contain characters in valid range, but other than alphanumeric or "-" are skipped during parsing. When the option is "false", these header fields aren't skipped.
Requests with non-valid characters in header field names according to RFC 7230 are rejected regardless of "discard_unsafe_fields" setting.
This closes #422 issue on GitHub.
show more ...
|
Revision tags: 1.20.0-1, 1.20.0 |
|
#
1582:31fdf609ca4c |
| 21-Aug-2020 |
Valentin Bartenev |
Configuration: removed "reschedule_timeout" option.
It's not used since cbcd76704c90.
This option is a leftover from previous IPC between router and applications processes. It was never documented
Configuration: removed "reschedule_timeout" option.
It's not used since cbcd76704c90.
This option is a leftover from previous IPC between router and applications processes. It was never documented, though.
Thanks to 洪志道 (Hong Zhi Dao).
show more ...
|
Revision tags: 1.19.0-1, 1.19.0 |
|
#
1563:d32bc428f46b |
| 12-Aug-2020 |
Valentin Bartenev |
Basic variables support.
|
#
1561:4dae2fd8e02a |
| 12-Aug-2020 |
Max Romanov |
Responding with error in case of first process start failure.
After shared application port introducing, request queue in router was removed and requests may stuck forever waiting for another proces
Responding with error in case of first process start failure.
After shared application port introducing, request queue in router was removed and requests may stuck forever waiting for another process start.
show more ...
|
#
1552:a363564c527c |
| 11-Aug-2020 |
Max Romanov |
Made router port message handlers into static functions.
Mostly harmless.
|
#
1547:cbcd76704c90 |
| 11-Aug-2020 |
Max Romanov |
Introducing the shared application port.
This is the port shared between all application processes which use it to pass requests for processing. Using it significantly simplifies the request proces
Introducing the shared application port.
This is the port shared between all application processes which use it to pass requests for processing. Using it significantly simplifies the request processing code in the router. The drawback is 2 more file descriptors per each configured application and more complex libunit message wait/read code.
show more ...
|
#
1509:2a3a06bc2684 |
| 06-Jul-2020 |
Igor Sysoev |
Destroying temporary router configuration.
The lifespan of a listening socket is longer than both router configuration's and temporary router configuration's lifespan, so the sockets should be store
Destroying temporary router configuration.
The lifespan of a listening socket is longer than both router configuration's and temporary router configuration's lifespan, so the sockets should be stored in persistent queues. Safety is ensured by the fact that the router processes only one new configuration at any time.
show more ...
|
Revision tags: 1.18.0-1, 1.18.0 |
|
#
1473:e07d5b451423 |
| 14-May-2020 |
Valentin Bartenev |
PHP: implemented "targets" option.
This allows to specify multiple subsequent targets inside PHP applications. For example:
{ "listeners": { "*:80": { "pass": "route
PHP: implemented "targets" option.
This allows to specify multiple subsequent targets inside PHP applications. For example:
{ "listeners": { "*:80": { "pass": "routes" } },
"routes": [ { "match": { "uri": "/info" },
"action": { "pass": "applications/my_app/phpinfo" } }, { "match": { "uri": "/hello" },
"action": { "pass": "applications/my_app/hello" } }, { "action": { "pass": "applications/my_app/rest" } } ],
"applications": { "my_app": { "type": "php", "targets": { "phpinfo": { "script": "phpinfo.php", "root": "/www/data/admin", },
"hello": { "script": "hello.php", "root": "/www/data/test", },
"rest": { "root": "/www/data/example.com", "index": "index.php" }, } } } }
show more ...
|
Revision tags: 1.17.0-1, 1.17.0, 1.16.0-1, 1.16.0 |
|
#
1403:1cee885b7f10 |
| 12-Mar-2020 |
Max Romanov |
Using disk file to store large request body.
This closes #386 on GitHub.
|