Home
last modified time | relevance | path

Searched hist:16 (Results 51 – 75 of 377) sorted by last modified time

12345678910>>...16

/unit/src/nodejs/unit-http/
H A Dhttp_server.jsdiff 2642:d92e92c69c5d Wed Feb 14 18:16:00 UTC 2024 Gabor Javorszky <g.javorszky@f5.com> fix: Take options as well as requestListener (#1091)

* Take options as well as requestListener

Unit-http have not kept up with the signature of nodejs's http package
development. Nodejs allows an optional `options` object to be passed to
the `createServer` function, we didn't. This resulted in function
signature errors when user code that did make use of the options arg
tried to call unit's replaced function.

This change changes the signature to be more in line with how nodejs
does it discarding it and printing a message to stdout.

* Add test file to start node application with options

* Add changes to docs/changes.xml

Closes: https://github.com/nginx/unit/issues/1043
diff 1766:9ec17030b67e Tue Dec 29 16:00:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Node.js: ServerRequest and ServerResponse compliance to Stream API.

ServerRequest now inherit stream Readable object. ServerResponse
provides 'writable' property.

Thanks to Wu Jian Ping (@wujjpp).

This closes #274, closes #317 issues and closes #502 PR on GitHub.
H A Dhttp.jsdiff 2642:d92e92c69c5d Wed Feb 14 18:16:00 UTC 2024 Gabor Javorszky <g.javorszky@f5.com> fix: Take options as well as requestListener (#1091)

* Take options as well as requestListener

Unit-http have not kept up with the signature of nodejs's http package
development. Nodejs allows an optional `options` object to be passed to
the `createServer` function, we didn't. This resulted in function
signature errors when user code that did make use of the options arg
tried to call unit's replaced function.

This change changes the signature to be more in line with how nodejs
does it discarding it and printing a message to stdout.

* Add test file to start node application with options

* Add changes to docs/changes.xml

Closes: https://github.com/nginx/unit/issues/1043
H A Dunit.cppdiff 1767:582a004c73f8 Tue Dec 29 16:01:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Libunit: processing single port message.

This partially reverts the optimisation introduced in 1d84b9e4b459 to avoid an
unpredictable block in nxt_unit_process_port_msg(). Under high load, this
function may never return control to its caller, and the external event loop
(in Node.js and Python asyncio) won't be able to process other scheduled
events.

To reproduce the issue, two request processing types are needed: 'fast' and
'furious'. The 'fast' one simply returns a small response, while the 'furious'
schedules asynchronous calls to external resources. Thus, if Unit is subjected
to a large amount of 'fast' requests, the 'furious' request processing freezes
until the high load ends.

The issue was found by Wu Jian Ping (@wujjpp) during Node.js stream
implementation discussion and relates to PR #502 on GitHub.
diff 1766:9ec17030b67e Tue Dec 29 16:00:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Node.js: ServerRequest and ServerResponse compliance to Stream API.

ServerRequest now inherit stream Readable object. ServerResponse
provides 'writable' property.

Thanks to Wu Jian Ping (@wujjpp).

This closes #274, closes #317 issues and closes #502 PR on GitHub.
diff 1547:cbcd76704c90 Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Introducing the shared application port.

This is the port shared between all application processes which use it to pass
requests for processing. Using it significantly simplifies the request
processing code in the router. The drawback is 2 more file descriptors per each
configured application and more complex libunit message wait/read code.
diff 1543:42f27153db91 Tue Aug 11 16:19:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Libunit refactoring: port management.

- Changed the port management callbacks to notifications, which e. g. avoids
the need to call the libunit function
- Added context and library instance reference counts for a safer resource
release
- Added the router main port initialization
diff 1038:77fb332f214a Wed Apr 17 16:15:00 UTC 2019 Max Romanov <max.romanov@nginx.com> Node.js: using low-case header names as key in req.headers.

Node.js modules (body-parser, row-body) search low-cased names
('content-length', 'content-type' etc.) to properly assemble request body.

This closes #246 issue on GitHub.
diff 830:85a1832ad45c Thu Nov 01 16:10:00 UTC 2018 Andrey Zelenkov <zelenkov@nginx.com> Node.js: fixed typo in naming rawHeaders() method of request.
H A Dwebsocket_request.jsdiff 2617:18a10bb7346d Tue Jan 16 15:37:00 UTC 2024 Andrei Zeliankou <zelenkov@nginx.com> White space formatting fixes

Closes: <https://github.com/nginx/unit/pull/1062>
/unit/auto/modules/
H A Dnodejsdiff 867:ec44091ce04a Wed Dec 12 16:54:00 UTC 2018 Valentin Bartenev <vbart@nginx.com> Node.js: fixed global install in some cases.

By default "npm install" switches to non-privileged user to run package scripts
if it is invoked by root. As a result it may prevent node-gyp from writing to
package directory and break installation of the module.

To disable this switching the --unsafe-perm flag is added.
/unit/
H A D.gitattributesdiff 2644:33fe8f2bfcf9 Fri Feb 16 06:12:00 UTC 2024 Konstantin Pavlov <thresh@nginx.com> Packages: Move dist target to git archive
/unit/pkg/
H A DMakefilediff 2644:33fe8f2bfcf9 Fri Feb 16 06:12:00 UTC 2024 Konstantin Pavlov <thresh@nginx.com> Packages: Move dist target to git archive
/unit/test/
H A Dtest_node_application.pydiff 2642:d92e92c69c5d Wed Feb 14 18:16:00 UTC 2024 Gabor Javorszky <g.javorszky@f5.com> fix: Take options as well as requestListener (#1091)

* Take options as well as requestListener

Unit-http have not kept up with the signature of nodejs's http package
development. Nodejs allows an optional `options` object to be passed to
the `createServer` function, we didn't. This resulted in function
signature errors when user code that did make use of the options arg
tried to call unit's replaced function.

This change changes the signature to be more in line with how nodejs
does it discarding it and printing a message to stdout.

* Add test file to start node application with options

* Add changes to docs/changes.xml

Closes: https://github.com/nginx/unit/issues/1043
diff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 1766:9ec17030b67e Tue Dec 29 16:00:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Node.js: ServerRequest and ServerResponse compliance to Stream API.

ServerRequest now inherit stream Readable object. ServerResponse
provides 'writable' property.

Thanks to Wu Jian Ping (@wujjpp).

This closes #274, closes #317 issues and closes #502 PR on GitHub.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
diff 970:2f4376c8f358 Wed Feb 27 16:15:00 UTC 2019 Andrey Zelenkov <zelenkov@nginx.com> Tests: added "Host" and "Connetion" headers where necessary.

Also minor header organizing.
diff 864:5ebd6964fb93 Tue Dec 04 16:05:00 UTC 2018 Andrey Zelenkov <zelenkov@nginx.com> Tests: fixed test_node_application_write_callback.

Fixed the write() callback order test.
Also introduced a separate test to verify the callback call itself.
H A Dtest_access_log.pydiff 2627:36afea93a678 Wed Jan 24 16:09:00 UTC 2024 Andrei Zeliankou <zelenkov@nginx.com> Tests: "if" option in access logging.

Conditional access logging was introduced here:
https://github.com/nginx/unit/commit/4c91bebb50d06b28e369d68b23022caa072cf62d
diff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 1850:839024ce4a6a Thu Apr 08 16:11:00 UTC 2021 Max Romanov <max.romanov@nginx.com> Tests: preserving unit.log when run without restart.

Introducing "unit.log.Log" class for "unit.log" file management.
Moving "findall()" function into TestApplicationProto.
Using "os.kill()" to send signals.
diff 1730:44912af5b3e6 Sun Dec 06 16:01:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: options moved to the separate class.

This change is necessary to separate the logic
and prevent possible circular dependency.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
diff 970:2f4376c8f358 Wed Feb 27 16:15:00 UTC 2019 Andrey Zelenkov <zelenkov@nginx.com> Tests: added "Host" and "Connetion" headers where necessary.

Also minor header organizing.
H A Dtest_ruby_application.pydiff 2488:55440e02a873 Mon Jun 12 13:16:00 UTC 2023 Andrei Zeliankou <zelenkov@nginx.com> Tests: prerequisites checking reworked.

Prerequisites check moved to the module level to simplify class structure.
Discovery and prerequisites checks functions moved to the separate files.
Introduced "require" fixture to provide per-test requirements check.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
diff 970:2f4376c8f358 Wed Feb 27 16:15:00 UTC 2019 Andrey Zelenkov <zelenkov@nginx.com> Tests: added "Host" and "Connetion" headers where necessary.

Also minor header organizing.
/unit/test/node/options/
H A Dapp.js2642:d92e92c69c5d Wed Feb 14 18:16:00 UTC 2024 Gabor Javorszky <g.javorszky@f5.com> fix: Take options as well as requestListener (#1091)

* Take options as well as requestListener

Unit-http have not kept up with the signature of nodejs's http package
development. Nodejs allows an optional `options` object to be passed to
the `createServer` function, we didn't. This resulted in function
signature errors when user code that did make use of the options arg
tried to call unit's replaced function.

This change changes the signature to be more in line with how nodejs
does it discarding it and printing a message to stdout.

* Add test file to start node application with options

* Add changes to docs/changes.xml

Closes: https://github.com/nginx/unit/issues/1043
/unit/pkg/rpm/
H A DMakefile.jsc-commondiff 1497:de07e42484ec Thu May 28 16:16:00 UTC 2020 Andrei Belov <defan@nginx.com> Merged with the default branch.
diff 1497:de07e42484ec Thu May 28 16:16:00 UTC 2020 Andrei Belov <defan@nginx.com> Merged with the default branch.
diff 1496:9e14c63773be Thu May 28 16:04:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Packages: fixed java configure script.

Now the configure script appends /server to --lib-path argument.
diff 1188:282c8f9fe43c Thu Sep 19 16:04:00 UTC 2019 Konstantin Pavlov <thresh@nginx.com> Merged with the default branch.
diff 1160:67ba8e19b286 Mon Sep 16 10:28:00 UTC 2019 Andrei Belov <defan@nginx.com> Packages: added explicit library path for Java on RPM based distros.

This helps to avoid using excessive strictness in RPATH of Java modules.
H A DMakefilediff 2617:18a10bb7346d Tue Jan 16 15:37:00 UTC 2024 Andrei Zeliankou <zelenkov@nginx.com> White space formatting fixes

Closes: <https://github.com/nginx/unit/pull/1062>
diff 2549:ef8ddca63f2c Thu Aug 31 16:41:00 UTC 2023 Konstantin Pavlov <thresh@nginx.com> Merged with the default branch.
diff 2285:46bcdb963de6 Thu Dec 15 16:17:00 UTC 2022 Konstantin Pavlov <thresh@nginx.com> Merged with the default branch.
diff 2254:161c47a9b4f0 Wed Nov 16 13:06:00 UTC 2022 Konstantin Pavlov <thresh@nginx.com> Packages: added Fedora 37 support.
diff 2200:16e01c5fead4 Tue Sep 13 09:17:00 UTC 2022 Konstantin Pavlov <thresh@nginx.com> Merged with the default branch.
diff 2103:6e61a013417e Mon May 16 13:22:00 UTC 2022 Konstantin Pavlov <thresh@nginx.com> Packages: ship README.md and CONTRIBUTING.md.
diff 1748:080737161d83 Wed Dec 16 06:55:00 UTC 2020 Andrei Belov <defan@nginx.com> Packages: introduced PYTEST_ARGS env variable for test targets.

This is useful for running particular tests, e.g.:
PYTEST_ARGS='test/test_respawn.py::TestRespawn::test_respawn_router' make test
diff 1645:29efab062b4e Thu Oct 08 16:19:00 UTC 2020 Andrei Belov <defan@nginx.com> Merged with the default branch.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
diff 1573:79f364e9aa90 Thu Aug 13 16:28:00 UTC 2020 Andrei Belov <defan@nginx.com> Merged with the default branch.
/unit/pkg/deb/
H A DMakefilediff 2549:ef8ddca63f2c Thu Aug 31 16:41:00 UTC 2023 Konstantin Pavlov <thresh@nginx.com> Merged with the default branch.
diff 2285:46bcdb963de6 Thu Dec 15 16:17:00 UTC 2022 Konstantin Pavlov <thresh@nginx.com> Merged with the default branch.
diff 2255:05df9ea66ac2 Wed Nov 16 13:05:00 UTC 2022 Konstantin Pavlov <thresh@nginx.com> Packages: added Ubuntu 22.10 "kinetic" support.
diff 2200:16e01c5fead4 Tue Sep 13 09:17:00 UTC 2022 Konstantin Pavlov <thresh@nginx.com> Merged with the default branch.
diff 2103:6e61a013417e Mon May 16 13:22:00 UTC 2022 Konstantin Pavlov <thresh@nginx.com> Packages: ship README.md and CONTRIBUTING.md.
diff 1750:19886d8508b5 Wed Dec 16 06:56:00 UTC 2020 Andrei Belov <defan@nginx.com> Packages: eliminated debuild warning about debian/rules.
diff 1748:080737161d83 Wed Dec 16 06:55:00 UTC 2020 Andrei Belov <defan@nginx.com> Packages: introduced PYTEST_ARGS env variable for test targets.

This is useful for running particular tests, e.g.:
PYTEST_ARGS='test/test_respawn.py::TestRespawn::test_respawn_router' make test
diff 1645:29efab062b4e Thu Oct 08 16:19:00 UTC 2020 Andrei Belov <defan@nginx.com> Merged with the default branch.
diff 1596:b7e2d4d92624 Wed Sep 16 20:31:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: migrated to the pytest.
diff 1466:58dd99bbee20 Thu Apr 23 16:55:00 UTC 2020 Andrei Belov <defan@nginx.com> Packages: added Ubuntu 20.04 "focal" support.
/unit/src/
H A Dnxt_conf.hdiff 2139:99d792169ffb Thu Jun 16 01:00:00 UTC 2022 Andrew Clayton <andrew@digital-domain.net> Constified numerous function parameters.

As was pointed out by the cppcheck[0] static code analysis utility we
can mark numerous function parameters as 'const'. This acts as a hint to
the compiler about our intentions and the compiler will tell us when we
deviate from them.

[0]: https://cppcheck.sourceforge.io/
diff 1439:32578e837322 Mon Mar 30 16:37:00 UTC 2020 Valentin Bartenev <vbart@nginx.com> Configuration: support for rational numbers.
diff 962:441ac71b793a Tue Feb 26 16:48:00 UTC 2019 Igor Sysoev <igor@sysoev.ru> Introduced nxt_conf_array_qsort().
diff 961:94b4c5bb66e3 Tue Feb 26 16:48:00 UTC 2019 Igor Sysoev <igor@sysoev.ru> Introduced nxt_conf_array_elements_count().
diff 357:b80698152fcd Tue Oct 10 16:46:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Basic validation errors.
diff 214:3dda93d5b3cf Wed Aug 16 12:45:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Introduced nxt_conf_get_array_element().
diff 213:df7c06c7f26d Wed Aug 16 12:45:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Object mapping interface extended with more string types.
diff 208:7d1017bd0f6c Fri Aug 11 16:54:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Controller: more HTTP headers and detailed JSON parsing errors.
diff 111:cfdcff16aa43 Thu Jun 29 16:26:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Added nxt_msec_t element to nxt_conf_map_object().
diff 65:10688b89aa16 Tue Jun 20 16:49:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Using new memory pool implementation.
H A Dnxt_conf.cdiff 2139:99d792169ffb Thu Jun 16 01:00:00 UTC 2022 Andrew Clayton <andrew@digital-domain.net> Constified numerous function parameters.

As was pointed out by the cppcheck[0] static code analysis utility we
can mark numerous function parameters as 'const'. This acts as a hint to
the compiler about our intentions and the compiler will tell us when we
deviate from them.

[0]: https://cppcheck.sourceforge.io/
diff 1439:32578e837322 Mon Mar 30 16:37:00 UTC 2020 Valentin Bartenev <vbart@nginx.com> Configuration: support for rational numbers.
diff 1425:e3cf8d512e53 Wed Mar 25 16:14:00 UTC 2020 Valentin Bartenev <vbart@nginx.com> Configuration: fixed comments parsing.

Unclosed multi-line comments and "/" at the end of JSON shouldn't be allowed.
diff 1167:a49ee872e83d Mon Sep 16 17:17:00 UTC 2019 Valentin Bartenev <vbart@nginx.com> Configuration: added ability to access object members with slashes.

Now URI encoding can be used to escape "/" in the request path:

GET /config/listeners/unix:%2Fpath%2Fto%2Fsocket/
diff 962:441ac71b793a Tue Feb 26 16:48:00 UTC 2019 Igor Sysoev <igor@sysoev.ru> Introduced nxt_conf_array_qsort().
diff 961:94b4c5bb66e3 Tue Feb 26 16:48:00 UTC 2019 Igor Sysoev <igor@sysoev.ru> Introduced nxt_conf_array_elements_count().
diff 214:3dda93d5b3cf Wed Aug 16 12:45:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Introduced nxt_conf_get_array_element().
diff 213:df7c06c7f26d Wed Aug 16 12:45:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Object mapping interface extended with more string types.
diff 208:7d1017bd0f6c Fri Aug 11 16:54:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Controller: more HTTP headers and detailed JSON parsing errors.
diff 207:1145c84e08ac Fri Aug 11 15:13:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> Fixed parsing of JSON encoded UTF-16 surrogate pairs.
H A Dnxt_http_static.cdiff 2247:baa6b9879267 Sun Nov 20 15:16:00 UTC 2022 Zhidao HONG <z.hong@f5.com> Basic njs support.
diff 2139:99d792169ffb Thu Jun 16 01:00:00 UTC 2022 Andrew Clayton <andrew@digital-domain.net> Constified numerous function parameters.

As was pointed out by the cppcheck[0] static code analysis utility we
can mark numerous function parameters as 'const'. This acts as a hint to
the compiler about our intentions and the compiler will tell us when we
deviate from them.

[0]: https://cppcheck.sourceforge.io/
diff 1883:b075f32408a1 Wed May 26 16:48:00 UTC 2021 Oisin Canty <o.canty@f5.com> Static: handled unknown MIME types when MIME-filtering active.
diff 1882:65e7dcdd7be4 Wed May 26 16:48:00 UTC 2021 Oisin Canty <o.canty@f5.com> MIME: added PHP.
H A Dnxt_isolation.cdiff 2379:927b793559d4 Thu Mar 16 21:35:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Default PR_SET_NO_NEW_PRIVS to off.

This prctl(2) option was enabled in commit 0277d8f1 ("Isolation: Fix the
enablement of PR_SET_NO_NEW_PRIVS.") and this was being set by default.

This prctl(2) when enabled renders (amongst other things) the set-UID
and set-GID bits on executables ineffective after an execve(2).

This causes an issue for applications that want to execute the
sendmail(8) binary, this includes the PHP mail() function, which is
usually set-GID.

After some internal discussion it was decided to disable this option by
default.

Closes: <https://github.com/nginx/unit/issues/852>
Fixes: 0277d8f1 ("Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.")
Fixes: e2b53e16 ("Added "rootfs" feature.")
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2354:c6a613bd7bd0 Wed Feb 22 16:04:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

drwxrwxrwx. 3 root root 60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

drwxrwxrwt. 3 root root 60 Feb 22 11:57 tmp

[0]: To quote inode(7)

"The sticky bit (S_ISVTX) on a directory means that a file in that
directory can be renamed or deleted only by the owner of the file, by
the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2331:48798e038044 Wed Feb 22 16:04:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

drwxrwxrwx. 3 root root 60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

drwxrwxrwt. 3 root root 60 Feb 22 11:57 tmp

[0]: To quote inode(7)

"The sticky bit (S_ISVTX) on a directory means that a file in that
directory can be renamed or deleted only by the owner of the file, by
the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2260:3005b3de99a5 Mon Oct 24 16:35:00 UTC 2022 Andrew Clayton <a.clayton@nginx.com> Isolation: wired up per-application cgroup support internally.

This commit hooks into the cgroup infrastructure added in the previous
commit to create per-application cgroups.

It does this by adding each "prototype process" into its own cgroup,
then each child process inherits its parents cgroup.

If we fail to create a cgroup we simply fail the process. This behaviour
may get enhanced in the future.

This won't actually do anything yet. Subsequent commits will hook this
up to the build and config systems.

Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 1708:4463c1fc26fd Mon Nov 16 17:56:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: added option to disable "procfs" mount.

Now users can disable the default procfs mount point
in the rootfs.

{
"isolation": {
"automount": {
"procfs": false
}
}
}
diff 1595:d1884e46cf71 Wed Sep 16 16:52:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: remove redundant macro.
diff 1595:d1884e46cf71 Wed Sep 16 16:52:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: remove redundant macro.
H A Dnxt_router.hdiff 2437:8973f763920b Sat Mar 18 16:32:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Allow to remove the version string in HTTP responses.

Normally Unit responds to HTTP requests by including a header like

Server: Unit/1.30.0

however it can sometimes be beneficial to withhold the version
information and in this case just respond with

Server: Unit

This patch adds a new "settings.http" boolean option called
server_version, which defaults to true, in which case the full version
information is sent. However this can be set to false, e.g

"settings": {
"http": {
"server_version": false
}
},

in which case Unit responds without the version information as the
latter example above shows.

Link: <https://www.ietf.org/rfc/rfc9110.html#section-10.2.4>
Closes: <https://github.com/nginx/unit/issues/158>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2132:34d63ed988dc Mon Jun 20 05:16:00 UTC 2022 Zhidao HONG <z.hong@f5.com> Router: introduced nxt_http_forward_t.

This makes the replacement of forwarded request header
like client_ip and protocol more generic.
It's a prerequirement for protocol replacement.

No functional changes.
diff 1936:953434450ea9 Thu Aug 12 08:23:00 UTC 2021 Oisin Canty <o.canty@f5.com> Router: client IP address replacement.

This commit introduces the replacement of the client address based on the value
of a specified HTTP header. This is intended for use when Unit is placed
behind a reverse proxy like nginx or a CDN.

You must specify the source addresses of the trusted proxies. This can be
accomplished with any valid IP pattern supported by Unit's match block:

["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]

The feature is configured per listener.

The client address replacement functionality only operates when there is a
source IP match and the specified header is present. Typically this would be
an 'X-Forwarded-For' header.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
},
"pass": "applications/my_app"
},
}
}

If a request occurs and Unit receives a header like below:

"X-Forwarded-For: 84.123.23.23"

By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR
will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.

If Unit runs behind consecutive reverse proxies and receives a header similar
to the following:

"X-Forwarded-For: 84.123.23.23, 10.0.0.254"

You will need to enable "recursive" checking, which walks the header from
last address to first and chooses the first non-trusted address it finds.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
"recursive": true,
},
"pass": "applications/my_app"
},
}
}

If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254
is also a trusted address so the client address will be replaced with
84.123.23.23.

If all IP addresses in the header are trusted, the client address is set to
the first address in the header:

If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1",
the client address will be replaced with 10.0.0.3.
diff 1926:6e85d6c0b8bb Thu Jul 29 16:50:00 UTC 2021 Max Romanov <max.romanov@nginx.com> Application restart introduced.

When processing a restart request, the router sends a QUIT message to all
existing processes of the application. Then, a new shared application port is
created to ensure that new requests won't be handled by the old processes of
the application.
diff 1552:a363564c527c Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Made router port message handlers into static functions.

Mostly harmless.
diff 1547:cbcd76704c90 Tue Aug 11 16:20:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Introducing the shared application port.

This is the port shared between all application processes which use it to pass
requests for processing. Using it significantly simplifies the request
processing code in the router. The drawback is 2 more file descriptors per each
configured application and more complex libunit message wait/read code.
diff 753:0f0094dc0f51 Fri Aug 10 16:27:00 UTC 2018 Max Romanov <max.romanov@nginx.com> Introducing app joint to accurate app release.

For accurate app descriptor release, it is required to count the number of
use counts. Use count increased when:
- app linked to configuration app queue;
- socket conf stores pointer to app;
- request for start app process posted to router service thread;

Application port has pointer to app, but it does not increase use count
to avoid use count loop.

Timer needs a pointer to nxt_timer_t which is stored in engine timers tree.
nxt_timer_t now resides in nxt_app_joint_t and does not lock the application.

Start process port RPC handlers is also linked to nxt_app_joint_t.

App joint (nxt_app_joint_t) is a 'weak pointer':
- single threaded;
- use countable;
- store pointer to nxt_app_t (which can be NULL);

nxt_app_t has pointer to nxt_app_joint_t and update its pointer to app.
diff 591:2061313c841b Wed Mar 28 16:09:00 UTC 2018 Igor Sysoev <igor@sysoev.ru> Using more expressive name for field.
diff 161:de6b48f9e3ec Sun Jul 16 16:56:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Fixed building by Clang.
diff 161:de6b48f9e3ec Sun Jul 16 16:56:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Fixed building by Clang.
H A Dnxt_http_request.cdiff 2437:8973f763920b Sat Mar 18 16:32:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Allow to remove the version string in HTTP responses.

Normally Unit responds to HTTP requests by including a header like

Server: Unit/1.30.0

however it can sometimes be beneficial to withhold the version
information and in this case just respond with

Server: Unit

This patch adds a new "settings.http" boolean option called
server_version, which defaults to true, in which case the full version
information is sent. However this can be set to false, e.g

"settings": {
"http": {
"server_version": false
}
},

in which case Unit responds without the version information as the
latter example above shows.

Link: <https://www.ietf.org/rfc/rfc9110.html#section-10.2.4>
Closes: <https://github.com/nginx/unit/issues/158>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2345:5c9cb7e205d3 Mon Jan 30 03:16:00 UTC 2023 Zhidao HONG <z.hong@f5.com> NJS: adding the missing vm destruction.

This commit fixed the njs memory leak happened in the config validation, updating and http requests.
diff 2318:6f198d76ee62 Mon Jan 30 03:16:00 UTC 2023 Zhidao HONG <z.hong@f5.com> NJS: adding the missing vm destruction.

This commit fixed the njs memory leak happened in the config validation, updating and http requests.
diff 2247:baa6b9879267 Sun Nov 20 15:16:00 UTC 2022 Zhidao HONG <z.hong@f5.com> Basic njs support.
diff 2139:99d792169ffb Thu Jun 16 01:00:00 UTC 2022 Andrew Clayton <andrew@digital-domain.net> Constified numerous function parameters.

As was pointed out by the cppcheck[0] static code analysis utility we
can mark numerous function parameters as 'const'. This acts as a hint to
the compiler about our intentions and the compiler will tell us when we
deviate from them.

[0]: https://cppcheck.sourceforge.io/
diff 2132:34d63ed988dc Mon Jun 20 05:16:00 UTC 2022 Zhidao HONG <z.hong@f5.com> Router: introduced nxt_http_forward_t.

This makes the replacement of forwarded request header
like client_ip and protocol more generic.
It's a prerequirement for protocol replacement.

No functional changes.
diff 1936:953434450ea9 Thu Aug 12 08:23:00 UTC 2021 Oisin Canty <o.canty@f5.com> Router: client IP address replacement.

This commit introduces the replacement of the client address based on the value
of a specified HTTP header. This is intended for use when Unit is placed
behind a reverse proxy like nginx or a CDN.

You must specify the source addresses of the trusted proxies. This can be
accomplished with any valid IP pattern supported by Unit's match block:

["10.0.0.1", "10.4.0.0/16", "!192.168.1.1"]

The feature is configured per listener.

The client address replacement functionality only operates when there is a
source IP match and the specified header is present. Typically this would be
an 'X-Forwarded-For' header.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
},
"pass": "applications/my_app"
},
}
}

If a request occurs and Unit receives a header like below:

"X-Forwarded-For: 84.123.23.23"

By default, Unit trusts the last rightmost IP in the header, so REMOTE_ADDR
will be set to 84.123.23.23 if the connection originated from 10.0.0.0/8.

If Unit runs behind consecutive reverse proxies and receives a header similar
to the following:

"X-Forwarded-For: 84.123.23.23, 10.0.0.254"

You will need to enable "recursive" checking, which walks the header from
last address to first and chooses the first non-trusted address it finds.

{
"listeners": {
"127.0.0.1:8080": {
"client_ip": {
"header": "X-Forwarded-For",
"source": [
"10.0.0.0/8"
]
"recursive": true,
},
"pass": "applications/my_app"
},
}
}

If a connection from 10.0.0.0/8 occurs, the chain is walked. Here, 10.0.0.254
is also a trusted address so the client address will be replaced with
84.123.23.23.

If all IP addresses in the header are trusted, the client address is set to
the first address in the header:

If 10.0.0.0/8 is trusted and "X-Forwarded-For: 10.0.0.3, 10.0.0.2, 10.0.0.1",
the client address will be replaced with 10.0.0.3.
diff 1459:358b957ca294 Thu Apr 16 14:09:00 UTC 2020 Max Romanov <max.romanov@nginx.com> Using malloc/free for the http fields hash.

This is required due to lack of a graceful shutdown: there is a small gap
between the runtime's memory pool release and router process's exit. Thus, a
worker thread may start processing a request between these two operations,
which may result in an http fields hash access and subsequent crash.

To simplify issue reproduction, it makes sense to add a 2 sec sleep before
exit() in nxt_runtime_exit().
diff 1009:1c310945f81f Mon Mar 18 16:55:00 UTC 2019 Max Romanov <max.romanov@nginx.com> Setting request error flag in error handler.

Absence of this flag is the reason of memory leak in case when client
disconnected before receiving all response data.
diff 493:745222d540a2 Wed Jan 24 12:16:00 UTC 2018 Sergey Kandaurov <pluknet@nginx.com> Using size_t for the field width type of the "%*s" specifier.
H A Dnxt_router_access_log.cdiff 2247:baa6b9879267 Sun Nov 20 15:16:00 UTC 2022 Zhidao HONG <z.hong@f5.com> Basic njs support.
H A Dnxt_clone.hdiff 1595:d1884e46cf71 Wed Sep 16 16:52:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: remove redundant macro.
diff 1595:d1884e46cf71 Wed Sep 16 16:52:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Isolation: remove redundant macro.
diff 1488:6976d36be926 Mon Mar 09 16:28:00 UTC 2020 Tiago Natel de Moura <t.nateldemoura@f5.com> Refactor of process management.

The process abstraction has changed to:

setup(task, process)
start(task, process_data)
prefork(task, process, mp)

The prefork() occurs in the main process right before fork.

The file src/nxt_main_process.c is completely free of process
specific logic.

The creation of a process now supports a PROCESS_CREATED state. The
The setup() function of each process can set its state to either
created or ready. If created, a MSG_PROCESS_CREATED is sent to main
process, where external setup can be done (required for rootfs under
container).

The core processes (discovery, controller and router) doesn't need
external setup, then they all proceeds to their start() function
straight away.

In the case of applications, the load of the module happens at the
process setup() time and The module's init() function has changed
to be the start() of the process.

The module API has changed to:

setup(task, process, conf)
start(task, data)

As a direct benefit of the PROCESS_CREATED message, the clone(2) of
processes using pid namespaces now doesn't need to create a pipe
to make the child block until parent setup uid/gid mappings nor it
needs to receive the child pid.
diff 1306:3604d05e48be Fri Dec 06 16:52:00 UTC 2019 Tiago Natel <t.nateldemoura@f5.com> Isolation: allowed the use of credentials with unpriv userns.

The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).

Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.
H A Dnxt_clone.cdiff 2617:18a10bb7346d Tue Jan 16 15:37:00 UTC 2024 Andrei Zeliankou <zelenkov@nginx.com> White space formatting fixes

Closes: <https://github.com/nginx/unit/pull/1062>
diff 2078:0996dd223cdd Sat Dec 18 23:58:00 UTC 2021 Alejandro Colomar <alx.manpages@gmail.com> Fixed indentation.

Some lines (incorrectly) had an indentation of 3 or 5, or 7 or 9,
or 11 or 13, or 15 or 17 spaces instead of 4, 8, 12, or 16. Fix them.

Found with:

$ find src -type f | xargs grep -n '^ [^ ]';
$ find src -type f | xargs grep -n '^ [^ *]';
$ find src -type f | xargs grep -n '^ [^ ]';
$ find src -type f | xargs grep -n '^ [^ *]';
$ find src -type f | xargs grep -n '^ [^ +]';
$ find src -type f | xargs grep -n '^ [^ *+]';
$ find src -type f | xargs grep -n '^ [^ +]';
$ find src -type f | xargs grep -n '^ [^ *+]';
diff 1306:3604d05e48be Fri Dec 06 16:52:00 UTC 2019 Tiago Natel <t.nateldemoura@f5.com> Isolation: allowed the use of credentials with unpriv userns.

The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).

Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.
diff 1201:563e00547881 Fri Sep 20 13:16:00 UTC 2019 Tiago Natel <t.nateldemoura@f5.com> Closing leaking file descriptor.

Found by Coverity (CID 349484).
H A Dnxt_socket.cdiff 2617:18a10bb7346d Tue Jan 16 15:37:00 UTC 2024 Andrei Zeliankou <zelenkov@nginx.com> White space formatting fixes

Closes: <https://github.com/nginx/unit/pull/1062>
diff 1504:737b84721dae Tue Jun 23 11:16:00 UTC 2020 Igor Sysoev <igor@sysoev.ru> Decreased level of some socket close() errors.
diff 494:7c83ddcc1c42 Wed Jan 24 12:16:00 UTC 2018 Sergey Kandaurov <pluknet@nginx.com> Fixed formatting in nxt_sprintf() and logging.
diff 493:745222d540a2 Wed Jan 24 12:16:00 UTC 2018 Sergey Kandaurov <pluknet@nginx.com> Using size_t for the field width type of the "%*s" specifier.
/unit/src/java/nginx/unit/websocket/server/
H A DWsSessionListener.javadiff 2617:18a10bb7346d Tue Jan 16 15:37:00 UTC 2024 Andrei Zeliankou <zelenkov@nginx.com> White space formatting fixes

Closes: <https://github.com/nginx/unit/pull/1062>

12345678910>>...16