Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
393 additions
and
0 deletions.
There are no files selected for viewing
72 changes: 72 additions & 0 deletions
72
images/nginx/rootfs/patches/nginx-1.17.4-balancer_status_code.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c | ||
index f8d5707d..6efe0047 100644 | ||
--- a/src/http/ngx_http_upstream.c | ||
+++ b/src/http/ngx_http_upstream.c | ||
@@ -1515,6 +1515,11 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) | ||
return; | ||
} | ||
|
||
+ if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { | ||
+ ngx_http_upstream_finalize_request(r, u, rc); | ||
+ return; | ||
+ } | ||
+ | ||
u->state->peer = u->peer.name; | ||
|
||
if (rc == NGX_BUSY) { | ||
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h | ||
index 3e714e5b..dfbb25e0 100644 | ||
--- a/src/http/ngx_http_upstream.h | ||
+++ b/src/http/ngx_http_upstream.h | ||
@@ -427,4 +427,9 @@ extern ngx_conf_bitmask_t ngx_http_upstream_cache_method_mask[]; | ||
extern ngx_conf_bitmask_t ngx_http_upstream_ignore_headers_masks[]; | ||
|
||
|
||
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH | ||
+#define HAVE_BALANCER_STATUS_CODE_PATCH | ||
+#endif | ||
+ | ||
+ | ||
#endif /* _NGX_HTTP_UPSTREAM_H_INCLUDED_ */ | ||
diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h | ||
index 09d24593..d8b4b584 100644 | ||
--- a/src/stream/ngx_stream.h | ||
+++ b/src/stream/ngx_stream.h | ||
@@ -27,6 +27,7 @@ typedef struct ngx_stream_session_s ngx_stream_session_t; | ||
|
||
|
||
#define NGX_STREAM_OK 200 | ||
+#define NGX_STREAM_SPECIAL_RESPONSE 300 | ||
#define NGX_STREAM_BAD_REQUEST 400 | ||
#define NGX_STREAM_FORBIDDEN 403 | ||
#define NGX_STREAM_INTERNAL_SERVER_ERROR 500 | ||
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c | ||
index 818d7329..329dcdc6 100644 | ||
--- a/src/stream/ngx_stream_proxy_module.c | ||
+++ b/src/stream/ngx_stream_proxy_module.c | ||
@@ -691,6 +691,11 @@ ngx_stream_proxy_connect(ngx_stream_session_t *s) | ||
return; | ||
} | ||
|
||
+ if (rc >= NGX_STREAM_SPECIAL_RESPONSE) { | ||
+ ngx_stream_proxy_finalize(s, rc); | ||
+ return; | ||
+ } | ||
+ | ||
u->state->peer = u->peer.name; | ||
|
||
if (rc == NGX_BUSY) { | ||
diff --git a/src/stream/ngx_stream_upstream.h b/src/stream/ngx_stream_upstream.h | ||
index 73947f46..21bc0ad7 100644 | ||
--- a/src/stream/ngx_stream_upstream.h | ||
+++ b/src/stream/ngx_stream_upstream.h | ||
@@ -151,4 +151,9 @@ ngx_stream_upstream_srv_conf_t *ngx_stream_upstream_add(ngx_conf_t *cf, | ||
extern ngx_module_t ngx_stream_upstream_module; | ||
|
||
|
||
+#ifndef HAVE_BALANCER_STATUS_CODE_PATCH | ||
+#define HAVE_BALANCER_STATUS_CODE_PATCH | ||
+#endif | ||
+ | ||
+ | ||
#endif /* _NGX_STREAM_UPSTREAM_H_INCLUDED_ */ |
13 changes: 13 additions & 0 deletions
13
images/nginx/rootfs/patches/nginx-1.17.4-larger_max_error_str.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- nginx-1.17.4/src/core/ngx_log.h 2013-10-08 05:07:14.000000000 -0700 | ||
+++ nginx-1.17.4-patched/src/core/ngx_log.h 2013-12-05 20:35:35.996236720 -0800 | ||
@@ -64,7 +64,9 @@ struct ngx_log_s { | ||
}; | ||
|
||
|
||
-#define NGX_MAX_ERROR_STR 2048 | ||
+#ifndef NGX_MAX_ERROR_STR | ||
+#define NGX_MAX_ERROR_STR 4096 | ||
+#endif | ||
|
||
|
||
/*********************************/ |
38 changes: 38 additions & 0 deletions
38
images/nginx/rootfs/patches/nginx-1.17.4-reuseport_close_unused_fds.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c | ||
--- a/src/core/ngx_connection.c | ||
+++ b/src/core/ngx_connection.c | ||
@@ -1118,6 +1118,12 @@ ngx_close_listening_sockets(ngx_cycle_t *cycle) | ||
ls = cycle->listening.elts; | ||
for (i = 0; i < cycle->listening.nelts; i++) { | ||
|
||
+#if (NGX_HAVE_REUSEPORT) | ||
+ if (ls[i].fd == (ngx_socket_t) -1) { | ||
+ continue; | ||
+ } | ||
+#endif | ||
+ | ||
c = ls[i].connection; | ||
|
||
if (c) { | ||
diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c | ||
--- a/src/event/ngx_event.c | ||
+++ b/src/event/ngx_event.c | ||
@@ -775,6 +775,18 @@ ngx_event_process_init(ngx_cycle_t *cycle) | ||
|
||
#if (NGX_HAVE_REUSEPORT) | ||
if (ls[i].reuseport && ls[i].worker != ngx_worker) { | ||
+ ngx_log_debug2(NGX_LOG_DEBUG_CORE, cycle->log, 0, | ||
+ "closing unused fd:%d listening on %V", | ||
+ ls[i].fd, &ls[i].addr_text); | ||
+ | ||
+ if (ngx_close_socket(ls[i].fd) == -1) { | ||
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno, | ||
+ ngx_close_socket_n " %V failed", | ||
+ &ls[i].addr_text); | ||
+ } | ||
+ | ||
+ ls[i].fd = (ngx_socket_t) -1; | ||
+ | ||
continue; | ||
} | ||
#endif |
53 changes: 53 additions & 0 deletions
53
images/nginx/rootfs/patches/nginx-1.17.4-single_process_graceful_exit.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c | ||
index 1710ea81..b379da9c 100644 | ||
--- a/src/os/unix/ngx_process_cycle.c | ||
+++ b/src/os/unix/ngx_process_cycle.c | ||
@@ -304,11 +304,26 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) | ||
} | ||
|
||
for ( ;; ) { | ||
+ if (ngx_exiting) { | ||
+ if (ngx_event_no_timers_left() == NGX_OK) { | ||
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); | ||
+ | ||
+ for (i = 0; cycle->modules[i]; i++) { | ||
+ if (cycle->modules[i]->exit_process) { | ||
+ cycle->modules[i]->exit_process(cycle); | ||
+ } | ||
+ } | ||
+ | ||
+ ngx_master_process_exit(cycle); | ||
+ } | ||
+ } | ||
+ | ||
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle"); | ||
|
||
ngx_process_events_and_timers(cycle); | ||
|
||
- if (ngx_terminate || ngx_quit) { | ||
+ if (ngx_terminate) { | ||
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "exiting"); | ||
|
||
for (i = 0; cycle->modules[i]; i++) { | ||
if (cycle->modules[i]->exit_process) { | ||
@@ -319,6 +334,20 @@ ngx_single_process_cycle(ngx_cycle_t *cycle) | ||
ngx_master_process_exit(cycle); | ||
} | ||
|
||
+ if (ngx_quit) { | ||
+ ngx_quit = 0; | ||
+ ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, | ||
+ "gracefully shutting down"); | ||
+ ngx_setproctitle("process is shutting down"); | ||
+ | ||
+ if (!ngx_exiting) { | ||
+ ngx_exiting = 1; | ||
+ ngx_set_shutdown_timer(cycle); | ||
+ ngx_close_listening_sockets(cycle); | ||
+ ngx_close_idle_connections(cycle); | ||
+ } | ||
+ } | ||
+ | ||
if (ngx_reconfigure) { | ||
ngx_reconfigure = 0; | ||
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reconfiguring"); |
64 changes: 64 additions & 0 deletions
64
images/nginx/rootfs/patches/nginx-1.17.4-ssl_cert_cb_yield.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
# HG changeset patch | ||
# User Yichun Zhang <agentzh@openresty.org> | ||
# Date 1451762084 28800 | ||
# Sat Jan 02 11:14:44 2016 -0800 | ||
# Node ID 449f0461859c16e95bdb18e8be6b94401545d3dd | ||
# Parent 78b4e10b4367b31367aad3c83c9c3acdd42397c4 | ||
SSL: handled SSL_CTX_set_cert_cb() callback yielding. | ||
|
||
OpenSSL 1.0.2+ introduces SSL_CTX_set_cert_cb() to allow custom | ||
callbacks to serve the SSL certificiates and private keys dynamically | ||
and lazily. The callbacks may yield for nonblocking I/O or sleeping. | ||
Here we added support for such usage in NGINX 3rd-party modules | ||
(like ngx_lua) in NGINX's event handlers for downstream SSL | ||
connections. | ||
|
||
diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c | ||
--- a/src/event/ngx_event_openssl.c Thu Dec 17 16:39:15 2015 +0300 | ||
+++ b/src/event/ngx_event_openssl.c Sat Jan 02 11:14:44 2016 -0800 | ||
@@ -1445,6 +1445,23 @@ ngx_ssl_handshake(ngx_connection_t *c) | ||
return NGX_AGAIN; | ||
} | ||
|
||
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L | ||
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { | ||
+ c->read->handler = ngx_ssl_handshake_handler; | ||
+ c->write->handler = ngx_ssl_handshake_handler; | ||
+ | ||
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | ||
+ return NGX_ERROR; | ||
+ } | ||
+ | ||
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | ||
+ return NGX_ERROR; | ||
+ } | ||
+ | ||
+ return NGX_AGAIN; | ||
+ } | ||
+#endif | ||
+ | ||
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | ||
|
||
c->ssl->no_wait_shutdown = 1; | ||
@@ -1558,6 +1575,21 @@ ngx_ssl_try_early_data(ngx_connection_t *c) | ||
return NGX_AGAIN; | ||
} | ||
|
||
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { | ||
+ c->read->handler = ngx_ssl_handshake_handler; | ||
+ c->write->handler = ngx_ssl_handshake_handler; | ||
+ | ||
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | ||
+ return NGX_ERROR; | ||
+ } | ||
+ | ||
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | ||
+ return NGX_ERROR; | ||
+ } | ||
+ | ||
+ return NGX_AGAIN; | ||
+ } | ||
+ | ||
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | ||
|
||
c->ssl->no_wait_shutdown = 1; |
41 changes: 41 additions & 0 deletions
41
images/nginx/rootfs/patches/nginx-1.17.4-ssl_sess_cb_yield.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c | ||
--- a/src/event/ngx_event_openssl.c | ||
+++ b/src/event/ngx_event_openssl.c | ||
@@ -1446,7 +1446,12 @@ ngx_ssl_handshake(ngx_connection_t *c) | ||
} | ||
|
||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L | ||
- if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) { | ||
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP | ||
+# ifdef SSL_ERROR_PENDING_SESSION | ||
+ || sslerr == SSL_ERROR_PENDING_SESSION | ||
+# endif | ||
+ ) | ||
+ { | ||
c->read->handler = ngx_ssl_handshake_handler; | ||
c->write->handler = ngx_ssl_handshake_handler; | ||
|
||
@@ -1575,6 +1580,23 @@ ngx_ssl_try_early_data(ngx_connection_t *c) | ||
return NGX_AGAIN; | ||
} | ||
|
||
+#ifdef SSL_ERROR_PENDING_SESSION | ||
+ if (sslerr == SSL_ERROR_PENDING_SESSION) { | ||
+ c->read->handler = ngx_ssl_handshake_handler; | ||
+ c->write->handler = ngx_ssl_handshake_handler; | ||
+ | ||
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | ||
+ return NGX_ERROR; | ||
+ } | ||
+ | ||
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | ||
+ return NGX_ERROR; | ||
+ } | ||
+ | ||
+ return NGX_AGAIN; | ||
+ } | ||
+#endif | ||
+ | ||
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | ||
|
||
c->ssl->no_wait_shutdown = 1; |
112 changes: 112 additions & 0 deletions
112
images/nginx/rootfs/patches/nginx-1.17.4-upstream_timeout_fields.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c | ||
index 69019417..2265d8f7 100644 | ||
--- a/src/http/ngx_http_upstream.c | ||
+++ b/src/http/ngx_http_upstream.c | ||
@@ -509,12 +509,19 @@ void | ||
ngx_http_upstream_init(ngx_http_request_t *r) | ||
{ | ||
ngx_connection_t *c; | ||
+ ngx_http_upstream_t *u; | ||
|
||
c = r->connection; | ||
|
||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | ||
"http init upstream, client timer: %d", c->read->timer_set); | ||
|
||
+ u = r->upstream; | ||
+ | ||
+ u->connect_timeout = u->conf->connect_timeout; | ||
+ u->send_timeout = u->conf->send_timeout; | ||
+ u->read_timeout = u->conf->read_timeout; | ||
+ | ||
#if (NGX_HTTP_V2) | ||
if (r->stream) { | ||
ngx_http_upstream_init_request(r); | ||
@@ -1626,7 +1633,7 @@ ngx_http_upstream_connect(ngx_http_request_t *r, ngx_http_upstream_t *u) | ||
u->request_body_blocked = 0; | ||
|
||
if (rc == NGX_AGAIN) { | ||
- ngx_add_timer(c->write, u->conf->connect_timeout); | ||
+ ngx_add_timer(c->write, u->connect_timeout); | ||
return; | ||
} | ||
|
||
@@ -1704,7 +1711,7 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r, | ||
if (rc == NGX_AGAIN) { | ||
|
||
if (!c->write->timer_set) { | ||
- ngx_add_timer(c->write, u->conf->connect_timeout); | ||
+ ngx_add_timer(c->write, u->connect_timeout); | ||
} | ||
|
||
c->ssl->handler = ngx_http_upstream_ssl_handshake_handler; | ||
@@ -2022,7 +2029,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u, | ||
|
||
if (rc == NGX_AGAIN) { | ||
if (!c->write->ready || u->request_body_blocked) { | ||
- ngx_add_timer(c->write, u->conf->send_timeout); | ||
+ ngx_add_timer(c->write, u->send_timeout); | ||
|
||
} else if (c->write->timer_set) { | ||
ngx_del_timer(c->write); | ||
@@ -2084,7 +2091,7 @@ ngx_http_upstream_send_request(ngx_http_request_t *r, ngx_http_upstream_t *u, | ||
return; | ||
} | ||
|
||
- ngx_add_timer(c->read, u->conf->read_timeout); | ||
+ ngx_add_timer(c->read, u->read_timeout); | ||
|
||
if (c->read->ready) { | ||
ngx_http_upstream_process_header(r, u); | ||
@@ -3213,7 +3220,7 @@ ngx_http_upstream_send_response(ngx_http_request_t *r, ngx_http_upstream_t *u) | ||
p->cyclic_temp_file = 0; | ||
} | ||
|
||
- p->read_timeout = u->conf->read_timeout; | ||
+ p->read_timeout = u->read_timeout; | ||
p->send_timeout = clcf->send_timeout; | ||
p->send_lowat = clcf->send_lowat; | ||
|
||
@@ -3458,7 +3465,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r, | ||
} | ||
|
||
if (upstream->write->active && !upstream->write->ready) { | ||
- ngx_add_timer(upstream->write, u->conf->send_timeout); | ||
+ ngx_add_timer(upstream->write, u->send_timeout); | ||
|
||
} else if (upstream->write->timer_set) { | ||
ngx_del_timer(upstream->write); | ||
@@ -3470,7 +3477,7 @@ ngx_http_upstream_process_upgraded(ngx_http_request_t *r, | ||
} | ||
|
||
if (upstream->read->active && !upstream->read->ready) { | ||
- ngx_add_timer(upstream->read, u->conf->read_timeout); | ||
+ ngx_add_timer(upstream->read, u->read_timeout); | ||
|
||
} else if (upstream->read->timer_set) { | ||
ngx_del_timer(upstream->read); | ||
@@ -3664,7 +3671,7 @@ ngx_http_upstream_process_non_buffered_request(ngx_http_request_t *r, | ||
} | ||
|
||
if (upstream->read->active && !upstream->read->ready) { | ||
- ngx_add_timer(upstream->read, u->conf->read_timeout); | ||
+ ngx_add_timer(upstream->read, u->read_timeout); | ||
|
||
} else if (upstream->read->timer_set) { | ||
ngx_del_timer(upstream->read); | ||
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h | ||
index c2f4dc0b..b9eef118 100644 | ||
--- a/src/http/ngx_http_upstream.h | ||
+++ b/src/http/ngx_http_upstream.h | ||
@@ -333,6 +333,11 @@ struct ngx_http_upstream_s { | ||
ngx_array_t *caches; | ||
#endif | ||
|
||
+#define HAVE_NGX_UPSTREAM_TIMEOUT_FIELDS 1 | ||
+ ngx_msec_t connect_timeout; | ||
+ ngx_msec_t send_timeout; | ||
+ ngx_msec_t read_timeout; | ||
+ | ||
ngx_http_upstream_headers_in_t headers_in; | ||
|
||
ngx_http_upstream_resolved_t *resolved; |