Commit graph

3921 commits

Author SHA1 Message Date
Igor Sysoev
95d4ca17b8 Ranges processing small optimization. 2011-08-30 13:06:12 +00:00
Igor Sysoev
559cd34ba9 Now unsatisfiable ranges are processed according to RFC 2616. 2011-08-30 13:01:55 +00:00
Igor Sysoev
2fb9408b38 Ranges processing small optimization. 2011-08-30 12:45:24 +00:00
Igor Sysoev
8b30429bd1 Style fix. 2011-08-30 12:28:01 +00:00
Igor Sysoev
cbbf90d9b8 Now if total size of all ranges is greater than source response size,
then nginx disables ranges and returns just the source response.
This fix should not affect well-behaving applications but will defeat
DoS attempts exploiting malicious byte ranges.
2011-08-26 09:42:50 +00:00
Igor Sysoev
d7c1fe5f5b Cache size accounting fix: actual cache size on disk was less than
needed by sum of sizes of files loaded by worker processes themselves
while cache loader was running.

The bug has been introduced in r3900.
2011-08-25 17:29:34 +00:00
Maxim Dounin
8f54c88bdd Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).

As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.

Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.

Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+.  I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
2011-08-23 14:36:31 +00:00
Igor Sysoev
cb0498da6c Version bump. 2011-08-23 14:22:34 +00:00
Ruslan Ermilov
6db2ed0cfb Restore the lost negation. 2011-08-23 13:39:22 +00:00
Igor Sysoev
5b129859e5 Removing incomplete draft documentation from release tarball and zip. 2011-08-23 13:35:02 +00:00
Igor Sysoev
6afda56a48 Grammar fixes in CHANGES. 2011-08-23 13:29:47 +00:00
Igor Sysoev
69954e741c CHANGES conversion from KOI8-R to UTF-8. 2011-08-23 12:50:54 +00:00
Igor Sysoev
0bc89850bb Grammar fixes in CHANGES. 2011-08-23 10:18:35 +00:00
Igor Sysoev
6a904d417f XSLT regeneration for the previous commit. 2011-08-23 10:11:09 +00:00
Igor Sysoev
0a4c8438b6 Traling spaces removal in text CHANGES files. 2011-08-23 10:10:25 +00:00
Igor Sysoev
b587ba834c XSLT regeneration for r4023. 2011-08-23 09:48:44 +00:00
Ruslan Ermilov
1b075335d6 Get rid of " <br/>" hacks. 2011-08-23 09:01:13 +00:00
Ruslan Ermilov
1636327379 - support <br/> in the middle of input
- fixed "<br>" lookup (eliminates the need in " <br/>" hacks)
- fixed maximum length for unbreakable input
- fixed space lookup (allows a space at column 77 to break a line)
2011-08-23 09:00:24 +00:00
Igor Sysoev
3fbcbcda80 release-1.1.1 tag 2011-08-22 13:56:14 +00:00
Igor Sysoev
8ee9429c07 nginx-1.1.1-RELEASE 2011-08-22 13:56:08 +00:00
Igor Sysoev
c68fd722ae SIGWINCH/NOACCEPT signal is disabled now in non-daemon mode.
Non-daemon mode is currently used by supervisord, daemontools and so on
or during debugging. The NOACCEPT signal is only used for online upgrade
which is not supported when nginx is run under supervisord, etc.,
so this change should not break existant setups.
2011-08-22 12:34:48 +00:00
Igor Sysoev
38f69601e9 The change in adaptive loader behaviour introduced in r3975:
now cache loader processes either as many files as specified by loader_files
or works no more than time specified by loader_threshold during each iteration.

loader_threshold was previously used to decrease loader_files or
to increase loader_timeout and this might eventually result in
downgrading loader_files to 1 and increasing loader_timeout to large values
causing loading cache for forever.
2011-08-22 10:16:49 +00:00
Maxim Dounin
3bbcc2c24d Fix buffer overrun under Windows. 2011-08-22 10:07:27 +00:00
Maxim Dounin
d8829c8f29 Move SO_ACCEPTFILTER and TCP_DEFER_ACCEPT checks into configure.
NetBSD 5.0+ has SO_ACCEPTFILTER support merged from FreeBSD, and having
accept filter check in FreeBSD-specific ngx_freebsd_config.h prevents it
from being used on NetBSD.  Therefore move the check into configure (and
do the same for Linux-specific TCP_DEFER_ACCEPT, just to be in line).
2011-08-21 11:37:37 +00:00
Maxim Dounin
8a3f0cdbe7 Fix ignored headers handling in fastcgi/scgi/uwsgi.
The bug had appeared in r3561 (fastcgi), r3638 (scgi), r3567 (uwsgi).
2011-08-19 20:11:39 +00:00
Ruslan Ermilov
75639f81d9 XSLT regeneration for r3998. 2011-08-19 08:39:27 +00:00
Ruslan Ermilov
6af6d60ce8 - Added missing dependencies for the CHANGES{,ru} targets.
- Pass string params to xsltproc.
- Removed extraneous rule bodies.
2011-08-19 08:33:47 +00:00
Maxim Dounin
0e8a6088fc Complain on invalid log levels.
Previously only first log level was required to be correct, while error_log
directive in fact accepts list of levels (e.g. one may specify "error_log ...
debug_core debug_http;").  This resulted in (avoidable) wierd behaviour on
missing semicolon after error_log directive, e.g.

    error_log /path/to/log info
    index index.php;

silently skipped index directive and it's arguments (trying to interpret
them as log levels without checking to be correct).
2011-08-18 21:48:13 +00:00
Maxim Dounin
fe81a004a4 Upstream: properly allocate memory for tried flags.
Previous allocation only took into account number of non-backup servers, and
this caused memory corruption with many backup servers.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-May/026531.html
2011-08-18 17:04:52 +00:00
Maxim Dounin
3edafa1da6 Fixing cpu hog with all upstream servers marked "down".
The following configuration causes nginx to hog cpu due to infinite loop
in ngx_http_upstream_get_peer():

    upstream backend {
        server 127.0.0.1:8080 down;
        server 127.0.0.1:8080 down;
    }

    server {
       ...
       location / {
           proxy_pass http://backend;
       }
    }

Make sure we don't loop infinitely in ngx_http_upstream_get_peer() but stop
after resetting peer weights once.

Return 0 if we are stuck.  This is guaranteed to work as peer 0 always exists,
and eventually ngx_http_upstream_get_round_robin_peer() will do the right
thing falling back to backup servers or returning NGX_BUSY.
2011-08-18 16:52:38 +00:00
Maxim Dounin
4d7a28e8ce Fixing proxy_set_body and proxy_pass_request_body with SSL.
Flush flag wasn't set in constructed buffer and this prevented any data
from being actually sent to upstream due to SSL buffering.  Make sure
we always set flush in the last buffer we are going to sent.

See here for report:
http://nginx.org/pipermail/nginx-ru/2011-June/041552.html
2011-08-18 16:34:24 +00:00
Igor Sysoev
76de74e303 Fix names of the referer hash size directives introduced in r3940. 2011-08-18 16:27:30 +00:00
Maxim Dounin
a9983c9d98 Rebuild manpage only if needed. 2011-08-18 15:57:59 +00:00
Maxim Dounin
13ce1f0bca Fix body with request_body_in_single_buf.
If there were preread data and request body was big enough first part
of the request body was duplicated.

See report here:
http://mailman.nginx.org/pipermail/nginx/2011-July/027756.html
2011-08-18 15:52:00 +00:00
Maxim Dounin
cbf91014ed Correctly set body if it's preread and there are extra data.
Previously all available data was used as body, resulting in garbage after
real body e.g. in case of pipelined requests.  Make sure to use only as many
bytes as request's Content-Length specifies.
2011-08-18 15:27:57 +00:00
Maxim Dounin
d8a0ae2edb Lower optimization level for Sun Studio before 12.1.
At least Sun Studio 12 has problems with bit-fields exposed by nginx code
(caught by test suite).  They seems to be fixed in Sun Studio 12.1.  As a
workaround use "-fast -xalias_level=any" for older versions, it resolves
the problem.
2011-08-18 15:10:23 +00:00
Maxim Dounin
a5c11a1449 Detect POSIX semaphores in librt on Solaris (ticket #3).
Patch by Denis Ivanov.
2011-08-17 08:35:54 +00:00
Maxim Dounin
c122b33c8c Configure: catch up with new Linux version numbering (ticket #5).
Catch up with new Linux version numbering scheme as announced at [1] and
suppress unrecognized versions to actually use default 0.

[1] https://lkml.org/lkml/2011/5/29/204
2011-08-13 15:15:50 +00:00
Ruslan Ermilov
77013cc642 - Replaced explicit link to bugtracker with a support link
(which will soon link to Trac).

- Commented out reference to non-existing nginx.conf(5).
2011-08-10 12:30:19 +00:00
Ruslan Ermilov
e805d2dfe9 Mention our preferred way of accepting bug reports. 2011-08-10 08:03:34 +00:00
Ruslan Ermilov
3d182f0ee5 Don't ignore xmllint errors. 2011-08-09 15:18:07 +00:00
Ruslan Ermilov
279e434a03 Regen after makefile changes. 2011-08-09 15:15:36 +00:00
Igor Sysoev
08c06ac475 using sed instead of perl 2011-08-05 13:42:37 +00:00
Igor Sysoev
38dd8df531 skeleton for documentation processing 2011-08-05 09:25:34 +00:00
Igor Sysoev
b4696fb265 update documentation build procedure 2011-08-05 09:00:19 +00:00
Igor Sysoev
fded0a4ad0 fix gzip quantity: "q=0." and "q=1." are valid values according to RFC 2011-08-05 08:51:29 +00:00
Igor Sysoev
3aec2da367 refactor gzip quantity introduced in r3981: it ignored "q=1.000" 2011-08-04 14:50:59 +00:00
Igor Sysoev
12bbdf5d86 A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.

The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
2011-08-04 11:12:30 +00:00
Igor Sysoev
388cd91b9b removal of error message about %name log_format parameters,
they have been deleted long ago in 0.5.0-RELEASE
2011-08-03 16:01:36 +00:00
Igor Sysoev
3159d39551 fix typo introduced in r3985 2011-08-02 12:43:01 +00:00