Commit graph

58 commits

Author SHA1 Message Date
Sergey Kandaurov
3f5c3dc960 Configure: fixed compiler warnings with "-Wall -Wextra". 2018-07-24 18:46:54 +03:00
Roman Arutyunyan
6ebe5e7ed4 Fixed capabilities version.
Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).
2017-12-19 19:00:27 +03:00
Roman Arutyunyan
ac2d9a2413 Improved the capabilities feature detection.
Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx.  This prevented the capabilities feature from
being detected and compiled on that systems.

Now linux/capability.h system header is included instead.  Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.
2017-12-18 21:09:39 +03:00
Roman Arutyunyan
695a8267c9 Retain CAP_NET_RAW capability for transparent proxying.
The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.

The feature is only available in Linux.
2017-12-13 20:40:53 +03:00
Maxim Dounin
2bb80c06e7 Configure: sched_setaffinity() test moved to auto/unix.
The sched_setaffinity() function was introduced in DragonFly BSD 4.7,
so it is no longer Linux-specific.

Prodded by Sepherosa Ziehau.
2017-05-29 16:48:30 +03:00
Valentin Bartenev
ea47d8d7aa Events: support for EPOLLEXCLUSIVE.
This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().
2016-07-15 15:18:57 +03:00
Piotr Sikora
ff5e8c8c33 Configure: fix build with -Werror=unused-but-set-variable.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-06-27 15:00:03 -07:00
Ruslan Ermilov
71b90a9bdd Removed the obsolete rtsig module. 2015-04-23 14:17:40 +03:00
Valentin Bartenev
6a0ea01e0c Events: support for EPOLLRDHUP (ticket #320).
Since Linux 2.6.17, epoll is able to report about peer half-closed connection
using special EPOLLRDHUP flag on a read event.
2013-07-12 14:51:07 +04:00
Valentin Bartenev
51a7051795 Disable symlinks: use O_PATH to open path components.
It was introduced in Linux 2.6.39, glibc 2.14 and allows to obtain
file descriptors without actually opening files.  Thus made it possible
to traverse path with openat() syscalls without the need to have read
permissions for path components.  It is effectively emulates O_SEARCH
which is missing on Linux.

O_PATH is used in combination with O_RDONLY.  The last one is ignored
if O_PATH is used, but it allows nginx to not fail when it was built on
modern system (i.e. glibc 2.14+) and run with a kernel older than 2.6.39.
Then O_PATH is unknown to the kernel and ignored, while O_RDONLY is used.

Sadly, fstat() is not working with O_PATH descriptors till Linux 3.6.
As a workaround we fallback to fstatat() with the AT_EMPTY_PATH flag
that was introduced at the same time as O_PATH.
2013-09-02 08:07:59 +04:00
Ruslan Ermilov
448f8672fd worker_cpu_affinity: cleaned up Linux implementation, added FreeBSD support. 2012-03-21 13:58:51 +00:00
Ruslan Ermilov
8a4f3a138e Fixed compilation warnings in configuration C tests.
Based on a patch by Piotr Sikora.
2012-03-15 20:39:38 +00:00
Maxim Konovalov
0330b7ef84 Copyright updated. 2012-01-18 15:07:43 +00:00
Maxim Dounin
c122b33c8c Configure: catch up with new Linux version numbering (ticket #5).
Catch up with new Linux version numbering scheme as announced at [1] and
suppress unrecognized versions to actually use default 0.

[1] https://lkml.org/lkml/2011/5/29/204
2011-08-13 15:15:50 +00:00
Igor Sysoev
c8312b7e09 posix_fadvise64() had been implemented in Linux 2.5.60 2009-11-03 16:29:47 +00:00
Igor Sysoev
861ed123ea fix Linux "uname -r" version matching 2009-08-24 11:04:46 +00:00
Igor Sysoev
2a7c97b47f fix GNU strerror_r() detection, the bug has been inroduced in r2600 2009-04-24 09:38:48 +00:00
Igor Sysoev
a4d4842b11 autoconfigure crypt_r(): uclibc has no crypt_r() 2009-04-02 13:46:39 +00:00
Igor Sysoev
9dc8b06851 ngx_fs_bsize() 2009-03-30 07:43:06 +00:00
Igor Sysoev
7638ba274f fix Linux sendfile32() test broken in 0.3.36 2009-03-23 20:30:25 +00:00
Igor Sysoev
961090566c style fix 2009-03-23 20:26:33 +00:00
Igor Sysoev
6754aabd79 use uname instead of often outdated header file 2008-03-11 16:29:18 +00:00
Igor Sysoev
5faa0de556 use correct version: real hex numbers 2008-03-11 16:27:44 +00:00
Igor Sysoev
d0fb6c4044 disable rtsig automatic building in post 2.6.18 Linux kernels 2008-03-10 14:35:21 +00:00
Igor Sysoev
6e489c997f rtsig uses own poll code 2008-03-08 15:15:18 +00:00
Igor Sysoev
3babe9f770 test PCRE in FreeBSD, Linux, and NetBSD 2006-11-27 11:07:09 +00:00
Igor Sysoev
d17850e685 nginx-0.3.36-RELEASE import
*) Feature: the ngx_http_addition_filter_module.

    *) Feature: the "proxy_pass" and "fastcgi_pass" directives may be used
       inside the "if" block.

    *) Feature: the "proxy_ignore_client_abort" and
       "fastcgi_ignore_client_abort" directives.

    *) Feature: the "$request_completion" variable.

    *) Feature: the ngx_http_perl_module supports the $r->request_method
       and $r->remote_addr.

    *) Feature: the ngx_http_ssi_module supports the "elif" command.

    *) Bugfix: the "\/" string in the expression of the "if" command of the
       ngx_http_ssi_module was treated incorrectly.

    *) Bugfix: in the regular expressions in the "if" command of the
       ngx_http_ssi_module.

    *) Bugfix: if the relative path was specified in the
       "client_body_temp_path", "proxy_temp_path", "fastcgi_temp_path", and
       "perl_modules" directives, then the directory was used relatively to
       a current path but not to a server prefix.
2006-04-05 13:40:54 +00:00
Igor Sysoev
2e96792ef4 nginx-0.3.17-RELEASE import
*) Change: now on Linux configure checks the presence of epoll and
       sendfile64() in kernel.

    *) Feature: the "map" directive supports domain names in the
       ".domain.tld" form.

    *) Bugfix: the timeouts were not used in SSL handshake; the bug had
       appeared in 0.2.4.

    *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive.

    *) Bugfix: when the HTTPS protocol was used in the "proxy_pass"
       directive the port 80 was used by default.
2005-12-18 16:02:44 +00:00
Igor Sysoev
1f1153d5cc nginx-0.3.13-RELEASE import
*) Feature: the IMAP/POP3 proxy supports STARTTLS and STLS.

    *) Bugfix: the IMAP/POP3 proxy did not work with the select, poll, and
       /dev/poll methods.

    *) Bugfix: in SSI handling.

    *) Bugfix: now Solaris sendfilev() is not used to transfer the client
       request body to FastCGI-server via the unix domain socket.

    *) Bugfix: the "auth_basic" directive did not disable the
       authorization; the bug had appeared in 0.3.11.
2005-12-05 13:18:09 +00:00
Igor Sysoev
50476beb66 nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
       variable were moved to the new ngx_http_referer_module from the
       ngx_http_rewrite_module.

    *) Change: the "$apache_bytes_sent" variable name was changed to
       "$body_bytes_sent".

    *) Feature: the "$sent_http_..." variables.

    *) Feature: the "if" directive supports the "=" and "!=" operations.

    *) Feature: the "proxy_pass" directive supports the HTTPS protocol.

    *) Feature: the "proxy_set_body" directive.

    *) Feature: the "post_action" directive.

    *) Feature: the ngx_http_empty_gif_module.

    *) Feature: the "worker_cpu_affinity" directive for Linux.

    *) Bugfix: the "rewrite" directive did not unescape URI part in
       redirect, now it is unescaped except the %00-%25 and %7F-%FF
       characters.

    *) Bugfix: nginx could not be built by the icc 9.0 compiler.

    *) Bugfix: if the SSI was enabled for zero size static file, then the
       chunked response was encoded incorrectly.
2005-11-15 13:30:52 +00:00
Igor Sysoev
c7af0c0db0 nginx-0.3.3-RELEASE import
*) Change: the "bl" and "af" parameters of the "listen" directive was
       renamed to the "backlog" and "accept_filter".

    *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
       directive.

    *) Change: the "$msec" log parameter does not require now the
       additional the gettimeofday() system call.

    *) Feature: the -t switch now tests the "listen" directives.

    *) Bugfix: if the invalid address was specified in the "listen"
       directive, then after the -HUP signal nginx left an open socket in
       the CLOSED state.

    *) Bugfix: the mime type may be incorrectly set to default value for
       index file with variable in the name; the bug had appeared in 0.3.0.

    *) Feature: the "timer_resolution" directive.

    *) Feature: the millisecond "$upstream_response_time" log parameter.

    *) Bugfix: a temporary file with client request body now is removed
       just after the response header was transferred to a client.

    *) Bugfix: OpenSSL 0.9.6 compatibility.

    *) Bugfix: the SSL certificate and key file paths could not be relative.

    *) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
       the ngx_imap_ssl_module.

    *) Bugfix: the "ssl_protocols" directive allowed to specify the single
       protocol only.
2005-10-19 12:33:58 +00:00
Igor Sysoev
a693970001 nginx-0.1.32-RELEASE import
*) Bugfix: the arguments were omitted in the redirects, issued by the
       "rewrite" directive; the bug had appeared in 0.1.29.

    *) Feature: the "if" directive supports the captures in regular
       expressions.

    *) Feature: the "set" directive supports the variables and the captures
       of regular expressions.

    *) Feature: the "X-Accel-Redirect" response header line is supported in
       proxy and FastCGI mode.
2005-05-19 13:25:22 +00:00
Igor Sysoev
7fed746a3a nginx-0.1.29-RELEASE import
*) Feature: the ngx_http_ssi_module supports "include virtual" command.

    *) Feature: the ngx_http_ssi_module supports the condition command like
       'if expr="$NAME"' and "else" and "endif" commands. Only one nested
       level is supported.

    *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and
       DATE_GMT variables and "config timefmt" command.

    *) Feature: the "ssi_ignore_recycled_buffers" directive.

    *) Bugfix: the "echo" command did not show the default value for the
       empty QUERY_STRING variable.

    *) Change: the ngx_http_proxy_module was rewritten.

    *) Feature: the "proxy_redirect", "proxy_pass_request_headers",
       "proxy_pass_request_body", and "proxy_method" directives.

    *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was
       canceled and must be replaced with the proxy_set_header directive.

    *) Change: the "proxy_preserve_host" is canceled and must be replaced
       with the "proxy_set_header Host $host" and the "proxy_redirect off"
       directives, the "proxy_set_header Host $host:$proxy_port" directive
       and the appropriate proxy_redirect directives.

    *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced
       with the "proxy_set_header X-Real-IP $remote_addr" directive.

    *) Change: the "proxy_add_x_forwarded_for" is canceled and must be
       replaced with
       the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
       directive.

    *) Change: the "proxy_set_x_url" is canceled and must be replaced with
       the "proxy_set_header X-URL http://$host:$server_port$request_uri"
       directive.

    *) Feature: the "fastcgi_param" directive.

    *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params"
       directive are canceled and must be replaced with the fastcgi_param
       directives.

    *) Feature: the "index" directive can use the variables.

    *) Feature: the "index" directive can be used at http and server levels.

    *) Change: the last index only in the "index" directive can be absolute.

    *) Feature: the "rewrite" directive can use the variables.

    *) Feature: the "internal" directive.

    *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR,
       SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME,
       REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables.

    *) Change: nginx now passes the invalid lines in a client request
       headers or a backend response header.

    *) Bugfix: if the backend did not transfer response for a long time and
       the "send_timeout" was less than "proxy_read_timeout", then nginx
       returned the 408 response.

    *) Bugfix: the segmentation fault was occurred if the backend sent an
       invalid line in response header; the bug had appeared in 0.1.26.

    *) Bugfix: the segmentation fault may occurred in FastCGI fault
       tolerance configuration.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" and "Cache-Control" headers.

    *) Bugfix: nginx did not take into account trailing dot in "Host"
       header line.

    *) Bugfix: the ngx_http_auth_module did not work under Linux.

    *) Bugfix: the rewrite directive worked incorrectly, if the arguments
       were in a request.

    *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 14:58:06 +00:00
Igor Sysoev
02d41b4363 nginx-0.1.26-RELEASE import
*) Change: the invalid client header lines are now ignored and logged
       at the info level.

    *) Change: the server name is also logged in error log.

    *) Feature: the ngx_http_auth_basic_module module and the auth_basic
       and auth_basic_user_file directives.
2005-03-22 16:02:46 +00:00
Igor Sysoev
955cfef970 nginx-0.1.21-RELEASE import
*) Bugfix: the ngx_http_stub_status_module showed incorrect statistics
       if "rtsig" method was used or if several worker process ran on SMP.

    *) Bugfix: nginx could not be built by the icc compiler on Linux or if
       the zlib-1.2.x library was building from sources.

    *) Bugfix: nginx could not be built on NetBSD 2.0.
2005-02-22 14:40:13 +00:00
Igor Sysoev
33951ab1a1 nginx-0.1.13-RELEASE import
*) Feature: the server_names_hash and server_names_hash_threshold
       directives.

    *) Bugfix: the *.domain.tld names in the "server_name" directive did
       not work.

    *) Bugfix: the %request_length log parameter logged the incorrect
       length.
2004-12-21 12:30:30 +00:00
Igor Sysoev
47d223e981 nginx-0.1.11-RELEASE import
*) Feature: the worker_priority directive.

    *) Change: both tcp_nopush and tcp_nodelay directives affect the
       transferred response.

    *) Bugfix: nginx did not call initgroups().
       Thanks to Andrew Sitnikov and Andrei Nigmatulin.

    *) Change: now the ngx_http_autoindex_module shows the file size in the
       bytes.

    *) Bugfix: the ngx_http_autoindex_module returned the 500 error if the
       broken symlink was in a directory.

    *) Bugfix: the files bigger than 4G could not be transferred using
       sendfile.

    *) Bugfix: if the backend was resolved to several backends and there
       was an error while the response waiting then process may got caught
       in an endless loop.

    *) Bugfix: the worker process may exit with the "unknown cycle" message
       when the /dev/poll method was used.

    *) Bugfix: "close() channel failed" errors.

    *) Bugfix: the autodetection of the "nobody" and "nogroup" groups.

    *) Bugfix: the send_lowat directive did not work on Linux.

    *) Bugfix: the segmentation fault occurred if there was no events
       section in configuration.

    *) Bugfix: nginx could not be built on OpenBSD.

    *) Bugfix: the double slashes in "://" in the URI were converted to
       ":/".
2004-12-02 18:40:46 +00:00
Igor Sysoev
318609b939 nginx-0.1.9-RELEASE import
*) Bugfix: the proxied request was sent without arguments if the
       request contains "//", "/./", "/../" or "%XX".

    *) Bugfix: the large compressed responses may be transferred not
       completely.

    *) Bugfix: the files bigger than 2G was not transferred on Linux that
       does not support sendfile64().

    *) Bugfix: while the build configuration on Linux the
       --with-poll_module parameter was required; the bug had appeared in
       0.1.8.
2004-11-25 16:17:31 +00:00
Igor Sysoev
f1540ebec3 nginx-0.1.8-RELEASE import
*) Bugfix: in the ngx_http_autoindex_module if the long file names were
       in the listing.

    *) Feature: the "^~" modifier in the location directive.

    *) Feature: the proxy_max_temp_file_size directive.
2004-11-20 19:52:20 +00:00
Igor Sysoev
6a32494021 nginx-0.1.5-RELEASE import
*) Bugfix: on Solaris and Linux there may be too many "recvmsg()
       returned not enough data" alerts.

    *) Bugfix: there were the "writev() failed (22: Invalid argument)"
       errors on Solaris in proxy mode without sendfile. On other platforms
       that do not support sendfile at all the process got caught in an
       endless loop.

    *) Bugfix: segmentation fault on Solaris in proxy mode and using
       sendfile.

    *) Bugfix: segmentation fault on Solaris.

    *) Bugfix: on-line upgrade did not work on Linux.

    *) Bugfix: the ngx_http_autoindex_module module did not escape the
       spaces, the quotes, and the percent signs in the directory listing.

    *) Change: the decrease of the copy operations.

    *) Feature: the userid_p3p directive.
2004-11-11 14:07:14 +00:00
Igor Sysoev
0512177f17 nginx-0.1.2-RELEASE import
*) Feature: the --user=USER, --group=GROUP, and --with-ld-opt=OPTIONS
       options in configure.

    *) Feature: the server_name directive supports *.domain.tld.

    *) Bugfix: the portability improvements.

    *) Bugfix: if configuration file was set in command line, the
       reconfiguration was impossible; the bug had appeared in 0.1.1.

    *) Bugfix: proxy module may get caught in an endless loop when sendfile
       is not used.

    *) Bugfix: with sendfile the response was not recoded according to the
       charset module directives; the bug had appeared in 0.1.1.

    *) Bugfix: very seldom bug in the kqueue processing.

    *) Bugfix: the gzip module compressed the proxied responses that was
       already compressed.
2004-10-21 15:34:38 +00:00
Igor Sysoev
5408eec6de nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright 2004-09-29 16:00:49 +00:00
Igor Sysoev
d62e4e9888 nginx-0.0.7-2004-06-15-21:47:16 import 2004-06-15 17:47:16 +00:00
Igor Sysoev
28c498294f nginx-0.0.7-2004-06-15-11:55:11 import 2004-06-15 07:55:11 +00:00
Igor Sysoev
29c8c1c688 nginx-0.0.5-2004-06-11-20:58:33 import 2004-06-11 16:58:33 +00:00
Igor Sysoev
a785021679 nginx-0.0.4-2004-06-10-22:36:57 import 2004-06-10 18:36:57 +00:00
Igor Sysoev
6b58fd981f nginx-0.0.3-2004-03-30-10:27:36 import 2004-03-30 06:27:36 +00:00
Igor Sysoev
0789974ad1 nginx-0.0.2-2004-03-11-18:42:41 import 2004-03-11 15:42:41 +00:00
Igor Sysoev
bb13dffc2f nginx-0.0.2-2004-03-10-20:55:19 import 2004-03-10 17:55:19 +00:00
Igor Sysoev
c3257b79f0 nginx-0.0.2-2004-02-12-23:57:10 import 2004-02-12 20:57:10 +00:00