Commit Graph

111 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa
09344eb1ad nghttp, nghttpd, nghttpx: Add ktls support 2022-05-07 18:53:59 +09:00
Tatsuhiro Tsujikawa
79524471b4 nghttpx: Add --require-http-scheme option 2022-02-12 11:39:52 +09:00
Tatsuhiro Tsujikawa
9d41896663 nghttpx: Rename --frontend-quic-server-id to --quic-server-id 2021-10-17 14:48:46 +09:00
Tatsuhiro Tsujikawa
69c4187100 nghttpx: Add --frontend-quic-initial-rtt option 2021-10-10 17:24:02 +09:00
Tatsuhiro Tsujikawa
87bdc21667 nghttpx: Add --worker-process-grace-shutdown-period option 2021-10-02 18:55:51 +09:00
Tatsuhiro Tsujikawa
0266c458a3 nghttpx: Add --max-worker-processes option 2021-09-29 22:12:10 +09:00
Tatsuhiro Tsujikawa
7271537a15 nghttpx: Add --rlimit-memlock option 2021-09-24 18:13:38 +09:00
Tatsuhiro Tsujikawa
308c73bfa2 nghttpx: Read QUIC keying materials from file
Add --frontend-quic-secret-file to read QUIC keying materials from
file.  --frontend-quic-connection-id-encryption-key was removed in
favor of this new option.
2021-09-23 11:18:07 +09:00
Tatsuhiro Tsujikawa
80cc623eb2 nghttpx: Allocate server id in Connection ID 2021-09-21 23:08:55 +09:00
Tatsuhiro Tsujikawa
fd060eb9f1 nghttpx: Connection ID encryption 2021-09-15 21:31:03 +09:00
Tatsuhiro Tsujikawa
8f419a4869 nghttpx: Add --frontend-quic-congestion-controller option 2021-09-13 21:35:46 +09:00
Tatsuhiro Tsujikawa
f74b6d9a43 nghttpx: Add --frontend-quic-require-token option 2021-09-12 15:04:54 +09:00
Tatsuhiro Tsujikawa
addd614e94 nghttpx: Add qlog support 2021-09-06 20:06:38 +09:00
Tatsuhiro Tsujikawa
ab16a11aa3 nghttpx: Add --frontend-quic-early-data, disable early data by default 2021-09-05 21:39:45 +09:00
Tatsuhiro Tsujikawa
7d13891066 nghttpx: Rename eBPF options 2021-08-27 21:34:18 +09:00
Tatsuhiro Tsujikawa
d2729193c7 nghttpx: Add --frontend-http3-max-concurrent-streams option 2021-08-27 21:11:03 +09:00
Tatsuhiro Tsujikawa
87fb325357 nghttpx: Add window size options for HTTP/3 connection 2021-08-27 21:02:45 +09:00
Tatsuhiro Tsujikawa
5aeae7444f nghttpx: Add --frontend-quic-debug-log option 2021-08-27 19:16:25 +09:00
Tatsuhiro Tsujikawa
c9b11e9fbf nghttpx: Rename --quic-idle-timeout to --frontend-quic-idle-timeout 2021-08-27 19:03:06 +09:00
Tatsuhiro Tsujikawa
6931cb9d65 nghttpx: Add --quic-idle-timeout option 2021-08-27 18:44:33 +09:00
Tatsuhiro Tsujikawa
717e7ae8b2 nghttpx: Add --frontend-http3-read-timeout option
Add --frontend-http3-read-timeout option.  QUIC idle timeout option
will be added later.
2021-08-27 18:29:06 +09:00
Tatsuhiro Tsujikawa
51bf79bb8c nghttpx: Add --http2-altsvc option 2021-08-26 21:34:49 +09:00
Tatsuhiro Tsujikawa
8563ec5a7a nghttpx: Add options to specify eBPF program file path and disable eBPF 2021-08-26 21:34:49 +09:00
Tatsuhiro Tsujikawa
cef458c31c Replace black-list with block-list
nghttpx --no-http2-cipher-black-list and
--client-no-http2-cipher-black-list are deprecated and replaced with
--no-http2-cipher-block-list and --client-no-http2-cipher-block-list
respectively.
2021-04-02 22:35:37 +09:00
Tatsuhiro Tsujikawa
6b7ade9f3f Require python3 for python scripts 2020-12-29 17:35:55 +09:00
Tatsuhiro Tsujikawa
4e3c61ef4d nghttpx: Add accesslog variables to record request path without query
This commit the following variables to construct request line without
including query component:

* $method
* $path
* $path_without_query
* $protocol_version
2020-09-19 23:58:37 +09:00
Tatsuhiro Tsujikawa
4d562b773b nghttpx: Convert LogFragmentType to enum class 2018-11-02 14:14:48 +09:00
Tatsuhiro Tsujikawa
5b42815afb nghttpx: Strip incoming Early-Data header field by default 2018-09-09 22:37:22 +09:00
Tatsuhiro Tsujikawa
cfe7fa9a75 nghttpx: Add --tls13-ciphers and --tls-client-ciphers options 2018-09-09 16:35:47 +09:00
Tatsuhiro Tsujikawa
9b03c64f68 nghttpx: Should postpone early data by default 2018-09-08 19:22:30 +09:00
Tatsuhiro Tsujikawa
9f21258720 Specify SSL_CTX_set_max_early_data and add an option to change max value 2018-09-08 17:59:28 +09:00
Tatsuhiro Tsujikawa
47f6012407 nghttpx: Add an option to postpone early data processing 2018-09-08 17:57:21 +09:00
Tatsuhiro Tsujikawa
7417fd71a4 nghttpx: Per-pattern not per-backend 2018-08-28 17:50:01 +09:00
Tatsuhiro Tsujikawa
b574ae6aa2 nghttpx: Support per-backend mruby script 2018-08-23 18:13:29 +09:00
Tatsuhiro Tsujikawa
e8af7afc65 nghttpx: Add an option to accept expired client certificate 2018-02-08 16:51:23 +09:00
Tatsuhiro Tsujikawa
eca0a3025b nghttpx: Add $tls_client_serial log variable 2017-11-16 22:53:54 +09:00
Tatsuhiro Tsujikawa
22502182d0 Add tls_client_issuer_name log variable and expose it to mruby 2017-11-15 23:41:47 +09:00
Tatsuhiro Tsujikawa
539e27812b nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
Also tls_client_fingerprint is renamed to
tls_client_fingerprint_sha256.
2017-10-31 21:41:40 +09:00
Tatsuhiro Tsujikawa
cb376bcd80 nghttpx: Add client fingerprint and subject name to accesslog 2017-10-29 21:47:00 +09:00
Tatsuhiro Tsujikawa
74c2f1257a nghttpx: Add --no-verify-ocsp to disable OCSP response verification 2017-05-25 23:14:58 +09:00
Tatsuhiro Tsujikawa
0d4f0f0db5 nghttpx: Run OCSP at startup
With --ocsp-startup option, nghttpx starts accepting connections after
initial attempts to get OCSP responses finish.  It does not matter
some of the attempts fail.  This feature is useful if OCSP responses
must be available before accepting connections.
2017-05-18 22:33:49 +09:00
Tatsuhiro Tsujikawa
a2e35a0757 nghttpx: Add $tls_sni access log variable 2017-04-18 22:44:26 +09:00
Tatsuhiro Tsujikawa
03be97e437 nghttpx: Rename ssl_* log variables as tls_*
The exiting ssl_* log variables still work for backward compatibility.
2017-04-18 22:11:05 +09:00
Tatsuhiro Tsujikawa
cc9190ab37 nghttpx: Add options for X-Forwarded-Proto header field
This commit adds 2 new options to handle X-Forwarded-Proto header
field.  The --no-add-x-forwarded-proto option makes nghttpx not to
append X-Forwarded-Proto value.  The
--no-strip-incoming-x-forwarded-proto option prevents nghttpx from
stripping the header field from client.

Previously, nghttpx always strips incoming header field, and set its
own header field.  This commit preserves this behaviour, and adds
additional knobs.
2017-04-08 18:46:36 +09:00
Tatsuhiro Tsujikawa
980570de71 Revert "nghttpx: Add options for X-Forwarded-Proto header field"
This reverts commit 8c0b2c684a.
2017-04-08 18:37:54 +09:00
Tatsuhiro Tsujikawa
ef92b54db3 Revert "integration: Add tests for X-Forwarded-Proto handling"
This reverts commit 6aa581d2f0.
2017-04-08 18:34:10 +09:00
Tatsuhiro Tsujikawa
223e971c7e nghttpx: Add --single-process option
With --single-process option, nghttpx will run in a single process
mode where master and worker are unified into one process.  nghttpx
still spawns additional process for neverbleed.  In the single process
mode, signal handling is disabled.
2017-04-06 20:02:57 +09:00
Tatsuhiro Tsujikawa
6aa581d2f0 integration: Add tests for X-Forwarded-Proto handling 2017-04-06 19:20:08 +09:00
Tatsuhiro Tsujikawa
8c0b2c684a nghttpx: Add options for X-Forwarded-Proto header field
This commit adds 2 new options to handle X-Forwarded-Proto header
field.  The --add-x-forwarded-proto option makes nghttpx append
X-Forwarded-Proto value.  The --strip-incoming-x-forwarded-proto
option makes nghttpx to strip the header field from client.

Previously, nghttpx always strips incoming header field, and set its
own header field.  This commit changes this behaviour.  Now nghttpx
does not strip, and append X-Forwarded-Proto header field by default.
The X-Forwarded-For, and Forwarded header fields are also handled in
the same way.  To recover the old behaviour, use
--add-x-forwarded-proto and --strip-incoming-x-forwarded-proto
options.
2017-04-06 19:17:36 +09:00
Tatsuhiro Tsujikawa
2af57c3cfc nghttpx: Add --single-worker option
Previously, nghttpx will use only one single thread inside the worker
process if --workers=1 (this is default).  If --workers=N, N > 1, we
use additional threads for accepting connections, or API request
processing, etc.

With this commit, we use the same processing model for N > 1 even if N
== 1.  To restore the original single thread execution mode,
--single-worker option is added.  If threading is disabled
--single-worker is always true.
2017-02-21 22:19:34 +09:00